如何配置“实例保护”?通过AWS中的CloudFormation? [英] How to configure "Instance Protection" over CloudFormation in AWS?
问题描述
我需要使用CloudFormation模板为Auto Scaling组中的实例设置实例保护属性。
我通常在AWS控制台中执行此操作,例如此处:EC2-> Auto Scaling组
但是我不能似乎可以在CloudFormation 文档上找到它
可以使用CloudFormation完成 ,但这并不容易。
CloudFormation当前(自2016年3月30日起)不正式支持Auto Scaling实例保护功能。不幸的是,CloudFormation倾向于落后于添加到基础AWS API的新功能,并且该功能仅最近于2015年12月7日发布。
供以后参考,以确认CloudFormation中是否已更新新功能,最好的选择是参考 CloudFormation发行历史
其他AWS开发工具包通常会更频繁地更新,因此,可以使用以下方法来创建自动扩展组: AWS CLI 带有 命令。 / p> -new-instances-protected-from-scale-in 标志的create-auto-scaling-group
如果无法在CloudFormation之外创建您的自动伸缩组,则另一个(更复杂的)解决方法是在现有CloudFormation资源的顶部修补自定义资源以进行更新使用更新的SDK之一,使用新功能设置将新创建的自动缩放组分组。它可以工作,但是您需要创建一个lambda函数以及所有支持IAM角色和权限的功能,并将它们全部挂接到自定义资源中。有关如何执行此操作以支持另一个CloudFormation不支持的功能(将ACM证书附加到CloudFront发行版)的示例,请参阅我的 SO此处回答。
当然,最简单的方法就是等待AWS最终向CloudFormation添加对此功能的官方支持。
I need to set an "Instance Protection" property for the instances in my Auto Scaling Group using a CloudFormation template.
I normally do it in my AWS console like this: EC2 -> Auto Scaling Groups
But I can't seem to find it on CloudFormation documentation
It can be done using CloudFormation, but it's not easy.
CloudFormation currently (as of 3/30/2016) does not officially support the Auto Scaling Instance Protection feature. CloudFormation unfortunately tends to lag behind new features added to the underlying AWS APIs, and this feature was only recently launched on 12/7/2015.
For future reference, to confirm whether new features have been updated in CloudFormation, your best bet is to refer to the CloudFormation release history to see if the desired feature is mentioned.
Other AWS SDKs tend to be updated more frequently, so as a workaround you could create your AutoScaling Group using e.g. the AWS CLI create-auto-scaling-group command with the --new-instances-protected-from-scale-in flag.
If going outside CloudFormation to create your autoscaling group is not an option, another (more complicated) workaround would be to patch a Custom Resource on top of the existing CloudFormation resource to update the newly-created autoscaling group with the new feature setting using one of the updated SDKs. It works, but you'll need to create a lambda function and all supporting IAM roles and permissions, and hook them all together into a custom resouce. For an example of how to do this to support another CloudFormation-unsupported feature (attaching ACM certificates to a CloudFront distribution), see my SO answer here.
Of course, it's easiest to wait for AWS to add official support for this feature to CloudFormation, as they eventually will.
这篇关于如何配置“实例保护”?通过AWS中的CloudFormation?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
