Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich. # CloudFormation Beispiele für die Verwendung AWS CLI mit dem Bash-Skript Die folgenden Codebeispiele zeigen Ihnen, wie Sie Aktionen ausführen und allgemeine Szenarien implementieren, indem Sie das with Bash-Skript AWS Command Line Interface mit verwenden. CloudFormation *Szenarien* sind Codebeispiele, die Ihnen zeigen, wie Sie bestimmte Aufgaben ausführen, indem Sie mehrere Funktionen innerhalb eines Service aufrufen oder mit anderen AWS-Services kombinieren. Jedes Beispiel enthält einen Link zum vollständigen Quellcode, wo Sie Anweisungen zum Einrichten und Ausführen des Codes im Kodex finden. **Topics** + [Szenarien](#scenarios) ## Szenarien ### Erstellen Sie Ihren ersten Stack CloudFormation Wie das aussehen kann, sehen Sie am nachfolgenden Beispielcode: + Erstelle eine CloudFormation Vorlage + Testen Sie den Webserver + Bereinigen von Ressourcen **AWS CLI mit Bash-Skript** Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie es im [Tutorials und Beispiele](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/021-cloudformation-gs)-Repository für Entwickler einrichten und ausführen. ``` #!/bin/bash # CloudFormation Getting Started Script # This script creates a CloudFormation stack with a web server and security group, # monitors the stack creation, and provides cleanup options. set -euo pipefail # Set up logging with secure permissions LOG_FILE="cloudformation-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "===================================================" echo "AWS CloudFormation Getting Started Tutorial" echo "===================================================" echo "This script will create a CloudFormation stack with:" echo "- An EC2 instance running a simple web server" echo "- A security group allowing HTTP access from your IP" echo "" echo "Starting at: $(date)" echo "" # Function to validate IP address format validate_ip() { local ip=$1 if ! [[ "$ip" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then return 1 fi local IFS=. local -a octets=($ip) for octet in "${octets[@]}"; do if ((octet > 255)); then return 1 fi done return 0 } # Function to clean up resources cleanup() { echo "" echo "===================================================" echo "CLEANING UP RESOURCES" echo "===================================================" if [ -n "${STACK_NAME:-}" ]; then echo "Deleting CloudFormation stack: $STACK_NAME" aws cloudformation delete-stack --stack-name "$STACK_NAME" --region "${AWS_REGION:-us-east-1}" || true echo "Waiting for stack deletion to complete..." aws cloudformation wait stack-delete-complete --stack-name "$STACK_NAME" --region "${AWS_REGION:-us-east-1}" 2>/dev/null || true echo "Stack deletion complete." fi if [ -f "${TEMPLATE_FILE:-}" ]; then echo "Removing local template file: $TEMPLATE_FILE" shred -vfz -n 3 "$TEMPLATE_FILE" 2>/dev/null || rm -f "$TEMPLATE_FILE" fi echo "Cleanup completed at: $(date)" } # Function to handle errors handle_error() { echo "" echo "===================================================" echo "ERROR: $1" echo "===================================================" echo "Resources created before error:" if [ -n "${STACK_NAME:-}" ]; then echo "- CloudFormation stack: $STACK_NAME" fi echo "" echo "Cleaning up resources automatically..." cleanup exit 1 } # Set up trap for script interruption trap 'handle_error "Script interrupted"' INT TERM trap 'cleanup' EXIT # Validate AWS region AWS_REGION="${AWS_REGION:-us-east-1}" if ! [[ "$AWS_REGION" =~ ^[a-z]{2}-[a-z]+-[0-9]{1}$ ]]; then handle_error "Invalid AWS_REGION format: $AWS_REGION" fi # Generate a unique stack name with timestamp TIMESTAMP=$(date +%s) STACK_NAME="MyTestStack-${TIMESTAMP}" TEMPLATE_FILE="webserver-template-${TIMESTAMP}.yaml" # Verify AWS CLI is installed if ! command -v aws &> /dev/null; then handle_error "AWS CLI is not installed or not in PATH" fi # Verify curl is installed if ! command -v curl &> /dev/null; then handle_error "curl is not installed or not in PATH" fi # Verify AWS credentials are configured if ! aws sts get-caller-identity --region "$AWS_REGION" &> /dev/null; then handle_error "AWS credentials not configured or invalid" fi # Step 1: Create the CloudFormation template file echo "Creating CloudFormation template file: $TEMPLATE_FILE" cat > "$TEMPLATE_FILE" << 'EOF' AWSTemplateFormatVersion: 2010-09-09 Description: CloudFormation Template for WebServer with Security Group and EC2 Instance Metadata: AWS::CloudFormation::Init: config: packages: yum: httpd: [] services: sysvinit: httpd: enabled: true ensureRunning: true Parameters: LatestAmiId: Description: The latest Amazon Linux 2 AMI from the Parameter Store Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' InstanceType: Description: WebServer EC2 instance type Type: String Default: t2.micro AllowedValues: - t3.micro - t2.micro ConstraintDescription: must be a valid EC2 instance type. MyIP: Description: Your IP address in CIDR format (e.g 203.0.113.1/32). Type: String MinLength: '9' MaxLength: '18' AllowedPattern: '^(\d{1,3}\.){3}\d{1,3}/\d{1,2}$' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. Resources: WebServerRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: ec2.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy' WebServerInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Roles: - !Ref WebServerRole WebServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow HTTP access via specified IP address SecurityGroupEgress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 Description: Allow HTTP outbound - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 Description: Allow HTTPS outbound for package updates SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: !Ref MyIP Description: HTTP access from specified IP WebServer: Type: AWS::EC2::Instance Properties: ImageId: !Ref LatestAmiId InstanceType: !Ref InstanceType IamInstanceProfile: !Ref WebServerInstanceProfile SecurityGroupIds: - !Ref WebServerSecurityGroup Monitoring: true MetadataOptions: HttpEndpoint: enabled HttpTokens: required HttpPutResponseHopLimit: 1 UserData: !Base64 | #!/bin/bash set -euo pipefail exec > >(tee /var/log/user-data.log) exec 2>&1 yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd echo "

Hello World!

" > /var/www/html/index.html chmod 644 /var/www/html/index.html Outputs: WebsiteURL: Value: !Join - '' - - http:// - !GetAtt WebServer.PublicDnsName Description: Website URL InstanceId: Value: !Ref WebServer Description: EC2 Instance ID SecurityGroupId: Value: !Ref WebServerSecurityGroup Description: Security Group ID EOF chmod 600 "$TEMPLATE_FILE" if [ ! -f "$TEMPLATE_FILE" ]; then handle_error "Failed to create template file" fi # Step 2: Validate the template echo "" echo "Validating CloudFormation template..." if ! VALIDATION_RESULT=$(aws cloudformation validate-template \ --template-body "file://$TEMPLATE_FILE" \ --region "$AWS_REGION" 2>&1); then handle_error "Template validation failed: $VALIDATION_RESULT" fi echo "Template validation successful." # Step 3: Get the user's public IP address echo "" echo "Retrieving your public IP address..." MY_IP="" for endpoint in "https://checkip.amazonaws.com" "https://api.ipify.org" "https://icanhazip.com"; do if MY_IP=$(curl -s --max-time 5 "$endpoint" 2>/dev/null); then MY_IP="${MY_IP//[[:space:]]/}" if validate_ip "$MY_IP"; then break fi MY_IP="" fi done if [ -z "$MY_IP" ]; then handle_error "Failed to retrieve public IP address from multiple sources" fi MY_IP_CIDR="${MY_IP}/32" echo "Your public IP address: $MY_IP_CIDR" # Step 4: Create the CloudFormation stack echo "" echo "Creating CloudFormation stack: $STACK_NAME" echo "This will create an EC2 instance and security group." if ! CREATE_RESULT=$(aws cloudformation create-stack \ --stack-name "$STACK_NAME" \ --template-body "file://$TEMPLATE_FILE" \ --parameters \ ParameterKey=InstanceType,ParameterValue=t2.micro \ ParameterKey=MyIP,ParameterValue="$MY_IP_CIDR" \ --capabilities CAPABILITY_IAM \ --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudformation-gs \ --region "$AWS_REGION" \ --output text 2>&1); then handle_error "Stack creation failed: $CREATE_RESULT" fi STACK_ID="${CREATE_RESULT//[[:space:]]/}" echo "Stack creation initiated. Stack ID: $STACK_ID" # Step 5: Monitor stack creation echo "" echo "Monitoring stack creation..." echo "This may take a few minutes." if ! aws cloudformation wait stack-create-complete \ --stack-name "$STACK_NAME" \ --region "$AWS_REGION" 2>/dev/null; then STACK_STATUS=$(aws cloudformation describe-stacks \ --stack-name "$STACK_NAME" \ --query "Stacks[0].StackStatus" \ --region "$AWS_REGION" \ --output text 2>/dev/null || echo "UNKNOWN") if [[ "$STACK_STATUS" =~ ROLLBACK|FAILED ]]; then handle_error "Stack creation failed. Status: $STACK_STATUS" fi fi echo "Stack creation completed successfully." # Step 6: List stack resources echo "" echo "Resources created by the stack:" aws cloudformation list-stack-resources \ --stack-name "$STACK_NAME" \ --region "$AWS_REGION" \ --query "StackResourceSummaries[*].{LogicalID:LogicalResourceId, Type:ResourceType, Status:ResourceStatus}" \ --output table # Step 7: Get stack outputs echo "" echo "Stack outputs:" if ! OUTPUTS=$(aws cloudformation describe-stacks \ --stack-name "$STACK_NAME" \ --region "$AWS_REGION" \ --query "Stacks[0].Outputs" \ --output json 2>&1); then handle_error "Failed to retrieve stack outputs" fi echo "$OUTPUTS" # Extract the WebsiteURL WEBSITE_URL=$(aws cloudformation describe-stacks \ --stack-name "$STACK_NAME" \ --region "$AWS_REGION" \ --query "Stacks[0].Outputs[?OutputKey=='WebsiteURL'].OutputValue" \ --output text 2>/dev/null || echo "") if [ -z "$WEBSITE_URL" ]; then handle_error "Failed to extract WebsiteURL from stack outputs" fi echo "" echo "WebsiteURL: $WEBSITE_URL" echo "" echo "You can access the web server by opening the above URL in your browser." echo "You should see a simple 'Hello World!' message." # Step 8: Test the connection via CLI with timeout echo "" echo "Testing connection to the web server..." MAX_RETRIES=5 RETRY_COUNT=0 while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do if HTTP_RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "$WEBSITE_URL" 2>/dev/null); then if [ "$HTTP_RESPONSE" == "200" ]; then echo "Connection successful! HTTP status code: $HTTP_RESPONSE" break elif [ "$HTTP_RESPONSE" == "000" ]; then RETRY_COUNT=$((RETRY_COUNT + 1)) if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then echo "Connection test attempt $RETRY_COUNT/$MAX_RETRIES - retrying in 10 seconds..." sleep 10 else echo "Warning: Connection test failed after $MAX_RETRIES attempts" fi else echo "Warning: Connection test returned HTTP status code: $HTTP_RESPONSE" break fi else RETRY_COUNT=$((RETRY_COUNT + 1)) if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then echo "Connection test attempt $RETRY_COUNT/$MAX_RETRIES - retrying in 10 seconds..." sleep 10 else echo "Warning: Connection test failed after $MAX_RETRIES attempts" fi fi done # Step 9: Auto-confirm cleanup echo "" echo "===================================================" echo "CLEANUP CONFIRMATION" echo "===================================================" echo "Resources created:" echo "- CloudFormation stack: $STACK_NAME" echo " - EC2 instance" echo " - Security group" echo " - IAM role and instance profile" echo "" echo "Proceeding with cleanup of all created resources..." cleanup echo "" echo "===================================================" echo "Tutorial completed at: $(date)" echo "Log file: $LOG_FILE" echo "===================================================" ``` + Weitere API-Informationen finden Sie in den folgenden Themen der *AWS CLI -Befehlsreferenz*. + [CreateStack](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/CreateStack) + [DeleteStack](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/DeleteStack) + [DescribeStacks](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/DescribeStacks) + [ListStackResources](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/ListStackResources) + [ValidateTemplate](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/ValidateTemplate) + [Wait](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/Wait) ### Erste Schritte mit Amazon EKS Wie das aussehen kann, sehen Sie am nachfolgenden Beispielcode: + Erstellen Sie eine VPC für Ihren EKS-Cluster + Erstellen Sie IAM-Rollen für Ihren EKS-Cluster + Erstellen Ihres EKS-Clusters + Konfigurieren Sie kubectl für die Kommunikation mit Ihrem Cluster + Erstellen einer verwalteten Knotengruppe + Bereinigen von Ressourcen **AWS CLI mit Bash-Skript** Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie es im [Tutorials und Beispiele](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/034-eks-gs)-Repository für Entwickler einrichten und ausführen. ``` #!/bin/bash # Amazon EKS Cluster Creation Script (v2) # This script creates an Amazon EKS cluster with a managed node group using the AWS CLI # Set up logging LOG_FILE="eks-cluster-creation-v2.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Amazon EKS cluster creation script at $(date)" echo "All commands and outputs will be logged to $LOG_FILE" # Error handling function handle_error() { echo "ERROR: $1" echo "Attempting to clean up resources..." cleanup_resources exit 1 } # Function to check command success check_command() { if [ $? -ne 0 ] || echo "$1" | grep -i "error" > /dev/null; then handle_error "$1" fi } # Function to check if kubectl is installed check_kubectl() { if ! command -v kubectl &> /dev/null; then echo "WARNING: kubectl is not installed or not in your PATH." echo "" echo "To install kubectl, follow these instructions based on your operating system:" echo "" echo "For Linux:" echo " 1. Download the latest release:" echo " curl -LO \"https://dl.k8s.io/release/\$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\"" echo "" echo " 2. Make the kubectl binary executable:" echo " chmod +x ./kubectl" echo "" echo " 3. Move the binary to your PATH:" echo " sudo mv ./kubectl /usr/local/bin/kubectl" echo "" echo "For macOS:" echo " 1. Using Homebrew:" echo " brew install kubectl" echo " or" echo " 2. Using curl:" echo " curl -LO \"https://dl.k8s.io/release/\$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl\"" echo " chmod +x ./kubectl" echo " sudo mv ./kubectl /usr/local/bin/kubectl" echo "" echo "For Windows:" echo " 1. Using curl:" echo " curl -LO \"https://dl.k8s.io/release/v1.28.0/bin/windows/amd64/kubectl.exe\"" echo " Add the binary to your PATH" echo " or" echo " 2. Using Chocolatey:" echo " choco install kubernetes-cli" echo "" echo "After installation, verify with: kubectl version --client" echo "" return 1 fi return 0 } # Generate a random identifier for resource names RANDOM_ID=$(LC_ALL=C tr -dc 'a-z0-9' < /dev/urandom | fold -w 6 | head -n 1) STACK_NAME="eks-vpc-stack-${RANDOM_ID}" CLUSTER_NAME="eks-cluster-${RANDOM_ID}" NODEGROUP_NAME="eks-nodegroup-${RANDOM_ID}" CLUSTER_ROLE_NAME="EKSClusterRole-${RANDOM_ID}" NODE_ROLE_NAME="EKSNodeRole-${RANDOM_ID}" echo "Using the following resource names:" echo "- VPC Stack: $STACK_NAME" echo "- EKS Cluster: $CLUSTER_NAME" echo "- Node Group: $NODEGROUP_NAME" echo "- Cluster IAM Role: $CLUSTER_ROLE_NAME" echo "- Node IAM Role: $NODE_ROLE_NAME" # Array to track created resources for cleanup declare -a CREATED_RESOURCES # Function to clean up resources cleanup_resources() { echo "Cleaning up resources in reverse order..." # Check if node group exists and delete it if aws eks list-nodegroups --cluster-name "$CLUSTER_NAME" --query "nodegroups[?contains(@,'$NODEGROUP_NAME')]" --output text 2>/dev/null | grep -q "$NODEGROUP_NAME"; then echo "Deleting node group: $NODEGROUP_NAME" aws eks delete-nodegroup --cluster-name "$CLUSTER_NAME" --nodegroup-name "$NODEGROUP_NAME" echo "Waiting for node group deletion to complete..." aws eks wait nodegroup-deleted --cluster-name "$CLUSTER_NAME" --nodegroup-name "$NODEGROUP_NAME" echo "Node group deleted successfully." fi # Check if cluster exists and delete it if aws eks describe-cluster --name "$CLUSTER_NAME" 2>/dev/null; then echo "Deleting cluster: $CLUSTER_NAME" aws eks delete-cluster --name "$CLUSTER_NAME" echo "Waiting for cluster deletion to complete (this may take several minutes)..." aws eks wait cluster-deleted --name "$CLUSTER_NAME" echo "Cluster deleted successfully." fi # Check if CloudFormation stack exists and delete it if aws cloudformation describe-stacks --stack-name "$STACK_NAME" 2>/dev/null; then echo "Deleting CloudFormation stack: $STACK_NAME" aws cloudformation delete-stack --stack-name "$STACK_NAME" echo "Waiting for CloudFormation stack deletion to complete..." aws cloudformation wait stack-delete-complete --stack-name "$STACK_NAME" echo "CloudFormation stack deleted successfully." fi # Clean up IAM roles if aws iam get-role --role-name "$NODE_ROLE_NAME" 2>/dev/null; then echo "Detaching policies from node role: $NODE_ROLE_NAME" aws iam detach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy --role-name "$NODE_ROLE_NAME" aws iam detach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly --role-name "$NODE_ROLE_NAME" aws iam detach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy --role-name "$NODE_ROLE_NAME" echo "Deleting node role: $NODE_ROLE_NAME" aws iam delete-role --role-name "$NODE_ROLE_NAME" echo "Node role deleted successfully." fi if aws iam get-role --role-name "$CLUSTER_ROLE_NAME" 2>/dev/null; then echo "Detaching policies from cluster role: $CLUSTER_ROLE_NAME" aws iam detach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy --role-name "$CLUSTER_ROLE_NAME" echo "Deleting cluster role: $CLUSTER_ROLE_NAME" aws iam delete-role --role-name "$CLUSTER_ROLE_NAME" echo "Cluster role deleted successfully." fi echo "Cleanup complete." } # Trap to ensure cleanup on script exit trap 'echo "Script interrupted. Cleaning up resources..."; cleanup_resources; exit 1' SIGINT SIGTERM # Verify AWS CLI configuration echo "Verifying AWS CLI configuration..." AWS_ACCOUNT_INFO=$(aws sts get-caller-identity) check_command "$AWS_ACCOUNT_INFO" echo "AWS CLI is properly configured." # Step 1: Create VPC using CloudFormation echo "Step 1: Creating VPC with CloudFormation..." echo "Creating CloudFormation stack: $STACK_NAME" # Create the CloudFormation stack CF_CREATE_OUTPUT=$(aws cloudformation create-stack \ --stack-name "$STACK_NAME" \ --template-url https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml \ --tags Key=project,Value=doc-smith Key=tutorial,Value=eks-gs) check_command "$CF_CREATE_OUTPUT" CREATED_RESOURCES+=("CloudFormation Stack: $STACK_NAME") echo "Waiting for CloudFormation stack to complete (this may take a few minutes)..." aws cloudformation wait stack-create-complete --stack-name "$STACK_NAME" if [ $? -ne 0 ]; then handle_error "CloudFormation stack creation failed" fi echo "CloudFormation stack created successfully." # Step 2: Create IAM roles for EKS echo "Step 2: Creating IAM roles for EKS..." # Create cluster role trust policy echo "Creating cluster role trust policy..." cat > eks-cluster-role-trust-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF # Create cluster role echo "Creating cluster IAM role: $CLUSTER_ROLE_NAME" CLUSTER_ROLE_OUTPUT=$(aws iam create-role \ --role-name "$CLUSTER_ROLE_NAME" \ --assume-role-policy-document file://"eks-cluster-role-trust-policy.json") check_command "$CLUSTER_ROLE_OUTPUT" aws iam tag-role --role-name "$CLUSTER_ROLE_NAME" \ --tags Key=project,Value=doc-smith Key=tutorial,Value=eks-gs CREATED_RESOURCES+=("IAM Role: $CLUSTER_ROLE_NAME") # Attach policy to cluster role echo "Attaching EKS cluster policy to role..." ATTACH_CLUSTER_POLICY_OUTPUT=$(aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \ --role-name "$CLUSTER_ROLE_NAME") check_command "$ATTACH_CLUSTER_POLICY_OUTPUT" # Create node role trust policy echo "Creating node role trust policy..." cat > node-role-trust-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF # Create node role echo "Creating node IAM role: $NODE_ROLE_NAME" NODE_ROLE_OUTPUT=$(aws iam create-role \ --role-name "$NODE_ROLE_NAME" \ --assume-role-policy-document file://"node-role-trust-policy.json") check_command "$NODE_ROLE_OUTPUT" aws iam tag-role --role-name "$NODE_ROLE_NAME" \ --tags Key=project,Value=doc-smith Key=tutorial,Value=eks-gs CREATED_RESOURCES+=("IAM Role: $NODE_ROLE_NAME") # Attach policies to node role echo "Attaching EKS node policies to role..." ATTACH_NODE_POLICY1_OUTPUT=$(aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \ --role-name "$NODE_ROLE_NAME") check_command "$ATTACH_NODE_POLICY1_OUTPUT" ATTACH_NODE_POLICY2_OUTPUT=$(aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \ --role-name "$NODE_ROLE_NAME") check_command "$ATTACH_NODE_POLICY2_OUTPUT" ATTACH_NODE_POLICY3_OUTPUT=$(aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \ --role-name "$NODE_ROLE_NAME") check_command "$ATTACH_NODE_POLICY3_OUTPUT" # Step 3: Get VPC and subnet information echo "Step 3: Getting VPC and subnet information..." VPC_ID=$(aws cloudformation describe-stacks \ --stack-name "$STACK_NAME" \ --query "Stacks[0].Outputs[?OutputKey=='VpcId'].OutputValue" \ --output text) if [ -z "$VPC_ID" ]; then handle_error "Failed to get VPC ID from CloudFormation stack" fi echo "VPC ID: $VPC_ID" SUBNET_IDS=$(aws cloudformation describe-stacks \ --stack-name "$STACK_NAME" \ --query "Stacks[0].Outputs[?OutputKey=='SubnetIds'].OutputValue" \ --output text) if [ -z "$SUBNET_IDS" ]; then handle_error "Failed to get Subnet IDs from CloudFormation stack" fi echo "Subnet IDs: $SUBNET_IDS" SECURITY_GROUP_ID=$(aws cloudformation describe-stacks \ --stack-name "$STACK_NAME" \ --query "Stacks[0].Outputs[?OutputKey=='SecurityGroups'].OutputValue" \ --output text) if [ -z "$SECURITY_GROUP_ID" ]; then handle_error "Failed to get Security Group ID from CloudFormation stack" fi echo "Security Group ID: $SECURITY_GROUP_ID" # Step 4: Create EKS cluster echo "Step 4: Creating EKS cluster: $CLUSTER_NAME" CLUSTER_ROLE_ARN=$(aws iam get-role --role-name "$CLUSTER_ROLE_NAME" --query "Role.Arn" --output text) if [ -z "$CLUSTER_ROLE_ARN" ]; then handle_error "Failed to get Cluster Role ARN" fi echo "Creating EKS cluster (this will take 10-15 minutes)..." CREATE_CLUSTER_OUTPUT=$(aws eks create-cluster \ --name "$CLUSTER_NAME" \ --role-arn "$CLUSTER_ROLE_ARN" \ --resources-vpc-config subnetIds="$SUBNET_IDS",securityGroupIds="$SECURITY_GROUP_ID" \ --tags Key=project,Value=doc-smith,Key=tutorial,Value=eks-gs) check_command "$CREATE_CLUSTER_OUTPUT" CREATED_RESOURCES+=("EKS Cluster: $CLUSTER_NAME") echo "Waiting for EKS cluster to become active (this may take 10-15 minutes)..." aws eks wait cluster-active --name "$CLUSTER_NAME" if [ $? -ne 0 ]; then handle_error "Cluster creation failed or timed out" fi echo "EKS cluster is now active." # Step 5: Configure kubectl echo "Step 5: Configuring kubectl to communicate with the cluster..." # Check if kubectl is installed if ! check_kubectl; then echo "Will skip kubectl configuration steps but continue with the script." echo "You can manually configure kubectl later with: aws eks update-kubeconfig --name \"$CLUSTER_NAME\"" else UPDATE_KUBECONFIG_OUTPUT=$(aws eks update-kubeconfig --name "$CLUSTER_NAME") check_command "$UPDATE_KUBECONFIG_OUTPUT" echo "kubectl configured successfully." # Test kubectl configuration echo "Testing kubectl configuration..." KUBECTL_TEST_OUTPUT=$(kubectl get svc 2>&1) if [ $? -ne 0 ]; then echo "Warning: kubectl configuration test failed. This might be due to permissions or network issues." echo "Error details: $KUBECTL_TEST_OUTPUT" echo "Continuing with script execution..." else echo "$KUBECTL_TEST_OUTPUT" echo "kubectl configuration test successful." fi fi # Step 6: Create managed node group echo "Step 6: Creating managed node group: $NODEGROUP_NAME" NODE_ROLE_ARN=$(aws iam get-role --role-name "$NODE_ROLE_NAME" --query "Role.Arn" --output text) if [ -z "$NODE_ROLE_ARN" ]; then handle_error "Failed to get Node Role ARN" fi # Convert comma-separated subnet IDs to space-separated for the create-nodegroup command SUBNET_IDS_ARRAY=(${SUBNET_IDS//,/ }) echo "Creating managed node group (this will take 5-10 minutes)..." CREATE_NODEGROUP_OUTPUT=$(aws eks create-nodegroup \ --cluster-name "$CLUSTER_NAME" \ --nodegroup-name "$NODEGROUP_NAME" \ --node-role "$NODE_ROLE_ARN" \ --subnets "${SUBNET_IDS_ARRAY[@]}" \ --tags Key=project,Value=doc-smith,Key=tutorial,Value=eks-gs) check_command "$CREATE_NODEGROUP_OUTPUT" CREATED_RESOURCES+=("EKS Node Group: $NODEGROUP_NAME") echo "Waiting for node group to become active (this may take 5-10 minutes)..." aws eks wait nodegroup-active --cluster-name "$CLUSTER_NAME" --nodegroup-name "$NODEGROUP_NAME" if [ $? -ne 0 ]; then handle_error "Node group creation failed or timed out" fi echo "Node group is now active." # Step 7: Verify nodes echo "Step 7: Verifying nodes..." echo "Waiting for nodes to register with the cluster (this may take a few minutes)..." sleep 60 # Give nodes more time to register # Check if kubectl is installed before attempting to use it if ! check_kubectl; then echo "Cannot verify nodes without kubectl. Skipping this step." echo "You can manually verify nodes after installing kubectl with: kubectl get nodes" else NODES_OUTPUT=$(kubectl get nodes 2>&1) if [ $? -ne 0 ]; then echo "Warning: Unable to get nodes. This might be due to permissions or the nodes are still registering." echo "Error details: $NODES_OUTPUT" echo "Continuing with script execution..." else echo "$NODES_OUTPUT" echo "Nodes verified successfully." fi fi # Step 8: View resources echo "Step 8: Viewing cluster resources..." echo "Cluster information:" CLUSTER_INFO=$(aws eks describe-cluster --name "$CLUSTER_NAME") echo "$CLUSTER_INFO" echo "Node group information:" NODEGROUP_INFO=$(aws eks describe-nodegroup --cluster-name "$CLUSTER_NAME" --nodegroup-name "$NODEGROUP_NAME") echo "$NODEGROUP_INFO" echo "Kubernetes resources:" if ! check_kubectl; then echo "Cannot list Kubernetes resources without kubectl. Skipping this step." echo "You can manually list resources after installing kubectl with: kubectl get all --all-namespaces" else KUBE_RESOURCES=$(kubectl get all --all-namespaces 2>&1) if [ $? -ne 0 ]; then echo "Warning: Unable to get Kubernetes resources. This might be due to permissions." echo "Error details: $KUBE_RESOURCES" echo "Continuing with script execution..." else echo "$KUBE_RESOURCES" fi fi # Display summary of created resources echo "" echo "===========================================" echo "RESOURCES CREATED" echo "===========================================" for resource in "${CREATED_RESOURCES[@]}"; do echo "- $resource" done echo "===========================================" # Prompt for cleanup echo "" echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Do you want to clean up all created resources? (y/n): " read -r CLEANUP_CHOICE if [[ "${CLEANUP_CHOICE,,}" == "y" ]]; then cleanup_resources else echo "Resources will not be cleaned up. You can manually clean them up later." echo "To clean up resources, run the following commands:" echo "1. Delete node group: aws eks delete-nodegroup --cluster-name $CLUSTER_NAME --nodegroup-name $NODEGROUP_NAME" echo "2. Wait for node group deletion: aws eks wait nodegroup-deleted --cluster-name $CLUSTER_NAME --nodegroup-name $NODEGROUP_NAME" echo "3. Delete cluster: aws eks delete-cluster --name $CLUSTER_NAME" echo "4. Wait for cluster deletion: aws eks wait cluster-deleted --name $CLUSTER_NAME" echo "5. Delete CloudFormation stack: aws cloudformation delete-stack --stack-name $STACK_NAME" echo "6. Detach and delete IAM roles for the node group and cluster" fi echo "Script completed at $(date)" ``` + Weitere API-Informationen finden Sie in den folgenden Themen der *AWS CLI -Befehlsreferenz*. + [AttachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/AttachRolePolicy) + [CreateCluster](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/CreateCluster) + [CreateNodegroup](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/CreateNodegroup) + [CreateRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateRole) + [CreateStack](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/CreateStack) + [DeleteCluster](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/DeleteCluster) + [DeleteNodegroup](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/DeleteNodegroup) + [DeleteRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteRole) + [DeleteStack](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/DeleteStack) + [DescribeCluster](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/DescribeCluster) + [DescribeNodegroup](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/DescribeNodegroup) + [DescribeStacks](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/DescribeStacks) + [DetachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DetachRolePolicy) + [GetCallerIdentity](https://docs.aws.amazon.com/goto/aws-cli/sts-2011-06-15/GetCallerIdentity) + [GetRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/GetRole) + [ListNodegroups](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/ListNodegroups) + [UpdateKubeconfig](https://docs.aws.amazon.com/goto/aws-cli/eks-2017-11-01/UpdateKubeconfig) + [Wait](https://docs.aws.amazon.com/goto/aws-cli/cloudformation-2010-05-15/Wait)