CloudFormation テンプレートで次のセキュリティ グループを定義しています。
"APIInstanceSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security Group for Application EC2 Instances,
"VpcId": "vpc-10a75377",
"Tags": [{
"Key": "Name",
"Value": "APIInstanceSG" }
}]
}
}
また、OptionSettings 内に以下を含む Elastic Beanstalk 環境を定義しています。
{
"Namespace": "aws:autoscaling:launchconfiguration",
"OptionName": "SecurityGroups",
"Value": { "Ref": "APIInstanceSG" }
}
このテンプレートを使用してスタックを作成すると、CloudFormation が EB 環境を作成しようとする前にセキュリティ グループが作成されますが、EB 環境を作成しようとすると、次のエラーで失敗します。
構成検証の例外: 無効なオプション値: 'sg-994fcbe4' (名前空間: 'aws:autoscaling:launchconfiguration'、OptionName: 'SecurityGroups'): セキュリティ グループ 'sg-994fcbe4' が存在しません
sg-994fcbe4 は、作成されたセキュリティ グループの ID です。
Elastic Beanstalk 環境の構成は次のとおりです。
"AspectAPIEnv": {
"Type": "AWS::ElasticBeanstalk::Environment",
"Properties": {
"ApplicationName": "application-name",
"EnvironmentName": "environment-name",
"SolutionStackName": "64bit Amazon Linux 2016.09 v3.1.0 running Node.js",
"Tier": {
"Name": "WebServer",
"Type": "Standard"
},
"OptionSettings": [
{
"Namespace": "aws:autoscaling:launchconfiguration",
"OptionName": "EC2KeyName",
"Value": "ec2-key"
},
{
"Namespace": "aws:autoscaling:launchconfiguration",
"OptionName": "IamInstanceProfile",
"Value": "aws-elasticbeanstalk-ec2-role"
},
{
"Namespace": "aws:autoscaling:launchconfiguration",
"OptionName": "ImageId",
"Value": "ami-d8356acf"
},
{
"Namespace": "aws:autoscaling:launchconfiguration",
"OptionName": "InstanceType",
"Value": "t2.micro"
},
{
"Namespace": "aws:autoscaling:launchconfiguration",
"OptionName": "SecurityGroups",
"Value": { "Ref": "APIInstanceSG" }
},
{
"Namespace": "aws:autoscaling:trigger",
"OptionName": "UpperThreshold",
"Value": "6000000"
},
{
"Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
"OptionName": "MaxBatchSize",
"Value": "1"
},
{
"Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
"OptionName": "MinInstancesInService",
"Value": "1"
},
{
"Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
"OptionName": "RollingUpdateEnabled",
"Value": "true"
},
{
"Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
"OptionName": "RollingUpdateType",
"Value": "Health"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSize",
"Value": "30"
},
{
"Namespace": "aws:elasticbeanstalk:container:nodejs",
"OptionName": "NodeVersion",
"Value": "6.2.2"
},
{
"Namespace": "aws:elasticbeanstalk:environment",
"OptionName": "ServiceRole",
"Value": "aws-elasticbeanstalk-service-role"
},
{
"Namespace": "aws:elasticbeanstalk:healthreporting:system",
"OptionName": "SystemType",
"Value": "enhanced"
},
{
"Namespace": "aws:elasticbeanstalk:managedactions",
"OptionName": "ManagedActionsEnabled",
"Value": "true"
},
{
"Namespace": "aws:elasticbeanstalk:managedactions",
"OptionName": "PreferredStartTime",
"Value": "SUN:09:02"
},
{
"Namespace": "aws:elasticbeanstalk:managedactions:platformupdate",
"OptionName": "UpdateLevel",
"Value": "minor"
},
{
"Namespace": "aws:elb:healthcheck",
"OptionName": "Interval",
"Value": "10"
},
{
"Namespace": "aws:elb:loadbalancer",
"OptionName": "CrossZone",
"Value": "true"
},
{
"Namespace": "aws:elb:loadbalancer",
"OptionName": "LoadBalancerHTTPPort",
"Value": "80"
},
{
"Namespace": "aws:elb:loadbalancer",
"OptionName": "SecurityGroups",
"Value": { "Ref": "APILoadBalancerSG" }
},
{
"Namespace": "aws:elb:loadbalancer",
"OptionName": "ManagedSecurityGroup",
"Value": { "Ref": "APILoadBalancerSG" }
},
{
"Namespace": "aws:elb:policies",
"OptionName": "ConnectionDrainingEnabled",
"Value": "true"
}
],
"Tags": [
{
"Key": "Name",
"Value": "AspectAPIEnv"
}
]
},
"DependsOn": "RDSInstance"
}