CloudFormation模板:创建一个VPC(包含Public子网,Private子网,分别在不同的AZ),创建NAT,Bastion Server在Public子网。
1. 修改并运行AWS CloudFormation模板
1.1 添加AMI ID到模板中
1.1.1 下载模板
https://d2lrzjb0vjvpn5.cloudfront.net/sys-ops/v2.4/lab-7-automating/static/Lab-7-Start-CF.template
1.1.2 替换ImageId("ImageId" : "ami-b5a7ea85"),如下
"ImageId" : {
"Fn::FindInMap" : [
"AmazonLinuxAMI", {
"Ref" : "AWS::Region"
},
"AMI"
]
}
1.2 运行模板
1.2.1 复制密钥对名称
1.2.2 运行模板
2. 用新的模板更新堆栈
2.1 添加InstanceType参数到模板中
添加highlight部分到Parameter节
"Parameters" : {
"BastionHostKeyName" : {
"Type" : "String",
"Description" : "The name of the private key file to use for SSH/RDP access to the bastion host."
},
"BastionSecurityCIDR" : {
"Type" : "String",
"Description" : "The CIDR range to use to lock down security on the bastion host.",
"Default" : "0.0.0.0/0"
},
"BastionInstanceType" : {
"Type" : "String",
"Description" : "The size of the instance to use for the bastion host."
}
}
修改BastionServer节中"InstanceType" : "t2.small"为
"InstanceType" : {
"Ref" : "BastionInstanceType"
}
2.2 更新已存在堆栈
检查Bastion Server的Instance Type