如何解决AWS Cloudformation:密钥对“chaklader.pem”不存在服务:AmazonEC2;状态代码:400;错误代码:InvalidKeyPair
我想使用下面提供的 CLI 命令创建 CloudFormation 堆栈:
$ aws cloudformation create-stack --region us-east-1 --stack-name c3-app --template-body file://starter/c3-app.yml --parameters ParameterKey=KeyPair,ParameterValue=chaklader.pem --capabilities CAPABILITY_IAM
这不会创建堆栈,我从事件日志中收到错误消息:
AWS Cloudformation The key pair 'chaklader.pem' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidKeyPair.
我的 CloudFormation 模板如下:
Description: This template deploys ec2 instances for the project starter
Parameters:
AmiIdRecipeWebServiceInstance:
Type: String
Default: "ami-0964e67a489e13cdb"
AmiIdAttackInstance:
Type: String
Default: "ami-01fcf79ce78f46764"
KeyPair:
Type: String
Description: "Name of an existing KeyPair you will use to access the EC2 instances in this exercise. Be sure you have access to the private key file corresponding to this keypair."
Resources:
InstanceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: InstanceRolePolicy-C3
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: 's3:*'
Resource: '*'
InstanceProfileRole:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref InstanceRole
WebAppSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: WebAppSG
GroupDescription: "Security group for this application server"
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 5000
ToPort: 5000
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
VpcId: !ImportValue VpcId
RecipeWebServiceInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmiIdRecipeWebServiceInstance
InstanceType: t3.micro
KeyName: !Ref KeyPair
SecurityGroupIds:
- !GetAtt WebAppSG.GroupId
subnetId: !ImportValue PublicsubnetTrusted
IamInstanceProfile: !Ref InstanceProfileRole
Tags:
- Key: "Name"
Value: "Web Service Instance - C3"
UserData:
Fn::Base64:
Fn::Sub:
- |
#!/bin/bash
echo "Environment=S3_FREE_RECIPES="${S3FreeRecipies} | sudo tee -a /lib/systemd/system/flask.service
echo "Environment=S3_SECRET_RECIPES="${S3SecretRecipies} | sudo tee -a /lib/systemd/system/flask.service
systemctl daemon-reload
sleep 30
service flask restart
- S3FreeRecipies: !ImportValue BucketNameRecipesFree
S3SecretRecipies: !ImportValue BucketNameRecipesSecret
# Add code for Exercise 3
AppLoadBalancerSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: AppLoadBalancerSG
GroupDescription: "Security group for this application server"
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
VpcId: !ImportValue VpcId
AppEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref RecipeWebServiceInstance
AppLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: c1-web-service-alb
SecurityGroups:
- !GetAtt AppLoadBalancerSG.GroupId
subnets:
- !ImportValue PublicsubnetTrusted
- !ImportValue PublicsubnetUnTrusted
AppLoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref AppTargetGroup
LoadBalancerArn: !Ref AppLoadBalancer
Port: 80
Protocol: HTTP
AppTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckEnabled: true
HealthCheckIntervalSeconds: 10
HealthCheckPath: /health
Name: AppTargetGroup
Port: 5000
VpcId: !ImportValue VpcId
Protocol: HTTP
Targets:
- Id: !Ref RecipeWebServiceInstance
AttackInstanceSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: AttackInstanceSG
GroupDescription: "Security group for the attack instance"
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
VpcId: !ImportValue VpcId
AttackInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmiIdAttackInstance
InstanceType: t3.micro
KeyName: !Ref KeyPair
IamInstanceProfile: !Ref InstanceProfileRole
SecurityGroupIds:
- !GetAtt AttackInstanceSG.GroupId
subnetId: !ImportValue PublicsubnetUnTrusted
Tags:
- Key: "Name"
Value: "Attack Instance - C3"
Outputs:
AttackInstanceIP:
Value: !GetAtt AttackInstance.PublicDnsName
ApplicationInstanceIP:
Value: !GetAtt RecipeWebServiceInstance.PublicDnsName
ApplicationURL:
Value: !GetAtt AppLoadBalancer.DNSName
我使用回答中建议的命令创建了一个新的密钥对:
aws ec2 create-key-pair --key-name arefe --query "KeyMaterial" --output text > arefe.pem
chmod 400 arefe.pem
然后,再次运行命令:
aws cloudformation create-stack --region us-east-1 --stack-name c3-app --template-body file://starter/c3-app.yml --parameters ParameterKey=KeyPair,ParameterValue=arefe.pem --capabilities CAPABILITY_IAM
我仍然收到同样的错误:
The key pair 'arefe.pem' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidKeyPair.NotFound; Request ID: aceed5ea-7841-4056-8738-e02a1f921b90; Proxy: null)
这里有什么问题?
解决方法
CloudFormation (CFN) 不会使用您的 chaklader.pem 并在 AWS 中创建配对密钥。你必须自己动手。您不能为此使用 CFN,因为它不受支持,除非您自己使用 custom resource 编写这样的逻辑。
最简单的方法是使用 AWS 控制台、开发工具包或 CLI“手动”create or import 密钥。然后您可以在模板中引用它的名称。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
