AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

示例模板

按条件为生产、开发或测试堆栈创建资源

在某些情况下,您可能需要创建类似但略有不同的堆栈。例如,您可能有一个用于生产应用程序的模板。您需要创建相同的生产堆栈来用于开发或测试。但是,对于开发和测试,您可能不需要生产级堆栈中包含的所有额外容量。您可以使用环境类型输入参数按条件创建特定于生产、开发或测试的堆栈资源,如下例所示:

例 JSON

{ "AWSTemplateFormatVersion" : "2010-09-09", "Mappings" : { "RegionMap" : { "us-east-1" : { "AMI" : "ami-aecd60c7"}, "us-west-1" : { "AMI" : "ami-734c6936"}, "us-west-2" : { "AMI" : "ami-48da5578"}, "eu-west-1" : { "AMI" : "ami-6d555119"}, "sa-east-1" : { "AMI" : "ami-fe36e8e3"}, "ap-southeast-1" : { "AMI" : "ami-3c0b4a6e"}, "ap-southeast-2" : { "AMI" : "ami-bd990e87"}, "ap-northeast-1" : { "AMI" : "ami-2819aa29"} } }, "Parameters" : { "EnvType" : { "Description" : "Environment type.", "Default" : "test", "Type" : "String", "AllowedValues" : ["prod", "dev", "test"], "ConstraintDescription" : "must specify prod, dev, or test." } }, "Conditions" : { "CreateProdResources" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]}, "CreateDevResources" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "dev"]} }, "Resources" : { "EC2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, "InstanceType" : { "Fn::If" : [ "CreateProdResources", "c1.xlarge", {"Fn::If" : [ "CreateDevResources", "m1.large", "m1.small" ]} ]} } }, "MountPoint" : { "Type" : "AWS::EC2::VolumeAttachment", "Condition" : "CreateProdResources", "Properties" : { "InstanceId" : { "Ref" : "EC2Instance" }, "VolumeId" : { "Ref" : "NewVolume" }, "Device" : "/dev/sdh" } }, "NewVolume" : { "Type" : "AWS::EC2::Volume", "Condition" : "CreateProdResources", "Properties" : { "Size" : "100", "AvailabilityZone" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ]} } } } }

例 YAML

AWSTemplateFormatVersion: "2010-09-09" Mappings: RegionMap: us-east-1: AMI: "ami-aecd60c7" us-west-1: AMI: "ami-734c6936" us-west-2: AMI: "ami-48da5578" eu-west-1: AMI: "ami-6d555119" sa-east-1: AMI: "ami-fe36e8e3" ap-southeast-1: AMI: "ami-3c0b4a6e" ap-southeast-2: AMI: "ami-bd990e87" ap-northeast-1: AMI: "ami-2819aa29" Parameters: EnvType: Description: Environment type. Default: test Type: String AllowedValues: [prod, dev, test] ConstraintDescription: must specify prod, dev, or test. Conditions: CreateProdResources: !Equals [!Ref EnvType, prod] CreateDevResources: !Equals [!Ref EnvType, "dev"] Resources: EC2Instance: Type: "AWS::EC2::Instance" Properties: ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI] InstanceType: !If [CreateProdResources, c1.xlarge, !If [CreateDevResources, m1.large, m1.small]] MountPoint: Type: "AWS::EC2::VolumeAttachment" Condition: CreateProdResources Properties: InstanceId: !Ref EC2Instance VolumeId: !Ref NewVolume Device: /dev/sdh NewVolume: Type: "AWS::EC2::Volume" Condition: CreateProdResources Properties: Size: 100 AvailabilityZone: !GetAtt EC2Instance.AvailabilityZone

您可以为 EnvType 参数指定 proddevtest。对于每种环境类型,模板都指定一个不同的实例类型。实例类型范围可以从大型计算优化实例类型到小型通用实例类型。为了按条件指定实例类型,模板在模板的条件部分定义两个条件:CreateProdResources,如果 EnvType 参数值等于 prod,则计算为 true;CreateDevResources,如果该参数值等于 dev,则计算为 true。

InstanceType 属性中,该模板嵌套了两个 Fn::If 内部函数来确定使用哪个实例类型。如果 CreateProdResources 条件为 true,则实例类型为 c1.xlarge。如果条件为 false,则计算 CreateDevResources 条件。如果 CreateDevResources 条件为 true,则实例类型为 m1.large,否则实例类型为 m1.small

除实例类型之外,生产环境还向实例创建并附加一个 Amazon EC2 卷。MountPointNewVolume 资源与 CreateProdResources 条件相关联,目的是仅当条件计算为 true 时才创建资源。

按条件分配资源属性

在此示例中,您可以从快照创建 Amazon RDS 数据库实例。如果指定 DBSnapshotName 参数,AWS CloudFormation 在创建数据库实例时将使用该参数值作为快照名称。如果您保留默认值(空字符串),AWS CloudFormation 将删除 DBSnapshotIdentifier 属性并从头创建数据库实例。

例 JSON

{ "AWSTemplateFormatVersion" : "2010-09-09", "Parameters": { "DBUser": { "NoEcho": "true", "Description" : "The database admin account username", "Type": "String", "MinLength": "1", "MaxLength": "16", "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." }, "DBPassword": { "NoEcho": "true", "Description" : "The database admin account password", "Type": "String", "MinLength": "1", "MaxLength": "41", "AllowedPattern" : "[a-zA-Z0-9]*", "ConstraintDescription" : "must contain only alphanumeric characters." }, "DBSnapshotName": { "Description": "The name of a DB snapshot (optional)", "Default": "", "Type": "String" } }, "Conditions": { "UseDBSnapshot": {"Fn::Not": [{"Fn::Equals" : [{"Ref" : "DBSnapshotName"}, ""]}]} }, "Resources" : { "MyDB" : { "Type" : "AWS::RDS::DBInstance", "Properties" : { "AllocatedStorage" : "5", "DBInstanceClass" : "db.m1.small", "Engine" : "MySQL", "EngineVersion" : "5.5", "MasterUsername" : { "Ref" : "DBUser" }, "MasterUserPassword" : { "Ref" : "DBPassword" }, "DBParameterGroupName" : { "Ref" : "MyRDSParamGroup" }, "DBSnapshotIdentifier" : { "Fn::If" : [ "UseDBSnapshot", {"Ref" : "DBSnapshotName"}, {"Ref" : "AWS::NoValue"} ] } } }, "MyRDSParamGroup" : { "Type": "AWS::RDS::DBParameterGroup", "Properties" : { "Family" : "MySQL5.5", "Description" : "CloudFormation Sample Database Parameter Group", "Parameters" : { "autocommit" : "1" , "general_log" : "1", "old_passwords" : "0" } } } } }

例 YAML

AWSTemplateFormatVersion: "2010-09-09" Parameters: DBUser: NoEcho: true Description: The database admin account username Type: String MinLength: 1 MaxLength: 16 AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" ConstraintDescription: must begin with a letter and contain only alphanumeric characters. DBPassword: NoEcho: true Description: The database admin account password Type: String MinLength: 1 MaxLength: 41 AllowedPattern: "[a-zA-Z0-9]*" ConstraintDescription: must contain only alphanumeric characters. DBSnapshotName: Description: The name of a DB snapshot (optional) Default: "" Type: String Conditions: UseDBSnapshot: !Not [!Equals [!Ref DBSnapshotName, ""]] Resources: MyDB: Type: "AWS::RDS::DBInstance" Properties: AllocatedStorage: 5 DBInstanceClass: db.m1.small Engine: MySQL EngineVersion: 5.5 MasterUsername: !Ref DBUser MasterUserPassword: !Ref DBPassword DBParameterGroupName: !Ref MyRDSParamGroup DBSnapshotIdentifier: !If [UseDBSnapshot, !Ref DBSnapshotName, !Ref "AWS::NoValue"] MyRDSParamGroup: Type: "AWS::RDS::DBParameterGroup" Properties: Family: MySQL5.5 Description: CloudFormation Sample Database Parameter Group Parameters: autocommit: 1 general_log: 1 old_passwords: 0

仅当 UseDBSnapshot 不是空字符串时,DBSnapshotName 条件才计算为 true。如果 UseDBSnapshot 条件计算为 true,则 AWS CloudFormation 对 DBSnapshotIdentifier 属性使用 DBSnapshotName 参数值。如果条件计算为 false,则 AWS CloudFormation 删除 DBSnapshotIdentifier 属性。用作返回值时,AWS::NoValue 伪参数会删除相应的资源属性。

按条件使用现有资源

在此示例中,您可以使用已创建的 Amazon EC2 安全组或创建新的安全组,这是在模板中指定的。对于 ExistingSecurityGroup 参数,您可以指定 default 安全组名称或 NONE。如果指定 default,AWS CloudFormation 将使用已经创建的名为 default 的安全组。如果指定 NONE,AWS CloudFormation 会创建模板中定义的安全组。

例 JSON

{ "Parameters" : { "ExistingSecurityGroup" : { "Description" : "An existing security group ID (optional).", "Default" : "NONE", "Type" : "String", "AllowedValues" : ["default", "NONE"] } }, "Conditions" : { "CreateNewSecurityGroup" : {"Fn::Equals" : [{"Ref" : "ExistingSecurityGroup"}, "NONE"] } }, "Resources" : { "MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : "ami-1b814f72", "SecurityGroups" : [{ "Fn::If" : [ "CreateNewSecurityGroup", {"Ref" : "NewSecurityGroup"}, {"Ref" : "ExistingSecurityGroup"} ] }] } }, "NewSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Condition" : "CreateNewSecurityGroup", "Properties" : { "GroupDescription" : "Enable HTTP access via port 80", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ] } } }, "Outputs" : { "SecurityGroupId" : { "Description" : "Group ID of the security group used.", "Value" : { "Fn::If" : [ "CreateNewSecurityGroup", {"Ref" : "NewSecurityGroup"}, {"Ref" : "ExistingSecurityGroup"} ] } } } }

例 YAML

Parameters: ExistingSecurityGroup: Description: An existing security group ID (optional). Default: NONE Type: String AllowedValues: - default - NONE Conditions: CreateNewSecurityGroup: !Equals [!Ref ExistingSecurityGroup, NONE Resources: MyInstance: Type: "AWS::EC2::Instance" Properties: ImageId: "ami-1b814f72" SecurityGroups: !If [CreateNewSecurityGroup, !Ref NewSecurityGroup, !Ref ExistingSecurityGroup] NewSecurityGroup: Type: "AWS::EC2::SecurityGroup" Condition: CreateNewSecurityGroup Properties: GroupDescription: Enable HTTP access via port 80 SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 Outputs: SecurityGroupId: Description: Group ID of the security group used. Value: !If [CreateNewSecurityGroup, !Ref NewSecurityGroup, !Ref ExistingSecurityGroup]

为了确定是否创建 NewSecurityGroup 资源,该资源与 CreateNewSecurityGroup 条件关联。仅当条件为 true(当 ExistingSecurityGroup 参数等于 NONE)时,才会创建资源。

SecurityGroups 属性中,模板使用 Fn::If 内部函数确定要使用的安全组。如果 CreateNewSecurityGroup 条件计算为 true,则安全组属性引用 NewSecurityGroup 资源。如果 CreateNewSecurityGroup 条件计算为 false,则安全组属性引用 ExistingSecurityGroup 参数(default 安全组)。

最后,模板按条件输出安全组 ID。如果 CreateNewSecurityGroup 条件的计算结果为 true,则 AWS CloudFormation 输出 NewSecurityGroup 资源的安全组 ID。如果条件为 false,则 AWS CloudFormation 输出 ExistingSecurityGroup 资源的安全组 ID。