amazon-web-services - AWS Cloudformation:密钥对“chaklader.pem”不存在(服务:AmazonEC2;状态代码:400;错误代码:InvalidKeyPair
问题描述
我想使用下面提供的 CLI 命令创建 CloudFormation 堆栈:
$ aws cloudformation create-stack --region us-east-1 --stack-name c3-app --template-body file://starter/c3-app.yml --parameters ParameterKey=KeyPair,ParameterValue=chaklader.pem --capabilities CAPABILITY_IAM
我的 pem 密钥位于我运行此命令的同一文件夹中:
这不会创建堆栈,我从事件日志中收到错误消息:
AWS Cloudformation The key pair 'chaklader.pem' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidKeyPair.
下面提供了我的 CloudFormation 模板:
Description: This template deploys ec2 instances for the project starter
Parameters:
AmiIdRecipeWebServiceInstance:
Type: String
Default: "ami-0964e67a489e13cdb"
AmiIdAttackInstance:
Type: String
Default: "ami-01fcf79ce78f46764"
KeyPair:
Type: String
Description: "Name of an existing KeyPair you will use to access the EC2 instances in this exercise. Be sure you have access to the private key file corresponding to this keypair."
Resources:
InstanceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: InstanceRolePolicy-C3
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: 's3:*'
Resource: '*'
InstanceProfileRole:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref InstanceRole
WebAppSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: WebAppSG
GroupDescription: "Security group for this application server"
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 5000
ToPort: 5000
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
VpcId: !ImportValue VpcId
RecipeWebServiceInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmiIdRecipeWebServiceInstance
InstanceType: t3.micro
KeyName: !Ref KeyPair
SecurityGroupIds:
- !GetAtt WebAppSG.GroupId
SubnetId: !ImportValue PublicSubnetTrusted
IamInstanceProfile: !Ref InstanceProfileRole
Tags:
- Key: "Name"
Value: "Web Service Instance - C3"
UserData:
Fn::Base64:
Fn::Sub:
- |
#!/bin/bash
echo "Environment=S3_FREE_RECIPES="${S3FreeRecipies} | sudo tee -a /lib/systemd/system/flask.service
echo "Environment=S3_SECRET_RECIPES="${S3SecretRecipies} | sudo tee -a /lib/systemd/system/flask.service
systemctl daemon-reload
sleep 30
service flask restart
- S3FreeRecipies: !ImportValue BucketNameRecipesFree
S3SecretRecipies: !ImportValue BucketNameRecipesSecret
# Add code for Exercise 3
AppLoadBalancerSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: AppLoadBalancerSG
GroupDescription: "Security group for this application server"
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
VpcId: !ImportValue VpcId
AppEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref RecipeWebServiceInstance
AppLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: c1-web-service-alb
SecurityGroups:
- !GetAtt AppLoadBalancerSG.GroupId
Subnets:
- !ImportValue PublicSubnetTrusted
- !ImportValue PublicSubnetUnTrusted
AppLoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref AppTargetGroup
LoadBalancerArn: !Ref AppLoadBalancer
Port: 80
Protocol: HTTP
AppTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckEnabled: true
HealthCheckIntervalSeconds: 10
HealthCheckPath: /health
Name: AppTargetGroup
Port: 5000
VpcId: !ImportValue VpcId
Protocol: HTTP
Targets:
- Id: !Ref RecipeWebServiceInstance
AttackInstanceSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: AttackInstanceSG
GroupDescription: "Security group for the attack instance"
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
VpcId: !ImportValue VpcId
AttackInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmiIdAttackInstance
InstanceType: t3.micro
KeyName: !Ref KeyPair
IamInstanceProfile: !Ref InstanceProfileRole
SecurityGroupIds:
- !GetAtt AttackInstanceSG.GroupId
SubnetId: !ImportValue PublicSubnetUnTrusted
Tags:
- Key: "Name"
Value: "Attack Instance - C3"
Outputs:
AttackInstanceIP:
Value: !GetAtt AttackInstance.PublicDnsName
ApplicationInstanceIP:
Value: !GetAtt RecipeWebServiceInstance.PublicDnsName
ApplicationURL:
Value: !GetAtt AppLoadBalancer.DNSName
我使用答案中建议的命令创建了一个新的密钥对:
aws ec2 create-key-pair --key-name arefe --query "KeyMaterial" --output text > arefe.pem
chmod 400 arefe.pem
然后,再次运行命令:
aws cloudformation create-stack --region us-east-1 --stack-name c3-app --template-body file://starter/c3-app.yml --parameters ParameterKey=KeyPair,ParameterValue=arefe.pem --capabilities CAPABILITY_IAM
我仍然收到同样的错误:
The key pair 'arefe.pem' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidKeyPair.NotFound; Request ID: aceed5ea-7841-4056-8738-e02a1f921b90; Proxy: null)
这里有什么问题?
解决方案
CloudFormation (CFN) 不会接受您chaklader.pem并在 AWS 中创建一对密钥。你必须自己动手做。而且您不能为此使用 CFN,因为它不受支持,除非您自己使用custom resource编写这样的逻辑。
最简单的方法是使用 AWS 控制台、开发工具包或 CLI“手动”创建或导入密钥。然后你可以在你的模板中引用它的名字。
推荐阅读
- java - JavaFX 11 不适用于 JDK 11,intellij 想法
- f# - 在 F# 中读取 csv 数据
- php - PHP Web 应用程序,定义常量的范围是什么?
- php - printf 和 sprintf 的组合将一个数字附加到格式化字符串
- angular - 如何使用哈巴狗使标签可选?
- lua - Lua 端的堆栈转储
- nlp - Spacy的相似性
- jquery - 如何在弹出模型中呈现#new 视图。Ruby on Rails
- java - 如何将提交的 InputStream 解析为 JSONObject?
- typescript - 使用 Firebase 函数发出 http 请求时找不到地址