是的,可以使用特殊的模板参数,我创建了一个只有 SecurityGroup 和 KeyPair 参数的小型云形成模板。当您使用控制台使用此模板创建堆栈时,它将在下拉菜单中提示选择密钥和安全组。
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Security Group Test",
"Parameters" : {
"SecurityGroup": {
"Description": "Name of security group",
"Type": "AWS::EC2::SecurityGroup::GroupName"
},
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties": {
"ImageId" : "ami-ea87a78f",
"InstanceType" : "t2.micro",
"SecurityGroups" : [ {"Ref" : "SecurityGroup"} ],
"KeyName": {"Ref": "KeyName"}
}
}
}
}
您还应该在 AWS-Specific Parameter Types 部分查看parameters-section-structure.html。还有许多您可能感兴趣的其他参数类型,例如 Route 53 托管区域和 VPC。
我认为不可能查找安全组,因为它不存在完全用于此目的的内在函数,但如果您使用另一个云形成脚本创建安全组可以导入。
来自 AWS 文档intrinsic-function-reference-importvalue.html:
堆栈 A 导出
"Outputs" : {
"PublicSubnet" : {
"Description" : "The subnet ID to use for public web servers",
"Value" : { "Ref" : "PublicSubnet" },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }}
},
"WebServerSecurityGroup" : {
"Description" : "The security group ID to use for public web servers",
"Value" : { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }}
}
}
堆栈 B 导入
"Resources" : {
"WebServerInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"InstanceType" : "t2.micro",
"ImageId" : "ami-a1b23456",
"NetworkInterfaces" : [{
"GroupSet" : [{"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SecurityGroupID"}}],
"AssociatePublicIpAddress" : "true",
"DeviceIndex" : "0",
"DeleteOnTermination" : "true",
"SubnetId" : {"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SubnetID"}}
}]
}
}
}
目前,您正在关注的唯一具有类似查找功能(但适用于可用区)的内在函数是:
{ "Fn::GetAZs" : "region" }
这可以在您创建的 SecurityGroups 模板中使用。