如何在Cloudformation模板中更改ECS集群的启动类型?
如何在Cloudformation模板中更改ECS集群的启动类型?
提问于 2022-09-29 16:12:00
我有一个云表单模板,它创建ECS (Fargate)类型的集群、服务和其他强制资源。现在,我想将ECS类型从Fargate更改为EC2启动类型。这是我的cloudformation模板:
AWSTemplateFormatVersion: 2010-09-09
Description: The CloudFormation template for the Fargate ECS Cluster.
Parameters:
Stage:
Type: String
ContainerPort:
Type: Number
ImageURI:
Type: String
Resources:
# Create an ECS Cluster
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'Cluster']]
# Create a VPC
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.10.0.0/16
EnableDnsHostnames: True
EnableDnsSupport: True
# Create a Subnet
SubnetA:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.10.1.0/24
VpcId: !Ref VPC
AvailabilityZone: !Join ['', [!Ref "AWS::Region", 'a']]
# Create a Subnet
SubnetB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.10.2.0/24
VpcId: !Ref VPC
AvailabilityZone: !Join ['', [!Ref "AWS::Region", 'b']]
# Create a route table to allow access to internet
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
# Create a Route to allow access to internet using an internet gateway
PublicRoute:
Type: AWS::EC2::Route
DependsOn: VPCInternetGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Attach Public Route to SubnetA
SubnetAPublicRouteAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref SubnetA
# Attach Public Route to SubnetB
SubnetBPublicRouteAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref SubnetB
# Create an Internet Gateway
InternetGateway:
Type: AWS::EC2::InternetGateway
# Attach the internet gateway to the VPC
VPCInternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
# Create Access Role for ECS-Tasks
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'ExecutionRole']]
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
# Create a TaskDefinition with container details
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Memory: 1024
Cpu: 512
NetworkMode: awsvpc
RequiresCompatibilities:
- 'FARGATE'
TaskRoleArn: !Ref ExecutionRole
ExecutionRoleArn: !Ref ExecutionRole
ContainerDefinitions:
- Name: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'Container']]
Image: !Ref ImageURI
PortMappings:
- ContainerPort: !Ref ContainerPort
HostPort: !Ref ContainerPort
# Creat a security group for load balancer and open port 80 in bound from internet
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'LoadBalancerSecurityGroup']]
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
# Creat a security group for Containers and open in bound Container port from Load balancer security group to the Container
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'ContainerSecurityGroup']]
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: !Ref ContainerPort
ToPort: !Ref ContainerPort
SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
# Create a LoadBalancer and attach the Security group and Subnets
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Name: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'LoadBalancer']]
Scheme: internet-facing
SecurityGroups:
- !Ref LoadBalancerSecurityGroup
Subnets:
- !Ref SubnetA
- !Ref SubnetB
Type: application
# Create a TargetGroup for HTTP port 80
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'TargetGroup']]
Port: 80
Protocol: HTTP
TargetType: ip
VpcId: !Ref VPC
# Create a LoadBalancerListener and attach the TargetGroup and LoadBalancer
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref TargetGroup
Type: forward
LoadBalancerArn: !Ref LoadBalancer
Port: 80
Protocol: HTTP
# Create an ECS Service and add created Cluster, TaskDefintion, Subnets, TargetGroup and SecurityGroup
ECSService:
Type: AWS::ECS::Service
DependsOn: LoadBalancerListener
Properties:
ServiceName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'ECSService']]
Cluster: !Ref Cluster
TaskDefinition: !Ref TaskDefinition
DesiredCount: 2
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- !Ref SubnetA
- !Ref SubnetB
SecurityGroups:
- !Ref ContainerSecurityGroup
LoadBalancers:
- ContainerName: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'Container']]
ContainerPort: !Ref ContainerPort
TargetGroupArn: !Ref TargetGroup有人能指导我在这个模板中进行哪些更改才能转换为EC2类型吗?我是新来的,我真的不知道该怎么做。我不能使用任何其他模板,因为这个Cloudformation链接到了另一个cloudformation堆栈。事实上,我是跟随本教程和有法门类型,但我想要EC2启动类型。
回答 1
Stack Overflow用户
发布于 2022-10-01 12:27:40
主要是需要更改为LaunchType: FARGATE的LaunchType: EC2。
第二件最重要的事情是,您需要向集群中添加EC2资源,以便能够登录您的任务(对于Fargate,您不需要这样做,但是如果您选择使用EC2启动类型,则必须有一个带有EC2实例的集群)。
第三,您可能需要将EC2添加到任务def的兼容性部分:
RequiresCompatibilities:
- 'FARGATE'
- 'EC2'第四,将公共is分配给任务(AssignPublicIp: ENABLED)并不是一个最佳实践,实际上它将不适用于EC2启动类型(例如,请参见这里 )。您应该禁用此功能,但这意味着您需要将NAT GW添加到您的VPC中,以便您的任务能够到达Internet (并从ECR获取容器映像)。另一种选择是用添加ECR专用端点代替你的VPC,以避免互联网的“长途”。
也许还有其他的事情需要调优,但这是最大的。
因为好奇,你为什么要搬到EC2去?
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73898659
复制相关文章
相似问题
腾讯云开发者
