仅使用CloudFormation分配专用IP

时间:2018-10-17 14:15:26

标签: amazon-web-services amazon-ec2 amazon-cloudformation

我正在使用CloudFormation创建EC2实例。我试图实现的只是分配一个专用IP。没有公共IP。一切都创建良好,并为私有IP创建了DNS条目,但同时也创建了公共IP。我如何告诉它不要创建公共IP。这是我的模板。 vpc_id和subnet_id在专用网络上。

AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation template for creating riskInternalElk instance with DNS record'
Parameters:
Resources:
  InstanceSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupName: "{{security_group_name}}"
      GroupDescription: "{{security_group_name}}"
      VpcId: "{{vpc_id}}"
      SecurityGroupIngress:
{% for item in security_group_ingress %}
      - IpProtocol: "{{item.protocol}}"
        FromPort: "{{item.from_port}}"
        ToPort: "{{item.to_port}}"
        CidrIp: "{{item.cidr_ip}}"
{% endfor %}
  NetworkInterface:
    Type: AWS::EC2::NetworkInterface
    Properties:
      SubnetId: "{{subnet_id}}"
      Description: "{{subnet_description}}"
      GroupSet:
      - !Ref InstanceSecurityGroup
      SourceDestCheck: true
      Tags:
      - Key: Network
        Value: Web
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      Tags:
      - Key: "Name"
        Value: "{{instance_name}}"
      ImageId: "{{image_id}}"
      InstanceType: "{{instance_type}}"
      KeyName: "{{key_name}}"
      NetworkInterfaces:
      - NetworkInterfaceId: !Ref NetworkInterface
        DeviceIndex: 1
      BlockDeviceMappings:
      - DeviceName: "{{device_name}}"
        Ebs:
          VolumeType: "gp2"
          VolumeSize: "{{volume_size}}"
          Encrypted: true
          DeleteOnTermination: false
  DnsRecord:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneName: "{{hosted_zone_name}}"
      Comment: "DNS name for risk internal ec2 instance."
      Name: "{{host_name}}"
      Type: A
      TTL: '60'
      ResourceRecords:
      - !GetAtt EC2Instance.PrivateIp

3 个答案:

答案 0 :(得分:1)

您可以在NetworkInterfaces的EC2:Instance资源集中指定信息,以使其不同于分配公共IP的子网设置。

具体将 AssociatePublicIpAddress 设置为“ False”,然后将您的NetworkInterface资源移动到这样的行内:

  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      Tags:
      - Key: "Name"
        Value: "{{instance_name}}"
      ImageId: "{{image_id}}"
      InstanceType: "{{instance_type}}"
      KeyName: "{{key_name}}"

      NetworkInterfaces:  
      - AssociatePublicIpAddress: false <--- This should do it
        DeleteOnTermination: false
        DeviceIndex: 0
        SubnetId: "{{subnet_id}}"
        Description: "{{subnet_description}}"
        GroupSet:
        - !Ref InstanceSecurityGroup
        SourceDestCheck: true

      BlockDeviceMappings:
      - DeviceName: "{{device_name}}"
        Ebs:
          VolumeType: "gp2"
          VolumeSize: "{{volume_size}}"
          Encrypted: true
          DeleteOnTermination: false

答案 1 :(得分:0)

检查子网的设置“自动分配公用IPv4地址”。

通过转到VPC控制台并选择“子网”->“操作”->“修改自动分配IP设置”来进行更改。

答案 2 :(得分:0)

您可以通过子网配置控制将公共IP地址分配给EC2实例。子网定义MapPublicIpOnLaunch。这也意味着子网必须是您的cloudformation堆栈的一部分。

如果您使用的是自动缩放,则AssociatePublicIpAddress中的选项AWS::AutoScaling::LaunchConfiguration

AWS::EC2::Subnet

AWS::AutoScaling::LaunchConfiguration

相关问题
最新问题