我试图让我的 cloudformation 文件在部署 EC2 实例后触发一些命令。
AWSTemplateFormatVersion: 2010-09-09
Description: Reports
Parameters:
AmiID:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Description: "The ID of the AMI."
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
Resources:
WebAppInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmiID
InstanceType: t2.micro
SecurityGroupIds:
- !Ref WebAppSecurityGroup
UserData:
'Fn::Base64': |-
#!/usr/bin/env bash
curl -O https://bootstrap.pypa.io/get-pip.py
python3 get-pip.py --user
pip install Flask
aws s3 sync s3://project-pi-reports-codepipeline-bucket/ /home/ec2-user/project-pi-reports
set FLASK_APP=hello
flask run /home/ec2-user/project-pi-reports
IamInstanceProfile:
Ref: ListS3BucketsInstanceProfile
ListS3BucketsInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- Ref: ListS3BucketsRole
ListS3BucketsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
ListS3BucketsPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: ListS3BucketsPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:*
Resource: "*"
Roles:
- Ref: ListS3BucketsRole
WebAppSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Join ["-", [webapp-security-group, dev]]
GroupDescription: "Allow HTTP/HTTPS and SSH inbound and outbound traffic"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 5000
ToPort: 5000
CidrIp: 0.0.0.0/0
WebAppEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref WebAppInstance
Tags:
- Key: Name
Value: !Join ["-", [webapp-eip, dev]]
Outputs:
WebsiteURL:
Value: !Sub http://${WebAppEIP}
Description: WebApp URL我基本上想要的是,一旦通过 CodePipeline 更新 EC2 实例,从 s3 下载最新文件,然后启动烧瓶服务器。
我已将这些行添加到我的 cloudformation 文件中,在 UserData 下,但它仅在第一次创建实例时运行,而不是在触发堆栈更新时运行。
有什么办法,我可以让这些命令在每次更新时运行?
回答1
它只在第一次创建实例时运行,而不是在触发堆栈更新时运行。
是的。这就是 UserData 的工作原理。但是,如果您可以在 pipeline 中的每次更新后重新启动实例,则可以按照 https://aws.amazon.com/premiumsupport/knowledge-center/execute-user-data-ec2/ 中的说明让 UserData 在每次重新启动时运行。
有什么办法,我可以让这些命令在每次更新时运行?
是的。这通常由 https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html 完成,这将是您的 CI/CD pipeline 的一部分。或者,在您的 pipeline 中,您可以使用 https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html 在您的实例上运行任意代码。当然,这也需要添加到您的 pipeline 中。