创建AmazonSAM template (SAM 模板) - Amazon CodeDeploy
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

创建AmazonSAM template (SAM 模板)

创建AmazonSAM 模板文件,用于指定基础架构中的组件。

创建AmazonSAM template (SAM 模板)

  1. 创建名为 SAM-Tutorial 的目录。

  2. SAM-Tutorial 目录中创建名为 template.yml 的文件。

  3. 将以下 YAML 代码复制到 template.yml 中。这是 Amazon SAM 模板。 

    AWSTemplateFormatVersion : '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: A sample SAM template for deploying Lambda functions.

Resources:
# Details about the myDateTimeFunction Lambda function
  myDateTimeFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: myDateTimeFunction.handler
      Runtime: nodejs10.x
# Instructs your myDateTimeFunction is published to an alias named "live".      
      AutoPublishAlias: live
# Grants this function permission to call lambda:InvokeFunction
      Policies:
        - Version: "2012-10-17"
          Statement: 
          - Effect: "Allow"
            Action: 
              - "lambda:InvokeFunction"
            Resource: '*'
      DeploymentPreference:
# Specifies the deployment configuration      
          Type: Linear10PercentEvery1Minute
# Specifies Lambda functions for deployment lifecycle hooks
          Hooks:
            PreTraffic: !Ref beforeAllowTraffic
            PostTraffic: !Ref afterAllowTraffic
            
# Specifies the BeforeAllowTraffic lifecycle hook Lambda function
  beforeAllowTraffic:
    Type: AWS::Serverless::Function
    Properties:
      Handler: beforeAllowTraffic.handler
      Policies:
        - Version: "2012-10-17"
# Grants this function permission to call codedeploy:PutLifecycleEventHookExecutionStatus        
          Statement: 
          - Effect: "Allow"
            Action: 
              - "codedeploy:PutLifecycleEventHookExecutionStatus"
            Resource:
              !Sub 'arn:aws:codedeploy:${AWS::Region}:${AWS::AccountId}:deploymentgroup:${ServerlessDeploymentApplication}/*'
        - Version: "2012-10-17"
# Grants this function permission to call lambda:InvokeFunction        
          Statement: 
          - Effect: "Allow"
            Action: 
              - "lambda:InvokeFunction"
            Resource: !Ref myDateTimeFunction.Version
      Runtime: nodejs10.x
# Specifies the name of the Lambda hook function      
      FunctionName: 'CodeDeployHook_beforeAllowTraffic'
      DeploymentPreference:
        Enabled: false
      Timeout: 5
      Environment:
        Variables:
          NewVersion: !Ref myDateTimeFunction.Version
          
# Specifies the AfterAllowTraffic lifecycle hook Lambda function
  afterAllowTraffic:
    Type: AWS::Serverless::Function
    Properties:
      Handler: afterAllowTraffic.handler
      Policies:
        - Version: "2012-10-17"
          Statement: 
# Grants this function permission to call codedeploy:PutLifecycleEventHookExecutionStatus         
          - Effect: "Allow"
            Action: 
              - "codedeploy:PutLifecycleEventHookExecutionStatus"
            Resource:
              !Sub 'arn:aws:codedeploy:${AWS::Region}:${AWS::AccountId}:deploymentgroup:${ServerlessDeploymentApplication}/*'
        - Version: "2012-10-17"
          Statement: 
# Grants this function permission to call lambda:InvokeFunction          
          - Effect: "Allow"
            Action: 
              - "lambda:InvokeFunction"
            Resource: !Ref myDateTimeFunction.Version
      Runtime: nodejs10.x
# Specifies the name of the Lambda hook function      
      FunctionName: 'CodeDeployHook_afterAllowTraffic'
      DeploymentPreference:
        Enabled: false
      Timeout: 5
      Environment:
        Variables:
          NewVersion: !Ref myDateTimeFunction.Version

此模板指定以下内容。有关更多信息,请参阅 。Amazon SAM模板概念.

Lambda 函数称为myDateTimeFunction

发布此 Lambda 函数时,AutoPublishAlias行将其链接到名为的别名live. 在本教程的后面,该函数的更新会通过 Amazon CodeDeploy 触发部署,从而将生产流量从原始版本逐渐转移到更新版本。

两个 Lambda 部署验证函数

以下 Lambda 函数在 CodeDeploy 生命周期挂钩期间执行。该函数包含代码,用于验证更新的 myDateTimeFunction 的部署。验证测试的结果通过PutLifecycleEventHookExecutionStatusAPI 方法。如果验证测试失败,则部署失败并回滚。

  • CodeDeployHook_beforeAllowTrafficBeforeAllowTraffic 挂钩期间运行。

  • CodeDeployHook_afterAllowTrafficAfterAllowTraffic 挂钩期间运行。

这两个函数的名称以 CodeDeployHook_ 开头。这些区域有:CodeDeployRoleForLambda角色允许调用 Lambdainvoke方法仅在 Lambda 函数中,采用以此前缀开头的名称。有关更多信息,请参阅 。用于 AppSpec 的 “hooks” 部分AmazonLambda 部署PutLifecycleEventHookExecutionStatus中的CodeDeploy.

自动检测更新的 Lambda 函数

AutoPublishAlias 术语指示框架检测 myDateTimeFunction 函数何时发生了变化,然后使用 live 别名进行部署。

部署配置

部署配置用于确定 CodeDeploy 应用程序将流量从 Lambda 函数的原始版本转移到新版本的速率。此模板指定预定义的部署配置 Linear10PercentEvery1Minute

注意

您无法在AmazonSAM 模板。有关更多信息,请参阅Create a Deployment Configuration

部署生命周期挂钩函数

Hooks 部分指定在生命周期事件挂钩期间运行的函数。PreTraffic 指定在 BeforeAllowTraffic 挂钩期间运行的函数。PostTraffic 指定在 AfterAllowTraffic 挂钩期间运行的函数。

Lambda 调用另一个 Lambda 函数的权限

指定lambda:InvokeFunction权限授予AmazonSAM 应用程序调用 Lambda 函数的权限。当CodeDeployHook_beforeAllowTrafficCodeDeployHook_afterAllowTraffic函数在验证测试期间调用部署的 Lambda 函数。