本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用建立啟動範本 AWS CloudFormation
本節提供使用建立 Amazon EC2 啟動範本的範例 AWS CloudFormation。啟動範本可讓您建立範本,以便在其中設定和佈建 Amazon EC2 執行個體 AWS。透過啟動範本,您可以儲存啟動參數,如此一來,您就不必在每次啟動執行個體時指定這些參數。有關更多示例,請參閱AWS::EC2::LaunchTemplate資源中的示例部分。
如需有關啟動範本的詳細資訊,請參閱從啟動範本啟動執行個體。
如需建立與 Auto Scaling 群組搭配使用的啟動範本的相關資訊,請參閱 Amazon EC2 Auto Scaling 使用者指南中的啟動範本。
建立指定安全性群組、標籤、使用者資料和IAM角色的啟動範本
此程式碼片段會顯示AWS:EC2:: LaunchTemplate 資源,其中包含啟動執行個體的設定資訊。您可為 ImageId、InstanceType、SecurityGroups、UserData 以及 TagSpecifications 屬性指定值。此內SecurityGroups容會指定現有的EC2安全性群組和新的安全性群組。該Ref函數獲取堆棧模板中其他地方聲myNewEC2SecurityGroup明的AWSEC2::: SecurityGroup 資源的 ID。
啟動範本包含自訂使用者資料的區段。您可以在本區段中執行個體啟動時傳入執行的組態任務和指令碼。在此範例中,使用者資料會安裝 AWS Systems Manager 代理程式並啟動代理程式。
啟動範本也包含一個IAM角色,可讓在執行個體上執行的應用程式代表您執行動作。此範例顯示啟動範本的AWSIAM::: Role 資源,此資源使用IamInstanceProfile屬性來指定IAM角色。該Ref函數獲取AWS::IAM: InstanceProfile 資源的名稱myInstanceProfile。若要設定IAM角色的權限,請指定ManagedPolicyArns內容的值。
JSON
{ "Resources":{ "myLaunchTemplate":{ "Type":"AWS::EC2::LaunchTemplate", "Properties":{ "LaunchTemplateName":{ "Fn::Sub": "${AWS::StackName}-launch-template" }, "LaunchTemplateData":{ "ImageId":"ami-02354e95b3example", "InstanceType":"t3.micro", "IamInstanceProfile":{ "Name":{ "Ref":"myInstanceProfile" } }, "SecurityGroupIds":[ { "Ref":"myNewEC2SecurityGroup" }, "sg-083cd3bfb8example" ], "UserData":{ "Fn::Base64":{ "Fn::Join": [ "", [ "#!/bin/bash\n", "cd /tmp\n", "yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\n", "systemctl enable amazon-ssm-agent\n", "systemctl start amazon-ssm-agent\n" ] ] } }, "TagSpecifications":[ { "ResourceType":"instance", "Tags":[ { "Key":"environment", "Value":"development" } ] }, { "ResourceType":"volume", "Tags":[ { "Key":"environment", "Value":"development" } ] } ] } } }, "myInstanceRole":{ "Type":"AWS::IAM::Role", "Properties":{ "RoleName":"InstanceRole", "AssumeRolePolicyDocument":{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Principal":{ "Service":[ "ec2.amazonaws.com" ] }, "Action":[ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns":[ "arn:aws:iam::aws:policy/myCustomerManagedPolicy" ] } }, "myInstanceProfile":{ "Type":"AWS::IAM::InstanceProfile", "Properties":{ "Path":"/", "Roles":[ { "Ref":"myInstanceRole" } ] } } } }
YAML
--- Resources: myLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateName: !Sub ${AWS::StackName}-launch-template LaunchTemplateData: ImageId:ami-02354e95b3exampleInstanceType:t3.microIamInstanceProfile: Name: !Ref myInstanceProfile SecurityGroupIds: - !RefmyNewEC2SecurityGroup-sg-083cd3bfb8exampleUserData: Fn::Base64: !Sub |#!/bin/bash cd /tmp yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm systemctl enable amazon-ssm-agent systemctl start amazon-ssm-agentTagSpecifications: - ResourceType: instance Tags: - Key:environmentValue:development- ResourceType: volume Tags: - Key:environmentValue:developmentmyInstanceRole: Type: AWS::IAM::Role Properties: RoleName: InstanceRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Principal: Service: - 'ec2.amazonaws.com' Action: - 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/myCustomerManagedPolicy' myInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: '/' Roles: - !Ref myInstanceRole
