本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# Image Builder 中的 Amazon SNS 整合
Amazon Simple Notification Service (Amazon SNS) 是一種受管服務,可將非同步訊息從發佈者交付給訂閱者 (也稱為生產者和消費者)。
您可以在基礎設施組態中指定 SNS 主題。當您建立映像或執行管道時,映像建置器可以將映像狀態的相關詳細訊息發佈至此主題。當映像狀態達到下列其中一種狀態時,Image Builder 會發佈訊息:
+ `AVAILABLE`
+ `FAILED`
如需 Image Builder 中 SNS 訊息的範例,請參閱 [SNS 訊息格式](#integ-sns-message)。如果您想要建立新的 SNS 主題,請參閱《[Amazon Simple Notification Service 開發人員指南》中的 Amazon SNS 入門](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html)。 **
## 加密的 SNS 主題
如果您的 SNS 主題已加密,您必須在 AWS KMS key 政策中授予許可, Image Builder 服務角色才能執行下列動作:
+ `kms:Decrypt`
+ `kms:GenerateDataKey`
**注意**
如果您的 SNS 主題已加密,則加密此主題的金鑰必須位於 Image Builder 服務執行所在的帳戶中。Image Builder 無法將通知傳送至使用其他帳戶金鑰加密的 SNS 主題。
**新增範例 KMS 金鑰政策**
下列範例顯示您新增至 KMS 金鑰政策的其他區段。將 Amazon Resource Name (ARN) 用於第一次建立映像建置器映像時,Image Builder 在您帳戶下建立的 IAM 服務連結角色。若要進一步了解 Image Builder 服務連結角色,請參閱 [使用映像建置器的 IAM 服務連結角色](image-builder-service-linked-role.md)。
```
{
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder"
},
"Action": [
"kms:GenerateDataKey*",
"kms:Decrypt"
],
"Resource": "*"
}]
}
```
您可以使用下列其中一種方法來取得 ARN。
------
#### [ AWS 管理主控台 ]
若要從 取得 Image Builder 在您帳戶下建立之服務連結角色的 ARN AWS 管理主控台,請遵循下列步驟:
1. 前往 [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在左側導覽窗格中,選擇 **Roles** (角色)。
1. 搜尋 `ImageBuilder`,然後從結果中選擇下列**角色名稱**:`AWSServiceRoleForImageBuilder`。這會顯示角色詳細資訊頁面。
1. 若要將 ARN 複製到剪貼簿,請選擇 ARN 名稱旁的圖示。
------
#### [ AWS CLI ]
若要從 取得 Image Builder 在您帳戶下建立之服務連結角色的 ARN AWS CLI,請使用 IAM [get-role](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-role.html) 命令,如下所示。
```
aws iam get-role --role-name AWSServiceRoleForImageBuilder
```
**部分範例輸出:**
```
{
"Role": {
"Path": "/aws-service-role/imagebuilder.amazonaws.com/",
"RoleName": "AWSServiceRoleForImageBuilder",
...
"Arn": "arn:aws:iam::123456789012:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder",
...
}
```
------
## SNS 訊息格式
在 Image Builder 發佈訊息到您的 Amazon SNS 主題之後,訂閱主題的其他 服務可以篩選訊息格式,並判斷是否符合進一步動作的條件。例如,成功訊息可能會啟動任務來更新 AWS Systems Manager 參數存放區,或啟動輸出 AMI 的外部合規測試工作流程。
下列範例顯示 Image Builder 在管道建置執行到完成時發佈的典型訊息的 JSON 承載,並建立 Linux 映像。
```
{
"versionlessArn": "arn:aws:imagebuilder:us-west-1:123456789012:image/example-linux-image",
"semver": 1237940039285380274899124227,
"arn": "arn:aws:imagebuilder:us-west-1:123456789012:image/example-linux-image/1.0.0/3",
"name": "example-linux-image",
"version": "1.0.0",
"type": "AMI",
"buildVersion": 3,
"state": {
"status": "AVAILABLE"
},
"platform": "Linux",
"imageRecipe": {
"arn": "arn:aws:imagebuilder:us-west-1:123456789012:image-recipe/example-linux-image/1.0.0",
"name": "amjule-barebones-linux",
"version": "1.0.0",
"components": [
{
"componentArn": "arn:aws:imagebuilder:us-west-1:123456789012:component/update-linux/1.0.2/1"
}
],
"platform": "Linux",
"parentImage": "arn:aws:imagebuilder:us-west-1:987654321098:image/amazon-linux-2-x86/2022.6.14/1",
"blockDeviceMappings": [
{
"deviceName": "/dev/xvda",
"ebs": {
"encrypted": false,
"deleteOnTermination": true,
"volumeSize": 8,
"volumeType": "gp2"
}
}
],
"dateCreated": "Feb 24, 2021 12:31:54 AM",
"tags": {
"internalId": "1a234567-8901-2345-bcd6-ef7890123456",
"resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:image-recipe/example-linux-image/1.0.0"
},
"workingDirectory": "/tmp",
"accountId": "462045008730"
},
"sourcePipelineArn": "arn:aws:imagebuilder:us-west-1:123456789012:image-pipeline/example-linux-pipeline",
"infrastructureConfiguration": {
"arn": "arn:aws:imagebuilder:us-west-1:123456789012:infrastructure-configuration/example-linux-infra-config-uswest1",
"name": "example-linux-infra-config-uswest1",
"instanceProfileName": "example-linux-ib-baseline-admin",
"tags": {
"internalId": "234abc56-d789-0123-a4e5-6b789d012c34",
"resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:infrastructure-configuration/example-linux-infra-config-uswest1"
},
"logging": {
"s3Logs": {
"s3BucketName": "amzn-s3-demo-bucket"
}
},
"keyPair": "example-linux-key-pair-uswest1",
"terminateInstanceOnFailure": true,
"snsTopicArn": "arn:aws:sns:us-west-1:123456789012:example-linux-ibnotices-uswest1",
"dateCreated": "Feb 24, 2021 12:31:55 AM",
"accountId": "123456789012"
},
"imageTestsConfigurationDocument": {
"imageTestsEnabled": true,
"timeoutMinutes": 720
},
"distributionConfiguration": {
"arn": "arn:aws:imagebuilder:us-west-1:123456789012:distribution-configuration/example-linux-distribution",
"name": "example-linux-distribution",
"dateCreated": "Feb 24, 2021 12:31:56 AM",
"distributions": [
{
"region": "us-west-1",
"amiDistributionConfiguration": {}
}
],
"tags": {
"internalId": "345abc67-8910-12d3-4ef5-67a8b90c12de",
"resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:distribution-configuration/example-linux-distribution"
},
"accountId": "123456789012"
},
"dateCreated": "Jul 28, 2022 1:13:45 AM",
"outputResources": {
"amis": [
{
"region": "us-west-1",
"image": "ami-01a23bc4def5a6789",
"name": "example-linux-image 2022-07-28T01-14-17.416Z",
"accountId": "123456789012"
}
]
},
"buildExecutionId": "ab0cd12e-34fa-5678-b901-2c3456d789e0",
"testExecutionId": "6a7b8901-cdef-234a-56b7-8cd89ef01234",
"distributionJobId": "1f234567-8abc-9d0e-1234-fa56b7c890de",
"integrationJobId": "432109b8-afe7-6dc5-4321-0ba98f7654e3",
"accountId": "123456789012",
"osVersion": "Amazon Linux 2",
"enhancedImageMetadataEnabled": true,
"buildType": "USER_INITIATED",
"tags": {
"internalId": "901e234f-a567-89bc-0123-d4e567f89a01",
"resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:image/example-linux-image/1.0.0/3"
}
}
```
下列範例顯示 Image Builder 針對 Linux 映像的管道建置失敗發佈的典型訊息的 JSON 承載。
```
{
"versionlessArn": "arn:aws:imagebuilder:us-west-2:123456789012:image/my-example-image",
"semver": 1237940039285380274899124231,
"arn": "arn:aws:imagebuilder:us-west-2:123456789012:image/my-example-image/1.0.0/7",
"name": "My Example Image",
"version": "1.0.0",
"type": "AMI",
"buildVersion": 7,
"state": {
"status": "FAILED",
"reason": "Image Failure reason."
},
"platform": "Linux",
"imageRecipe": {
"arn": "arn:aws:imagebuilder:us-west-2:123456789012:image-recipe/my-example-image/1.0.0",
"name": "My Example Image",
"version": "1.0.0",
"description": "Testing Image recipe",
"components": [
{
"componentArn": "arn:aws:imagebuilder:us-west-2:123456789012:component/my-example-image-component/1.0.0/1"
}
],
"platform": "Linux",
"parentImage": "ami-0cd12345db678d90f",
"dateCreated": "Jun 21, 2022 11:36:14 PM",
"tags": {
"internalId": "1a234567-8901-2345-bcd6-ef7890123456",
"resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:image-recipe/my-example-image/1.0.0"
},
"accountId": "123456789012"
},
"sourcePipelineArn": "arn:aws:imagebuilder:us-west-2:123456789012:image-pipeline/my-example-image-pipeline",
"infrastructureConfiguration": {
"arn": "arn:aws:imagebuilder:us-west-2:123456789012:infrastructure-configuration/my-example-infra-config",
"name": "SNS topic Infra config",
"description": "An example that will retain instances of failed builds",
"instanceTypes": [
"t2.micro"
],
"instanceProfileName": "EC2InstanceProfileForImageBuilder",
"tags": {
"internalId": "234abc56-d789-0123-a4e5-6b789d012c34",
"resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:infrastructure-configuration/my-example-infra-config"
},
"terminateInstanceOnFailure": true,
"snsTopicArn": "arn:aws:sns:us-west-2:123456789012:example-pipeline-notification-topic",
"dateCreated": "Jul 5, 2022 7:31:53 PM",
"accountId": "123456789012"
},
"imageTestsConfigurationDocument": {
"imageTestsEnabled": true,
"timeoutMinutes": 720
},
"distributionConfiguration": {
"arn": "arn:aws:imagebuilder:us-west-2:123456789012:distribution-configuration/my-example-distribution-config",
"name": "New distribution config",
"dateCreated": "Dec 3, 2021 9:24:22 PM",
"distributions": [
{
"region": "us-west-2",
"amiDistributionConfiguration": {},
"fastLaunchConfigurations": [
{
"enabled": true,
"snapshotConfiguration": {
"targetResourceCount": 2
},
"maxParallelLaunches": 2,
"launchTemplate": {
"launchTemplateId": "lt-01234567890"
},
"accountId": "123456789012"
}
]
}
],
"tags": {
"internalId": "1fecd23a-4f56-7f89-01e2-345678abbe90",
"resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:distribution-configuration/my-example-distribution-config"
},
"accountId": "123456789012"
},
"dateCreated": "Jul 5, 2022 7:40:15 PM",
"outputResources": {
"amis": []
},
"accountId": "123456789012",
"enhancedImageMetadataEnabled": true,
"buildType": "SCHEDULED",
"tags": {
"internalId": "456c78b9-0e12-3f45-afb6-7e89b0f1a23b",
"resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:image/my-example-image/1.0.0/7"
}
}
```