How do I set the properties of a root volume for an Amazon EC2 instance that I created with a CloudFormation template?

4 分的閱讀內容
0

I used an AWS CloudFormation template to create an Amazon Elastic Compute Cloud (Amazon EC2) instance. I want to set the properties of the root volume for the instance.

Resolution

Note: By default, the EC2 instance uses the block devices specified in the block device mapping for the Amazon Machine Image (AMI). To override the AMI block device mapping, use instance block device mapping. For the root volume, you can override only the volume size, volume type, and DeleteOnTermination setting. After the instance is running, you can modify only the DeleteOnTermination setting of the attached Amazon Elastic Block Store (Amazon EBS) volumes.

Identify the device name of the root volume of your AMI

To find the device name, use either the Amazon EC2 console or the AWS Command Line Interface (AWS CLI).

Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Amazon EC2 console

To identify the device name, complete the following steps:

  1. Open the Amazon EC2 console.
  2. From the navigation bar, select the AWS Region where you want to launch your instances.
  3. In the navigation pane, choose AMIs.
  4. Use Filter to find your AMI, and then select your AMI.
  5. On the Details tab, copy the value for Root Device Name.

AWS CLI

To identify the device name, run the describe-images command:

aws ec2 describe-images \    --region us-east-1 \
    --image-ids ami-1234567890AWSEXAMPLE

Note: Replace us-east-1 with your Region and ami-1234567890AWSEXAMPLE with your AMI.

The output of the command returns the device name as the value for RootDeviceName.

Set the properties of the root volume for your EC2 instance

Use the BlockDeviceMapping property of an AWS::EC2::Instance resource to set the properties of the root volume for your EC2 instance.

In the following JSON and YAML examples, CloudFormation creates an EC2 instance with the following configurations:

  • The size of the root volume set to 30 GB.
  • The DeleteOnTermination property of the root volume is true.
  • DeviceName is /dev/xvda because the AMI specified is an Amazon Linux 2 AMI.
  • The Encrypted property is true. This configuration allows default encryption on the root volume.

Note: In your template, replace /dev/xvda with the Root Device Name value. If needed, modify the Ebs property in the template.

Example JSON template:

{  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "AWS CloudFormation Sample Template that shows how to increase the size of the root volume. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resource used if you create a stack from this template.",
  "Parameters": {
    "KeyName": {
      "Type": "AWS::EC2::KeyPair::KeyName",
      "Description": "Name of an existing EC2 KeyPair to enable SSH access to the EC2 instance."
    },
    "InstanceType": {
      "Description": "EC2 instance type",
      "Type": "String",
      "Default": "t2.micro",
      "ConstraintDescription": "Please choose a valid instance type."
    },
    "AMIID": {
      "Description": "The Latest Amazon Linux 2 AMI taken from the public AWS Systems Manager Parameter Store",
      "Type": "AWS::SSM::Parameter::Value<String>",
      "Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
    }
  },
  "Resources": {
    "LinuxInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Ref": "AMIID"
        },
        "InstanceType": {
          "Ref": "InstanceType"
        },
        "KeyName": {
          "Ref": "KeyName"
        },
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/xvda",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": "30",
              "DeleteOnTermination":"false",
              "Encrypted": "true"
            }
          }
        ]
      }
    }
  }
}

Example YAML template:

AWSTemplateFormatVersion: 2010-09-09Description: >-
  AWS CloudFormation Sample Template that shows how to increase the size of the root volume. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resource used if you create a stack from this template.
Parameters:
  KeyName:
    Type: 'AWS::EC2::KeyPair::KeyName'
    Description: Name of an existing EC2 KeyPair to enable SSH access to the EC2 instance.
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: t2.micro
    ConstraintDescription: Please choose a valid instance type.
  AMIID:
    Description: >-
      The Latest Amazon Linux 2 AMI taken from the public Systems Manager
      Parameter Store
    Type: 'AWS::SSM::Parameter::Value<String>'
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
Resources:
  LinuxInstance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !Ref AMIID
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      BlockDeviceMappings:
        - DeviceName: /dev/xvda
          Ebs:
            VolumeType: gp2
            VolumeSize: '30'
            DeleteOnTermination: 'false'
            Encrypted: 'true'
AWS 官方
AWS 官方已更新 17 天前
1 評論

I came here to find out how to encrypt an EC2 instance's root device volume upon the creation of the EC2 instance itself. Thank you for the answer. Why is Encrypted: 'true' not advertised on the BlockDeviceMapping documentation[1]?

[1] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-mapping.html

Luke
回答 1 年前