我编写了一个 CloudFormation 模板,该模板创建了一个 AutoScaling 组,该组依次启动每个环境的服务器。
直到今天,该公司一直在 us-west-2 区域工作,SecurityGroups 映射如下所示:
"SecurityGroupMap" : {
"DEV" : { "sg" : "sg-d111acbe" },
"Load" : { "sg" : "sg-d111acbe" },
"Staging" : { "sg" : "sg-d123acbe" },
"Prod-US" : { "sg" : "sg-d145acbe" }
},
现在有了新的动力,我的老板希望我们能够开始在另一个地区构建 CloudFormation 模板。
由于它是另一个区域,因此我需要提前手动创建所需的 SecurityGroups 并在模板中更新它们的 ID。
我想知道,如果这样的写作方法可行:
"SecurityGroupMap" : {
"RegionMap": {
"us-east-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"us-east-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"us-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"us-west-2" : { "DEV" : "sg-d143acbe", "Load" : "sg-d143acbe", "Staging" : "sg-d143acbe", "Prod-US" : "sg-d143acbe" },
"eu-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"eu-central-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"eu-west-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }
},
如果是这样,[ { "Fn::FindInMap" : } ]遗嘱会是什么样子?
在您的第二个示例中,您嵌套了太多映射。我建议您删除
RegionMap并将区域直接放在SecurityGroupMap. 在您可以使用以下方法引用一个安全组之后:{ "Fn::FindInMap" : [ "SecurityGroupMap", { "Ref" : "AWS::Region" }, "DEV"] }