从云信息模板初始化时,有没有办法标记根卷？

Question

从云信息模板初始化时,有没有办法标记根卷？

Ale*_*yak 14 amazon-ec2 amazon-web-services aws-cloudformation

我正在通过云形成脚本创建一个实例.

我发现连接操作系统分区的唯一方法是通过"BlockDeviceMappings"属性.(我之前尝试过使用"Volumes"属性,但实例无法挂载,系统告诉我/ dev/sda已经映射并回滚了实例创建)

这是我的模板的相关部分:

  "Resources" :
  {
    "Ec2Instance" :
    {
      "Type" : "AWS::EC2::Instance",
      "Properties" :
      {
        "BlockDeviceMappings" :
        [{
          "DeviceName" : "/dev/sda",
          "Ebs" :
          {
            "VolumeSize" : { "Ref" : "RootVolumeSize" },
            "SnapshotId" :
            { "Fn::FindInMap" : [ "RegionMap",
              { "Ref" : "AWS::Region" }, "RootVolumeSnapshotId" ]
            }
          }
        }],
        ...
       }
     }

Run Code Online (Sandbox Code Playgroud)

我的问题是,如何标记Ebs卷,我在这里用"BlockDeviceMappings"属性创建？我没有找到明显的解决方案.

谢谢.

Answer 1

Ale*_*yak 8

能够通过AWS CLI界面,IAM角色和UserData初始化使其工作.

添加了这个 AWS::EC2::Instance:Properties:UserData

{ "Fn::Base64" : { "Fn::Join" : [ "\n", [
  "#!/bin/bash",
  "set -eux",
  "exec > >(tee /tmp/user-data.log | logger -t user-data -s 2>/dev/console) 2>&1",
  { "Fn::Join" : [ "", [
    "AWS_STACK_NAME='", { "Ref" : "AWS::StackName" }, "'"
  ]]},
  { "Fn::Join" : [ "", [
    "AWS_ROOT_VOLUME_SNAPSHOT_ID='",
      { "Fn::FindInMap" :
         [ "RegionMap", { "Ref" : "AWS::Region" }, "RootVolumeSnapshotId" ]},
      "'"
  ]]},
  "AWS_INSTANCE_ID=$( curl http://169.254.169.254/latest/meta-data/instance-id )",
  "",
  "AWS_HOME=/opt/aws",
  "AWS_BIN_DIR=\"${AWS_HOME}/bin\"",
  "export EC2_HOME=\"${AWS_HOME}/apitools/ec2\"",
  "export JAVA_HOME=/etc/alternatives/jre_1.7.0",
  "",
  "ROOT_DISK_ID=$(",
  "    \"${AWS_BIN_DIR}/ec2-describe-volumes\" \\",
  "        --filter \"attachment.instance-id=${AWS_INSTANCE_ID}\" \\",
  "        --show-empty-fields \\",
  "      | grep '^VOLUME' \\",
  "      | awk '{printf \"%s,%s\\n\", $4, $2}' \\",
  "      | grep '^${AWS_ROOT_VOLUME_SNAPSHOT_ID}' \\",
  "      | cut --delimiter=, --fields=2",
  "    exit ${PIPESTATUS[0]}",
  "  )",
  "\"${AWS_BIN_DIR}/ec2-create-tags \\",
  "  \"${ROOT_DISK_ID}\" \\",
  "  --tag \"Name=${AWS_STACK_NAME}-root\"",
  ""
]]}}

Run Code Online (Sandbox Code Playgroud)

还必须添加对可以描述卷和创建标记的IAM角色的引用.

将其添加到"资源"部分:

"InstanceProfile" :
{
  "Type" : "AWS::IAM::InstanceProfile",
  "Properties" :
  {
    "Path" : "/",
    "Roles" : [ "ec2-tag-instance" ]
  }
}

Run Code Online (Sandbox Code Playgroud)

在Instance资源中引用此配置文件:

"Ec2Instance" :
{
  "Type" : "AWS::EC2::Instance",
  "Properties" :
  {
    ...
    "IamInstanceProfile" : {"Ref" : "InstanceProfile"},
    ...
  }
}

Run Code Online (Sandbox Code Playgroud)

在IAMUI中创建一个名为的新角色ec2-tag-instance,并分配此策略:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:Describe*",
        "ec2:CreateTags"
      ],
      "Resource": "*"
    }
  ]
}

Run Code Online (Sandbox Code Playgroud)

这说,如果BlockDeviceMappings:Ebs支持Tags元素会更好.

FWIW,我创建了一个功能请求,用于添加标记支持BlockDeviceMappings:Ebs,它可能会帮助你做同样的事情. (3认同)

归档时间：	11 年，4 月前
查看次数：	5420 次
最近记录：	6 年，3 月前