【发布时间】:2020-10-23 00:49:57
【问题描述】:
作为 CI/CD Jenkins 管道的一部分,我正在使用 dockerhub 上提供的映像中的 cloudformation 将 springboot 应用程序部署到 AWS EC2/Fargate。我将访问密钥、秘密、区域和子网定义为在运行时传递的秘密。 cloudformation 部署失败,状态为 CREATE_FAILED 并出现以下错误:
Invalid request provided: CreateService error: Security group
sg-0da667222da8a6eb2 does not appear to belong to the same VPC as the
input subnets. (Service: Ecs, Status Code: 400, Request ID:
503ce486-c3db-4d35-bb92-5f4770662c05, Extended Request ID: null)
这是我的 cloudformation yaml 文件内容:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
SubnetID:
Type: String
ServiceName:
Type: String
ServiceVersion:
Type: String
DockerHubUsername:
Type: String
Resources:
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: deployment-example-cluster
ServiceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: ServiceSecurityGroup
GroupDescription: Security group for service
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 8080
ToPort: 8080
CidrIp: 0.0.0.0/0
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Sub ${ServiceName}-task
Cpu: 256
Memory: 512
NetworkMode: awsvpc
ContainerDefinitions:
- Name: !Sub ${ServiceName}-container
Image: !Sub ${DockerHubUsername}/${ServiceName}:${ServiceVersion}
PortMappings:
- ContainerPort: 8080
RequiresCompatibilities:
- EC2
- FARGATE
Service:
Type: AWS::ECS::Service
Properties:
ServiceName: !Sub ${ServiceName}-service
Cluster: !Ref Cluster
TaskDefinition: !Ref TaskDefinition
DesiredCount: 1
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- !Ref SubnetID
SecurityGroups:
- !GetAtt ServiceSecurityGroup.GroupId
这是cloudformation堆栈构建过程的屏幕截图:
令人惊讶的是,sg-0da667222da8a6eb2 不是我的安全组之一。任何帮助将不胜感激。
【问题讨论】:
-
那里有
serverless.yml文件吗? -
@ThanhNguyenVan 没有 serverless.yml。
标签: amazon-web-services spring-boot amazon-ec2 amazon-cloudformation