使用 Amazon CLI 命令为 Amazon CloudFormation 创建 Amazon ECS 资源
下面的教程介绍如何使用 Amazon CLI 通过 Amazon CloudFormation 模板创建 Amazon ECS 资源。
先决条件
-
设置以使用 Amazon ECS 中的步骤已完成。
-
您的 IAM 用户具有 AmazonECS_FullAccess IAM 策略示例中指定的必需权限。
步骤 1:创建堆栈
要使用 Amazon CLI 创建堆栈,请按照下面的步骤进行操作。
-
使用您选择的文本编辑器,创建一个名为
ecs-tutorial-template.yaml的文件。 -
在
ecs-tutorial-template.yaml文件中,粘贴以下模板并保存更改。AWSTemplateFormatVersion: 2010-09-09 Description: A template that deploys an application that is built on an Apache web server Docker image by creating an Amazon ECS cluster, task definition, and service. The template also creates networking and logging resources, and an Amazon ECS task execution role. Parameters: ClusterName: Type: String Default: CFNCluster Description: Name of the ECS Cluster TaskFamily: Type: String Default: task-definition-cfn Description: Family name for the Task Definition ServiceName: Type: String Default: cfn-service Description: Name of the ECS Service ContainerImage: Type: String Default: public.ecr.aws/docker/library/httpd:2.4 Description: Container image to use for the task TaskCpu: Type: Number Default: 256 AllowedValues: [256, 512, 1024, 2048, 4096] Description: CPU units for the task TaskMemory: Type: Number Default: 512 AllowedValues: [512, 1024, 2048, 4096, 8192, 16384] Description: Memory (in MiB) for the task DesiredCount: Type: Number Default: 1 Description: Desired number of tasks to run LogGroupName: Type: String Default: /ecs/fargate-task-definition Description: CloudWatch Log Group name VpcCidr: Type: String Default: 10.0.0.0/16 Description: CIDR block for the VPC PublicSubnet1Cidr: Type: String Default: 10.0.0.0/24 Description: CIDR block for public subnet 1 PublicSubnet2Cidr: Type: String Default: 10.0.1.0/24 Description: CIDR block for public subnet 2 Resources: # VPC and Networking Resources VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCidr EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-VPC InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Sub ${AWS::StackName}-IGW InternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [0, !GetAZs ''] CidrBlock: !Ref PublicSubnet1Cidr MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicSubnet1 PublicSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [1, !GetAZs ''] CidrBlock: !Ref PublicSubnet2Cidr MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicSubnet2 PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicRouteTable DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: InternetGatewayAttachment Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet1 PublicSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet2 # Security Group ECSSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security group for ECS tasks VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 # IAM Roles ECSTaskExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy # CloudWatch Logs TaskLogGroup: Type: AWS::Logs::LogGroup DeletionPolicy: Retain UpdateReplacePolicy: Retain Properties: LogGroupName: !Ref LogGroupName RetentionInDays: 30 # ECS Resources ECSCluster: Type: AWS::ECS::Cluster Properties: ClusterName: !Ref ClusterName ECSTaskDefinition: Type: AWS::ECS::TaskDefinition Properties: ContainerDefinitions: - Command: - >- /bin/sh -c "echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' > /usr/local/apache2/htdocs/index.html && httpd-foreground"s EntryPoint: - sh - '-c' Essential: true Image: !Ref ContainerImage LogConfiguration: LogDriver: awslogs Options: mode: non-blocking max-buffer-size: 25m awslogs-create-group: 'true' awslogs-group: !Ref LogGroupName awslogs-region: !Ref 'AWS::Region' awslogs-stream-prefix: ecs Name: sample-fargate-app PortMappings: - ContainerPort: 80 HostPort: 80 Protocol: tcp Cpu: !Ref TaskCpu ExecutionRoleArn: !GetAtt ECSTaskExecutionRole.Arn Family: !Ref TaskFamily Memory: !Ref TaskMemory NetworkMode: awsvpc RequiresCompatibilities: - FARGATE RuntimePlatform: OperatingSystemFamily: LINUX ECSService: Type: AWS::ECS::Service DependsOn: - PublicSubnet1RouteTableAssociation - PublicSubnet2RouteTableAssociation Properties: ServiceName: !Ref ServiceName Cluster: !Ref ECSCluster DesiredCount: !Ref DesiredCount LaunchType: FARGATE NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: ENABLED SecurityGroups: - !Ref ECSSecurityGroup Subnets: - !Ref PublicSubnet1 - !Ref PublicSubnet2 TaskDefinition: !Ref ECSTaskDefinition Outputs: ClusterName: Description: The name of the ECS cluster Value: !Ref ECSCluster TaskDefinitionArn: Description: The ARN of the task definition Value: !Ref ECSTaskDefinition ServiceName: Description: The name of the ECS service Value: !Ref ECSService VpcId: Description: The ID of the VPC Value: !Ref VPC PublicSubnet1: Description: The ID of public subnet 1 Value: !Ref PublicSubnet1 PublicSubnet2: Description: The ID of public subnet 2 Value: !Ref PublicSubnet2 SecurityGroup: Description: The ID of the security group Value: !Ref ECSSecurityGroup ExecutionRoleArn: Description: The ARN of the task execution role Value: !GetAtt ECSTaskExecutionRole.Arn -
在创建模板文件后,请使用下面的命令创建堆栈。需要
--capabilities标志才能按照模板中的指定创建 Amazon ECS 任务执行角色。您还可以指定--parameters标志来自定义模板参数。aws cloudformation create-stack \ --stack-nameecs-stack\ --template-body file://ecs-tutorial-template.yaml\ --capabilities CAPABILITY_IAM
步骤 2:验证资源创建
为确保正确创建资源,请按照下面的步骤进行操作。您还可以检查 Amazon ECS 控制台。
-
运行下面的命令列出 Amazon Web Services 区域中的所有任务定义。
aws ecs list-task-definitions该命令返回任务定义 Amazon 资源名称 (ARN) 的列表。您使用模板创建的任务定义的 ARN 将按下面的格式显示。
{ "taskDefinitionArns": [ ..... "arn:aws:ecs:aws-region:111122223333:task-definition/task-definition-cfn:1", ..... ] } -
运行下面的命令列出 Amazon Web Services 区域中的所有集群。
aws ecs list-clusters该命令返回集群 ARN 列表。您使用模板创建的集群的 ARN 将按下面的格式显示。
{ "clusterArns": [ ..... "arn:aws:ecs:aws-region:111122223333:cluster/CFNCluster", ..... ] } -
运行下面的命令列出集群
CFNCluster中的所有服务。aws ecs list-services \ --clusterCFNCluster该命令返回服务 ARN 列表。您使用模板创建的服务的 ARN 将按下面的格式显示。
{ "serviceArns": [ "arn:aws:ecs:aws-region:111122223333:service/CFNCluster/cfn-service" ] }
第 3 步:清除
要清理您创建的资源,请运行下面的命令。
aws cloudformation delete-stack \ --stack-nameecs-stack
delete-stack 命令启动删除本教程中创建的 Amazon CloudFormation 堆栈,从而删除堆栈中的所有资源。要验证删除,您可以重复 步骤 2:验证资源创建 中的过程。输出中的 ARN 列表将不再包含名为 task-definition-cfn 的任务定义或名为 CFNCLuster 的集群。list-services 调用将失败。