本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
通过 AWS CloudFormation 将操作建议集成到您的应用程序中
在操作建议页面中选择创建 CloudFormation 模板后,AWS Resilience Hub 创建一个描述应用程序的特定警报、标准操作程序 (SOP) 或 AWS FIS 实验的 AWS CloudFormation 模板。AWS CloudFormation 模板存储在 Amazon S3 存储桶中,您可以在操作建议页面的模板详细信息选项卡中查看模板的 S3 路径。
例如,下面的列表显示了一个 JSON 格式的 AWS CloudFormation 模板,该模板描述了由 AWS Resilience Hub 提供的警报建议。这是名为 Employees 的 DynamoDB 表的读取限制警报。
模板的 Resources 部分描述了 DynamoDB 表的读取限制事件数量超过 1 时激活的 AWS::CloudWatch::Alarm 警报。这两个 AWS::SSM::Parameter 资源定义了元数据,这些元数据允许 AWS Resilience Hub 在不扫描实际应用程序的情况下识别已安装的资源。
{ "AWSTemplateFormatVersion" : "2010-09-09", "Parameters" : { "SNSTopicARN" : { "Type" : "String", "Description" : "The ARN of the SNS topic to which alarm status changes are to be sent. This must be in the same region being deployed.", "AllowedPattern" : "^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):sns:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{1,256}$" } }, "Resources" : { "ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm" : { "Type" : "AWS::CloudWatch::Alarm", "Properties" : { "AlarmDescription" : "An Alarm by AWS Resilience Hub that alerts when the number of read-throttle events are greater than 1.", "AlarmName" : "ResilienceHub-ReadThrottleEventsAlarm-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9", "AlarmActions" : [ { "Ref" : "SNSTopicARN" } ], "MetricName" : "ReadThrottleEvents", "Namespace" : "AWS/DynamoDB", "Statistic" : "Sum", "Dimensions" : [ { "Name" : "TableName", "Value" : "Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9" } ], "Period" : 60, "EvaluationPeriods" : 1, "DatapointsToAlarm" : 1, "Threshold" : 1, "ComparisonOperator" : "GreaterThanOrEqualToThreshold", "TreatMissingData" : "notBreaching", "Unit" : "Count" }, "Metadata" : { "AWS::ResilienceHub::Monitoring" : { "recommendationId" : "dynamodb:alarm:health-read_throttle_events:2020-04-01" } } }, "dynamodbalarmhealthreadthrottleevents20200401EmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9AlarmSSMParameter" : { "Type" : "AWS::SSM::Parameter", "Properties" : { "Name" : "/ResilienceHub/Alarm/3f904525-4bfa-430f-96ef-58ec9b19aa73/dynamodb-alarm-health-read-throttle-events-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9", "Type" : "String", "Value" : { "Fn::Sub" : "${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}" }, "Description" : "SSM Parameter for identifying installed resources." } }, "dynamodbalarmhealthreadthrottleevents20200401EmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9AlarmInfoSSMParameter" : { "Type" : "AWS::SSM::Parameter", "Properties" : { "Name" : "/ResilienceHub/Info/Alarm/3f904525-4bfa-430f-96ef-58ec9b19aa73/dynamodb-alarm-health-read-throttle-events-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9", "Type" : "String", "Value" : { "Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}" }, "Description" : "SSM Parameter for identifying installed resources." } } } }
修改 AWS CloudFormation 模板。
要将警报、SOP 或 AWS FIS 资源集成到您的主应用程序中,最简单的方法就是将其作为另一个资源添加到描述您的应用程序模板的模板中。下面提供的 JSON 格式文件提供了 AWS CloudFormation 模板中如何描述 DynamoDB 表的基本概述。一个真实的应用程序可能还会包含更多资源,例如额外的表。
{ "AWSTemplateFormatVersion": "2010-09-09T00:00:00.000Z", "Description": "Application Stack with Employees Table", "Outputs": { "DynamoDBTable": { "Description": "The DynamoDB Table Name", "Value": {"Ref": "Employees"} } }, "Resources": { "Employees": { "Type": "AWS::DynamoDB::Table", "Properties": { "BillingMode": "PAY_PER_REQUEST", "AttributeDefinitions": [ { "AttributeName": "USER_ID", "AttributeType": "S" }, { "AttributeName": "RANGE_ATTRIBUTE", "AttributeType": "S" } ], "KeySchema": [ { "AttributeName": "USER_ID", "KeyType": "HASH" }, { "AttributeName": "RANGE_ATTRIBUTE", "KeyType": "RANGE" } ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "Tags": [ { "Key": "Key", "Value": "Value" } ], "LocalSecondaryIndexes": [ { "IndexName": "resiliencehub-index-local-1", "KeySchema": [ { "AttributeName": "USER_ID", "KeyType": "HASH" }, { "AttributeName": "RANGE_ATTRIBUTE", "KeyType": "RANGE" } ], "Projection": { "ProjectionType": "ALL" } } ], "GlobalSecondaryIndexes": [ { "IndexName": "resiliencehub-index-1", "KeySchema": [ { "AttributeName": "USER_ID", "KeyType": "HASH" } ], "Projection": { "ProjectionType": "ALL" } } ] } } } }
要允许在应用程序中部署警报资源,您现在需要将硬编码资源替换为应用程序堆栈中的动态引用。
因此,在 AWS::CloudWatch::Alarm 资源定义中,将以下内容:
"Value" : "Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9"
更改为:
"Value" : {"Ref": "Employees"}
在 AWS::SSM::Parameter 资源定义下,将以下内容:
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededDynamoDBEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
更改为:
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"${Employees}\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
在修改 SOP 和 AWS FIS 实验的 AWS CloudFormation 模板时,您将采用相同的方法,将硬编码的引用 ID 替换为即使在硬件更改后仍能继续工作的动态引用。
通过使用对 DynamoDB 表的引用,您允许 AWS CloudFormation 执行以下操作:
-
首先创建数据库表。
-
始终在警报中使用生成的资源的实际 ID,如果 AWS CloudFormation 需要替换资源,则动态更新警报。
注意
您可以使用 AWS CloudFormation 选择更高级的方法来管理应用程序资源,例如嵌套堆栈或在单独的 AWS CloudFormation 堆栈中引用资源输出。(但是,如果要将建议堆栈与主堆栈分开,则需要配置一种在两个堆栈之间传递信息的方式。)
此外,第三方工具,例如 HashiCorp 的 Terraform,也可以用来配置基础设施即代码 (IaC)。
