使用 Amazon CloudFormation 创建启动模板 - Amazon CloudFormation
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

使用 Amazon CloudFormation 创建启动模板

本节提供了使用 Amazon CloudFormation 创建 Amazon EC2 启动模板的示例。启动模板允许您创建用于在 Amazon 中配置和预置 Amazon EC2 实例的模板。通过启动模板,您可以存储启动参数,而无需在每次启动实例时都指定这些参数。有关更多示例,请参阅 AWS::EC2::LaunchTemplate 资源中的示例部分。

有关启动模板的更多信息,请参阅从启动模板启动实例

有关创建启动模板用于自动扩缩组的信息,请参阅《Amazon EC2 Auto Scaling 用户指南》中的启动模板

创建指定安全组、标签、用户数据和 IAM 角色的启动模板

此代码段显示 AWS::EC2::LaunchTemplate 资源,其中包含启动实例的配置信息。您可以为 ImageIdInstanceTypeSecurityGroupsUserDataTagSpecifications 属性指定值。SecurityGroups 属性会指定一个现有 EC2 安全组和一个新安全组。Ref 函数会获取在堆栈模板中其他位置声明的 AWS::EC2::SecurityGroup 资源 myNewEC2SecurityGroup 的 ID。

启动模板包括自定义用户数据的部分。在本节中,您可以传入实例启动时运行的配置任务和脚本。在此示例中,用户数据安装 Amazon Systems Manager 代理并启动该代理。

启动模板还包含一个 IAM 角色,该角色允许在实例上运行的应用程序代表您执行操作。此示例显示启动模板的 AWS::IAM::Role 资源,其使用 IamInstanceProfile 属性来指定 IAM 角色。Ref 函数获取 AWS::IAM::InstanceProfile 资源的名称 myInstanceProfile。要配置 IAM 角色的权限,请指定 ManagedPolicyArns 属性的值。

JSON

{ "Resources":{ "myLaunchTemplate":{ "Type":"AWS::EC2::LaunchTemplate", "Properties":{ "LaunchTemplateName":{ "Fn::Sub": "${AWS::StackName}-launch-template" }, "LaunchTemplateData":{ "ImageId":"ami-02354e95b3example", "InstanceType":"t3.micro", "IamInstanceProfile":{ "Name":{ "Ref":"myInstanceProfile" } }, "SecurityGroupIds":[ { "Ref":"myNewEC2SecurityGroup" }, "sg-083cd3bfb8example" ], "UserData":{ "Fn::Base64":{ "Fn::Join": [ "", [ "#!/bin/bash\n", "cd /tmp\n", "yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\n", "systemctl enable amazon-ssm-agent\n", "systemctl start amazon-ssm-agent\n" ] ] } }, "TagSpecifications":[ { "ResourceType":"instance", "Tags":[ { "Key":"environment", "Value":"development" } ] }, { "ResourceType":"volume", "Tags":[ { "Key":"environment", "Value":"development" } ] } ] } } }, "myInstanceRole":{ "Type":"AWS::IAM::Role", "Properties":{ "RoleName":"InstanceRole", "AssumeRolePolicyDocument":{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Principal":{ "Service":[ "ec2.amazonaws.com" ] }, "Action":[ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns":[ "arn:aws:iam::aws:policy/myCustomerManagedPolicy" ] } }, "myInstanceProfile":{ "Type":"AWS::IAM::InstanceProfile", "Properties":{ "Path":"/", "Roles":[ { "Ref":"myInstanceRole" } ] } } } }

YAML

--- Resources: myLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateName: !Sub ${AWS::StackName}-launch-template LaunchTemplateData: ImageId: ami-02354e95b3example InstanceType: t3.micro IamInstanceProfile: Name: !Ref myInstanceProfile SecurityGroupIds: - !Ref myNewEC2SecurityGroup - sg-083cd3bfb8example UserData: Fn::Base64:!Sub | #!/bin/bash cd /tmp yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm systemctl enable amazon-ssm-agent systemctl start amazon-ssm-agent TagSpecifications: - ResourceType: instance Tags: - Key: environment Value: development - ResourceType: volume Tags: - Key: environment Value: development myInstanceRole: Type: AWS::IAM::Role Properties: RoleName: InstanceRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Principal: Service: - 'ec2.amazonaws.com' Action: - 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/myCustomerManagedPolicy' myInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: '/' Roles: - !Ref myInstanceRole