如何在CloudFormation中获取安全组列表 [英] How to get security group list in cloudformation

问题描述

我想在cloudformation参数部分中获取与特定VPC相关的安全组的列表。

I want to get the list of security groups associated with a particular VPC in cloudformation parameter section.

    "VpcId":{
            "Description":"Choose the VPC ID"
            "Type":"AWS::EC2::VPC::Id"
        },
"SecurityGroupsID":{
            "Description": "Choose availablity zone Availability Zone of the Subnet",
            "Type":"List<AWS::EC2::SecurityGroup::Id>"
            "AllowedValues":*******
        },

推荐答案

是的，可以使用特殊的模板参数，我创建了一个小的云形成模板仅使用 SecurityGroup 和 KeyPair 参数。当您使用控制台使用此模板创建堆栈时，它将在下拉菜单中提示您选择密钥和安全组。

Yes it is possible to use special template parameters, I created a small cloud formation template with just SecurityGroup and KeyPair parameters. When you create a stack using this template using console, it will prompt in a Drop Down to select a Key and a Security Group.

{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Description" : "Security Group Test",
  "Parameters" : {
    "SecurityGroup": {
      "Description": "Name of security group",
      "Type": "AWS::EC2::SecurityGroup::GroupName"
    },
    "KeyName": {
      "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
      "Type": "AWS::EC2::KeyPair::KeyName",
      "ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
    }
  },
  "Resources" : {
    "Ec2Instance" : {
      "Type" : "AWS::EC2::Instance",
      "Properties": {
        "ImageId" : "ami-ea87a78f",
        "InstanceType"   : "t2.micro",
        "SecurityGroups" : [ {"Ref" : "SecurityGroup"} ],
        "KeyName": {"Ref": "KeyName"}
      }
    }
  }
}

您还应该查看 parameters-section-structure.html 专门用于 AWS特定参数类型部分。还有许多您可能会感兴趣的参数类型，例如Route 53托管区域和VPC。

You should also take a look at parameters-section-structure.html specially on AWS-Specific Parameter Types section. There are many other Parameter Types that may be of your interest such as Route 53 Hosted Zones and VPC.

我认为无法查找安全组因为它不完全为此目的而存在内部函数，但是如果您使用其他云形成脚本创建安全组，则可以导入。

I don't think it is possible to lookup for a security group because it doesn't exist an intrinsic function exactly for this purpose, but if you create the security groups using another cloud formation script it is possible to import.

从AWS文档 intrinsic-function-reference -importvalue.html ：

堆栈A导出

"Outputs" : {
  "PublicSubnet" : {
    "Description" : "The subnet ID to use for public web servers",
    "Value" :  { "Ref" : "PublicSubnet" },
    "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }}
  },
  "WebServerSecurityGroup" : {
    "Description" : "The security group ID to use for public web servers",
    "Value" :  { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] },
    "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }}
  }
}

堆栈B导入

"Resources" : {
  "WebServerInstance" : {
    "Type" : "AWS::EC2::Instance",
    "Properties" : {
      "InstanceType" : "t2.micro",
      "ImageId" : "ami-a1b23456",
      "NetworkInterfaces" : [{
        "GroupSet" : [{"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SecurityGroupID"}}],
        "AssociatePublicIpAddress" : "true",
        "DeviceIndex" : "0",
        "DeleteOnTermination" : "true",
        "SubnetId" : {"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SubnetID"}}
      }]
    }
  }
}

此时，唯一的内在函数具有类似的查找功能（但对于可用区域），您要照顾的是：

At this moment, the only intrinsic function that have similar lookup functionality (but for availability zones) you are looking after is:

{ "Fn::GetAZs" : "region" }

可以在创建SecurityGroups模板中使用。

That can be used in your create SecurityGroups template.

这篇关于如何在CloudFormation中获取安全组列表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！