環境 CloudFormation IaC 文件參數的詳細信息和示例 - AWS Proton
定義環境參數讀取環境 IaC 檔案中的參數值示例環境和服務 IaC 文件參數

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

環境 CloudFormation IaC 文件參數的詳細信息和示例

您可以將環境基礎結構中的參數定義為程式碼 (IaC) 檔案。如需詳細說明AWS Proton參數、參數類型、參數名稱空間,以及如何在 IaC 檔案中使用參數,請參閱AWS Proton 參數

定義環境參數

您可以為環境 IaC 檔案定義輸入和輸出參數。

  • 輸入參數— 定義環境輸入參數結構描述檔案

    下列清單包含典型使用案例的環境輸入參數範例。

    • VPC CIDR 值

    • 負載平衡器設定

    • 資料庫設定

    • 運作狀態檢查逾時

    身為管理員,您可以在您的情況下提供輸入參數的值建立環境

    • 使用控制台填寫基於模式的表單AWS Proton提供。

    • 使用 CLI 提供包含值的規格。

  • 輸出參數— 在您的環境 IaC 文件中定義環境輸出。然後,您可以在其他資源的 IaC 文件中引用這些輸出。

讀取環境 IaC 檔案中的參數值

您可以在環境 IaC 文件中讀取與環境相關的參數。您可以藉由參照中的參數名稱來讀取參數值。AWS Proton參數命名空間。

  • 輸入參數— 通過引用讀取環境輸入值environment.inputs.input-name

  • 資源參數— 閱讀AWS Proton通過引用名稱來參考資源參數,例如environment.name

注意

環境 IaC 檔案沒有其他資源的輸出參數可用。

示例環境和服務 IaC 文件參數

下面的例子演示了環境 IaC 文件中的參數定義和引用。然後,該示例顯示了如何在服務 IaC 文件中引用環境 IaC 文件中定義的環境輸出參數。

範例 環境 CloudFormation 合家歡文件

在此範例中,請注意下列事項:

  • 所以此environment.inputs.命名空間是指環境輸入參數。

  • Amazon EC2 Systems Manager (SSM) 參數StoreInputValue連接環境輸入。

  • 所以此MyEnvParameterValueoutput 會公開與輸出參數相同的輸入參數串連。另外三個輸出參數也會分別公開輸入參數。

  • 六個額外的輸出參數公開了環境佈建的資源。

Resources:
  StoreInputValue:
    Type: AWS::SSM::Parameter
    Properties:
      Type: String
      Value: "{{ environment.inputs.my_sample_input }} {{ environment.inputs.my_other_sample_input}} {{ environment.inputs.another_optional_input }}"
              # input parameter references

# These output values are available to service infrastructure as code files as outputs, when given the 
# the 'environment.outputs' namespace, for example, service_instance.environment.outputs.ClusterName.
Outputs:
  MyEnvParameterValue:                                        # output definition
    Value: !GetAtt StoreInputValue.Value
  MySampleInputValue:                                         # output definition
    Value: "{{ environment.inputs.my_sample_input }}"         #   input parameter reference
  MyOtherSampleInputValue:                                    # output definition
    Value: "{{ environment.inputs.my_other_sample_input }}"   #   input parameter reference
  AnotherOptionalInputValue:                                  # output definition
    Value: "{{ environment.inputs.another_optional_input }}"  #   input parameter reference
  ClusterName:                                                # output definition
    Description: The name of the ECS cluster
    Value: !Ref 'ECSCluster'                                  #   provisioned resource
  ECSTaskExecutionRole:                                       # output definition
    Description: The ARN of the ECS role
    Value: !GetAtt 'ECSTaskExecutionRole.Arn'                 #   provisioned resource
  VpcId:                                                      # output definition
    Description: The ID of the VPC that this stack is deployed in
    Value: !Ref 'VPC'                                         #   provisioned resource
  PublicSubnetOne:                                            # output definition
    Description: Public subnet one
    Value: !Ref 'PublicSubnetOne'                             #   provisioned resource
  PublicSubnetTwo:                                            # output definition
    Description: Public subnet two
    Value: !Ref 'PublicSubnetTwo'                             #   provisioned resource
  ContainerSecurityGroup:                                     # output definition
    Description: A security group used to allow Fargate containers to receive traffic
    Value: !Ref 'ContainerSecurityGroup'                      #   provisioned resource

範例 Service (服務) CloudFormation 合家歡文件

所以此environment.outputs.命名空間是指環境 IaC 文件的環境輸出。例如,名稱environment.outputs.ClusterName讀取的值ClusterName環境輸出參數。

AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy a service on AWS Fargate, hosted in a public subnet, and accessible via a public load balancer.
Mappings:
  TaskSize:
    x-small:
      cpu: 256
      memory: 512
    small:
      cpu: 512
      memory: 1024
    medium:
      cpu: 1024
      memory: 2048
    large:
      cpu: 2048
      memory: 4096
    x-large:
      cpu: 4096
      memory: 8192
Resources:
  # A log group for storing the stdout logs from this service's containers
  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: '{{service_instance.name}}' # resource parameter

  # The task definition. This is a simple metadata description of what
  # container to run, and what resource requirements it has.
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: '{{service_instance.name}}' # resource parameter
      Cpu: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, cpu] # input parameter
      Memory: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, memory] 
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ExecutionRoleArn: '{{environment.outputs.ECSTaskExecutionRole}}'  # output reference to an environment infrastructure code file
      TaskRoleArn: !Ref "AWS::NoValue"
      ContainerDefinitions:
        - Name: '{{service_instance.name}}'  # resource parameter
          Cpu: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, cpu]
          Memory: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, memory]
          Image: '{{service_instance.inputs.image}}'
          PortMappings:
            - ContainerPort: '{{service_instance.inputs.port}}' # input parameter
          LogConfiguration:
            LogDriver: 'awslogs'
            Options:
              awslogs-group: '{{service_instance.name}}' # resource parameter
              awslogs-region: !Ref 'AWS::Region'
              awslogs-stream-prefix: '{{service_instance.name}}' # resource parameter

  # The service_instance. The service is a resource which allows you to run multiple
  # copies of a type of task, and gather up their logs and metrics, as well
  # as monitor the number of running tasks and replace any that have crashed
  Service:
    Type: AWS::ECS::Service
    DependsOn: LoadBalancerRule
    Properties:
      ServiceName: '{{service_instance.name}}'  # resource parameter
      Cluster: '{{environment.outputs.ClusterName}}' # output reference to an environment infrastructure as code file
      LaunchType: FARGATE
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 75
      DesiredCount: '{{service_instance.inputs.desired_count}}'# input parameter
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          SecurityGroups:
            - '{{environment.outputs.ContainerSecurityGroup}}' # output reference to an environment infrastructure as code file
          Subnets:
            - '{{environment.outputs.PublicSubnetOne}}' # output reference to an environment infrastructure as code file
            - '{{environment.outputs.PublicSubnetTwo}}' # output reference to an environment infrastructure as code file
      TaskDefinition: !Ref 'TaskDefinition'
      LoadBalancers:
        - ContainerName: '{{service_instance.name}}'  # resource parameter
          ContainerPort: '{{service_instance.inputs.port}}' # input parameter
          TargetGroupArn: !Ref 'TargetGroup'
[...]