个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
我开始为 AWS Systems Manager 编写一些内容,目的是:
我正在关注this example ,但运行时无法得到结果。
这是我收到的错误:
Template format error: At least one Resources member must be defined.
请让我知道我在这里做错了什么,我已经浏览了代码但无法找到我做错了什么。
#description: Create a Golden AMI with Linux distribution packages(ClamAV) and Amazon
#software(SSM & Inspector). For details,see https://github.com/miztiik/AWS-Demos/tree/master/How-To/setup-ami-lifecycle-management-using-ssm
Resources:
Ec2Instance:
Type: 'AWS::EC2::Instance'
assumeRole: "{{AutomationAssumeRole}}"
parameters:
SourceAmiId:
type: String
description: "(Required) The source Amazon Machine Image ID."
default: ami-0d2692b6acea72ee6
InstanceIamRole:
type: String
description: "(Required) The name of the role that enables Systems Manager (SSM)
to manage the instance."
default: ManagedInstanceRole
AutomationAssumeRole:
type: String
description: "(Required) The ARN of the role that allows Automation to perform
the actions on your behalf."
default: arn:aws:iam::{{global:ACCOUNT_ID}}:role/AutomationServiceRole
SubnetId:
type: String
description: "(Required) The subnet that the created instance will be placed into."
default: subnet-0a72519be8028a56c
TargetAmiName:
type: String
description: "(Optional) The name of the new AMI that will be created. Default
is a system-generated string including the source AMI id, and the creation time
and date."
default: GoldenAMI-RH-7_on_{{global:DATE_TIME}}
InstanceType:
type: String
description: "(Optional) Type of instance to launch as the workspace host. Instance
types vary by region. Default is t2.micro."
default: t2.micro
PreUpdateScript:
type: String
description: (Optional) URL of a script to run before updates are applied. Default
("none") is to not run a script.
default: none
PostUpdateScript:
type: String
description: (Optional) URL of a script to run after package updates are applied.
Default ("none") is to not run a script.
default: none
IncludePackages:
type: String
description: (Optional) Only update these named packages. By default ("all"),
all available updates are applied.
default: all
ExcludePackages:
type: String
description: (Optional) Names of packages to hold back from updates, under all
conditions. By default ("none"), no package is excluded.
default: none
lambdaFunctionName:
type: String
description: "(Required) The name of the lambda function. Default ('none') is
to not run a script."
default: Automation-UpdateSsmParam
mainSteps:
- name: launchInstance
action: aws:runInstances
maxAttempts: 5
timeoutSeconds: 1200
onFailure: Abort
inputs:
ImageId: "{{SourceAmiId}}"
InstanceType: "{{InstanceType}}"
SubnetId: "{{ SubnetId }}"
UserData: IyEvYmluL2Jhc2gNCg0KZnVuY3Rpb24gZ2V0X2NvbnRlbnRzKCkgew0KICAgIGlmIFsgLXggIiQod2hpY2ggY3VybCkiIF07IHRoZW4NCiAgICAgICAgY3VybCAtcyAtZiAiJDEiDQogICAgZWxpZiBbIC14ICIkKHdoaWNoIHdnZXQpIiBdOyB0aGVuDQogICAgICAgIHdnZXQgIiQxIiAtTyAtDQogICAgZWxzZQ0KICAgICAgICBkaWUgIk5vIGRvd25sb2FkIHV0aWxpdHkgKGN1cmwsIHdnZXQpIg0KICAgIGZpDQp9DQoNCnJlYWRvbmx5IElERU5USVRZX1VSTD0iaHR0cDovLzE2OS4yNTQuMTY5LjI1NC8yMDE2LTA2LTMwL2R5bmFtaWMvaW5zdGFuY2UtaWRlbnRpdHkvZG9jdW1lbnQvIg0KcmVhZG9ubHkgVFJVRV9SRUdJT049JChnZXRfY29udGVudHMgIiRJREVOVElUWV9VUkwiIHwgYXdrIC1GXCIgJy9yZWdpb24vIHsgcHJpbnQgJDQgfScpDQpyZWFkb25seSBERUZBVUxUX1JFR0lPTj0idXMtZWFzdC0xIg0KcmVhZG9ubHkgUkVHSU9OPSIke1RSVUVfUkVHSU9OOi0kREVGQVVMVF9SRUdJT059Ig0KDQpyZWFkb25seSBTQ1JJUFRfTkFNRT0iYXdzLWluc3RhbGwtc3NtLWFnZW50Ig0KIFNDUklQVF9VUkw9Imh0dHBzOi8vYXdzLXNzbS1kb3dubG9hZHMtJFJFR0lPTi5zMy5hbWF6b25hd3MuY29tL3NjcmlwdHMvJFNDUklQVF9OQU1FIg0KDQppZiBbICIkUkVHSU9OIiA9ICJjbi1ub3J0aC0xIiBdOyB0aGVuDQogIFNDUklQVF9VUkw9Imh0dHBzOi8vYXdzLXNzbS1kb3dubG9hZHMtJFJFR0lPTi5zMy5jbi1ub3J0aC0xLmFtYXpvbmF3cy5jb20uY24vc2NyaXB0cy8kU0NSSVBUX05BTUUiDQpmaQ0KDQppZiBbICIkUkVHSU9OIiA9ICJ1cy1nb3Ytd2VzdC0xIiBdOyB0aGVuDQogIFNDUklQVF9VUkw9Imh0dHBzOi8vYXdzLXNzbS1kb3dubG9hZHMtJFJFR0lPTi5zMy11cy1nb3Ytd2VzdC0xLmFtYXpvbmF3cy5jb20vc2NyaXB0cy8kU0NSSVBUX05BTUUiDQpmaQ0KDQpjZCAvdG1wDQpGSUxFX1NJWkU9MA0KTUFYX1JFVFJZX0NPVU5UPTMNClJFVFJZX0NPVU5UPTANCg0Kd2hpbGUgWyAkUkVUUllfQ09VTlQgLWx0ICRNQVhfUkVUUllfQ09VTlQgXSA7IGRvDQogIGVjaG8gQVdTLVVwZGF0ZUxpbnV4QW1pOiBEb3dubG9hZGluZyBzY3JpcHQgZnJvbSAkU0NSSVBUX1VSTA0KICBnZXRfY29udGVudHMgIiRTQ1JJUFRfVVJMIiA+ICIkU0NSSVBUX05BTUUiDQogIEZJTEVfU0laRT0kKGR1IC1rIC90bXAvJFNDUklQVF9OQU1FIHwgY3V0IC1mMSkNCiAgZWNobyBBV1MtVXBkYXRlTGludXhBbWk6IEZpbmlzaGVkIGRvd25sb2FkaW5nIHNjcmlwdCwgc2l6ZTogJEZJTEVfU0laRQ0KICBpZiBbICRGSUxFX1NJWkUgLWd0IDAgXTsgdGhlbg0KICAgIGJyZWFrDQogIGVsc2UNCiAgICBpZiBbWyAkUkVUUllfQ09VTlQgLWx0IE1BWF9SRVRSWV9DT1VOVCBdXTsgdGhlbg0KICAgICAgUkVUUllfQ09VTlQ9JCgoUkVUUllfQ09VTlQrMSkpOw0KICAgICAgZWNobyBBV1MtVXBkYXRlTGludXhBbWk6IEZpbGVTaXplIGlzIDAsIHJldHJ5Q291bnQ6ICRSRVRSWV9DT1VOVA0KICAgIGZpDQogIGZpIA0KZG9uZQ0KDQppZiBbICRGSUxFX1NJWkUgLWd0IDAgXTsgdGhlbg0KICBjaG1vZCAreCAiJFNDUklQVF9OQU1FIg0KICBlY2hvIEFXUy1VcGRhdGVMaW51eEFtaTogUnVubmluZyBVcGRhdGVTU01BZ2VudCBzY3JpcHQgbm93IC4uLi4NCiAgLi8iJFNDUklQVF9OQU1FIiAtLXJlZ2lvbiAiJFJFR0lPTiINCmVsc2UNCiAgZWNobyBBV1MtVXBkYXRlTGludXhBbWk6IFVuYWJsZSB0byBkb3dubG9hZCBzY3JpcHQsIHF1aXR0aW5nIC4uLi4NCmZp
MinInstanceCount: 1
MaxInstanceCount: 3
IamInstanceProfileName: "{{InstanceIamRole}}"
- name: updateOSSoftware
action: aws:runCommand
maxAttempts: 3
timeoutSeconds: 3600
onFailure: Abort
inputs:
DocumentName: AWS-RunShellScript
InstanceIds:
- "{{launchInstance.InstanceIds}}"
Parameters:
commands:
- set -e
- '[ -x "$(which wget)" ] && get_contents=''wget $1 -O -'''
- '[ -x "$(which curl)" ] && get_contents=''curl -s -f $1'''
- eval $get_contents https://aws-ssm-downloads-{{global:REGION}}.s3.amazonaws.com/scripts/aws-update-linux-instance
> /tmp/aws-update-linux-instance
- chmod +x /tmp/aws-update-linux-instance
- "/tmp/aws-update-linux-instance --pre-update-script '{{PreUpdateScript}}'
--post-update-script '{{PostUpdateScript}}' --include-packages '{{IncludePackages}}'
--exclude-packages '{{ExcludePackages}}' 2>&1 | tee /tmp/aws-update-linux-instance.log"
- name: installCustomizations
action: aws:runCommand
maxAttempts: 3
timeoutSeconds: 600
onFailure: Abort
inputs:
DocumentName: AWS-RunShellScript
InstanceIds:
- "{{launchInstance.InstanceIds}}"
Parameters:
commands:
- curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- rpm -ivh epel-release-latest-7.noarch.rpm
- yum -y install httpd
- systemctl enable httpd
- systemctl restart httpd
- sudo yum --enablerepo=epel install -y clamav
- yum-config-manager --disable epel
- cat /etc/motd >> /var/www/html/index.html
- echo 'Welcome' >> /var/www/html/index.html
- cat > /etc/motd <<- EOF
- " __ __ _ _ _ _ "
- " /\\ | \\/ (_) /\\ | | | | (_) "
- " / \\ | \\ / |_ / \\ _ _| |_ ___ _ __ ___ __ _| |_ _ ___
\ _ __ "
- " / /\\ \\ | |\\/| | | / /\\ \\| | | | __/ _ \\| '_ ` _ \\ / _` | __|
|/ _ \\| '_ \\ "
- " / ____ \\| | | | | / ____ \\ |_| | || (_) | | | | | | (_| | |_| | (_)
| | | |"
- " /_/ \\_\\_| |_|_| /_/ \\_\\__,_|\\__\\___/|_| |_| |_|\\__,_|\\__|_|\\___/|_|
|_|"
- " "
- " "
- EOF
- name: installInspectorAgent
action: aws:runCommand
maxAttempts: 3
timeoutSeconds: 600
onFailure: Abort
inputs:
DocumentName: AmazonInspector-ManageAWSAgent
InstanceIds:
- "{{launchInstance.InstanceIds}}"
Parameters:
Operation: Install
- name: installUnifiedCloudWatchAgent
action: aws:runCommand
maxAttempts: 3
timeoutSeconds: 600
onFailure: Abort
inputs:
DocumentName: AWS-ConfigureAWSPackage
InstanceIds:
- "{{launchInstance.InstanceIds}}"
Parameters:
name: AmazonCloudWatchAgent
action: Install
- name: stopInstance
action: aws:changeInstanceState
maxAttempts: 3
timeoutSeconds: 1200
onFailure: Abort
inputs:
InstanceIds:
- "{{launchInstance.InstanceIds}}"
DesiredState: stopped
- name: createImage
action: aws:createImage
maxAttempts: 3
onFailure: Abort
inputs:
InstanceId: "{{launchInstance.InstanceIds}}"
ImageName: "{{TargetAmiName}}"
NoReboot: true
ImageDescription: AMI Generated by EC2 Automation on {{global:DATE_TIME}} from
{{SourceAmiId}}
- name: createEncryptedCopy
action: aws:copyImage
maxAttempts: 3
onFailure: Abort
inputs:
SourceImageId: "{{createImage.ImageId}}"
SourceRegion: "{{global:REGION}}"
ImageName: Encrypted-{{TargetAmiName}}
ImageDescription: Encrypted GoldenAMI by SSM Automation on {{global:DATE_TIME}}
from source AMI {{createImage.ImageId}}
Encrypted: true
- name: createTagsForEncryptedImage
action: aws:createTags
maxAttempts: 1
onFailure: Continue
inputs:
ResourceType: EC2
ResourceIds:
- "{{createEncryptedCopy.ImageId}}"
Tags:
- Key: Automation-Id
Value: "{{automation:EXECUTION_ID}}"
- Key: Owner
Value: Mystique
- Key: SourceAMI
Value: "{{SourceAmiId}}"
- Key: Amazon-Inspector
Value: 'true'
- Key: Amazon-SSM
Value: 'true'
- Key: Encrypted
Value: 'true'
- name: updateSsmParam
action: aws:invokeLambdaFunction
timeoutSeconds: 1200
maxAttempts: 1
onFailure: Abort
inputs:
FunctionName: Automation-UpdateSsmParam
Payload: '{"parameterName":"/GoldenAMI/Linux/RedHat-7/latest", "parameterValue":"{{createEncryptedCopy.ImageId}}"}'
- name: terminateInstance
action: aws:changeInstanceState
maxAttempts: 3
onFailure: Continue
inputs:
InstanceIds:
- "{{launchInstance.InstanceIds}}"
DesiredState: terminated
- name: deleteUnEcryptedImage
action: aws:deleteImage
maxAttempts: 3
timeoutSeconds: 180
onFailure: Abort
inputs:
ImageId: "{{createImage.ImageId}}"
outputs:
- createImage.ImageId
我希望它能够在 AWS SSM 中运行并创建参数存储和文档。
最佳答案
您上面粘贴的代码是Systems Manager (SSM) document而不是 CloudFormation 模板。这就是 CF 提示模板格式错误的原因。
与CloudFormation模板类似,SSM文档支持JSON和YAML格式。
正如您从 README description 中看到的那样在同一个 GitHub 存储库中,JSON 文件用于创建 SSM 文档。
关于amazon-web-services - 使用 cloudform 模板的 AWS Systems Manager,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57704930/
24
4
0
I have created a hybrid activation and then setup an ssm agent on my on-premise windows system.我创
我对 python/django 编程很陌生,因为我没有编程背景。我正在在线上课,我只想确切地知道 manage.py 文件的作用。我试过用谷歌搜索它,但除了在 django-admin.py 周围放
我的 DependancyInject 存在结构问题。 情况 我正在为基于体素的游戏创建服务器;它是完全调制的,但相关模块有以下3个。 NetworkModule(发送和接收数据包)WorldModu
关闭。这个问题不满足Stack Overflow guidelines .它目前不接受答案。 想改善这个问题吗?更新问题,使其成为 on-topic对于堆栈溢出。 5年前关闭。 Improve thi
上 Docker正在编写的网站: The MANAGER STATUS column shows node participation in the Raft consensus: No value
我正在尝试使用发布管理作为构建版本的工具,但我很难理解码件、工具和操作之间的真正区别。有人可以分解这三个概念之间的差异以及它们如何相互配合吗? 最佳答案 由于它适用于基于代理的版本: 工具旨在提供自定
当尝试在远程环境中在 pycharm 中执行“run manage.py Task...”时,出现以下错误: ssh://vagrant@127.0.0.1:2222/home/vagrant/.vi
在过去的 48 小时里,我一直在努力解决这个问题,这让我发疯了。 我的 SDK Manager.exe 闪烁一个 cmd 屏幕并在不到一秒内关闭。 经过多方搜索,我终于在调整android.bat并以
我在 this tutorial 之后创建了以下自定义管理命令. from django.core.management.base import BaseCommand, CommandError f
我在一家拥有 2,500 多名员工和同样多的 Android 智能手机的非营利组织工作。 近年来,我们测试了许多 EMM 产品。尽管我们只需要一些非常基本的功能,除了一两个特殊功能,但没有一个能真正赢
我已经在我的网站上安装了 Google 标签管理器,但自从新版本的 Google 标签管理器以来,我无法使用预览选项。每次我点击它时,我都会看到我的网站页面打开,但随后出现以下错误:“Tag Assi
我是 django 的新手,并创建了一个与教程中描述的民意调查网站没有太大区别的应用程序。 在网站上我得到: Exception Type: TemplateSyntaxError Exception
https://cloud.google.com/deployment-manager/docs/configuration/templates/create-basic-template 我可以像这
我们正在使用 Microsoft 的发布管理将我们的 Web 应用程序部署到我们的测试环境 (QA)。它是一个直接的 MVC.Net Web 应用程序。我们的构建生成一个 web 部署包,我们有一个命
我想将 python manage.py 缩短为 ./manage.py。 这可能很简单,但我找不到答案。我在有关 django 的问题的答案之一中看到了一步一步的方法,但我没有记住。尝试在 stac
我想将 python manage.py 缩短为 ./manage.py。 这可能很简单,但我找不到答案。我在有关 django 的问题的答案之一中看到了一步一步的方法,但我没有记住。尝试在 stac
我正在使用安装了 SQL Server Data Tools 的 VS 2012。我有一个 ADO NET 源,它使用 .Net Providers\MySQL 数据提供程序,并试图将一些数据推送到
根据我从文档中阅读的内容 https://developer.android.com/topic/libraries/architecture/workmanager , 它说: The task i
这两个类显然是相关的。 SupportFragmentManager 是否用于使用 FragmentTransaction 生成的 Fragments,而“常规”FragmentManager 专门用
我有一个桌子经理(经理ID、姓名、地址、城市、电话)。如果多个经理来自同一城市,我必须显示城市、姓名和电话详细信息。我的代码是:。但这向我展示了第一行中的一个错误,即“不是按表达式分组”。请救救我!
我是一名优秀的程序员,十分优秀!