I am writing a cloud formation template to provision an EC2 instance and I want to wait till the user data is completed.
我正在编写一个云形成模板来配置EC2实例,我想等到用户数据完成。
I tried using cfn signal but it's not working while my EC2 is in the private subnet.
我尝试使用cfn信号,但是当我的EC2在私有子网中时,它不起作用。
Getting client side timeout error
获取客户端超时错误
1 个解决方案
#1
0
cfn-signal requires an Internet connection, either directly or via a NAT device or proxy, in order to contact CloudFormation and deliver the signal. The endpoints needed for this feature to work are not inside your VPC. (Some AWS services support VPC Endpoints, but as of this writing, this is not one of them).
cfn-signal需要直接或通过NAT设备或代理进行Internet连接,以便联系CloudFormation并传递信号。此功能所需的端点不在您的VPC内。 (某些AWS服务支持VPC端点,但在撰写本文时,这不是其中之一)。
Your options:
你的选择:
Attach a NAT Gateway or NAT Instance a public subnet in your VPC and then modify the default route for the private subnet to point to the NAT device. A NAT instance has a lower operating cost, while a NAT Gateway supports higher throughput and built-in redundancy and fault tolerance... but if cost is a consideration, a NAT instance on a t2.nano machine would be more than sufficient for this application.
将NAT网关或NAT实例附加到VPC中的公有子网,然后修改私有子网的默认路由以指向NAT设备。 NAT实例具有较低的运营成本,而NAT网关支持更高的吞吐量和内置冗余以及容错性......但是如果考虑成本,t2.nano机器上的NAT实例对于此就足够了应用。
Or, build an EC2 instance on a subnet that has Internet access, using an HTTP proxy, such as squid, configured to allow your instances to connect outward, passing the --http-proxy argument to cfn-signal, giving the proxy's address formatted as a URL, e.g. --http-proxy http://172.32.1.10:3128. It is also possible to build a cluster of such proxies, but this requires using either a Network Load Balancer (NLB) or an ELB Classic in TCP (not HTTP) mode. Application Load Balancer (ALB) can be used with reverse proxies, but does not support forward proxies, and this is a forward proxy application.
或者,在具有Internet访问权限的子网上构建EC2实例,使用HTTP代理(如squid),配置为允许实例向外连接,将--http-proxy参数传递给cfn-signal,格式化代理的地址作为URL,例如--http-proxy http://172.32.1.10:3128。也可以构建这样的代理集群,但这需要在TCP(非HTTP)模式下使用网络负载均衡器(NLB)或ELB Classic。应用程序负载均衡器(ALB)可以与反向代理一起使用,但不支持转发代理,这是一个正向代理应用程序。
#1
0
cfn-signal requires an Internet connection, either directly or via a NAT device or proxy, in order to contact CloudFormation and deliver the signal. The endpoints needed for this feature to work are not inside your VPC. (Some AWS services support VPC Endpoints, but as of this writing, this is not one of them).
cfn-signal需要直接或通过NAT设备或代理进行Internet连接,以便联系CloudFormation并传递信号。此功能所需的端点不在您的VPC内。 (某些AWS服务支持VPC端点,但在撰写本文时,这不是其中之一)。
Your options:
你的选择:
Attach a NAT Gateway or NAT Instance a public subnet in your VPC and then modify the default route for the private subnet to point to the NAT device. A NAT instance has a lower operating cost, while a NAT Gateway supports higher throughput and built-in redundancy and fault tolerance... but if cost is a consideration, a NAT instance on a t2.nano machine would be more than sufficient for this application.
将NAT网关或NAT实例附加到VPC中的公有子网,然后修改私有子网的默认路由以指向NAT设备。 NAT实例具有较低的运营成本,而NAT网关支持更高的吞吐量和内置冗余以及容错性......但是如果考虑成本,t2.nano机器上的NAT实例对于此就足够了应用。
Or, build an EC2 instance on a subnet that has Internet access, using an HTTP proxy, such as squid, configured to allow your instances to connect outward, passing the --http-proxy argument to cfn-signal, giving the proxy's address formatted as a URL, e.g. --http-proxy http://172.32.1.10:3128. It is also possible to build a cluster of such proxies, but this requires using either a Network Load Balancer (NLB) or an ELB Classic in TCP (not HTTP) mode. Application Load Balancer (ALB) can be used with reverse proxies, but does not support forward proxies, and this is a forward proxy application.
或者,在具有Internet访问权限的子网上构建EC2实例,使用HTTP代理(如squid),配置为允许实例向外连接,将--http-proxy参数传递给cfn-signal,格式化代理的地址作为URL,例如--http-proxy http://172.32.1.10:3128。也可以构建这样的代理集群,但这需要在TCP(非HTTP)模式下使用网络负载均衡器(NLB)或ELB Classic。应用程序负载均衡器(ALB)可以与反向代理一起使用,但不支持转发代理,这是一个正向代理应用程序。