使用 Amazon CloudFormation 控制台创建 Amazon ECS 资源 - Amazon Elastic Container Service
先决条件步骤 1:创建堆栈模板步骤 2:为 Amazon ECS 资源创建堆栈步骤 3:验证步骤 4:清理资源
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

使用 Amazon CloudFormation 控制台创建 Amazon ECS 资源

将 Amazon ECS 与 Amazon CloudFormation 结合使用的一种方法是通过 Amazon Web Services Management Console。在这里,您可以为 Amazon ECS 组件(如任务定义、集群和服务)创建 Amazon CloudFormation 堆栈,并直接从控制台部署它们。下面的教程介绍如何使用 Amazon CloudFormation 控制台创建 Amazon ECS 服务、任务定义和集群。

先决条件

本教程假设以下先决条件已完成。

步骤 1:创建堆栈模板

使用下面的步骤为 Amazon ECS 服务和其他相关资源创建 Amazon CloudFormation 堆栈模板。

  1. 使用您选择的文本编辑器,创建一个名为 ecs-tutorial-template.yaml 的文件。

  2. ecs-tutorial-template.yaml 文件中,粘贴以下模板并保存更改。

    AWSTemplateFormatVersion: 2010-09-09
Description: A template that deploys an application that is built on an Apache web server Docker image by creating an Amazon ECS cluster, task definition, and service. The template also creates networking and logging resources, and an Amazon ECS task execution role.
Parameters:
  ClusterName:
    Type: String
    Default: CFNCluster
    Description: Name of the ECS Cluster
  TaskFamily:
    Type: String
    Default: task-definition-cfn
    Description: Family name for the Task Definition
  ServiceName:
    Type: String
    Default: cfn-service
    Description: Name of the ECS Service
  ContainerImage:
    Type: String
    Default: public.ecr.aws/docker/library/httpd:2.4
    Description: Container image to use for the task
  TaskCpu:
    Type: Number
    Default: 256
    AllowedValues: [256, 512, 1024, 2048, 4096]
    Description: CPU units for the task
  TaskMemory:
    Type: Number
    Default: 512
    AllowedValues: [512, 1024, 2048, 4096, 8192, 16384]
    Description: Memory (in MiB) for the task
  DesiredCount:
    Type: Number
    Default: 1
    Description: Desired number of tasks to run
  LogGroupName:
    Type: String
    Default: /ecs/fargate-task-definition
    Description: CloudWatch Log Group name
  VpcCidr:
    Type: String
    Default: 10.0.0.0/16
    Description: CIDR block for the VPC
  PublicSubnet1Cidr:
    Type: String
    Default: 10.0.0.0/24
    Description: CIDR block for public subnet 1
  PublicSubnet2Cidr:
    Type: String
    Default: 10.0.1.0/24
    Description: CIDR block for public subnet 2
Resources:
  # VPC and Networking Resources
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VpcCidr
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-VPC
  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-IGW
  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC
  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: !Ref PublicSubnet1Cidr
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-PublicSubnet1
  PublicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [1, !GetAZs '']
      CidrBlock: !Ref PublicSubnet2Cidr
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-PublicSubnet2
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-PublicRouteTable
  DefaultPublicRoute:
    Type: AWS::EC2::Route
    DependsOn: InternetGatewayAttachment
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet1
  PublicSubnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet2
  # Security Group
  ECSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for ECS tasks
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
  # IAM Roles
  ECSTaskExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
  # CloudWatch Logs
  TaskLogGroup:
    Type: AWS::Logs::LogGroup
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      LogGroupName: !Ref LogGroupName
      RetentionInDays: 30
  # ECS Resources
  ECSCluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: !Ref ClusterName
  ECSTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      ContainerDefinitions:
        - Command:
            - >-
              /bin/sh -c "echo '<html> <head> <title>Amazon ECS Sample
              App</title> <style>body {margin-top: 40px; background-color:
              #333;} </style> </head><body> <div
              style=color:white;text-align:center> <h1>Amazon ECS Sample
              App</h1> <h2>Congratulations!</h2> <p>Your application is now
              running on a container in Amazon ECS.</p> </div></body></html>' > 
              /usr/local/apache2/htdocs/index.html && httpd-foreground"s
          EntryPoint:
            - sh
            - '-c'
          Essential: true
          Image: !Ref ContainerImage
          LogConfiguration:
            LogDriver: awslogs
            Options:
              mode: non-blocking
              max-buffer-size: 25m
              awslogs-create-group: 'true'
              awslogs-group: !Ref LogGroupName
              awslogs-region: !Ref 'AWS::Region'
              awslogs-stream-prefix: ecs
          Name: sample-fargate-app
          PortMappings:
            - ContainerPort: 80
              HostPort: 80
              Protocol: tcp
      Cpu: !Ref TaskCpu
      ExecutionRoleArn: !GetAtt ECSTaskExecutionRole.Arn
      Family: !Ref TaskFamily
      Memory: !Ref TaskMemory
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      RuntimePlatform:
        OperatingSystemFamily: LINUX
  ECSService:
    Type: AWS::ECS::Service
    DependsOn: 
      - PublicSubnet1RouteTableAssociation
      - PublicSubnet2RouteTableAssociation
    Properties:
      ServiceName: !Ref ServiceName
      Cluster: !Ref ECSCluster
      DesiredCount: !Ref DesiredCount
      LaunchType: FARGATE
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          SecurityGroups:
            - !Ref ECSSecurityGroup
          Subnets:
            - !Ref PublicSubnet1
            - !Ref PublicSubnet2
      TaskDefinition: !Ref ECSTaskDefinition
Outputs:
  ClusterName:
    Description: The name of the ECS cluster
    Value: !Ref ECSCluster
  TaskDefinitionArn:
    Description: The ARN of the task definition
    Value: !Ref ECSTaskDefinition
  ServiceName:
    Description: The name of the ECS service
    Value: !Ref ECSService
  VpcId:
    Description: The ID of the VPC
    Value: !Ref VPC  
  PublicSubnet1:
    Description: The ID of public subnet 1
    Value: !Ref PublicSubnet1
  PublicSubnet2:
    Description: The ID of public subnet 2
    Value: !Ref PublicSubnet2 
  SecurityGroup:
    Description: The ID of the security group
    Value: !Ref ECSSecurityGroup  
  ExecutionRoleArn:
    Description: The ARN of the task execution role
    Value: !GetAtt ECSTaskExecutionRole.Arn

步骤 2:为 Amazon ECS 资源创建堆栈

为模板创建文件后,您可以按照以下步骤使用 Amazon CloudFormation 控制台通过模板创建堆栈。

  1. 登录到 Amazon Web Services Management Console 并打开 Amazon CloudFormation 控制台 https://console.aws.amazon.com/cloudformation

  2. 堆栈页面的右上角,选择创建堆栈,然后选择使用新资源(标准)

  3. 选择选择现有模板

  4. 选择上传模板文件,然后选择选择文件来挑选 ecs-tutorial-template 文件。

    文件上传到 Amazon S3 存储桶后,您可以选择在基础设施编辑器中查看以在基础设施编辑器中可视化模板。有关 Amazon CloudFormation 模板和基础设施编辑器的更多信息,请参阅《Amazon CloudFormation 用户指南》中的使用基础设施编辑器直观地创建模板

  5. 选择下一步

  6. 指定堆栈详细信息页面的堆栈名称下,为堆栈提供下面的名称:ecs-tutorial-stack。将参数下的所有参数值保留为默认值,然后选择下一步

  7. 配置堆栈选项页面的功能下,选中复选框以确认 Amazon CloudFormation 创建 IAM 资源。需要此确认才能创建模板中定义的 Amazon ECS 任务执行角色。将其他设置保留为默认值,然后选择下一步

  8. 查看查看和创建页面上的堆栈详细信息,然后选择提交以启动堆栈创建。

步骤 3:验证

使用下面的步骤验证通过提供的模板创建 Amazon ECS 资源。

  1. 登录到 Amazon Web Services Management Console 并打开 Amazon CloudFormation 控制台 https://console.aws.amazon.com/cloudformation

  2. 堆栈页面上,选择 ecs-tutorial-stack

  3. 选择事件选项卡。如果事件状态显示 CREATE_IN_PROGRESS,请等待创建完成且状态更改为 CREATE_COMPLETE

  4. 事件状态切换到 CREATE_COMPLETE 后,选择资源选项卡。您将看到分别具有逻辑 ID ECSClusterECSTaskDefinitionECSService 的资源。

  5. 要验证 Amazon ECS 集群的创建,请选择与 ECSCluster 关联的物理 ID。您将被重定向到 Amazon ECS 控制台,您可以在其中看到已创建的名为 CFNCluster 的集群。

  6. 要验证 Amazon ECS 服务的创建,请选择与 ECSService 关联的物理 ID。您将被重定向到 Amazon ECS 控制台,您可以在其中看到在集群 cfnCluster 中创建的名为 cfn-service 的服务。

  7. 要验证 Amazon ECS 任务定义的创建,请选择与 ECSTaskDefinition 关联的物理 ID。您将被重定向到 Amazon ECS 控制台,您可以在其中看到名为 task-definition-cfn 的任务定义修订。

步骤 4:清理资源

要清理资源并避免产生更多成本,请按照下面的步骤进行操作。

  1. 登录到 Amazon Web Services Management Console 并打开 Amazon CloudFormation 控制台 https://console.aws.amazon.com/cloudformation

  2. 堆栈页面上,选择 ecs-tutorial-stack

  3. 选择删除

  4. 当系统提示进行确认时,再次选择删除

  5. 选择事件选项卡。ecs-tutorial-stack状态将更改为 DELETE_IN_PROGRESS,并在资源删除或注销后更改为 DELETE_COMPLETE。删除需要几分钟。

  6. 选择资源选项卡。现在您将看到逻辑 ID 列表,其状态已更新为 DELETE_COMPLETE