本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
在 “操作建议” 页面中选择 “创建 CloudFormation AWS CloudFormation 模板” 后, AWS Resilience Hub 创建一个描述应用程序的特定警报、标准操作程序 (SOP) 或 AWS FIS 实验的模板。 AWS CloudFormation 模板存储在 Amazon S3 存储桶中,您可以在操作建议页面的模板详细信息选项卡中查看模板的 S3 路径。
例如,下面的列表显示了一个 JSON 格式的 AWS CloudFormation 模板,该模板描述了由提供的警报建议。 AWS Resilience Hub这是名为 Employees
的 DynamoDB 表的读取限制警报。
模板的 Resources
部分描述了 DynamoDB 表的读取限制事件数量超过 1 时激活的 AWS::CloudWatch::Alarm
警报。这两个AWS::SSM::Parameter
资源定义了元数据,这些元数据 AWS Resilience Hub 允许在不扫描实际应用程序的情况下识别已安装的资源。
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters" : {
"SNSTopicARN" : {
"Type" : "String",
"Description" : "The ARN of the Amazon SNS topic to which alarm status changes are to be sent. This must be in the same Region being deployed.",
"AllowedPattern" : "^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):sns:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{1,256}$"
}
},
"Resources" : {
"ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm" : {
"Type" : "AWS::CloudWatch::Alarm",
"Properties" : {
"AlarmDescription" : "An Alarm by AWS Resilience Hub that alerts when the number of read-throttle events are greater than 1.",
"AlarmName" : "ResilienceHub-ReadThrottleEventsAlarm-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9",
"AlarmActions" : [ {
"Ref" : "SNSTopicARN"
} ],
"MetricName" : "ReadThrottleEvents",
"Namespace" : "AWS/DynamoDB",
"Statistic" : "Sum",
"Dimensions" : [ {
"Name" : "TableName",
"Value" : "Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9"
} ],
"Period" : 60,
"EvaluationPeriods" : 1,
"DatapointsToAlarm" : 1,
"Threshold" : 1,
"ComparisonOperator" : "GreaterThanOrEqualToThreshold",
"TreatMissingData" : "notBreaching",
"Unit" : "Count"
},
"Metadata" : {
"AWS::ResilienceHub::Monitoring" : {
"recommendationId" : "dynamodb:alarm:health-read_throttle_events:2020-04-01"
}
}
},
"dynamodbalarmhealthreadthrottleevents20200401EmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9AlarmSSMParameter" : {
"Type" : "AWS::SSM::Parameter",
"Properties" : {
"Name" : "/ResilienceHub/Alarm/3f904525-4bfa-430f-96ef-58ec9b19aa73/dynamodb-alarm-health-read-throttle-events-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9",
"Type" : "String",
"Value" : {
"Fn::Sub" : "${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}"
},
"Description" : "SSM Parameter for identifying installed resources."
}
},
"dynamodbalarmhealthreadthrottleevents20200401EmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9AlarmInfoSSMParameter" : {
"Type" : "AWS::SSM::Parameter",
"Properties" : {
"Name" : "/ResilienceHub/Info/Alarm/3f904525-4bfa-430f-96ef-58ec9b19aa73/dynamodb-alarm-health-read-throttle-events-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9",
"Type" : "String",
"Value" : {
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
},
"Description" : "SSM Parameter for identifying installed resources."
}
}
}
}
修改 AWS CloudFormation 模板
要将警报、SOP 或 AWS FIS 资源集成到主应用程序中,最简单的方法就是将其作为另一个资源添加到描述您的应用程序模板的模板中。下面提供的 JSON 格式文件提供了模板中如何描述 DynamoDB 表的基本概述。 AWS CloudFormation 一个真实的应用程序可能还会包含更多资源,例如额外的表。
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00.000Z",
"Description": "Application Stack with Employees Table",
"Outputs": {
"DynamoDBTable": {
"Description": "The DynamoDB Table Name",
"Value": {"Ref": "Employees"}
}
},
"Resources": {
"Employees": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"BillingMode": "PAY_PER_REQUEST",
"AttributeDefinitions": [
{
"AttributeName": "USER_ID",
"AttributeType": "S"
},
{
"AttributeName": "RANGE_ATTRIBUTE",
"AttributeType": "S"
}
],
"KeySchema": [
{
"AttributeName": "USER_ID",
"KeyType": "HASH"
},
{
"AttributeName": "RANGE_ATTRIBUTE",
"KeyType": "RANGE"
}
],
"PointInTimeRecoverySpecification": {
"PointInTimeRecoveryEnabled": true
},
"Tags": [
{
"Key": "Key",
"Value": "Value"
}
],
"LocalSecondaryIndexes": [
{
"IndexName": "resiliencehub-index-local-1",
"KeySchema": [
{
"AttributeName": "USER_ID",
"KeyType": "HASH"
},
{
"AttributeName": "RANGE_ATTRIBUTE",
"KeyType": "RANGE"
}
],
"Projection": {
"ProjectionType": "ALL"
}
}
],
"GlobalSecondaryIndexes": [
{
"IndexName": "resiliencehub-index-1",
"KeySchema": [
{
"AttributeName": "USER_ID",
"KeyType": "HASH"
}
],
"Projection": {
"ProjectionType": "ALL"
}
}
]
}
}
}
}
要允许在应用程序中部署警报资源,您现在需要将硬编码资源替换为应用程序堆栈中的动态引用。
因此,在 AWS::CloudWatch::Alarm
资源定义中,将以下内容:
"Value" : "Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9"
更改为:
"Value" : {"Ref": "Employees"}
在 AWS::SSM::Parameter
资源定义下,将以下内容:
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededDynamoDBEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
更改为:
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"${Employees}\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
在修改 SOPs 和 AWS FIS 实验的 AWS CloudFormation 模板时,您将采用相同的方法,将硬编码参考 IDs 替换为即使在硬件更改后仍能继续工作的动态引用。
通过使用对 DynamoDB 表的引用,您可以执行以下 AWS CloudFormation 操作:
-
首先创建数据库表。
-
始终在警报中使用生成的资源的实际 ID,如果 AWS CloudFormation 需要替换资源,则动态更新警报。
注意
您可以选择更高级的方法来管理应用程序资源, AWS CloudFormation 例如嵌套堆栈或引用单独 AWS CloudFormation 堆栈中的资源输出。(但是,如果要将建议堆栈与主堆栈分开,则需要配置一种在两个堆栈之间传递信息的方式。)
此外,第三方工具(例如 Terraform by HashiCorp)也可用于配置基础设施即代码 (IaC)。