Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
Exemples d'utilisation AWS CLI de VPC Lattice avec le script Bash
Les exemples de code suivants vous montrent comment effectuer des actions et implémenter des scénarios courants à l'aide du script AWS Command Line Interface with Bash with VPC Lattice.
Les scénarios sont des exemples de code qui vous montrent comment accomplir des tâches spécifiques en appelant plusieurs fonctions au sein d’un même service ou combinés à d’autres Services AWS.
Chaque exemple inclut un lien vers le code source complet, où vous trouverez des instructions sur la configuration et l’exécution du code en contexte.
Rubriques
Scénarios
L’exemple de code suivant illustre comment :
Création d’un réseau de services
Créer un service
Liste disponible VPCs
Répertorier les groupes de sécurité pour le VPC sélectionné
Lister les associations de services
Répertorier les associations de VPC
nettoyer des ressources ;
- AWS CLI avec le script Bash
-
Note
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le référentiel d’exemples de code
. #!/bin/bash # VPC Lattice Service Network Tutorial Script # This script demonstrates how to create and manage a VPC Lattice service network set -euo pipefail # Set up logging with secure permissions LOG_FILE="vpc-lattice-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" echo "Starting VPC Lattice tutorial script at $(date)" > "$LOG_FILE" # Function to log commands and their output log_command() { local cmd="$1" echo "$(date): Running command: $cmd" >> "$LOG_FILE" eval "$cmd" 2>&1 | tee -a "$LOG_FILE" return "${PIPESTATUS[0]}" } # Function to check for errors check_error() { if [ "$1" -ne 0 ]; then echo "ERROR: Command failed with exit code $1" | tee -a "$LOG_FILE" echo "See $LOG_FILE for details" exit "$1" fi } # Function to validate AWS CLI is available check_aws_cli() { if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed or not in PATH" | tee -a "$LOG_FILE" exit 1 fi } # Function to validate input parameters validate_input() { local input="$1" local param_name="$2" if [[ -z "$input" ]]; then echo "ERROR: $param_name is empty" | tee -a "$LOG_FILE" return 1 fi # Validate against common injection patterns if [[ "$input" =~ [\;\$\`\|\&\<\>\(\)\{\}] ]]; then echo "ERROR: $param_name contains invalid characters" | tee -a "$LOG_FILE" return 1 fi return 0 } # Function to wait for a resource to be in the desired state wait_for_resource() { local resource_type="$1" local resource_id="$2" local desired_status="$3" local command="$4" local max_attempts=30 local attempt=1 local status="" validate_input "$resource_type" "resource_type" || return 1 validate_input "$resource_id" "resource_id" || return 1 validate_input "$desired_status" "desired_status" || return 1 echo "Waiting for $resource_type $resource_id to be in state $desired_status..." | tee -a "$LOG_FILE" while [ "$attempt" -le "$max_attempts" ]; do echo "Attempt $attempt of $max_attempts..." >> "$LOG_FILE" # Run the command to get the status and capture the output status_output=$(eval "$command" 2>&1) || true echo "$status_output" >> "$LOG_FILE" # For service networks, they do not have a status field in the output # We'll consider them active if we can retrieve them if [[ "$resource_type" == "Service Network" ]]; then if [[ "$status_output" == *"$resource_id"* ]]; then echo "$resource_type $resource_id is now active" | tee -a "$LOG_FILE" return 0 fi else # For other resources, extract the status field status=$(echo "$status_output" | grep -i "status" | awk -F'"' '{print $4}' || true) echo "Current status: $status" >> "$LOG_FILE" if [[ "$status" == "$desired_status" ]]; then echo "$resource_type $resource_id is now in state $desired_status" | tee -a "$LOG_FILE" return 0 elif [[ "$status" == *"FAIL"* ]]; then echo "ERROR: $resource_type $resource_id failed to reach desired state. Current status: $status" | tee -a "$LOG_FILE" return 1 fi fi echo "Waiting for status change... (attempt $attempt/$max_attempts)" >> "$LOG_FILE" sleep 10 ((attempt++)) done echo "ERROR: Timed out waiting for $resource_type $resource_id to reach state $desired_status" | tee -a "$LOG_FILE" return 1 } # Cleanup function for trap cleanup() { local exit_code=$? echo "Script interrupted or failed. Cleaning up..." | tee -a "$LOG_FILE" exit "$exit_code" } trap cleanup EXIT INT TERM # Check prerequisites check_aws_cli # Generate a random identifier for resource names RANDOM_ID=$(openssl rand -hex 4) SERVICE_NETWORK_NAME="lattice-network-${RANDOM_ID}" SERVICE_NAME="lattice-service-${RANDOM_ID}" # Store created resources for cleanup declare -a CREATED_RESOURCES echo "=== VPC Lattice Service Network Tutorial ===" | tee -a "$LOG_FILE" echo "Random ID for this session: ${RANDOM_ID}" | tee -a "$LOG_FILE" # Step 1: Create a VPC Lattice service network echo -e "\n=== Step 1: Creating a VPC Lattice service network ===" | tee -a "$LOG_FILE" echo "Creating service network: $SERVICE_NETWORK_NAME" | tee -a "$LOG_FILE" SERVICE_NETWORK_OUTPUT=$(log_command "aws vpc-lattice create-service-network --name '$SERVICE_NETWORK_NAME' --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-vpc-lattice-gs --output json") check_error $? # Extract the service network ID using jq for safety SERVICE_NETWORK_ID=$(echo "$SERVICE_NETWORK_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true) if [ -z "$SERVICE_NETWORK_ID" ]; then echo "ERROR: Failed to extract service network ID" | tee -a "$LOG_FILE" exit 1 fi validate_input "$SERVICE_NETWORK_ID" "SERVICE_NETWORK_ID" || exit 1 echo "Service network created with ID: $SERVICE_NETWORK_ID" | tee -a "$LOG_FILE" CREATED_RESOURCES+=("Service Network: $SERVICE_NETWORK_ID") # Wait for the service network to be active wait_for_resource "Service Network" "$SERVICE_NETWORK_ID" "ACTIVE" "aws vpc-lattice get-service-network --service-network-identifier '$SERVICE_NETWORK_ID' --output json" check_error $? # Step 2: Create a VPC Lattice service echo -e "\n=== Step 2: Creating a VPC Lattice service ===" | tee -a "$LOG_FILE" echo "Creating service: $SERVICE_NAME" | tee -a "$LOG_FILE" SERVICE_OUTPUT=$(log_command "aws vpc-lattice create-service --name '$SERVICE_NAME' --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-vpc-lattice-gs --output json") check_error $? # Extract the service ID using jq for safety SERVICE_ID=$(echo "$SERVICE_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true) if [ -z "$SERVICE_ID" ]; then echo "ERROR: Failed to extract service ID" | tee -a "$LOG_FILE" exit 1 fi validate_input "$SERVICE_ID" "SERVICE_ID" || exit 1 echo "Service created with ID: $SERVICE_ID" | tee -a "$LOG_FILE" CREATED_RESOURCES+=("Service: $SERVICE_ID") # Wait for the service to be active wait_for_resource "Service" "$SERVICE_ID" "ACTIVE" "aws vpc-lattice get-service --service-identifier '$SERVICE_ID' --output json" check_error $? # Step 3: Associate the service with the service network echo -e "\n=== Step 3: Associating service with service network ===" | tee -a "$LOG_FILE" SERVICE_ASSOC_OUTPUT=$(log_command "aws vpc-lattice create-service-network-service-association --service-identifier '$SERVICE_ID' --service-network-identifier '$SERVICE_NETWORK_ID' --output json") check_error $? # Extract the service association ID using jq for safety SERVICE_ASSOC_ID=$(echo "$SERVICE_ASSOC_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true) if [ -z "$SERVICE_ASSOC_ID" ]; then echo "ERROR: Failed to extract service association ID" | tee -a "$LOG_FILE" exit 1 fi validate_input "$SERVICE_ASSOC_ID" "SERVICE_ASSOC_ID" || exit 1 echo "Service association created with ID: $SERVICE_ASSOC_ID" | tee -a "$LOG_FILE" CREATED_RESOURCES+=("Service Association: $SERVICE_ASSOC_ID") # Wait for the service association to be active wait_for_resource "Service Association" "$SERVICE_ASSOC_ID" "ACTIVE" "aws vpc-lattice get-service-network-service-association --service-network-service-association-identifier '$SERVICE_ASSOC_ID' --output json" check_error $? # Step 4: List available VPCs to associate with the service network echo -e "\n=== Step 4: Listing available VPCs ===" | tee -a "$LOG_FILE" VPC_LIST=$(log_command "aws ec2 describe-vpcs --query 'Vpcs[*].[VpcId,Tags[?Key==\`Name\`].Value|[0]]' --output text") check_error $? echo "Available VPCs:" | tee -a "$LOG_FILE" echo "$VPC_LIST" | tee -a "$LOG_FILE" # Step 5: Auto-select first available VPC echo -e "\n=== Step 5: Associate a VPC with the service network ===" | tee -a "$LOG_FILE" VPC_ID=$(echo "$VPC_LIST" | head -n 1 | awk '{print $1}') if [ -z "$VPC_ID" ]; then echo "WARNING: No VPC ID found" | tee -a "$LOG_FILE" echo "Skipping VPC association step" | tee -a "$LOG_FILE" else validate_input "$VPC_ID" "VPC_ID" || { echo "ERROR: VPC_ID validation failed" exit 1 } echo "Auto-selected VPC: $VPC_ID" | tee -a "$LOG_FILE" # Step 6: List security groups for the selected VPC echo -e "\n=== Step 6: Listing security groups for VPC $VPC_ID ===" | tee -a "$LOG_FILE" SG_LIST=$(log_command "aws ec2 describe-security-groups --filters Name=vpc-id,Values='$VPC_ID' --query 'SecurityGroups[*].[GroupId,GroupName]' --output text") check_error $? echo "Available Security Groups for VPC $VPC_ID:" | tee -a "$LOG_FILE" echo "$SG_LIST" | tee -a "$LOG_FILE" # Step 7: Auto-select first available security group echo -e "\n=== Step 7: Select a security group for the VPC association ===" | tee -a "$LOG_FILE" SG_ID=$(echo "$SG_LIST" | head -n 1 | awk '{print $1}') if [ -z "$SG_ID" ]; then echo "WARNING: No Security Group ID found" | tee -a "$LOG_FILE" echo "Skipping VPC association step" | tee -a "$LOG_FILE" else validate_input "$SG_ID" "SG_ID" || { echo "ERROR: SG_ID validation failed" exit 1 } echo "Auto-selected Security Group: $SG_ID" | tee -a "$LOG_FILE" # Step 8: Associate the VPC with the service network echo -e "\n=== Step 8: Associating VPC with service network ===" | tee -a "$LOG_FILE" VPC_ASSOC_OUTPUT=$(log_command "aws vpc-lattice create-service-network-vpc-association --vpc-identifier '$VPC_ID' --service-network-identifier '$SERVICE_NETWORK_ID' --security-group-ids '$SG_ID' --output json") check_error $? # Extract the VPC association ID using jq for safety VPC_ASSOC_ID=$(echo "$VPC_ASSOC_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true) if [ -z "$VPC_ASSOC_ID" ]; then echo "ERROR: Failed to extract VPC association ID" | tee -a "$LOG_FILE" else validate_input "$VPC_ASSOC_ID" "VPC_ASSOC_ID" || exit 1 echo "VPC association created with ID: $VPC_ASSOC_ID" | tee -a "$LOG_FILE" CREATED_RESOURCES+=("VPC Association: $VPC_ASSOC_ID") # Wait for the VPC association to be active wait_for_resource "VPC Association" "$VPC_ASSOC_ID" "ACTIVE" "aws vpc-lattice get-service-network-vpc-association --service-network-vpc-association-identifier '$VPC_ASSOC_ID' --output json" check_error $? fi fi fi # Step 9: Display information about the created resources echo -e "\n=== Step 9: Displaying information about created resources ===" | tee -a "$LOG_FILE" echo "Service Network Details:" | tee -a "$LOG_FILE" log_command "aws vpc-lattice get-service-network --service-network-identifier '$SERVICE_NETWORK_ID' --output json" echo "Service Details:" | tee -a "$LOG_FILE" log_command "aws vpc-lattice get-service --service-identifier '$SERVICE_ID' --output json" echo "Service Network Service Associations:" | tee -a "$LOG_FILE" log_command "aws vpc-lattice list-service-network-service-associations --service-network-identifier '$SERVICE_NETWORK_ID' --output json" echo "Service Network VPC Associations:" | tee -a "$LOG_FILE" log_command "aws vpc-lattice list-service-network-vpc-associations --service-network-identifier '$SERVICE_NETWORK_ID' --output json" # Step 10: Cleanup - Auto-confirm echo -e "\n=== Step 10: Resource Cleanup ===" | tee -a "$LOG_FILE" echo "Resources created in this tutorial:" | tee -a "$LOG_FILE" for resource in "${CREATED_RESOURCES[@]+"${CREATED_RESOURCES[@]}"}"; do echo "- $resource" | tee -a "$LOG_FILE" done echo "Starting cleanup process..." | tee -a "$LOG_FILE" # Delete resources in reverse order # Delete VPC association if it was created if [[ -n "${VPC_ASSOC_ID:-}" ]]; then echo "Deleting VPC association: $VPC_ASSOC_ID" | tee -a "$LOG_FILE" log_command "aws vpc-lattice delete-service-network-vpc-association --service-network-vpc-association-identifier '$VPC_ASSOC_ID'" || true # Wait for the VPC association to be deleted echo "Waiting for VPC association to be deleted..." | tee -a "$LOG_FILE" sleep 30 fi # Delete service association echo "Deleting service association: $SERVICE_ASSOC_ID" | tee -a "$LOG_FILE" log_command "aws vpc-lattice delete-service-network-service-association --service-network-service-association-identifier '$SERVICE_ASSOC_ID'" || true # Wait for the service association to be deleted echo "Waiting for service association to be deleted..." | tee -a "$LOG_FILE" sleep 30 # Delete service echo "Deleting service: $SERVICE_ID" | tee -a "$LOG_FILE" log_command "aws vpc-lattice delete-service --service-identifier '$SERVICE_ID'" || true # Wait for the service to be deleted echo "Waiting for service to be deleted..." | tee -a "$LOG_FILE" sleep 30 # Delete service network echo "Deleting service network: $SERVICE_NETWORK_ID" | tee -a "$LOG_FILE" log_command "aws vpc-lattice delete-service-network --service-network-identifier '$SERVICE_NETWORK_ID'" || true echo "Cleanup completed successfully!" | tee -a "$LOG_FILE" echo -e "\n=== Tutorial completed! ===" | tee -a "$LOG_FILE" echo "Log file: $LOG_FILE" | tee -a "$LOG_FILE"-
Pour plus de détails sur l’API, consultez les rubriques suivantes dans la Référence des commandes de l’AWS CLI .
-
