仅使用CloudFormation分配专用IP

Posted 2021-05-06

我正在使用CloudFormation创建EC2实例。我想要实现的只是分配一个私有IP。没有公共IP。一切都得到了很好的创建，它为私有IP创建了一个DNS条目，但它也创建了一个公共IP。如何告诉它不要创建公共IP。这是我的模板。 vpc_id和subnet_id位于专用网络上。

AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation template for creating riskInternalElk instance with DNS record'
Parameters:
Resources:
  InstanceSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupName: "{{security_group_name}}"
      GroupDescription: "{{security_group_name}}"
      VpcId: "{{vpc_id}}"
      SecurityGroupIngress:
{% for item in security_group_ingress %}
      - IpProtocol: "{{item.protocol}}"
        FromPort: "{{item.from_port}}"
        ToPort: "{{item.to_port}}"
        CidrIp: "{{item.cidr_ip}}"
{% endfor %}
  NetworkInterface:
    Type: AWS::EC2::NetworkInterface
    Properties:
      SubnetId: "{{subnet_id}}"
      Description: "{{subnet_description}}"
      GroupSet:
      - !Ref InstanceSecurityGroup
      SourceDestCheck: true
      Tags:
      - Key: Network
        Value: Web
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      Tags:
      - Key: "Name"
        Value: "{{instance_name}}"
      ImageId: "{{image_id}}"
      InstanceType: "{{instance_type}}"
      KeyName: "{{key_name}}"
      NetworkInterfaces:
      - NetworkInterfaceId: !Ref NetworkInterface
        DeviceIndex: 1
      BlockDeviceMappings:
      - DeviceName: "{{device_name}}"
        Ebs:
          VolumeType: "gp2"
          VolumeSize: "{{volume_size}}"
          Encrypted: true
          DeleteOnTermination: false
  DnsRecord:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneName: "{{hosted_zone_name}}"
      Comment: "DNS name for risk internal ec2 instance."
      Name: "{{host_name}}"
      Type: A
      TTL: '60'
      ResourceRecords:
      - !GetAtt EC2Instance.PrivateIp

答案

您可以在EC2：NetworkInterfaces的实例资源集中指定信息，以使其偏离用于分配公共IP的子网设置。

具体将AssociatePublicIpAddress设置为“False”并将您的NetworkInterface资源移动为内联，如下所示：

  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      Tags:
      - Key: "Name"
        Value: "{{instance_name}}"
      ImageId: "{{image_id}}"
      InstanceType: "{{instance_type}}"
      KeyName: "{{key_name}}"

      NetworkInterfaces:  
      - AssociatePublicIpAddress: false <--- This should do it
        DeleteOnTermination: false
        DeviceIndex: 0
        SubnetId: "{{subnet_id}}"
        Description: "{{subnet_description}}"
        GroupSet:
        - !Ref InstanceSecurityGroup
        SourceDestCheck: true

      BlockDeviceMappings:
      - DeviceName: "{{device_name}}"
        Ebs:
          VolumeType: "gp2"
          VolumeSize: "{{volume_size}}"
          Encrypted: true
          DeleteOnTermination: false

另一答案

您可以通过子网配置控制公共IP地址到EC2实例的分配。子网定义MapPublicIpOnLaunch。这也意味着子网必须是您的cloudformation堆栈的一部分。

如果您使用Auto Scaling，那么您可以在AssociatePublicIpAddress中选择AWS::AutoScaling::LaunchConfiguration

AWS::EC2::Subnet

AWS::AutoScaling::LaunchConfiguration

另一答案

检查子网中的设置“自动分配公共IPv4地址”。

通过转到VPC控制台并选择子网 - >操作 - >“修改自动分配IP设置”来更改它。