从cloudformation模板初始化时,是否可以标记根卷? [英] Is there a way to tag a root volume when initializing from the cloudformation template?
问题描述
我正在通过云形成脚本创建实例。
I am creating an instance through the cloud formation script.
我发现附加操作系统分区的唯一方法是通过 BlockDeviceMappings属性。 (我之前曾尝试使用 Volumes属性,但是无法挂载该实例,系统告诉我/ dev / sda已经映射并回滚了实例创建)
The only way I found to attach an OS partition was through "BlockDeviceMappings" property. (I've tried to use "Volumes" property before, but the instance could not be mounted, the system told me that /dev/sda was already mapped and rolled back the instance creation)
这是我模板的相关部分:
Here is the relevant portion of my template:
"Resources" :
{
"Ec2Instance" :
{
"Type" : "AWS::EC2::Instance",
"Properties" :
{
"BlockDeviceMappings" :
[{
"DeviceName" : "/dev/sda",
"Ebs" :
{
"VolumeSize" : { "Ref" : "RootVolumeSize" },
"SnapshotId" :
{ "Fn::FindInMap" : [ "RegionMap",
{ "Ref" : "AWS::Region" }, "RootVolumeSnapshotId" ]
}
}
}],
...
}
}
我的问题是,如何标记我在此处使用 BlockDeviceMappings属性创建的Ebs卷?我没有找到明显的解决方案。
My question is, how can I tag the Ebs volume, that I am creating here with "BlockDeviceMappings" property? I did not find the obvious solution.
谢谢。
推荐答案
能够通过AWS CLI界面,IAM角色和UserData初始化使其工作。
Was able to make it work through an AWS CLI interface, IAM role, and UserData initialization.
将其添加到 AWS :: EC2 :: Instance :Properties:UserData
{ "Fn::Base64" : { "Fn::Join" : [ "\n", [
"#!/bin/bash",
"set -eux",
"exec > >(tee /tmp/user-data.log | logger -t user-data -s 2>/dev/console) 2>&1",
{ "Fn::Join" : [ "", [
"AWS_STACK_NAME='", { "Ref" : "AWS::StackName" }, "'"
]]},
{ "Fn::Join" : [ "", [
"AWS_ROOT_VOLUME_SNAPSHOT_ID='",
{ "Fn::FindInMap" :
[ "RegionMap", { "Ref" : "AWS::Region" }, "RootVolumeSnapshotId" ]},
"'"
]]},
"AWS_INSTANCE_ID=$( curl http://169.254.169.254/latest/meta-data/instance-id )",
"",
"AWS_HOME=/opt/aws",
"AWS_BIN_DIR=\"${AWS_HOME}/bin\"",
"export EC2_HOME=\"${AWS_HOME}/apitools/ec2\"",
"export JAVA_HOME=/etc/alternatives/jre_1.7.0",
"",
"ROOT_DISK_ID=$(",
" \"${AWS_BIN_DIR}/ec2-describe-volumes\" \\",
" --filter \"attachment.instance-id=${AWS_INSTANCE_ID}\" \\",
" --show-empty-fields \\",
" | grep '^VOLUME' \\",
" | awk '{printf \"%s,%s\\n\", $4, $2}' \\",
" | grep '^${AWS_ROOT_VOLUME_SNAPSHOT_ID}' \\",
" | cut --delimiter=, --fields=2",
" exit ${PIPESTATUS[0]}",
" )",
"\"${AWS_BIN_DIR}/ec2-create-tags \\",
" \"${ROOT_DISK_ID}\" \\",
" --tag \"Name=${AWS_STACK_NAME}-root\"",
""
]]}}
也有添加对可以描述卷和创建标签的IAM角色的引用。
Also have to add a reference to an IAM role that can describe volumes and create tags.
已将其添加到资源部分:
Added this to "Resources" section:
"InstanceProfile" :
{
"Type" : "AWS::IAM::InstanceProfile",
"Properties" :
{
"Path" : "/",
"Roles" : [ "ec2-tag-instance" ]
}
}
在实例
资源中引用了此配置文件:
Referenced this profile in the Instance
resource:
"Ec2Instance" :
{
"Type" : "AWS::EC2::Instance",
"Properties" :
{
...
"IamInstanceProfile" : {"Ref" : "InstanceProfile"},
...
}
}
在 IAM
UI创建一个名为 ec2-tag-instance
的新角色,并分配以下策略:
And in IAM
UI create a new Role called ec2-tag-instance
, and assign this policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:CreateTags"
],
"Resource": "*"
}
]
}
这样说,如果 BlockDeviceMappings:Ebs
支持 Tags
元素。
This said, would be much nicer if BlockDeviceMappings:Ebs
had supported Tags
element.
这篇关于从cloudformation模板初始化时,是否可以标记根卷?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!