AWS CloudFormation，堆栈更新不会修改我的 EC2 配置

如何解决AWS CloudFormation，堆栈更新不会修改我的 EC2 配置

我试图确保我的 CloudFormation 创建了一个可以使用 Update 或 ChangeSets 修改的堆栈。我意识到我必须使用 cfn-hup 和 init 脚本来实现这一点，而且我似乎可以在我的 CloudFormation 文件中更新 SecurityGroups，但它根本不会改变实际的网络服务器基础设施。我以为我可以添加/删除包或更新配置文件，并且这些更改会得到反映。

这不可能吗？ （我使用的是亚马逊 Linux 2）

这是我的文件。我觉得这应该是更新 Nginx 配置文件（如果它发生变化）？

据我所知，使用 services.sysvinit.Nginx.files 阅读 AWS 文档应该跟踪我列出的 Nginx 配置，如果检测到更改，则在迁移后重新加载 Nginx。它还应该使用对我拥有的 server {} 块的任何新更改来更新 Nginx 文件。

AWstemplateFormatVersion: "2010-09-09"

Parameters:

  VPC:
    Description: "ID of VPC"
    Type: String

  AMI:
    Description: "ID of base image"
    Type: String

  KeyName:
    Description: "Name of an existing EC2 KeyPair to enable SSH access to the instance"
    Type: "AWS::EC2::KeyPair::KeyName"
    ConstraintDescription: "Must be the name of an existing EC2 KeyPair."

  InstanceType:
    Description: "Amazon Instance Type"
    Default: t2.micro
    Type: String

  SSHLocation:
    Description: "IP address range that can be used to SSH to EC2 Instance"
    Type: String
    MinLength: 9
    MaxLength: 18
    Default: 0.0.0.0/0

Resources:

  ApiEc2Instance:
    Type: AWS::EC2::Instance
    Metadata:
      AWS::CloudFormation::Init:
        configSets:
          InstallAndRun:
            - Configure
            - Install

        # install packages and setup files
        Install:
          packages:
            yum:
              PHP: []
              PHP-fpm: []
              PHP-mbstring: []
              PHP-bcmath: []
              PHP-pdo: []
              Nginx: []

          files:
            /etc/Nginx/conf.d/default.conf:
              content: !Sub |
                server {
                  listen 80;

                  root /var/www/html;

                  index index.PHP index.html index.htm;

                  gzip on;
                  gzip_vary off;
                  gzip_proxied static;
                  gzip_comp_level 6;
                  gzip_buffers 16 8k;
                  gzip_http_version 1.1;
                  gzip_types text/plain application/json;

                  charset utf-8;

                  location / {
                      try_files $uri $uri/ /index.PHP?$query_string;
                  }

                  location ~ \.PHP$ {
                      try_files $uri /index.PHP =404;
                      fastcgi_split_path_info ^(.+\.PHP)(/.+)$;
                      fastcgi_pass unix:/var/run/PHP-fpm/www.sock;
                      fastcgi_index index.PHP;
                      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                      include fastcgi_params;
                  }
                }

            /etc/PHP.d/default.ini:
              content: !Sub |
                display_errors = On

            /etc/cfn/cfn-hup.conf:
              content: !Sub |
                [main]
                stack=${AWS::StackId}
                region=${AWS::Region}
                verbose=1
                interval=5
              mode: 000400
              owner: root
              group: root

            /etc/cfn/hooks.d/cfn-auto-reloader.conf:
              content: !Sub |
                [cfn-auto-reloader-hook]
                triggers=post.update
                path=Resources.ApiEc2Instance.Metadata.AWS::CloudFormation::Init
                action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource ApiEc2Instance --configsets InstallAndRun --region ${AWS::Region}
                runas=root
              mode: 000400
              owner: root
              group: root

          services:
            sysvinit:
              Nginx:
                enabled: true
                ensureRunning: true
                files:
                  - /etc/Nginx/conf.d/default.conf
              cfn-hup:
                enabled: true
                ensureRunning: true
                files:
                  - /etc/cfn/cfn-hup.conf
                  - /etc/cfn/hooks.d/cfn-auto-reloader.conf

        # configure any separate execution scripts
        Configure:
          commands:
            01_update_PHP:
              command: "amazon-linux-extras enable PHP7.4 Nginx1 ansible2"
              test: "! grep -Fxq '[amzn2extra-PHP7.4]' /etc/yum.repos.d/amzn2-extras.repo"

    Properties:
      ImageId: !Ref "AMI"
      InstanceType: !Ref "InstanceType"
      SecurityGroupIds:
        - !Ref ApiSSHSecurityGroup
        - !Ref ApiWebSecurityGroup
      KeyName: !Ref KeyName
      Tags:
        - Key: Name
          Value: "API SandBox"
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash -xe
          yum update -y aws-cfn-bootstrap

          # Install the files and packages from the Metadata
          /opt/aws/bin/cfn-init -v \
            --stack ${AWS::StackName} \
            --resource ApiEc2Instance \
            --configsets InstallAndRun \
            --region ${AWS::Region}

          # Signal the status from cfn-init
          /opt/aws/bin/cfn-signal -e $? \
            --stack ${AWS::StackName} \
            --resource ApiEc2Instance \
            --region ${AWS::Region}

          #
          service Nginx reload
    CreationPolicy:
      ResourceSignal:
        Timeout: PT5M

  ApiSSHSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: API SSH Admins
      GroupDescription: Enable public access via port 22
      VpcId: !Ref "VPC"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: !Ref "SSHLocation"

  ApiWebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: API Public Web
      GroupDescription: Enable public web access via multiple ports
      VpcId: !Ref "VPC"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0

解决方法

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。