环境 CloudFormation IaC 文件参数详细信息和示例 - AWS Proton

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

环境 CloudFormation IaC 文件参数详细信息和示例

您可以在环境基础设施即代码 (IaC) 文件中定义和引用参数。有关参数、参数类型、 AWS Proton 参数命名空间以及如何在 IaC 文件中使用参数的详细说明,请参阅AWS Proton 参数

定义环境参数

您可以为环境 IaC 文件定义输入和输出参数。

  • 输入参数 - 在架构文件中定义环境输入参数。

    以下列表包括典型使用案例的环境输入参数示例。

    • VPC CIDR 值

    • 负载均衡器设置

    • 数据库设置

    • 运行状况检查超时

    作为管理员,您可以在创建环境时提供输入参数的值:

    • 使用控制台填写基于架构的表单,该 AWS Proton 表单提供了。

    • 使用 CLI 提供包含这些值的规范。

  • 输出参数 - 在环境 IaC 文件中定义环境输出。然后,您可以在其他资源的 IaC 文件中引用这些输出。

读取环境 IaC 文件中的参数值

您可以在环境 IaC 文件中读取与环境相关的参数。您可以引用 AWS Proton 参数命名空间中的参数名称以读取参数值。

  • 输入参数 - 引用 environment.inputs.input-name 以读取环境输入值。

  • 资源参数-通过引用名称来读取 AWS Proton 资源参数,environment.name例如。

注意

无法在环境 IaC 文件中使用其他资源的输出参数。

包含参数的示例环境和服务 IaC 文件

以下示例说明了环境 IaC 文件中的参数定义和引用。然后,该示例说明了如何在服务 IaC 文件中引用环境 IaC 文件中定义的环境输出参数。

例 环境 CloudFormation IaC 文件

在该示例中,请注意以下事项:

  • environment.inputs. 命名空间引用环境输入参数。

  • Amazon EC2 Systems Manager (SSM) 参数 StoreInputValue 串联环境输入。

  • MyEnvParameterValue 输出公开与输出参数相同的输入参数串联。三个额外的输出参数也单独公开输入参数。

  • 6 个额外的输出参数公开环境预置的资源。

Resources: StoreInputValue: Type: AWS::SSM::Parameter Properties: Type: String Value: "{{ environment.inputs.my_sample_input }} {{ environment.inputs.my_other_sample_input}} {{ environment.inputs.another_optional_input }}" # input parameter references # These output values are available to service infrastructure as code files as outputs, when given the # the 'environment.outputs' namespace, for example, service_instance.environment.outputs.ClusterName. Outputs: MyEnvParameterValue: # output definition Value: !GetAtt StoreInputValue.Value MySampleInputValue: # output definition Value: "{{ environment.inputs.my_sample_input }}" # input parameter reference MyOtherSampleInputValue: # output definition Value: "{{ environment.inputs.my_other_sample_input }}" # input parameter reference AnotherOptionalInputValue: # output definition Value: "{{ environment.inputs.another_optional_input }}" # input parameter reference ClusterName: # output definition Description: The name of the ECS cluster Value: !Ref 'ECSCluster' # provisioned resource ECSTaskExecutionRole: # output definition Description: The ARN of the ECS role Value: !GetAtt 'ECSTaskExecutionRole.Arn' # provisioned resource VpcId: # output definition Description: The ID of the VPC that this stack is deployed in Value: !Ref 'VPC' # provisioned resource PublicSubnetOne: # output definition Description: Public subnet one Value: !Ref 'PublicSubnetOne' # provisioned resource PublicSubnetTwo: # output definition Description: Public subnet two Value: !Ref 'PublicSubnetTwo' # provisioned resource ContainerSecurityGroup: # output definition Description: A security group used to allow Fargate containers to receive traffic Value: !Ref 'ContainerSecurityGroup' # provisioned resource
例 服务 CloudFormation IaC 文件

environment.outputs. 命名空间引用环境 IaC 文件的环境输出。例如,名称 environment.outputs.ClusterName 读取 ClusterName 环境输出参数的值。

AWSTemplateFormatVersion: '2010-09-09' Description: Deploy a service on AWS Fargate, hosted in a public subnet, and accessible via a public load balancer. Mappings: TaskSize: x-small: cpu: 256 memory: 512 small: cpu: 512 memory: 1024 medium: cpu: 1024 memory: 2048 large: cpu: 2048 memory: 4096 x-large: cpu: 4096 memory: 8192 Resources: # A log group for storing the stdout logs from this service's containers LogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: '{{service_instance.name}}' # resource parameter # The task definition. This is a simple metadata description of what # container to run, and what resource requirements it has. TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: '{{service_instance.name}}' # resource parameter Cpu: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, cpu] # input parameter Memory: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, memory] NetworkMode: awsvpc RequiresCompatibilities: - FARGATE ExecutionRoleArn: '{{environment.outputs.ECSTaskExecutionRole}}' # output reference to an environment infrastructure code file TaskRoleArn: !Ref "AWS::NoValue" ContainerDefinitions: - Name: '{{service_instance.name}}' # resource parameter Cpu: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, cpu] Memory: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, memory] Image: '{{service_instance.inputs.image}}' PortMappings: - ContainerPort: '{{service_instance.inputs.port}}' # input parameter LogConfiguration: LogDriver: 'awslogs' Options: awslogs-group: '{{service_instance.name}}' # resource parameter awslogs-region: !Ref 'AWS::Region' awslogs-stream-prefix: '{{service_instance.name}}' # resource parameter # The service_instance. The service is a resource which allows you to run multiple # copies of a type of task, and gather up their logs and metrics, as well # as monitor the number of running tasks and replace any that have crashed Service: Type: AWS::ECS::Service DependsOn: LoadBalancerRule Properties: ServiceName: '{{service_instance.name}}' # resource parameter Cluster: '{{environment.outputs.ClusterName}}' # output reference to an environment infrastructure as code file LaunchType: FARGATE DeploymentConfiguration: MaximumPercent: 200 MinimumHealthyPercent: 75 DesiredCount: '{{service_instance.inputs.desired_count}}'# input parameter NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: ENABLED SecurityGroups: - '{{environment.outputs.ContainerSecurityGroup}}' # output reference to an environment infrastructure as code file Subnets: - '{{environment.outputs.PublicSubnetOne}}' # output reference to an environment infrastructure as code file - '{{environment.outputs.PublicSubnetTwo}}' # output reference to an environment infrastructure as code file TaskDefinition: !Ref 'TaskDefinition' LoadBalancers: - ContainerName: '{{service_instance.name}}' # resource parameter ContainerPort: '{{service_instance.inputs.port}}' # input parameter TargetGroupArn: !Ref 'TargetGroup' [...]