AWS CloudFormation

1. 简介

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html

https://1c7.me/aws-cloudformation-tutorial-in-chinese/

CloudFormation是AWS对Infrastructure as Code (IaC)基础设施即代码的实现。把要用的AWS资源,写成模板文件,方便复用和追踪版本变更。

CloudFormation用配置文件搭建和管理AWS资源,简化对基础设施的管理,可以将一组AWS资源作为一个单独的单元进行管理。资源配置完全是用配置文件实现的,因此可以对配置文件做版本管理,回退以及更新都十分简单。

CloudFormation负责创建和管理资源,对资源的后续具体操作,与CloudFormation无关。CloudFormation可以在销毁AWS资源的时候使用DeletionPolicy保留部分资源。

2. 概念

1. templates

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html

模版定义了AWS的资源以及特性,定义在配置文件中。CloudFormation通过调用底层的AWS服务来配置资源。每个template定义一个stack,单个stack中可以包含多种不同的AWS资源。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
AWSTemplateFormatVersion: 2010-09-09
Description: A sample template
Resources:
  MyEC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: ami-0ff8a91507f77f867 # software配置名,用于配置EC2 Instance
      InstanceType: t2.micro # https://aws.amazon.com/cn/ec2/instance-types/t2/
      KeyName: testkey
      BlockDeviceMappings:
        - DeviceName: /dev/sdm
          Ebs:
            VolumeType: io1
            Iops: 200
            DeleteOnTermination: false
            VolumeSize: 20
  MyEIP:
    Type: 'AWS::EC2::EIP'
    Properties:
      InstanceId: !Ref MyEC2Instance

AWS CloudFormation Designer使用图形界面编辑并生成templates.

2. Stacks

CloudFormation通过template配置和管理的资源集合称为stack

A stack is a collection of AWS resources that you can manage as a single unit. In other words, you can create, update, or delete a collection of resources by creating, updating, or deleting stacks. All the resources in a stack are defined by the stack’s AWS CloudFormation template. A stack, for instance, can include all the resources required to run a web application, such as a web server, a database, and networking rules. If you no longer require that web application, you can simply delete the stack, and all of its related resources are deleted.

3. Change sets

change sets用来更新stacks,将修改后的templates和原始的templates对比生成change sets。应用至Stacks。Change sets反应了即将进行的更新对各种stack资源的修改。

When you need to update your stack’s resources, you can modify the stack’s template. You don’t need to create a new stack and delete the old one. To update a stack, create a change set by submitting a modified version of the original stack template, different input parameter values, or both. CloudFormation compares the modified template with the original template and generates a change set. The change set lists the proposed changes.

3. Getting started

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/GettingStarted.Walkthrough.html

https://s3.us-west-2.amazonaws.com/cloudformation-templates-us-west-2/WordPress_Single_Instance.template

1. template参数化

CloudFormation支持向template中传入参数,可以在创建stack的时候定制stack

2. template存储

template可以存储至本地或者S3。

在使用template创建stack时,CloudFormation会将templates存储至对应region的S3特定bucket中。

image-20220729110253282

3. template基础

常见函数:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html

1. Resources

AWS资源的配置以及相互关联

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Parameters:
  KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instance
    Type: 'AWS::EC2::KeyPair::KeyName'
Resources:
  Ec2Instance:
    Type: 'AWS::EC2::Instance' # 资源类型
    Properties: # 定义资源的Properties,可用默认值
      SecurityGroups:
        - !Ref InstanceSecurityGroup  # ref函数指向另外一个资源
        - MyExistingSecurityGroup
      KeyName: !Ref KeyName  # ref函数指向Parameters
      ImageId: ami-7a11e213
  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0

2. Parameters

定义输入参数的特性以及限制(用于验证输入是否合法),Parameters可以被后续的Resources等引用。

无默认值的参数必须指定,如KeyName,有默认值的参数未指定时使用默认参数。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access into the WordPress web server
    Type: AWS::EC2::KeyPair::KeyName
  WordPressUser:
    Default: admin
    NoEcho: true
    Description: The WordPress database admin account user name
    Type: String
    MinLength: 1
    MaxLength: 16
    AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
  WebServerPort:
    Default: 8888
    Description: TCP/IP port for the WordPress web server
    Type: Number
    MinValue: 1
    MaxValue: 65535

3. Mappings

更加灵活的将值与值做映射。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: String
Mappings:
  RegionMap:
    us-east-1:
      AMI: ami-76f0061f
    us-west-1:
      AMI: ami-655a0a20
    eu-west-1:
      AMI: ami-7fd4e10b
    ap-southeast-1:
      AMI: ami-72621c20
    ap-northeast-1:
      AMI: ami-8e08a38f
Resources:
  Ec2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      KeyName: !Ref KeyName
      ImageId: !FindInMap # 对于不同的AWS::Region,自动采用不同的AMI
        - RegionMap
        - !Ref 'AWS::Region'
        - AMI
      UserData: !Base64 '80'

4. Outputs

stack输出的log

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Outputs:
  InstallURL:
    Value: !Join 
      - ''
      - - 'http://'
        - !GetAtt 
          - ElasticLoadBalancer
          - DNSName
        - /wp-admin/install.php
    Description: Installation URL of the WordPress website
  WebsiteURL:
    Value: !Join 
      - ''
      - - 'http://'
        - !GetAtt 
          - ElasticLoadBalancer
          - DNSName
AWS
AWS CloudFormation

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!