I have a Cloud Formation to set up an EC2 instance. I'm currently using the Parameters to specify the Subnet Id for the EC2 instance as well as the VPC Id for the Security Group (to be used in turn by the EC2 instance).
In my situation the Subnet Id specified is required to be part of the VPC and I'd like to only have to specify the Subnet Id in the Parameters. But I can't find a way to derive the VPC from the Subnet Id (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html)
I see the GetAtt function can be used to return resource attributes. Is there something equivalent to return resource properties?
From the documentation Fn:GetAtt, you can only retrieve AvailabilityZone and Ipv6CidrBlocks details of the Subnet. There is no inbuilt support to get VpcId of the given subnet in CFn Templates.
There is a work-around though. If you are using the aws-cli documentation, you can use the describe-subnets method to fetch the VpcId of the required subnet and pass it as input to the Cloudformation template create_stack call.
This method works even if you are using any SDK. for example, in Java.
//pseudo code only!
DescribeSubnetsRequest request = new DescribeSubnetsRequest();
request.withSubnetIds("subnet-abcdefgh");
DescribeSubnetsResult result = awsClient.describeSubnets(request);
String myVpc = result.getSubnets().get(0).getVpcId();
// add the above VPC Id to the parameters of your Cloud formation template create stack request.
Hope this helps.
I created a small project called cli2cloudformation. Using that you're able to execute cli commands inside your cloudformation stack and use the results of the commands.
Just check it here. I hope it helps you.
Related
I'm wanted to know if there is possible in Terraform to get the Default VPC ID without need to write the ID or the Name on the manifest and save it on a variable. My idea is to invoke it only knowing that is the Default VPC but not write the ID or Name, just because is the Default VPC.
Thank you
FT
This will get you a reference to the default VPC in the current AWS region:
data "aws_vpc" "default" {
default = true
}
This is documented here.
Note that this gives you a reference to the VPC, so you can pass the ID to other resources. Terraform does not manage the VPC when you do this, it simply references it. This is different from terraform import which causes Terraform to start managing the VPC, and requires that you pass it the VPC ID.
There are two vpcs(default that comes when an account is created and another one created by me) in my aws account.i wanted to deploy my lambda function in custom created vpc rather than in default vpc
vpc:
subnetIds:
- subnet-123456
- subnet-452345
securityGroupIds:
- sg-ff555144
- sg-edfe5566
above creates the lambda function in default vpc
serverless docs doesn't contain the way of specifying custom vpc in serverless.yml
Firstly, you don't need to deploy lambda into a specific VPC, you only need to do it if you need Lambda functions to specifically access resources that are only available within your VPC. If you don't have a use case for this, you can just remove the VpcConfig from your lambda resource.
Secondly, if you do need it to be inside a specific then in Cloudformation you're not linking it to a VPC, instead you are linking it to the subnets and security groups inside that VPC. So in your new VPC, make sure you have the relevant security groups and subnets created - and then place those IDs into the above snippet.
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-vpcconfig
I'm following the AWS guide for deploying an HA Wordpress site to Elastic Beanstalk which includes using the eb-php-wordpress extension. The process requires editing a couple of configuration files with known resource IDs prior to deploying the application.
In particular, the instructions say to edit the efs-create.config file with a VPC ID, and Subnet IDs. The file, among other things, helps set the OptionSettings property of the AWS::ElasticBeanstalk::Environment resource. For this reason, I suspect I should just be able to reference it with Ref:. Is this correct, though since the VPC would be created by another file and the EB environment Cloudformation stack is created next to the VPC stack rather than "inside" it? Would I have to use a Fn:: call to get the information?
The section of the configuration file I'm working with looks like this:
option_settings:
aws:elasticbeanstalk:customoption:
EFSVolumeName: "EB-EFS-Volume"
VPCId: "vpc-XXXXXXXX"
## Subnet Options
SubnetA: "subnet-XXXXXXXX"
SubnetB: "subnet-XXXXXXXX"
SubnetC: "subnet-XXXXXXXX"
SubnetD: "subnet-XXXXXXXX"
Would the VPCId line be something like
VPCId: {Ref: VPC}
Where VPC is the name of the VPC resource that I've created? Or, more simply, how would I reference the VPC ID of the default VPC if I stick with that?
You should be able to use Ref to get the various IDs of the elastic beanstalk named resources, according to the docs. However, the VPC is not one of these named resources (ie those with a logical ID), but is a property of one of the named resources, in this case, the logical ID is AWSEBSecurityGroup and the property is VpcId so you should be able to get it instead using GetAtt:
{ "Fn::GetAtt" : [ "AWSEBSecurityGroup", "VpcId" ] }
from the functions docs and the CloudFormation docs
A similar approach should also work for the subnets.
I am currently creating a CloudFormation template. When making an ec2 instance, I want to make it t2.nano and T2Unlimited. From Ec2::Instance doc I managed to find InstanceType property. However, I cannot find T2Unlimited.
Question
In cloud formation template, is it possible to make certain ec2 instance resource T2Unlimited?
Use the "CreditSpecification" : CreditSpecification property of CloudFormation EC2 Resource. The value will be either: standard or unlimited
From Lakhan's answer, I managed to come up with following property configuration, which worked correctly:
CreditSpecification:
CPUCredits: unlimited
(Needed the CPUCredits field to make it work correctly.)
In order to create a private hosted zone I have to associate it with one or more VPCs. I want to use a default VPC in the specific region. How can I specify it in the CloudFormation template without introducing the VPC id as a parameter?
You can't exactly do this
In the template you can say something like
"Parameters" : {
myVpc:
Description: "vpc id",
Type: "List<AWS::EC2::VPC::Id>"
}
And the console will prepopulate the drop down with valid values
However the CLI can't do something like get the prepopulation and then pick the first one
I would guess to do this from a CLI first run soemthing like
aws ec2 describe-vpcs --query 'Vpcs[*].[VpcId]'
Then edit the desired vpc (for instance the first on the list) into the CF template