【以下的问题经过翻译处理】 我使用下面的模板在 us-east-1 和 ap-south-1 区域创建了一个 CloudFormation Stack。
AWSTemplateFormatVersion: "2010-09-09"
Description: 模板用于 Node-aws-ec2-github-actions 教程
Resources:
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 例子安全组
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
EC2Instance:
Type: "AWS::EC2::Instance"
Properties:
ImageId: "ami-0d2986f2e8c0f7d01" #Another comment -- This is a Linux AMI
InstanceType: t2.micro
KeyName: node-ec2-github-actions-key
SecurityGroups:
- Ref: InstanceSecurityGroup
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeSize: 8
DeleteOnTermination: true
Tags:
- Key: Name
Value: Node-Ec2-Github-Actions
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref EC2Instance
Outputs:
InstanceId:
Description: 新创建的 EC2 实例 Id
Value:
Ref: EC2Instance
PublicIP:
Description: 弹性 IP
Value:
Ref: EIP
Stack 执行成功并且所有资源都创建了。但不幸的是,一旦 EC2 状态检查被初始化,实例状态检查失败,我就无法使用 SSH 连接到实例。
我尝试过由同一 IAM 用户手动创建实例,效果非常好。
这些是我附加到 IAM 用户的策略。
托管策略:
- AmazonEC2FullAccess
- AWSCloudFormationFullAccess
Inline 策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:GetRole",
"iam:GetInstanceProfile",
"iam:DeleteRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:CreateRole",
"iam:DeleteRole",
"iam:UpdateRole",
"iam:PutRolePolicy",
"iam:AddRoleToInstanceProfile"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:DeleteBucket"
],
"Resource": "*"
}
]
}