本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Amazon SNS 集成在 Image Builder
Amazon 簡單通知服務 (AmazonSNS) 是一種受管服務,可提供從發佈者到訂閱者 (也稱為生產者和消費者) 的非同步訊息傳遞。
您可以在基礎結構組態中指定SNS主題。當您建立映像或執行管線時,Image Builder 可以將有關映像狀態的詳細訊息發佈到本主題中。當影像狀態達到下列其中一種狀態時,Image Builder 會發佈訊息:
-
AVAILABLE -
FAILED
如需 Image Builder 的SNS訊息範例,請參閱SNS訊息格式。如果您想要建立新SNS主題,請參閱 Amazon 簡單通知服務開發人員指南SNS中的 Amazon 入門。
加密SNS主題
如果您的SNS主題已加密,則必須在 AWS KMS key 原則中授與 Image Builder 服務角色的權限,才能執行下列動作:
-
kms:Decrypt -
kms:GenerateDataKey
注意
如果您的SNS主題已加密,則加密此主題的金鑰必須位於執行 Image Builder 服務的帳戶中。Image Builder 無法傳送通知給使用其他帳戶的金鑰加密的SNS主題。
新增KMS金鑰原則範例
下列範例顯示您新增至KMS金鑰原則的其他區段。第一次建立映像產生器映像時,將 Amazon 資源名稱 (ARN) 用於 Image Builder 在您的帳戶下建立的IAM服務連結角色。若要深入瞭解 Image Builder 服務連結角色,請參閱針對 Image Builder 使用IAM服務連結角色。
{ "Statement": [{ "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt" ], "Resource": "*" }] }
您可以使用下列其中一種方法來取得ARN.
SNS訊息格式
Image Builder 向您的 Amazon SNS 主題發佈訊息後,訂閱該主題的其他服務可以篩選訊息格式,並判斷其是否符合進一步動作的條件。例如,成功訊息可能會啟動更新 AWS Systems Manager 參數存放區的工作,或為輸出啟動外部相容性測試工作流程AMI。
下列範例顯示 Image Builder 在管線建置執行到完成並建立 Linux 映像時發佈的典型訊息的JSON承載。
{ "versionlessArn": "arn:aws:imagebuilder:us-west-1:123456789012:image/example-linux-image", "semver": 1237940039285380274899124227, "arn": "arn:aws:imagebuilder:us-west-1:123456789012:image/example-linux-image/1.0.0/3", "name": "example-linux-image", "version": "1.0.0", "type": "AMI", "buildVersion": 3, "state": { "status": "AVAILABLE" }, "platform": "Linux", "imageRecipe": { "arn": "arn:aws:imagebuilder:us-west-1:123456789012:image-recipe/example-linux-image/1.0.0", "name": "amjule-barebones-linux", "version": "1.0.0", "components": [ { "componentArn": "arn:aws:imagebuilder:us-west-1:123456789012:component/update-linux/1.0.2/1" } ], "platform": "Linux", "parentImage": "arn:aws:imagebuilder:us-west-1:987654321098:image/amazon-linux-2-x86/2022.6.14/1", "blockDeviceMappings": [ { "deviceName": "/dev/xvda", "ebs": { "encrypted": false, "deleteOnTermination": true, "volumeSize": 8, "volumeType": "gp2" } } ], "dateCreated": "Feb 24, 2021 12:31:54 AM", "tags": { "internalId": "1a234567-8901-2345-bcd6-ef7890123456", "resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:image-recipe/example-linux-image/1.0.0" }, "workingDirectory": "/tmp", "accountId": "462045008730" }, "sourcePipelineArn": "arn:aws:imagebuilder:us-west-1:123456789012:image-pipeline/example-linux-pipeline", "infrastructureConfiguration": { "arn": "arn:aws:imagebuilder:us-west-1:123456789012:infrastructure-configuration/example-linux-infra-config-uswest1", "name": "example-linux-infra-config-uswest1", "instanceProfileName": "example-linux-ib-baseline-admin", "tags": { "internalId": "234abc56-d789-0123-a4e5-6b789d012c34", "resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:infrastructure-configuration/example-linux-infra-config-uswest1" }, "logging": { "s3Logs": { "s3BucketName": "12345-example-linux-testbucket-uswest1" } }, "keyPair": "example-linux-key-pair-uswest1", "terminateInstanceOnFailure": true, "snsTopicArn": "arn:aws:sns:us-west-1:123456789012:example-linux-ibnotices-uswest1", "dateCreated": "Feb 24, 2021 12:31:55 AM", "accountId": "123456789012" }, "imageTestsConfigurationDocument": { "imageTestsEnabled": true, "timeoutMinutes": 720 }, "distributionConfiguration": { "arn": "arn:aws:imagebuilder:us-west-1:123456789012:distribution-configuration/example-linux-distribution", "name": "example-linux-distribution", "dateCreated": "Feb 24, 2021 12:31:56 AM", "distributions": [ { "region": "us-west-1", "amiDistributionConfiguration": {} } ], "tags": { "internalId": "345abc67-8910-12d3-4ef5-67a8b90c12de", "resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:distribution-configuration/example-linux-distribution" }, "accountId": "123456789012" }, "dateCreated": "Jul 28, 2022 1:13:45 AM", "outputResources": { "amis": [ { "region": "us-west-1", "image": "ami-01a23bc4def5a6789", "name": "example-linux-image 2022-07-28T01-14-17.416Z", "accountId": "123456789012" } ] }, "buildExecutionId": "ab0cd12e-34fa-5678-b901-2c3456d789e0", "testExecutionId": "6a7b8901-cdef-234a-56b7-8cd89ef01234", "distributionJobId": "1f234567-8abc-9d0e-1234-fa56b7c890de", "integrationJobId": "432109b8-afe7-6dc5-4321-0ba98f7654e3", "accountId": "123456789012", "osVersion": "Amazon Linux 2", "enhancedImageMetadataEnabled": true, "buildType": "USER_INITIATED", "tags": { "internalId": "901e234f-a567-89bc-0123-d4e567f89a01", "resourceArn": "arn:aws:imagebuilder:us-west-1:123456789012:image/example-linux-image/1.0.0/3" } }
下列範例顯示映像產生器針對 Linux 映像的管線建置失敗而發佈的典型訊息的JSON承載。
{ "versionlessArn": "arn:aws:imagebuilder:us-west-2:123456789012:image/my-example-image", "semver": 1237940039285380274899124231, "arn": "arn:aws:imagebuilder:us-west-2:123456789012:image/my-example-image/1.0.0/7", "name": "My Example Image", "version": "1.0.0", "type": "AMI", "buildVersion": 7, "state": { "status": "FAILED", "reason": "Image Failure reason." }, "platform": "Linux", "imageRecipe": { "arn": "arn:aws:imagebuilder:us-west-2:123456789012:image-recipe/my-example-image/1.0.0", "name": "My Example Image", "version": "1.0.0", "description": "Testing Image recipe", "components": [ { "componentArn": "arn:aws:imagebuilder:us-west-2:123456789012:component/my-example-image-component/1.0.0/1" } ], "platform": "Linux", "parentImage": "ami-0cd12345db678d90f", "dateCreated": "Jun 21, 2022 11:36:14 PM", "tags": { "internalId": "1a234567-8901-2345-bcd6-ef7890123456", "resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:image-recipe/my-example-image/1.0.0" }, "accountId": "123456789012" }, "sourcePipelineArn": "arn:aws:imagebuilder:us-west-2:123456789012:image-pipeline/my-example-image-pipeline", "infrastructureConfiguration": { "arn": "arn:aws:imagebuilder:us-west-2:123456789012:infrastructure-configuration/my-example-infra-config", "name": "SNS topic Infra config", "description": "An example that will retain instances of failed builds", "instanceTypes": [ "t2.micro" ], "instanceProfileName": "EC2InstanceProfileForImageBuilder", "tags": { "internalId": "234abc56-d789-0123-a4e5-6b789d012c34", "resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:infrastructure-configuration/my-example-infra-config" }, "terminateInstanceOnFailure": true, "snsTopicArn": "arn:aws:sns:us-west-2:123456789012:example-pipeline-notification-topic", "dateCreated": "Jul 5, 2022 7:31:53 PM", "accountId": "123456789012" }, "imageTestsConfigurationDocument": { "imageTestsEnabled": true, "timeoutMinutes": 720 }, "distributionConfiguration": { "arn": "arn:aws:imagebuilder:us-west-2:123456789012:distribution-configuration/my-example-distribution-config", "name": "New distribution config", "dateCreated": "Dec 3, 2021 9:24:22 PM", "distributions": [ { "region": "us-west-2", "amiDistributionConfiguration": {}, "fastLaunchConfigurations": [ { "enabled": true, "snapshotConfiguration": { "targetResourceCount": 2 }, "maxParallelLaunches": 2, "launchTemplate": { "launchTemplateId": "lt-01234567890" }, "accountId": "123456789012" } ] } ], "tags": { "internalId": "1fecd23a-4f56-7f89-01e2-345678abbe90", "resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:distribution-configuration/my-example-distribution-config" }, "accountId": "123456789012" }, "dateCreated": "Jul 5, 2022 7:40:15 PM", "outputResources": { "amis": [] }, "accountId": "123456789012", "enhancedImageMetadataEnabled": true, "buildType": "SCHEDULED", "tags": { "internalId": "456c78b9-0e12-3f45-afb6-7e89b0f1a23b", "resourceArn": "arn:aws:imagebuilder:us-west-2:123456789012:image/my-example-image/1.0.0/7" } }
