本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Data Lifecycle Manager 指令碼前後的其他使用案例
除了使用前置和後置指令碼來自動執行應用程式一致快照之外,您也可以同時或分別使用前置和後置指令碼,以便在建立快照之前或之後自動執行其他管理工作。例如:
-
使用前置指令碼以在建立快照前套用修補程式。這可協助您在套用每週或每月定期軟體更新後建立快照。
注意
如果您選擇僅執行前置指令碼,預設情況下會啟用預設為當機一致快照。
-
使用後置指令碼以在建立快照後套用修補程式。這可協助您在套用每週或每月定期軟體更新前建立快照。
開始使用其他使用案例
本節說明若要在應用程式一致快照以外的使用案例中使用前置和/或後置指令碼,您需要執行的步驟。
為前置和/或後置指令碼準備目標執行個體
-
如果尚未安裝SSM代理程式,請在目標執行個體上安裝代理程式。如果SSM代理程式已安裝在您的目標執行個體上,請略過此步驟。
-
(Linux 執行個體) 在 Linux 的 Amazon EC2執行個體上手動安裝 SSM Agent
-
(Windows 執行個體) 在 Windows 的 Amazon EC2執行個體上手動安裝SSM代理程式
-
-
確保SSM代理程式正在執行。如需詳細資訊,請參閱檢查SSM客服人員狀態和啟動客服人員 。
-
為 Amazon EC2執行個體設定 Systems Manager。如需詳細資訊,請參閱 AWS Systems Manager 使用者指南 中的為 Amazon EC2執行個體設定 Systems Manager。
您必須建立SSM命令文件,其中包含包含要執行之命令的前置和/或後置指令碼。
您可以使用下方的空白SSM文件範本建立文件,並在適當的SSM文件區段中新增指令碼前和後命令。
注意下列事項:
-
您有責任確保SSM文件為您的工作負載執行正確且必要的動作。
-
SSM 文件必須包含 的必要欄位
allowedValues,包括pre-script、post-script和dry-run。Amazon Data Lifecycle Manager 會根據這些區段的內容,在執行個體上執行命令。如果您的SSM文件沒有這些區段,Amazon Data Lifecycle Manager 會將文件視為執行失敗。
###===============================================================================### # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # Permission is hereby granted, free of charge, to any person obtaining a copy of this # software and associated documentation files (the "Software"), to deal in the Software # without restriction, including without limitation the rights to use, copy, modify, # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ###===============================================================================### schemaVersion: '2.2' description: SSM Document Template for Amazon Data Lifecycle Manager Pre/Post script feature parameters: executionId: type: String default: None description: (Required) Specifies the unique identifier associated with a pre and/or post execution allowedPattern: ^(None|[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})$ command: # Data Lifecycle Manager will trigger the pre-script and post-script actions during policy execution. # 'dry-run' option is intended for validating the document execution without triggering any commands # on the instance. The following allowedValues will allow Data Lifecycle Manager to successfully # trigger pre and post script actions. type: String default: 'dry-run' description: (Required) Specifies whether pre-script and/or post-script should be executed. allowedValues: - pre-script - post-script - dry-run mainSteps: - action: aws:runShellScript description: Run Database freeze/thaw commands name: run_pre_post_scripts precondition: StringEquals: - platformType - Linux inputs: runCommand: - | #!/bin/bash ###===============================================================================### ### Error Codes ###===============================================================================### # The following Error codes will inform Data Lifecycle Manager of the type of error # and help guide handling of the error. # The Error code will also be emitted via AWS Eventbridge events in the 'cause' field. # 1 Pre-script failed during execution - 201 # 2 Post-script failed during execution - 202 # 3 Auto thaw occurred before post-script was initiated - 203 # 4 Pre-script initiated while post-script was expected - 204 # 5 Post-script initiated while pre-script was expected - 205 # 6 Application not ready for pre or post-script initiation - 206 ###===============================================================================### ### Global variables ###===============================================================================### START=$(date +%s) # For testing this script locally, replace the below with OPERATION=$1. OPERATION={{ command }} # Add all pre-script actions to be performed within the function below execute_pre_script() { echo "INFO: Start execution of pre-script" } # Add all post-script actions to be performed within the function below execute_post_script() { echo "INFO: Start execution of post-script" } # Debug logging for parameters passed to the SSM document echo "INFO: ${OPERATION} starting at $(date) with executionId: ${EXECUTION_ID}" # Based on the command parameter value execute the function that supports # pre-script/post-script operation case ${OPERATION} in pre-script) execute_pre_script ;; post-script) execute_post_script ;; dry-run) echo "INFO: dry-run option invoked - taking no action" ;; *) echo "ERROR: Invalid command parameter passed. Please use either pre-script, post-script, dry-run." exit 1 # return failure ;; esac END=$(date +%s) # Debug Log for profiling the script time echo "INFO: ${OPERATION} completed at $(date). Total runtime: $((${END} - ${START})) seconds."
注意
在下列情況中,需執行此步驟:
-
您可以使用自訂IAM角色建立或更新啟用指令碼的前後快照政策。
-
您可以使用命令列建立或更新使用預設值且已啟用前置/後置指令碼的快照政策。
如果您使用主控台建立或更新啟用指令碼的快照政策,該政策使用預設角色來管理快照 (AWSDataLifecycleManagerDefaultRole),請略過此步驟。在此情況下,我們會自動將AWSDataLifecycleManagerSSMFullAccess政策連接至該角色。
您必須確保用於政策IAM的角色授予 Amazon Data Lifecycle Manager 許可,以執行在政策目標執行個體上執行指令碼前和後所需的SSM動作。
Amazon Data Lifecycle Manager 提供包含必要許可的受管政策 (AWSDataLifecycleManagerSSMFullAccess)。您可以將此政策連接至您的IAM角色來管理快照,以確保它包含 許可。
重要
AWSDataLifecycleManagerSSMFullAccess 受管政策使用 aws:ResourceTag 條件索引鍵,限制使用指令碼前後存取特定SSM文件。若要允許 Amazon Data Lifecycle Manager 存取SSM文件,您必須確保您的SSM文件已標記 DLMScriptsAccess:true。
或者,您可以手動建立自訂政策,或直接將所需的許可指派給您使用IAM的角色。您可以使用受 AWSDataLifecycleManagerSSMFullAccess 管政策中定義的相同許可,但aws:ResourceTag條件索引鍵是選用的。如果您決定不使用該條件索引鍵,則不需要使用 標記SSM文件DLMScriptsAccess:true。
使用下列其中一種方法來將AWSDataLifecycleManagerSSMFullAccess政策新增至您的IAM角色。
