Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
# VPC Lattice-Beispiele für die Verwendung AWS CLI mit dem Bash-Skript
Die folgenden Codebeispiele zeigen Ihnen, wie Sie Aktionen ausführen und allgemeine Szenarien implementieren, indem Sie das with Bash-Skript AWS Command Line Interface mit VPC Lattice verwenden.
*Szenarien* sind Codebeispiele, die Ihnen zeigen, wie Sie bestimmte Aufgaben ausführen, indem Sie mehrere Funktionen innerhalb eines Service aufrufen oder mit anderen AWS-Services kombinieren.
Jedes Beispiel enthält einen Link zum vollständigen Quellcode, wo Sie Anweisungen zum Einrichten und Ausführen des Codes im Kodex finden.
**Topics**
+ [Szenarien](#scenarios)
## Szenarien
### Erstellen und Verwalten eines VPC Lattice-Dienstnetzwerks
Wie das aussehen kann, sehen Sie am nachfolgenden Beispielcode:
+ Ein Servicenetzwerk erstellen
+ Einen Service erstellen
+ Liste verfügbar VPCs
+ Sicherheitsgruppen für die ausgewählte VPC auflisten
+ Listet die Dienstzuordnungen auf
+ VPC-Zuordnungen auflisten
+ Bereinigen von Ressourcen
**AWS CLI mit Bash-Skript**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie es im [Tutorials und Beispiele](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/055-amazon-vpc-lattice-gs)-Repository für Entwickler einrichten und ausführen.
```
#!/bin/bash
# VPC Lattice Service Network Tutorial Script
# This script demonstrates how to create and manage a VPC Lattice service network
set -euo pipefail
# Set up logging with secure permissions
LOG_FILE="vpc-lattice-tutorial.log"
touch "$LOG_FILE"
chmod 600 "$LOG_FILE"
echo "Starting VPC Lattice tutorial script at $(date)" > "$LOG_FILE"
# Function to log commands and their output
log_command() {
local cmd="$1"
echo "$(date): Running command: $cmd" >> "$LOG_FILE"
eval "$cmd" 2>&1 | tee -a "$LOG_FILE"
return "${PIPESTATUS[0]}"
}
# Function to check for errors
check_error() {
if [ "$1" -ne 0 ]; then
echo "ERROR: Command failed with exit code $1" | tee -a "$LOG_FILE"
echo "See $LOG_FILE for details"
exit "$1"
fi
}
# Function to validate AWS CLI is available
check_aws_cli() {
if ! command -v aws &> /dev/null; then
echo "ERROR: AWS CLI is not installed or not in PATH" | tee -a "$LOG_FILE"
exit 1
fi
}
# Function to validate input parameters
validate_input() {
local input="$1"
local param_name="$2"
if [[ -z "$input" ]]; then
echo "ERROR: $param_name is empty" | tee -a "$LOG_FILE"
return 1
fi
# Validate against common injection patterns
if [[ "$input" =~ [\;\$\`\|\&\<\>\(\)\{\}] ]]; then
echo "ERROR: $param_name contains invalid characters" | tee -a "$LOG_FILE"
return 1
fi
return 0
}
# Function to wait for a resource to be in the desired state
wait_for_resource() {
local resource_type="$1"
local resource_id="$2"
local desired_status="$3"
local command="$4"
local max_attempts=30
local attempt=1
local status=""
validate_input "$resource_type" "resource_type" || return 1
validate_input "$resource_id" "resource_id" || return 1
validate_input "$desired_status" "desired_status" || return 1
echo "Waiting for $resource_type $resource_id to be in state $desired_status..." | tee -a "$LOG_FILE"
while [ "$attempt" -le "$max_attempts" ]; do
echo "Attempt $attempt of $max_attempts..." >> "$LOG_FILE"
# Run the command to get the status and capture the output
status_output=$(eval "$command" 2>&1) || true
echo "$status_output" >> "$LOG_FILE"
# For service networks, they do not have a status field in the output
# We'll consider them active if we can retrieve them
if [[ "$resource_type" == "Service Network" ]]; then
if [[ "$status_output" == *"$resource_id"* ]]; then
echo "$resource_type $resource_id is now active" | tee -a "$LOG_FILE"
return 0
fi
else
# For other resources, extract the status field
status=$(echo "$status_output" | grep -i "status" | awk -F'"' '{print $4}' || true)
echo "Current status: $status" >> "$LOG_FILE"
if [[ "$status" == "$desired_status" ]]; then
echo "$resource_type $resource_id is now in state $desired_status" | tee -a "$LOG_FILE"
return 0
elif [[ "$status" == *"FAIL"* ]]; then
echo "ERROR: $resource_type $resource_id failed to reach desired state. Current status: $status" | tee -a "$LOG_FILE"
return 1
fi
fi
echo "Waiting for status change... (attempt $attempt/$max_attempts)" >> "$LOG_FILE"
sleep 10
((attempt++))
done
echo "ERROR: Timed out waiting for $resource_type $resource_id to reach state $desired_status" | tee -a "$LOG_FILE"
return 1
}
# Cleanup function for trap
cleanup() {
local exit_code=$?
echo "Script interrupted or failed. Cleaning up..." | tee -a "$LOG_FILE"
exit "$exit_code"
}
trap cleanup EXIT INT TERM
# Check prerequisites
check_aws_cli
# Generate a random identifier for resource names
RANDOM_ID=$(openssl rand -hex 4)
SERVICE_NETWORK_NAME="lattice-network-${RANDOM_ID}"
SERVICE_NAME="lattice-service-${RANDOM_ID}"
# Store created resources for cleanup
declare -a CREATED_RESOURCES
echo "=== VPC Lattice Service Network Tutorial ===" | tee -a "$LOG_FILE"
echo "Random ID for this session: ${RANDOM_ID}" | tee -a "$LOG_FILE"
# Step 1: Create a VPC Lattice service network
echo -e "\n=== Step 1: Creating a VPC Lattice service network ===" | tee -a "$LOG_FILE"
echo "Creating service network: $SERVICE_NETWORK_NAME" | tee -a "$LOG_FILE"
SERVICE_NETWORK_OUTPUT=$(log_command "aws vpc-lattice create-service-network --name '$SERVICE_NETWORK_NAME' --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-vpc-lattice-gs --output json")
check_error $?
# Extract the service network ID using jq for safety
SERVICE_NETWORK_ID=$(echo "$SERVICE_NETWORK_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$SERVICE_NETWORK_ID" ]; then
echo "ERROR: Failed to extract service network ID" | tee -a "$LOG_FILE"
exit 1
fi
validate_input "$SERVICE_NETWORK_ID" "SERVICE_NETWORK_ID" || exit 1
echo "Service network created with ID: $SERVICE_NETWORK_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("Service Network: $SERVICE_NETWORK_ID")
# Wait for the service network to be active
wait_for_resource "Service Network" "$SERVICE_NETWORK_ID" "ACTIVE" "aws vpc-lattice get-service-network --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
check_error $?
# Step 2: Create a VPC Lattice service
echo -e "\n=== Step 2: Creating a VPC Lattice service ===" | tee -a "$LOG_FILE"
echo "Creating service: $SERVICE_NAME" | tee -a "$LOG_FILE"
SERVICE_OUTPUT=$(log_command "aws vpc-lattice create-service --name '$SERVICE_NAME' --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-vpc-lattice-gs --output json")
check_error $?
# Extract the service ID using jq for safety
SERVICE_ID=$(echo "$SERVICE_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$SERVICE_ID" ]; then
echo "ERROR: Failed to extract service ID" | tee -a "$LOG_FILE"
exit 1
fi
validate_input "$SERVICE_ID" "SERVICE_ID" || exit 1
echo "Service created with ID: $SERVICE_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("Service: $SERVICE_ID")
# Wait for the service to be active
wait_for_resource "Service" "$SERVICE_ID" "ACTIVE" "aws vpc-lattice get-service --service-identifier '$SERVICE_ID' --output json"
check_error $?
# Step 3: Associate the service with the service network
echo -e "\n=== Step 3: Associating service with service network ===" | tee -a "$LOG_FILE"
SERVICE_ASSOC_OUTPUT=$(log_command "aws vpc-lattice create-service-network-service-association --service-identifier '$SERVICE_ID' --service-network-identifier '$SERVICE_NETWORK_ID' --output json")
check_error $?
# Extract the service association ID using jq for safety
SERVICE_ASSOC_ID=$(echo "$SERVICE_ASSOC_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$SERVICE_ASSOC_ID" ]; then
echo "ERROR: Failed to extract service association ID" | tee -a "$LOG_FILE"
exit 1
fi
validate_input "$SERVICE_ASSOC_ID" "SERVICE_ASSOC_ID" || exit 1
echo "Service association created with ID: $SERVICE_ASSOC_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("Service Association: $SERVICE_ASSOC_ID")
# Wait for the service association to be active
wait_for_resource "Service Association" "$SERVICE_ASSOC_ID" "ACTIVE" "aws vpc-lattice get-service-network-service-association --service-network-service-association-identifier '$SERVICE_ASSOC_ID' --output json"
check_error $?
# Step 4: List available VPCs to associate with the service network
echo -e "\n=== Step 4: Listing available VPCs ===" | tee -a "$LOG_FILE"
VPC_LIST=$(log_command "aws ec2 describe-vpcs --query 'Vpcs[*].[VpcId,Tags[?Key==\`Name\`].Value|[0]]' --output text")
check_error $?
echo "Available VPCs:" | tee -a "$LOG_FILE"
echo "$VPC_LIST" | tee -a "$LOG_FILE"
# Step 5: Auto-select first available VPC
echo -e "\n=== Step 5: Associate a VPC with the service network ===" | tee -a "$LOG_FILE"
VPC_ID=$(echo "$VPC_LIST" | head -n 1 | awk '{print $1}')
if [ -z "$VPC_ID" ]; then
echo "WARNING: No VPC ID found" | tee -a "$LOG_FILE"
echo "Skipping VPC association step" | tee -a "$LOG_FILE"
else
validate_input "$VPC_ID" "VPC_ID" || {
echo "ERROR: VPC_ID validation failed"
exit 1
}
echo "Auto-selected VPC: $VPC_ID" | tee -a "$LOG_FILE"
# Step 6: List security groups for the selected VPC
echo -e "\n=== Step 6: Listing security groups for VPC $VPC_ID ===" | tee -a "$LOG_FILE"
SG_LIST=$(log_command "aws ec2 describe-security-groups --filters Name=vpc-id,Values='$VPC_ID' --query 'SecurityGroups[*].[GroupId,GroupName]' --output text")
check_error $?
echo "Available Security Groups for VPC $VPC_ID:" | tee -a "$LOG_FILE"
echo "$SG_LIST" | tee -a "$LOG_FILE"
# Step 7: Auto-select first available security group
echo -e "\n=== Step 7: Select a security group for the VPC association ===" | tee -a "$LOG_FILE"
SG_ID=$(echo "$SG_LIST" | head -n 1 | awk '{print $1}')
if [ -z "$SG_ID" ]; then
echo "WARNING: No Security Group ID found" | tee -a "$LOG_FILE"
echo "Skipping VPC association step" | tee -a "$LOG_FILE"
else
validate_input "$SG_ID" "SG_ID" || {
echo "ERROR: SG_ID validation failed"
exit 1
}
echo "Auto-selected Security Group: $SG_ID" | tee -a "$LOG_FILE"
# Step 8: Associate the VPC with the service network
echo -e "\n=== Step 8: Associating VPC with service network ===" | tee -a "$LOG_FILE"
VPC_ASSOC_OUTPUT=$(log_command "aws vpc-lattice create-service-network-vpc-association --vpc-identifier '$VPC_ID' --service-network-identifier '$SERVICE_NETWORK_ID' --security-group-ids '$SG_ID' --output json")
check_error $?
# Extract the VPC association ID using jq for safety
VPC_ASSOC_ID=$(echo "$VPC_ASSOC_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$VPC_ASSOC_ID" ]; then
echo "ERROR: Failed to extract VPC association ID" | tee -a "$LOG_FILE"
else
validate_input "$VPC_ASSOC_ID" "VPC_ASSOC_ID" || exit 1
echo "VPC association created with ID: $VPC_ASSOC_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("VPC Association: $VPC_ASSOC_ID")
# Wait for the VPC association to be active
wait_for_resource "VPC Association" "$VPC_ASSOC_ID" "ACTIVE" "aws vpc-lattice get-service-network-vpc-association --service-network-vpc-association-identifier '$VPC_ASSOC_ID' --output json"
check_error $?
fi
fi
fi
# Step 9: Display information about the created resources
echo -e "\n=== Step 9: Displaying information about created resources ===" | tee -a "$LOG_FILE"
echo "Service Network Details:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice get-service-network --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
echo "Service Details:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice get-service --service-identifier '$SERVICE_ID' --output json"
echo "Service Network Service Associations:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice list-service-network-service-associations --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
echo "Service Network VPC Associations:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice list-service-network-vpc-associations --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
# Step 10: Cleanup - Auto-confirm
echo -e "\n=== Step 10: Resource Cleanup ===" | tee -a "$LOG_FILE"
echo "Resources created in this tutorial:" | tee -a "$LOG_FILE"
for resource in "${CREATED_RESOURCES[@]+"${CREATED_RESOURCES[@]}"}"; do
echo "- $resource" | tee -a "$LOG_FILE"
done
echo "Starting cleanup process..." | tee -a "$LOG_FILE"
# Delete resources in reverse order
# Delete VPC association if it was created
if [[ -n "${VPC_ASSOC_ID:-}" ]]; then
echo "Deleting VPC association: $VPC_ASSOC_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service-network-vpc-association --service-network-vpc-association-identifier '$VPC_ASSOC_ID'" || true
# Wait for the VPC association to be deleted
echo "Waiting for VPC association to be deleted..." | tee -a "$LOG_FILE"
sleep 30
fi
# Delete service association
echo "Deleting service association: $SERVICE_ASSOC_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service-network-service-association --service-network-service-association-identifier '$SERVICE_ASSOC_ID'" || true
# Wait for the service association to be deleted
echo "Waiting for service association to be deleted..." | tee -a "$LOG_FILE"
sleep 30
# Delete service
echo "Deleting service: $SERVICE_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service --service-identifier '$SERVICE_ID'" || true
# Wait for the service to be deleted
echo "Waiting for service to be deleted..." | tee -a "$LOG_FILE"
sleep 30
# Delete service network
echo "Deleting service network: $SERVICE_NETWORK_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service-network --service-network-identifier '$SERVICE_NETWORK_ID'" || true
echo "Cleanup completed successfully!" | tee -a "$LOG_FILE"
echo -e "\n=== Tutorial completed! ===" | tee -a "$LOG_FILE"
echo "Log file: $LOG_FILE" | tee -a "$LOG_FILE"
```
+ Weitere API-Informationen finden Sie in den folgenden Themen der *AWS CLI -Befehlsreferenz*.
+ [CreateService](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateService)
+ [CreateServiceNetwork](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateServiceNetwork)
+ [CreateServiceNetworkServiceAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateServiceNetworkServiceAssociation)
+ [CreateServiceNetworkVpcAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateServiceNetworkVpcAssociation)
+ [DeleteService](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteService)
+ [DeleteServiceNetwork](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteServiceNetwork)
+ [DeleteServiceNetworkServiceAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteServiceNetworkServiceAssociation)
+ [DeleteServiceNetworkVpcAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteServiceNetworkVpcAssociation)
+ [DescribeSecurityGroups](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSecurityGroups)
+ [DescribeVpcs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeVpcs)
+ [GetService](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetService)
+ [GetServiceNetwork](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetServiceNetwork)
+ [GetServiceNetworkServiceAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetServiceNetworkServiceAssociation)
+ [GetServiceNetworkVpcAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetServiceNetworkVpcAssociation)
+ [ListServiceNetworkServiceAssociations](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/ListServiceNetworkServiceAssociations)
+ [ListServiceNetworkVpcAssociations](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/ListServiceNetworkVpcAssociations)