本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用 AWS Ground Station 代理程式 (寬頻) 的公有廣播衛星
此範例會建立在使用者指南的 JPSS-1-公共廣播衛星(PBS)-評估 區段中完成的分析。
若要完成此範例,您需要假設一個案例 -- 您想要以寬頻數位中頻 (DigIF) 的形式擷取HRD通訊路徑,並使用 處理 Amazon EC2執行個體上的 AWS Ground Station 代理程式接收到的通訊路徑SDR。
注意
實際JPSSHRD通訊路徑訊號的頻寬為 30 MHz,但您將設定天線下行組態,將其視為頻寬為 100 的訊號,MHz以便它可以流經 AWS Ground Station 客服人員在此範例中接收的正確路徑。
通訊路徑
本節代表 規劃您的資料流程通訊路徑 入門。在此範例中,您將需要 AWS CloudFormation 範本中尚未用於其他範例的另一個區段:映射區段。
注意
如需 AWS CloudFormation 範本內容的詳細資訊,請參閱範本章節。
首先,您需要在 AWS CloudFormation 範本中為依區域排列的 AWS Ground Station 字首清單設定映射區段。這可讓 Amazon EC2執行個體安全群組輕鬆參考字首清單。如需使用字首清單的詳細資訊,請參閱 VPC 使用 AWS Ground Station 客服人員進行組態。
Mappings: PrefixListId: us-east-2: groundstation: pl-087f83ba4f34e3bea us-west-2: groundstation: pl-0cc36273da754ebdc us-east-1: groundstation: pl-0e5696d987d033653 eu-central-1: groundstation: pl-03743f81267c0a85e sa-east-1: groundstation: pl-098248765e9effc20 ap-northeast-2: groundstation: pl-059b3e0b02af70e4d ap-southeast-1: groundstation: pl-0d9b804fe014a6a99 ap-southeast-2: groundstation: pl-08d24302b8c4d2b73 me-south-1: groundstation: pl-02781422c4c792145 eu-west-1: groundstation: pl-03fa6b266557b0d4f eu-north-1: groundstation: pl-033e44023025215c0 af-south-1: groundstation: pl-0382d923a9d555425
針對參數區段,您將新增下列參數。當您透過 AWS CloudFormation 主控台建立堆疊時,您將指定這些值。
Parameters: EC2Key: Description: The SSH key used to access the EC2 receiver instance. Choose any SSH key if you are not creating an EC2 receiver instance. For instructions on how to create an SSH key see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. AZ: Description: "The AvailabilityZone that the resources of this stack will be created in. (e.g. us-east-2a)" Type: AWS::EC2::AvailabilityZone::Name ReceiverAMI: Description: The Ground Station Agent AMI ID you want to use. Please note that AMIs are region specific. For instructions on how to retrieve an AMI see https://docs.aws.amazon.com/ground-station/latest/ug/dataflows.ec2-configuration.html#dataflows.ec2-configuration.amis Type: AWS::EC2::Image::Id
注意
您需要建立金鑰對,並提供 Amazon EC2 EC2Key 參數的名稱。請參閱為您的 Amazon EC2執行個體建立金鑰對。
此外,建立 AWS CloudFormation 堆疊時,您需要提供正確的區域特定 AMI ID。請參閱 AWS Ground Station Amazon Machine Images (AMIs)。
剩餘的範本程式碼片段屬於範本的資源區段 AWS CloudFormation 。
Resources: # Resources that you would like to create should be placed within the Resources section.
鑒於我們將單一通訊路徑交付至 Amazon EC2執行個體的情況,您知道您將擁有單一同步交付路徑。根據 同步資料交付區段,您必須使用 AWS Ground Station 代理程式設定和設定 Amazon EC2執行個體,並建立一或多個資料流程端點群組。首先,您將VPC先為 AWS Ground Station 代理程式設定 Amazon。
ReceiverVPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: 'true' EnableDnsHostnames: 'true' CidrBlock: 10.0.0.0/16 Tags: - Key: "Name" Value: "AWS Ground Station Example - PBS to AWS Ground Station Agent VPC" - Key: "Description" Value: "VPC for EC2 instance receiving AWS Ground Station data" PublicSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref ReceiverVPC MapPublicIpOnLaunch: 'true' AvailabilityZone: !Ref AZ CidrBlock: 10.0.0.0/20 Tags: - Key: "Name" Value: "AWS Ground Station Example - PBS to AWS Ground Station Agent Public Subnet" - Key: "Description" Value: "Subnet for EC2 instance receiving AWS Ground Station data" RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref ReceiverVPC Tags: - Key: Name Value: AWS Ground Station Example - RouteTable RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref RouteTable SubnetId: !Ref PublicSubnet Route: Type: AWS::EC2::Route DependsOn: InternetGateway Properties: RouteTableId: !Ref RouteTable DestinationCidrBlock: '0.0.0.0/0' GatewayId: !Ref InternetGateway InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: AWS Ground Station Example - Internet Gateway GatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref ReceiverVPC InternetGatewayId: !Ref InternetGateway
注意
如需 AWS Ground Station 客服人員支援VPC組態的詳細資訊,請參閱AWS Ground Station 客服人員需求 - VPC圖表。
接著,您將設定 Receiver Amazon EC2執行個體。
# The placement group in which your EC2 instance is placed. ClusterPlacementGroup: Type: AWS::EC2::PlacementGroup Properties: Strategy: cluster # This is required for the EIP if the receiver EC2 instance is in a private subnet. # This ENI must exist in a public subnet, be attached to the receiver and be associated with the EIP. ReceiverInstanceNetworkInterface: Type: AWS::EC2::NetworkInterface Properties: Description: Floating network interface GroupSet: - !Ref InstanceSecurityGroup SubnetId: !Ref PublicSubnet # An EIP providing a fixed IP address for AWS Ground Station to connect to. Attach it to the receiver instance created in the stack. ReceiverInstanceElasticIp: Type: AWS::EC2::EIP Properties: Tags: - Key: Name Value: !Join [ "-" , [ "EIP" , !Ref "AWS::StackName" ] ] # Attach the ENI to the EC2 instance if using a separate public subnet. # Requires the receiver instance to be in a public subnet (SubnetId should be the id of a public subnet) ReceiverNetworkInterfaceAttachment: Type: AWS::EC2::NetworkInterfaceAttachment Properties: DeleteOnTermination: false DeviceIndex: 1 InstanceId: !Ref ReceiverInstance NetworkInterfaceId: !Ref ReceiverInstanceNetworkInterface # Associate EIP with the ENI if using a separate public subnet for the ENI. ReceiverNetworkInterfaceElasticIpAssociation: Type: AWS::EC2::EIPAssociation Properties: AllocationId: !GetAtt [ReceiverInstanceElasticIp, AllocationId] NetworkInterfaceId: !Ref ReceiverInstanceNetworkInterface # The EC2 instance that will send/receive data to/from your satellite using AWS Ground Station. ReceiverInstance: Type: AWS::EC2::Instance DependsOn: PublicSubnet Properties: DisableApiTermination: false IamInstanceProfile: !Ref GeneralInstanceProfile ImageId: !Ref ReceiverAMI AvailabilityZone: !Ref AZ InstanceType: c5.24xlarge KeyName: !Ref EC2Key Monitoring: true PlacementGroupName: !Ref ClusterPlacementGroup SecurityGroupIds: - Ref: InstanceSecurityGroup SubnetId: !Ref PublicSubnet Tags: - Key: Name Value: !Join [ "-" , [ "Receiver" , !Ref "AWS::StackName" ] ] # agentCpuCores list in the AGENT_CONFIG below defines the cores that the AWS Ground Station Agent is allowed to run on. This list can be changed to suit your use-case, however if the agent isn't supplied with enough cores data loss may occur. UserData: Fn::Base64: Fn::Sub: - | #!/bin/bash yum -y update AGENT_CONFIG_PATH="/opt/aws/groundstation/etc/aws-gs-agent-config.json" cat << AGENT_CONFIG > "$AGENT_CONFIG_PATH" { "capabilities": [ "arn:aws:groundstation:${AWS::Region}:${AWS::AccountId}:dataflow-endpoint-group/${DataflowEndpointGroupId}" ], "device": { "privateIps": [ "127.0.0.1" ], "publicIps": [ "${EIP}" ], "agentCpuCores": [ 24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92 ] } } AGENT_CONFIG systemctl start aws-groundstation-agent systemctl enable aws-groundstation-agent # <Tuning Section Start> # Visit the AWS Ground Station Agent Documentation in the User Guide for more details and guidance updates # Set IRQ affinity with list of CPU cores and Receive Side Scaling mask # Core list should be the first two cores (and hyperthreads) on each socket # Mask set to everything currently # https://github.com/torvalds/linux/blob/v4.11/Documentation/networking/scaling.txt#L80-L96 echo "@reboot sudo /opt/aws/groundstation/bin/set_irq_affinity.sh '0 1 48 49' 'ffffffff,ffffffff,ffffffff' >>/var/log/user-data.log 2>&1" >>/var/spool/cron/root # Reserving the port range defined in the GS agent ingress address in the Dataflow Endpoint Group so the kernel doesn't steal any of them from the GS agent. These ports are the ports that the GS agent will ingress data # across, so if the kernel steals one it could cause problems ingressing data onto the instance. echo net.ipv4.ip_local_reserved_ports="42000-50000" >> /etc/sysctl.conf # </Tuning Section End> # We have to reboot for linux kernel settings to apply shutdown -r now - DataflowEndpointGroupId: !Ref DataflowEndpointGroup EIP: !Ref ReceiverInstanceElasticIp
# The AWS Ground Station Dataflow Endpoint Group that defines the endpoints that AWS Ground # Station will use to send/receive data to/from your satellite. DataflowEndpointGroup: Type: AWS::GroundStation::DataflowEndpointGroup Properties: ContactPostPassDurationSeconds: 180 ContactPrePassDurationSeconds: 120 EndpointDetails: - AwsGroundStationAgentEndpoint: Name: !Join [ "-" , [ !Ref "AWS::StackName" , "Downlink" ] ] # needs to match DataflowEndpointConfig name EgressAddress: SocketAddress: Name: 127.0.0.1 Port: 55000 IngressAddress: SocketAddress: Name: !Ref ReceiverInstanceElasticIp PortRange: Minimum: 42000 Maximum: 55000
您也需要適當的政策、角色和設定檔, AWS Ground Station 才能允許 在帳戶中建立彈性網路介面 (ENI)。
# The security group for your EC2 instance. InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: AWS Ground Station receiver instance security group. VpcId: !Ref ReceiverVPC SecurityGroupEgress: - CidrIp: 0.0.0.0/0 Description: Allow all outbound traffic by default IpProtocol: "-1" SecurityGroupIngress: # To allow SSH access to the instance, add another rule allowing tcp port 22 from your CidrIp - IpProtocol: udp Description: Allow AWS Ground Station Incoming Dataflows ToPort: 50000 FromPort: 42000 SourcePrefixListId: Fn::FindInMap: - PrefixListId - Ref: AWS::Region - groundstation # The EC2 instance assumes this role. InstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "ec2.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM - arn:aws:iam::aws:policy/AWSGroundStationAgentInstancePolicy Policies: - PolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Resource: !GetAtt GroundStationKmsKeyRole.Arn Version: "2012-10-17" PolicyName: InstanceGroundStationApiAccessPolicy # The instance profile for your EC2 instance. GeneralInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Roles: - !Ref InstanceRole # The IAM role that AWS Ground Station will assume to access and use the KMS Key for data delivery GroundStationKmsKeyRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: - groundstation.amazonaws.com Condition: StringEquals: "aws:SourceAccount": !Ref AWS::AccountId ArnLike: "aws:SourceArn": !Sub "arn:${AWS::Partition}:groundstation:${AWS::Region}:${AWS::AccountId}:mission-profile/*" - Action: sts:AssumeRole Effect: Allow Principal: AWS: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" GroundStationKmsKeyAccessPolicy: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - kms:Decrypt Effect: Allow Resource: !GetAtt GroundStationDataDeliveryKmsKey.Arn PolicyName: GroundStationKmsKeyAccessPolicy Roles: - Ref: GroundStationKmsKeyRole GroundStationDataDeliveryKmsKey: Type: AWS::KMS::Key Properties: KeyPolicy: Statement: - Action: - kms:CreateAlias - kms:Describe* - kms:Enable* - kms:List* - kms:Put* - kms:Update* - kms:Revoke* - kms:Disable* - kms:Get* - kms:Delete* - kms:ScheduleKeyDeletion - kms:CancelKeyDeletion - kms:GenerateDataKey - kms:TagResource - kms:UntagResource Effect: Allow Principal: AWS: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" Resource: "*" - Action: - kms:Decrypt - kms:GenerateDataKeyWithoutPlaintext Effect: Allow Principal: AWS: !GetAtt GroundStationKmsKeyRole.Arn Resource: "*" Condition: StringEquals: "kms:EncryptionContext:sourceAccount": !Ref AWS::AccountId ArnLike: "kms:EncryptionContext:sourceArn": !Sub "arn:${AWS::Partition}:groundstation:${AWS::Region}:${AWS::AccountId}:mission-profile/*" - Action: - kms:CreateGrant Effect: Allow Principal: AWS: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" Resource: "*" Condition: ForAllValues:StringEquals: "kms:GrantOperations": - Decrypt - GenerateDataKeyWithoutPlaintext "kms:EncryptionContextKeys": - sourceArn - sourceAccount ArnLike: "kms:EncryptionContext:sourceArn": !Sub "arn:${AWS::Partition}:groundstation:${AWS::Region}:${AWS::AccountId}:mission-profile/*" StringEquals: "kms:EncryptionContext:sourceAccount": !Ref AWS::AccountId Version: "2012-10-17" EnableKeyRotation: true
AWS Ground Station 組態
本節代表 建立組態 入門。
您需要使用追蹤組態,才能在 上使用自動追蹤設定偏好設定。選擇PREFERRED自動追蹤可以改善訊號品質,但由於有足夠的 JPSS-1 暫時性品質,因此不需要滿足訊號品質。
TrackingConfig: Type: AWS::GroundStation::Config Properties: Name: "JPSS Tracking Config" ConfigData: TrackingConfig: Autotrack: "PREFERRED"
根據通訊路徑,您需要定義天線下行組態來代表衛星部分,以及定義端點詳細資訊的資料流程端點組態來參考資料流程端點群組。
# The AWS Ground Station Antenna Downlink Config that defines the frequency spectrum used to # downlink data from your satellite. SnppJpssDownlinkDigIfAntennaConfig: Type: AWS::GroundStation::Config Properties: Name: "SNPP JPSS Downlink WBDigIF Antenna Config" ConfigData: AntennaDownlinkConfig: SpectrumConfig: Bandwidth: Units: "MHz" Value: 100 CenterFrequency: Units: "MHz" Value: 7812 Polarization: "RIGHT_HAND" # The AWS Ground Station Dataflow Endpoint Config that defines the endpoint used to downlink data # from your satellite. DownlinkDigIfEndpointConfig: Type: AWS::GroundStation::Config Properties: Name: "Aqua SNPP JPSS Terra Downlink DigIF Endpoint Config" ConfigData: DataflowEndpointConfig: DataflowEndpointName: !Join [ "-" , [ !Ref "AWS::StackName" , "Downlink" ] ] DataflowEndpointRegion: !Ref AWS::Region
AWS Ground Station 任務描述檔
本節代表 建立任務描述檔 入門。
現在您已有相關聯的組態,您可以使用它們來建構資料流程。您將使用其餘參數的預設值。
# The AWS Ground Station Mission Profile that groups the above configurations to define how to # uplink and downlink data to your satellite. SnppJpssMissionProfile: Type: AWS::GroundStation::MissionProfile Properties: Name: !Sub 'JPSS WBDigIF gs-agent EC2 Delivery' ContactPrePassDurationSeconds: 120 ContactPostPassDurationSeconds: 120 MinimumViableContactDurationSeconds: 180 TrackingConfigArn: !Ref TrackingConfig DataflowEdges: - Source: !Ref SnppJpssDownlinkDigIfAntennaConfig Destination: !Ref DownlinkDigIfEndpointConfig StreamsKmsKey: KmsKeyArn: !GetAtt GroundStationDataDeliveryKmsKey.Arn StreamsKmsRole: !GetAtt GroundStationKmsKeyRole.Arn
將它放在一起
透過上述資源,您現在可以從任何已加入的 排程 JPSS-1 個聯絡人,以同步交付資料 AWS Ground Station AWS Ground Station 位置。
以下是完整的 AWS CloudFormation 範本,其中包含本節中所述的所有資源,合併為可以直接用於 的單一範本 AWS CloudFormation。
名為 的 AWS CloudFormation 範本DirectBroadcastSatelliteWbDigIfEc2DataDelivery.yml旨在讓您快速存取,開始接收 Aqua、SNPP、JPSS-1/NOAA-20 和 Terra 衛星的數位化中繼頻率 (DigIF) 資料。它包含 Amazon EC2執行個體,以及使用 AWS Ground Station Agent 接收原始 DigIF 直接廣播資料所需的 AWS CloudFormation 資源。
如果 Aqua、SNPP、JPSS-1/NOAA-20 和 Terra 未加入您的帳戶,請參閱 加入衛星。
注意
您可以使用有效的 AWS 登入資料存取客戶加入 Amazon S3 儲存貯體來存取範本。以下連結使用區域 Amazon S3 儲存貯體。變更us-west-2區域碼以代表您要建立 AWS CloudFormation 堆疊的對應區域。
此外,以下說明使用 YAML。不過, 範本同時提供 YAML和 JSON 格式。若要使用 JSON,請在下載範本.json時將.yml副檔名取代為 。
若要使用 下載範本 AWS CLI,請使用下列命令:
aws s3 cp s3://groundstation-cloudformation-templates-us-west-2/agent/ec2_delivery/DirectBroadcastSatelliteWbDigIfEc2DataDelivery.yml .
您可以在 主控台中檢視和下載範本,方法是在瀏覽器URL中導覽至下列項目:
https://s3.console.aws.amazon.com/s3/object/groundstation-cloudformation-templates-us-west-2/agent/ec2_delivery/DirectBroadcastSatelliteWbDigIfEc2DataDelivery.yml
您可以使用 AWS CloudFormation 以下連結直接在 中指定範本:
https://groundstation-cloudformation-templates-us-west-2.s3.us-west-2.amazonaws.com/agent/ec2_delivery/DirectBroadcastSatelliteWbDigIfEc2DataDelivery.yml
範本定義了哪些其他資源?
DirectBroadcastSatelliteWbDigIfEc2DataDelivery 範本包含下列其他資源:
-
接收器執行個體彈性網路界面 - (條件式) PublicSubnetId 如果提供,彈性網路界面會在 指定的子網路中建立。如果接收器執行個體位於私有子網路中,則此為必要項目。彈性網路介面將與 建立關聯,EIP並連接到接收器執行個體。
-
接收者執行個體彈性 IP - AWS Ground Station 將連線的彈性 IP。這會連接至接收器執行個體或彈性網路介面。
-
下列其中一個彈性 IP 關聯:
-
接收者執行個體與彈性 IP 關聯 - 如果PublicSubnetId 未指定,則彈性 IP 與接收者執行個體的關聯。這需要SubnetId 參考公有子網路。
-
接收者執行個體彈性網路介面與彈性 IP 關聯 - 如果PublicSubnetId指定 ,則彈性 IP 與接收者執行個體彈性網路介面的關聯。
-
-
(選用) CloudWatch 事件觸發 - AWS Lambda 使用聯絡 AWS Ground Station 前後傳送 CloudWatch 的事件觸發的函數。 AWS Lambda 函數將啟動並選擇性地停止您的接收器執行個體。
-
(選用) Amazon EC2 Verification for Contacts (Amazon Verification for Contacts) - 使用 Lambda 為SNS通知的聯絡人設定 Amazon EC2執行個體驗證系統的選項。請務必注意,這可能會產生費用,這取決於您目前的用量。
-
其他任務描述檔 - 其他公有廣播衛星 (Aqua、 SNPP和 Terra) 的任務描述檔。
-
其他天線下行組態 - 其他公有廣播衛星的天線下行組態 (Aqua、 SNPP和 Terra)。
在此範本中,衛星的值和參數已經產生。這些參數可讓您立即與這些衛星 AWS Ground Station 搭配使用。您不需要設定自己的值,即可在使用此範本 AWS Ground Station 時使用 。但是,您可以自訂這些值,讓範本適用於您的使用案例。
我可以在什麼地方接收我的資料?
資料流程端點群組的設定,是使用以範本的一部分建立的接收器執行個體網路界面。接收者執行個體使用 AWS Ground Station 代理程式,在資料流程端點定義的連接埠 AWS Ground Station 上接收來自 的資料串流。如需設定資料流程端點群組的詳細資訊,請參閱 AWS::GroundStation::DataflowEndpointGroup。如需客服人員的詳細資訊 AWS Ground Station ,請參閱什麼是 AWS Ground Station 客服人員?
