autsaling launchconfig组中的aws cloudformation“NetworkInterfaces”-Java 学习之路

在aws cloudformation中如何在Autoscaling launchconfig组中添加“NetworkInterfaces”，因为我想配置每个启动的实例，我需要“NetworkInterfaces”在同一个AWS :: EC2 :: Instance？

1 回答

我目前使用的解决方案是确保每个实例都使用允许包含策略的IAM Instance Profile启动

"PolicyDocument": {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:CreateTags",
                "ec2:DescribeSubnets",
                "ec2:AttachNetworkInterface",
                "ec2:CreateNetworkInterface",
                "ec2:ModifyNetworkInterfaceAttribute"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

用于创建AutoScalingGroup和LaunchConfiguration的我的 Cloud 形成模板接收Subnets和Security Groups的参数以附加到每个附加的ENI .

"SecondaryNICSubnetIds":{
    "Type" : "CommaDelimitedList",
    "Description" : "Ensure that the spread of Availability Zones for these Subnets matches the SubnetIds used to create Instances, as when creating a Secondary ENI it must exist in the same AZ as the Instance"
},
"SecondaryNICSecurityGroupIds":{
    "Type" : "CommaDelimitedList",
    "Description" : "Security Groups to associate to the Secondary ENI"
},

然后LaunchConfiguration包含UserData属性

确保安装了awscli
通过解析instance metadata身份文档来设置要使用的区域
从instance metadata获取实例ID
从instance metadata获取实例的可用区
来自已传入的子网的
通过使用awscli describe-subnets调用找到与我的实例AZ匹配的第一个子网
在我选择的子网中创建网络接口，并使用awscli create-network-interface调用向其添加安全组
使用awscli create-tags调用标记我的ENI
使用awscli attach-network-interface调用将ENI附加到我的实例
修改附件以使用modify-network-interface-attribute调用删除实例终止上的ENI

"UserData": {
      "Fn::Base64" : {
        "Fn::Join": [ "\n",
          [
            "#!/bin/bash -xe",
            "sudo apt-get install -y awscli",
            "export AWS_DEFAULT_REGION=$(curl -sS http://169.254.169.254/latest/dynamic/instance-identity/document | python -c 'import sys, json; print(json.load(sys.stdin)[\"region\"])')",
            "INSTANCE_ID=$(curl -sS http://169.254.169.254/latest/meta-data/instance-id)",
            "AZ=$(curl -sS http://169.254.169.254/latest/meta-data/placement/availability-zone)",
            "echo Availability Zone: ${AZ}",
            {"Fn::Sub":[
                "SUBNET_ID=$(aws ec2 describe-subnets --subnet-ids ${SubnetNetIds} --filters Name=availabilityZone,Values=${!AZ} --query 'Subnets[0].SubnetId' --output text)",
                {"SubnetNetIds":  {"Fn::Join": [" ", {"Ref": "SecondaryNICSubnetIds"} ] }}
            ]},
            "echo Subnet Id: ${SUBNET_ID}",
            {"Fn::Sub":[
              "ENI_ID=$(aws ec2 create-network-interface --subnet ${!SUBNET_ID} --description 'Secondary ENI' --groups ${SecurityGroups} --query 'NetworkInterface.NetworkInterfaceId' --output text)",
              {"SecurityGroups":  {"Fn::Join": [" ", {"Ref": "SecondaryNICSecurityGroupIds"}]} }
            ]},
            "echo ENI ID: ${ENI_ID}",
            "aws ec2 create-tags --resources ${!ENI_ID} --tags Key=Some,Value=Tag",
            "ATTACHMENT_ID=$(aws ec2 attach-network-interface --network-interface-id ${ENI_ID} --instance-id ${INSTANCE_ID} --device-index 1 --output text)",
            "echo Attachment ID: ${ATTACHMENT_ID}",
            "echo Delete On Termination: $(aws ec2 modify-network-interface-attribute --network-interface-id ${ENI_ID} --attachment AttachmentId=${ATTACHMENT_ID},DeleteOnTermination=true --output text)"
           ]
        ]
      }
    }

如果您不想将Subnets传递到Cloud Formation模板，您可以尝试通过在awscli describe-subnets调用中向 --query 添加标记来查找它们，如果您的基础结构允许您以这种方式识别它们 .

回复于 2024-05-10T13:05:04+08:00

autsaling launchconfig组中的aws cloudformation“NetworkInterfaces”

1 回答

相关问题