Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
# Exemples d'utilisation AWS CLI de VPC Lattice avec le script Bash
Les exemples de code suivants vous montrent comment effectuer des actions et implémenter des scénarios courants à l'aide du script AWS Command Line Interface with Bash with VPC Lattice.
Les *scénarios* sont des exemples de code qui vous montrent comment accomplir des tâches spécifiques en appelant plusieurs fonctions au sein d’un même service ou combinés à d’autres Services AWS.
Chaque exemple inclut un lien vers le code source complet, où vous trouverez des instructions sur la configuration et l’exécution du code en contexte.
**Topics**
+ [Scénarios](#scenarios)
## Scénarios
### Création et gestion d'un réseau de services VPC Lattice
L’exemple de code suivant illustre comment :
+ Création d’un réseau de services
+ Créer un service
+ Liste disponible VPCs
+ Répertorier les groupes de sécurité pour le VPC sélectionné
+ Lister les associations de services
+ Répertorier les associations de VPC
+ nettoyer des ressources ;
**AWS CLI avec le script Bash**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/055-amazon-vpc-lattice-gs).
```
#!/bin/bash
# VPC Lattice Service Network Tutorial Script
# This script demonstrates how to create and manage a VPC Lattice service network
set -euo pipefail
# Set up logging with secure permissions
LOG_FILE="vpc-lattice-tutorial.log"
touch "$LOG_FILE"
chmod 600 "$LOG_FILE"
echo "Starting VPC Lattice tutorial script at $(date)" > "$LOG_FILE"
# Function to log commands and their output
log_command() {
local cmd="$1"
echo "$(date): Running command: $cmd" >> "$LOG_FILE"
eval "$cmd" 2>&1 | tee -a "$LOG_FILE"
return "${PIPESTATUS[0]}"
}
# Function to check for errors
check_error() {
if [ "$1" -ne 0 ]; then
echo "ERROR: Command failed with exit code $1" | tee -a "$LOG_FILE"
echo "See $LOG_FILE for details"
exit "$1"
fi
}
# Function to validate AWS CLI is available
check_aws_cli() {
if ! command -v aws &> /dev/null; then
echo "ERROR: AWS CLI is not installed or not in PATH" | tee -a "$LOG_FILE"
exit 1
fi
}
# Function to validate input parameters
validate_input() {
local input="$1"
local param_name="$2"
if [[ -z "$input" ]]; then
echo "ERROR: $param_name is empty" | tee -a "$LOG_FILE"
return 1
fi
# Validate against common injection patterns
if [[ "$input" =~ [\;\$\`\|\&\<\>\(\)\{\}] ]]; then
echo "ERROR: $param_name contains invalid characters" | tee -a "$LOG_FILE"
return 1
fi
return 0
}
# Function to wait for a resource to be in the desired state
wait_for_resource() {
local resource_type="$1"
local resource_id="$2"
local desired_status="$3"
local command="$4"
local max_attempts=30
local attempt=1
local status=""
validate_input "$resource_type" "resource_type" || return 1
validate_input "$resource_id" "resource_id" || return 1
validate_input "$desired_status" "desired_status" || return 1
echo "Waiting for $resource_type $resource_id to be in state $desired_status..." | tee -a "$LOG_FILE"
while [ "$attempt" -le "$max_attempts" ]; do
echo "Attempt $attempt of $max_attempts..." >> "$LOG_FILE"
# Run the command to get the status and capture the output
status_output=$(eval "$command" 2>&1) || true
echo "$status_output" >> "$LOG_FILE"
# For service networks, they do not have a status field in the output
# We'll consider them active if we can retrieve them
if [[ "$resource_type" == "Service Network" ]]; then
if [[ "$status_output" == *"$resource_id"* ]]; then
echo "$resource_type $resource_id is now active" | tee -a "$LOG_FILE"
return 0
fi
else
# For other resources, extract the status field
status=$(echo "$status_output" | grep -i "status" | awk -F'"' '{print $4}' || true)
echo "Current status: $status" >> "$LOG_FILE"
if [[ "$status" == "$desired_status" ]]; then
echo "$resource_type $resource_id is now in state $desired_status" | tee -a "$LOG_FILE"
return 0
elif [[ "$status" == *"FAIL"* ]]; then
echo "ERROR: $resource_type $resource_id failed to reach desired state. Current status: $status" | tee -a "$LOG_FILE"
return 1
fi
fi
echo "Waiting for status change... (attempt $attempt/$max_attempts)" >> "$LOG_FILE"
sleep 10
((attempt++))
done
echo "ERROR: Timed out waiting for $resource_type $resource_id to reach state $desired_status" | tee -a "$LOG_FILE"
return 1
}
# Cleanup function for trap
cleanup() {
local exit_code=$?
echo "Script interrupted or failed. Cleaning up..." | tee -a "$LOG_FILE"
exit "$exit_code"
}
trap cleanup EXIT INT TERM
# Check prerequisites
check_aws_cli
# Generate a random identifier for resource names
RANDOM_ID=$(openssl rand -hex 4)
SERVICE_NETWORK_NAME="lattice-network-${RANDOM_ID}"
SERVICE_NAME="lattice-service-${RANDOM_ID}"
# Store created resources for cleanup
declare -a CREATED_RESOURCES
echo "=== VPC Lattice Service Network Tutorial ===" | tee -a "$LOG_FILE"
echo "Random ID for this session: ${RANDOM_ID}" | tee -a "$LOG_FILE"
# Step 1: Create a VPC Lattice service network
echo -e "\n=== Step 1: Creating a VPC Lattice service network ===" | tee -a "$LOG_FILE"
echo "Creating service network: $SERVICE_NETWORK_NAME" | tee -a "$LOG_FILE"
SERVICE_NETWORK_OUTPUT=$(log_command "aws vpc-lattice create-service-network --name '$SERVICE_NETWORK_NAME' --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-vpc-lattice-gs --output json")
check_error $?
# Extract the service network ID using jq for safety
SERVICE_NETWORK_ID=$(echo "$SERVICE_NETWORK_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$SERVICE_NETWORK_ID" ]; then
echo "ERROR: Failed to extract service network ID" | tee -a "$LOG_FILE"
exit 1
fi
validate_input "$SERVICE_NETWORK_ID" "SERVICE_NETWORK_ID" || exit 1
echo "Service network created with ID: $SERVICE_NETWORK_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("Service Network: $SERVICE_NETWORK_ID")
# Wait for the service network to be active
wait_for_resource "Service Network" "$SERVICE_NETWORK_ID" "ACTIVE" "aws vpc-lattice get-service-network --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
check_error $?
# Step 2: Create a VPC Lattice service
echo -e "\n=== Step 2: Creating a VPC Lattice service ===" | tee -a "$LOG_FILE"
echo "Creating service: $SERVICE_NAME" | tee -a "$LOG_FILE"
SERVICE_OUTPUT=$(log_command "aws vpc-lattice create-service --name '$SERVICE_NAME' --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-vpc-lattice-gs --output json")
check_error $?
# Extract the service ID using jq for safety
SERVICE_ID=$(echo "$SERVICE_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$SERVICE_ID" ]; then
echo "ERROR: Failed to extract service ID" | tee -a "$LOG_FILE"
exit 1
fi
validate_input "$SERVICE_ID" "SERVICE_ID" || exit 1
echo "Service created with ID: $SERVICE_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("Service: $SERVICE_ID")
# Wait for the service to be active
wait_for_resource "Service" "$SERVICE_ID" "ACTIVE" "aws vpc-lattice get-service --service-identifier '$SERVICE_ID' --output json"
check_error $?
# Step 3: Associate the service with the service network
echo -e "\n=== Step 3: Associating service with service network ===" | tee -a "$LOG_FILE"
SERVICE_ASSOC_OUTPUT=$(log_command "aws vpc-lattice create-service-network-service-association --service-identifier '$SERVICE_ID' --service-network-identifier '$SERVICE_NETWORK_ID' --output json")
check_error $?
# Extract the service association ID using jq for safety
SERVICE_ASSOC_ID=$(echo "$SERVICE_ASSOC_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$SERVICE_ASSOC_ID" ]; then
echo "ERROR: Failed to extract service association ID" | tee -a "$LOG_FILE"
exit 1
fi
validate_input "$SERVICE_ASSOC_ID" "SERVICE_ASSOC_ID" || exit 1
echo "Service association created with ID: $SERVICE_ASSOC_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("Service Association: $SERVICE_ASSOC_ID")
# Wait for the service association to be active
wait_for_resource "Service Association" "$SERVICE_ASSOC_ID" "ACTIVE" "aws vpc-lattice get-service-network-service-association --service-network-service-association-identifier '$SERVICE_ASSOC_ID' --output json"
check_error $?
# Step 4: List available VPCs to associate with the service network
echo -e "\n=== Step 4: Listing available VPCs ===" | tee -a "$LOG_FILE"
VPC_LIST=$(log_command "aws ec2 describe-vpcs --query 'Vpcs[*].[VpcId,Tags[?Key==\`Name\`].Value|[0]]' --output text")
check_error $?
echo "Available VPCs:" | tee -a "$LOG_FILE"
echo "$VPC_LIST" | tee -a "$LOG_FILE"
# Step 5: Auto-select first available VPC
echo -e "\n=== Step 5: Associate a VPC with the service network ===" | tee -a "$LOG_FILE"
VPC_ID=$(echo "$VPC_LIST" | head -n 1 | awk '{print $1}')
if [ -z "$VPC_ID" ]; then
echo "WARNING: No VPC ID found" | tee -a "$LOG_FILE"
echo "Skipping VPC association step" | tee -a "$LOG_FILE"
else
validate_input "$VPC_ID" "VPC_ID" || {
echo "ERROR: VPC_ID validation failed"
exit 1
}
echo "Auto-selected VPC: $VPC_ID" | tee -a "$LOG_FILE"
# Step 6: List security groups for the selected VPC
echo -e "\n=== Step 6: Listing security groups for VPC $VPC_ID ===" | tee -a "$LOG_FILE"
SG_LIST=$(log_command "aws ec2 describe-security-groups --filters Name=vpc-id,Values='$VPC_ID' --query 'SecurityGroups[*].[GroupId,GroupName]' --output text")
check_error $?
echo "Available Security Groups for VPC $VPC_ID:" | tee -a "$LOG_FILE"
echo "$SG_LIST" | tee -a "$LOG_FILE"
# Step 7: Auto-select first available security group
echo -e "\n=== Step 7: Select a security group for the VPC association ===" | tee -a "$LOG_FILE"
SG_ID=$(echo "$SG_LIST" | head -n 1 | awk '{print $1}')
if [ -z "$SG_ID" ]; then
echo "WARNING: No Security Group ID found" | tee -a "$LOG_FILE"
echo "Skipping VPC association step" | tee -a "$LOG_FILE"
else
validate_input "$SG_ID" "SG_ID" || {
echo "ERROR: SG_ID validation failed"
exit 1
}
echo "Auto-selected Security Group: $SG_ID" | tee -a "$LOG_FILE"
# Step 8: Associate the VPC with the service network
echo -e "\n=== Step 8: Associating VPC with service network ===" | tee -a "$LOG_FILE"
VPC_ASSOC_OUTPUT=$(log_command "aws vpc-lattice create-service-network-vpc-association --vpc-identifier '$VPC_ID' --service-network-identifier '$SERVICE_NETWORK_ID' --security-group-ids '$SG_ID' --output json")
check_error $?
# Extract the VPC association ID using jq for safety
VPC_ASSOC_ID=$(echo "$VPC_ASSOC_OUTPUT" | jq -r '.id // empty' 2>/dev/null || true)
if [ -z "$VPC_ASSOC_ID" ]; then
echo "ERROR: Failed to extract VPC association ID" | tee -a "$LOG_FILE"
else
validate_input "$VPC_ASSOC_ID" "VPC_ASSOC_ID" || exit 1
echo "VPC association created with ID: $VPC_ASSOC_ID" | tee -a "$LOG_FILE"
CREATED_RESOURCES+=("VPC Association: $VPC_ASSOC_ID")
# Wait for the VPC association to be active
wait_for_resource "VPC Association" "$VPC_ASSOC_ID" "ACTIVE" "aws vpc-lattice get-service-network-vpc-association --service-network-vpc-association-identifier '$VPC_ASSOC_ID' --output json"
check_error $?
fi
fi
fi
# Step 9: Display information about the created resources
echo -e "\n=== Step 9: Displaying information about created resources ===" | tee -a "$LOG_FILE"
echo "Service Network Details:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice get-service-network --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
echo "Service Details:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice get-service --service-identifier '$SERVICE_ID' --output json"
echo "Service Network Service Associations:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice list-service-network-service-associations --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
echo "Service Network VPC Associations:" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice list-service-network-vpc-associations --service-network-identifier '$SERVICE_NETWORK_ID' --output json"
# Step 10: Cleanup - Auto-confirm
echo -e "\n=== Step 10: Resource Cleanup ===" | tee -a "$LOG_FILE"
echo "Resources created in this tutorial:" | tee -a "$LOG_FILE"
for resource in "${CREATED_RESOURCES[@]+"${CREATED_RESOURCES[@]}"}"; do
echo "- $resource" | tee -a "$LOG_FILE"
done
echo "Starting cleanup process..." | tee -a "$LOG_FILE"
# Delete resources in reverse order
# Delete VPC association if it was created
if [[ -n "${VPC_ASSOC_ID:-}" ]]; then
echo "Deleting VPC association: $VPC_ASSOC_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service-network-vpc-association --service-network-vpc-association-identifier '$VPC_ASSOC_ID'" || true
# Wait for the VPC association to be deleted
echo "Waiting for VPC association to be deleted..." | tee -a "$LOG_FILE"
sleep 30
fi
# Delete service association
echo "Deleting service association: $SERVICE_ASSOC_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service-network-service-association --service-network-service-association-identifier '$SERVICE_ASSOC_ID'" || true
# Wait for the service association to be deleted
echo "Waiting for service association to be deleted..." | tee -a "$LOG_FILE"
sleep 30
# Delete service
echo "Deleting service: $SERVICE_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service --service-identifier '$SERVICE_ID'" || true
# Wait for the service to be deleted
echo "Waiting for service to be deleted..." | tee -a "$LOG_FILE"
sleep 30
# Delete service network
echo "Deleting service network: $SERVICE_NETWORK_ID" | tee -a "$LOG_FILE"
log_command "aws vpc-lattice delete-service-network --service-network-identifier '$SERVICE_NETWORK_ID'" || true
echo "Cleanup completed successfully!" | tee -a "$LOG_FILE"
echo -e "\n=== Tutorial completed! ===" | tee -a "$LOG_FILE"
echo "Log file: $LOG_FILE" | tee -a "$LOG_FILE"
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des commandes de l’AWS CLI *.
+ [CreateService](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateService)
+ [CreateServiceNetwork](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateServiceNetwork)
+ [CreateServiceNetworkServiceAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateServiceNetworkServiceAssociation)
+ [CreateServiceNetworkVpcAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/CreateServiceNetworkVpcAssociation)
+ [DeleteService](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteService)
+ [DeleteServiceNetwork](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteServiceNetwork)
+ [DeleteServiceNetworkServiceAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteServiceNetworkServiceAssociation)
+ [DeleteServiceNetworkVpcAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/DeleteServiceNetworkVpcAssociation)
+ [DescribeSecurityGroups](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSecurityGroups)
+ [DescribeVpcs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeVpcs)
+ [GetService](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetService)
+ [GetServiceNetwork](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetServiceNetwork)
+ [GetServiceNetworkServiceAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetServiceNetworkServiceAssociation)
+ [GetServiceNetworkVpcAssociation](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/GetServiceNetworkVpcAssociation)
+ [ListServiceNetworkServiceAssociations](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/ListServiceNetworkServiceAssociations)
+ [ListServiceNetworkVpcAssociations](https://docs.aws.amazon.com/goto/aws-cli/vpc-lattice-2022-11-30/ListServiceNetworkVpcAssociations)