BuildEnvironment:
Type: String
AllowedValues:
- dev
- prod
- qa
- qa3
InstanceSGFullAccess:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "Allow full access from local 10.0.0.0/8"
GroupDescription: Allows full inbout and outbound access to local private address range
VpcId:
Fn::ImportValue: !Sub "${AWSEnvironment}-VPCID"
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 10.0.0.0/8
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 10.0.0.0/8
Tags:
- Key: "keyname1"
Value: "value1"
InstanceSGOutBoundAccess:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "Allow outbound"
GroupDescription: Allow full outbound access
VpcId:
Fn::ImportValue: !Sub "${AWSEnvironment}-VPCID"
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
- IpProtocol: -1
CidrIpv6: ::/0
MHCLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: !Sub MRxAssist-${AWSEnvironment}
LaunchTemplateData:
IamInstanceProfile:
Arn: !Ref IAMInstanceProfile
DisableApiTermination: true
ImageId: !Ref AmiId
InstanceType: !Ref InstanceType
KeyName: !Ref SSHKey
SecurityGroupIds:
- !Ref InstanceSGFullAccess
- !Ref InstanceSGOutBoundAccess
- !ImportValue
'Fn::Sub': '${AWSEnvironment}-OracleAccessSecurityGroup'
UserData:
......
i want to make -> InstanceSGFullAccess and InstanceSGOutBoundAccess dynamic by appending the environment parameters i.e. QA or QA3 in the same account. and referring them into the MHCLaunchTemplate, so that i don't get "Resource already exists error" when running QA first and QA3 second using the same cloudformation script.
AWS 官方已更新 4 个月前
