gpt4 book ai didi

aws-cloudformation - 如何在我的 Cloudformation 模板中更改 ECS 集群的启动类型?

转载 作者:行者123 更新时间:2023-12-03 07:39:18 24 4
gpt4 key购买 nike

我有一个 Cloudformation 模板,用于创建 ECS (Fargate) 类型集群、服务和其他必需资源。现在我想将 ECS 类型从 Fargate 更改为 EC2 启动类型。这是我的云信息模板:

AWSTemplateFormatVersion: 2010-09-09
Description: The CloudFormation template for the Fargate ECS Cluster.

Parameters:
Stage:
Type: String
ContainerPort:
Type: Number
ImageURI:
Type: String

Resources:

# Create an ECS Cluster
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'Cluster']]

# Create a VPC
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.10.0.0/16
EnableDnsHostnames: True
EnableDnsSupport: True

# Create a Subnet
SubnetA:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.10.1.0/24
VpcId: !Ref VPC
AvailabilityZone: !Join ['', [!Ref "AWS::Region", 'a']]

# Create a Subnet
SubnetB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.10.2.0/24
VpcId: !Ref VPC
AvailabilityZone: !Join ['', [!Ref "AWS::Region", 'b']]

# Create a route table to allow access to internet
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC

# Create a Route to allow access to internet using an internet gateway
PublicRoute:
Type: AWS::EC2::Route
DependsOn: VPCInternetGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway

# Attach Public Route to SubnetA
SubnetAPublicRouteAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref SubnetA

# Attach Public Route to SubnetB
SubnetBPublicRouteAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref SubnetB

# Create an Internet Gateway
InternetGateway:
Type: AWS::EC2::InternetGateway

# Attach the internet gateway to the VPC
VPCInternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC

# Create Access Role for ECS-Tasks
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'ExecutionRole']]
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'

# Create a TaskDefinition with container details
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Memory: 1024
Cpu: 512
NetworkMode: awsvpc
RequiresCompatibilities:
- 'FARGATE'
TaskRoleArn: !Ref ExecutionRole
ExecutionRoleArn: !Ref ExecutionRole
ContainerDefinitions:
- Name: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'Container']]
Image: !Ref ImageURI
PortMappings:
- ContainerPort: !Ref ContainerPort
HostPort: !Ref ContainerPort

# Creat a security group for load balancer and open port 80 in bound from internet
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'LoadBalancerSecurityGroup']]
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0

# Creat a security group for Containers and open in bound Container port from Load balancer security group to the Container
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'ContainerSecurityGroup']]
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: !Ref ContainerPort
ToPort: !Ref ContainerPort
SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup

# Create a LoadBalancer and attach the Security group and Subnets
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Name: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'LoadBalancer']]
Scheme: internet-facing
SecurityGroups:
- !Ref LoadBalancerSecurityGroup
Subnets:
- !Ref SubnetA
- !Ref SubnetB
Type: application

# Create a TargetGroup for HTTP port 80
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'TargetGroup']]
Port: 80
Protocol: HTTP
TargetType: ip
VpcId: !Ref VPC

# Create a LoadBalancerListener and attach the TargetGroup and LoadBalancer
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref TargetGroup
Type: forward
LoadBalancerArn: !Ref LoadBalancer
Port: 80
Protocol: HTTP

# Create an ECS Service and add created Cluster, TaskDefintion, Subnets, TargetGroup and SecurityGroup
ECSService:
Type: AWS::ECS::Service
DependsOn: LoadBalancerListener
Properties:
ServiceName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'ECSService']]
Cluster: !Ref Cluster
TaskDefinition: !Ref TaskDefinition
DesiredCount: 2
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- !Ref SubnetA
- !Ref SubnetB
SecurityGroups:
- !Ref ContainerSecurityGroup
LoadBalancers:
- ContainerName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'Container']]
ContainerPort: !Ref ContainerPort
TargetGroupArn: !Ref TargetGroup

有人可以指导我必须在此模板中进行哪些更改才能转换为 EC2 类型吗?我是云信息新手,我真的不知道该怎么做。我无法使用任何其他模板,因为此 Cloudformation 链接到另一个 cloudformation 堆栈。其实我正在关注this tutorial并且有 Fargate 类型,但我想要 EC2 启动类型。

最佳答案

最主要的是 LaunchType: FARGATE 需要更改为 LaunchType: EC2

第二件大事是,您需要将 EC2 资源添加到集群中才能完成您的任务(使用 Fargate 您不需要这样做,但如果您选择使用 EC2 启动类型,您必须有一个具有 EC2 实例的集群)。

第三,您可能需要将 EC2 添加到任务定义的兼容性部分:

      RequiresCompatibilities:
- 'FARGATE'
- 'EC2'

第四,为任务分配公共(public) IP (AssignPublicIp: ENABLED) 并不是最佳实践,而且它实际上不适用于 EC2 启动类型(例如,请参阅 here)。您应该禁用此功能,但这意味着您需要将 NAT GW 添加到您的 VPC,以便您的任务能够访问 Internet(并从 ECR 获取容器镜像)。另一种选择是 add ECR private endpoints到您的 VPC 以避免互联网“长途”。

可能还有其他事情需要调整,但这些是最大的。

PS 为什么出于好奇而需要迁移到 EC2?

关于aws-cloudformation - 如何在我的 Cloudformation 模板中更改 ECS 集群的启动类型?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73898659/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com