- 最新
- 投票最多
- 评论最多
Hello.
"KeyName" in AWS::EC2::Instance must be the name of the key pair.
For example, if the key pair already created is named "test-key", the CloudFormation template will look like this.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#aws-properties-ec2-instance--examples
EC2Instance1:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-2a
ImageId: ami-0233c2d874b811deb
InstanceType: t2.micro
SecurityGroups:
- !Ref EC2SecurityGroup
KeyName: test-key
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
#echo "<h1>Hello from Region us-east-2a</h1>" > /var/www/html/index.html
If CloudFormation is used to create IAM resources, "CAPABILITY_IAM" must be set in the Capabilities field.
If IAM resources are not created by CloudFormation, "Capabilities" is not necessary and can be deleted.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudformation/client/create_stack.html
import boto3
cf = boto3.client('cloudformation')
def lambda_handler(event, context):
res = cf.create_stack(
StackName=('SampleStack'),
TemplateURL='https://YourObjectUrl',
Parameters=[
{
'ParameterKey': 'SecurityGroupDescription',
'ParameterValue': 'test'
},
{
'ParameterKey': 'KeyName',
'ParameterValue': 'test-key'
}
],
Capabilities=[
'CAPABILITY_IAM'
]
)
Hi,
Can I propose something slightly different with some advantages: why don't you use AWS SSM Parameter Store to store your key?
See https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
If you consider your parameter as confidential, you can even use AWS Secrets Manager (SM) and have your secret parameter be encrypted by AWS Key Management Service ? See:
The advantages:
- your parameter remains encrypted and is not present in any code or other service than SM. So, if you have high compliance requirements, you can better satisfy them.
- you can change its value as needed without any impact on your running code and on your Cloudformation stack (no update needed): your Lambda will just read the new value at next execution after update
Best,
Didier
I would take this approach into consideration as my this code start working. At moment, I am not able find how we can pass key pair value as parameter in cloud formation parameter.
This is also helpful.. I will try this. Thank you for sharing the suggestion.
I am grateful to you, it works well and environment is also get created. I was struggling to find the solution of it since one week. Your expertise helps a lot.