Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris. # AWS Cloud Map contoh menggunakan AWS CLI dengan skrip Bash Contoh kode berikut menunjukkan cara melakukan tindakan dan mengimplementasikan skenario umum dengan menggunakan skrip AWS Command Line Interface with Bash with AWS Cloud Map. *Skenario* adalah contoh kode yang menunjukkan kepada Anda bagaimana menyelesaikan tugas tertentu dengan memanggil beberapa fungsi dalam layanan atau dikombinasikan dengan yang lain Layanan AWS. Setiap contoh menyertakan tautan ke kode sumber lengkap, di mana Anda dapat menemukan instruksi tentang cara mengatur dan menjalankan kode dalam konteks. **Topics** + [Skenario](#scenarios) ## Skenario ### Atribut kustom Cloud Map Contoh kode berikut ini menunjukkan cara untuk melakukan: + Membuat namespace Cloud Map + Membuat tabel DynamoDB + Buat layanan data Cloud Map dan daftarkan tabel DynamoDB + Buat peran IAM untuk fungsi Lambda + Buat fungsi Lambda untuk menulis data + Buat layanan aplikasi Cloud Map dan daftarkan fungsi tulis Lambda + Buat fungsi Lambda untuk membaca data **AWS CLI dengan skrip Bash** Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankan di repositori [tutorial pengembang Sample](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/004-cloudmap-custom-attributes). ``` #!/bin/bash # AWS Cloud Map Tutorial Script # This script demonstrates how to use AWS Cloud Map for service discovery with custom attributes set -euo pipefail # Set up logging LOG_FILE="cloudmap-tutorial.log" echo "AWS Cloud Map Tutorial Script" > "$LOG_FILE" echo "Started at $(date)" >> "$LOG_FILE" # Array to track created resources for cleanup CREATED_RESOURCES=() # Function to log commands and their output log_cmd() { echo "$ $1" | tee -a "$LOG_FILE" eval "$1" | tee -a "$LOG_FILE" } # Function to handle errors handle_error() { local LINE=$1 echo "An error occurred at line $LINE" | tee -a "$LOG_FILE" echo "Resources created so far:" | tee -a "$LOG_FILE" for resource in "${CREATED_RESOURCES[@]}"; do echo "- $resource" | tee -a "$LOG_FILE" done echo "Attempting to clean up resources..." | tee -a "$LOG_FILE" cleanup exit 1 } # Set up error handling trap 'handle_error $LINENO' ERR # Helper function to wait for Cloud Map operations to complete wait_for_operation() { local OPERATION_ID=$1 local TIMEOUT=300 # 5 minutes timeout local START_TIME START_TIME=$(date +%s) while true; do local STATUS STATUS=$(aws servicediscovery get-operation --operation-id "$OPERATION_ID" --query 'Operation.Status' --output text 2>/dev/null || echo "UNKNOWN") if [ "$STATUS" == "SUCCESS" ]; then echo "Operation completed successfully" | tee -a "$LOG_FILE" break elif [ "$STATUS" == "FAIL" ]; then echo "Operation failed" | tee -a "$LOG_FILE" return 1 fi local CURRENT_TIME CURRENT_TIME=$(date +%s) if [ $((CURRENT_TIME - START_TIME)) -gt $TIMEOUT ]; then echo "Operation timed out" | tee -a "$LOG_FILE" return 1 fi sleep 5 done return 0 } # Function to clean up resources cleanup() { echo "Cleaning up resources..." | tee -a "$LOG_FILE" # Reverse the order of created resources for proper deletion for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do resource="${CREATED_RESOURCES[$i]}" echo "Deleting $resource..." | tee -a "$LOG_FILE" if [[ $resource == "instance:"* ]]; then # Extract service ID and instance ID SERVICE_ID=$(echo "$resource" | cut -d':' -f2) INSTANCE_ID=$(echo "$resource" | cut -d':' -f3) # Check if instance exists before trying to deregister INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id "$SERVICE_ID" --query "Instances[?Id=='$INSTANCE_ID'].Id" --output text 2>/dev/null || echo "") if [[ -n "$INSTANCE_EXISTS" ]]; then OPERATION_ID=$(aws servicediscovery deregister-instance --service-id "$SERVICE_ID" --instance-id "$INSTANCE_ID" --query 'OperationId' --output text) # Wait for deregistration to complete echo "Waiting for instance deregistration to complete..." | tee -a "$LOG_FILE" wait_for_operation "$OPERATION_ID" || true else echo "Instance $INSTANCE_ID already deregistered" | tee -a "$LOG_FILE" fi elif [[ $resource == "lambda:"* ]]; then # Extract function name FUNCTION_NAME=$(echo "$resource" | cut -d':' -f2) aws lambda delete-function --function-name "$FUNCTION_NAME" 2>/dev/null || echo "Function already deleted" | tee -a "$LOG_FILE" elif [[ $resource == "role:"* ]]; then # Extract role name ROLE_NAME=$(echo "$resource" | cut -d':' -f2) # Detach all policies first for POLICY_ARN in $(aws iam list-attached-role-policies --role-name "$ROLE_NAME" --query 'AttachedPolicies[*].PolicyArn' --output text); do aws iam detach-role-policy --role-name "$ROLE_NAME" --policy-arn "$POLICY_ARN" done # Delete the role aws iam delete-role --role-name "$ROLE_NAME" 2>/dev/null || echo "Role already deleted" | tee -a "$LOG_FILE" elif [[ $resource == "dynamodb:"* ]]; then # Extract table name TABLE_NAME=$(echo "$resource" | cut -d':' -f2) aws dynamodb delete-table --table-name "$TABLE_NAME" 2>/dev/null || echo "Table already deleted" | tee -a "$LOG_FILE" # Wait for table deletion to complete echo "Waiting for DynamoDB table deletion to complete..." | tee -a "$LOG_FILE" aws dynamodb wait table-not-exists --table-name "$TABLE_NAME" 2>/dev/null || true fi done # Handle services separately to ensure all instances are deregistered first for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do resource="${CREATED_RESOURCES[$i]}" if [[ $resource == "service:"* ]]; then # Extract service ID SERVICE_ID=$(echo "$resource" | cut -d':' -f2) echo "Deleting service $SERVICE_ID..." | tee -a "$LOG_FILE" # Make sure all instances are deregistered INSTANCES=$(aws servicediscovery list-instances --service-id "$SERVICE_ID" --query 'Instances[*].Id' --output text 2>/dev/null || echo "") if [[ -n "$INSTANCES" ]]; then echo "Service still has instances. Waiting before deletion..." | tee -a "$LOG_FILE" sleep 10 fi # Try to delete the service aws servicediscovery delete-service --id "$SERVICE_ID" 2>/dev/null || echo "Service already deleted" | tee -a "$LOG_FILE" sleep 5 fi done # Handle namespaces last to ensure all services are deleted first for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do resource="${CREATED_RESOURCES[$i]}" if [[ $resource == "namespace:"* ]]; then # Extract namespace ID NAMESPACE_ID=$(echo "$resource" | cut -d':' -f2) echo "Deleting namespace $NAMESPACE_ID..." | tee -a "$LOG_FILE" # Check if namespace still has services SERVICES=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query 'Services[*].Id' --output text 2>/dev/null || echo "") if [[ -n "$SERVICES" ]]; then echo "Namespace still has services. Deleting them first..." | tee -a "$LOG_FILE" for SERVICE_ID in $SERVICES; do echo "Deleting service $SERVICE_ID..." | tee -a "$LOG_FILE" aws servicediscovery delete-service --id "$SERVICE_ID" 2>/dev/null || true done sleep 5 fi # Try to delete the namespace OPERATION_ID=$(aws servicediscovery delete-namespace --id "$NAMESPACE_ID" --query 'OperationId' --output text 2>/dev/null || echo "") if [[ -n "$OPERATION_ID" ]]; then echo "Waiting for namespace deletion to complete..." | tee -a "$LOG_FILE" wait_for_operation "$OPERATION_ID" || true else echo "Failed to delete namespace or namespace already deleted" | tee -a "$LOG_FILE" fi fi done echo "Cleanup complete" | tee -a "$LOG_FILE" } # Step 1: Create an AWS Cloud Map namespace echo "Step 1: Creating AWS Cloud Map namespace..." | tee -a "$LOG_FILE" # Check if namespace already exists NAMESPACE_ID=$(aws servicediscovery list-namespaces --query "Namespaces[?Name=='cloudmap-tutorial'].Id" --output text 2>/dev/null || echo "") if [[ -z "$NAMESPACE_ID" || "$NAMESPACE_ID" == "None" ]]; then log_cmd "aws servicediscovery create-http-namespace --name cloudmap-tutorial --creator-request-id namespace-request-\$(date +%s)" OPERATION_ID=$(aws servicediscovery create-http-namespace --name cloudmap-tutorial --creator-request-id "namespace-request-$(date +%s)" --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes --query 'OperationId' --output text) # Wait for namespace creation to complete echo "Waiting for namespace creation to complete..." | tee -a "$LOG_FILE" wait_for_operation "$OPERATION_ID" # Get the namespace ID NAMESPACE_ID=$(aws servicediscovery list-namespaces --query "Namespaces[?Name=='cloudmap-tutorial'].Id" --output text) echo "Namespace created with ID: $NAMESPACE_ID" | tee -a "$LOG_FILE" else echo "Namespace cloudmap-tutorial already exists with ID: $NAMESPACE_ID" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("namespace:$NAMESPACE_ID") # Step 2: Create a DynamoDB table echo "Step 2: Creating DynamoDB table..." | tee -a "$LOG_FILE" # Check if table already exists TABLE_EXISTS=$(aws dynamodb describe-table --table-name cloudmap 2>&1 || echo "NOT_EXISTS") if [[ $TABLE_EXISTS == *"ResourceNotFoundException"* || $TABLE_EXISTS == "NOT_EXISTS" ]]; then log_cmd "aws dynamodb create-table --table-name cloudmap --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --billing-mode PAY_PER_REQUEST --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes" # Wait for DynamoDB table to become active echo "Waiting for DynamoDB table to become active..." | tee -a "$LOG_FILE" aws dynamodb wait table-exists --table-name cloudmap else echo "DynamoDB table cloudmap already exists" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("dynamodb:cloudmap") # Step 3: Create an AWS Cloud Map data service echo "Step 3: Creating AWS Cloud Map data service..." | tee -a "$LOG_FILE" # Get all services in the namespace echo "Listing all services in namespace $NAMESPACE_ID..." | tee -a "$LOG_FILE" SERVICES=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query 'Services[*].[Id,Name]' --output text 2>/dev/null || echo "") echo "Services found: $SERVICES" | tee -a "$LOG_FILE" # Check if data service already exists DATA_SERVICE_ID="" while read -r id name || [[ -n "$id" ]]; do echo "Checking service: ID=$id, Name=$name" | tee -a "$LOG_FILE" if [[ "$name" == "data-service" ]]; then DATA_SERVICE_ID="$id" break fi done <<< "$SERVICES" if [[ -z "$DATA_SERVICE_ID" ]]; then echo "Data service does not exist, creating it..." | tee -a "$LOG_FILE" # Create the service and capture the ID directly echo "$ aws servicediscovery create-service --name data-service --namespace-id $NAMESPACE_ID --creator-request-id data-service-request-\$(date +%s)" | tee -a "$LOG_FILE" CREATE_OUTPUT=$(aws servicediscovery create-service --name data-service --namespace-id "$NAMESPACE_ID" --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes --creator-request-id "data-service-request-$(date +%s)") echo "$CREATE_OUTPUT" | tee -a "$LOG_FILE" # Extract the service ID using AWS CLI query DATA_SERVICE_ID=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query "Services[?Name=='data-service'].Id" --output text) echo "Data service created with ID: $DATA_SERVICE_ID" | tee -a "$LOG_FILE" else echo "Data service already exists with ID: $DATA_SERVICE_ID" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("service:$DATA_SERVICE_ID") # Register DynamoDB table as a service instance echo "Registering DynamoDB table as a service instance..." | tee -a "$LOG_FILE" # Check if instance already exists INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id "$DATA_SERVICE_ID" --query "Instances[?Id=='data-instance'].Id" --output text 2>/dev/null || echo "") if [[ -z "$INSTANCE_EXISTS" ]]; then AWS_REGION=$(aws configure get region || echo "us-east-1") log_cmd "aws servicediscovery register-instance --service-id $DATA_SERVICE_ID --instance-id data-instance --attributes tablename=cloudmap,region=$AWS_REGION" OPERATION_ID=$(aws servicediscovery register-instance --service-id "$DATA_SERVICE_ID" --instance-id data-instance --attributes "tablename=cloudmap,region=$AWS_REGION" --query 'OperationId' --output text) # Wait for instance registration to complete echo "Waiting for instance registration to complete..." | tee -a "$LOG_FILE" wait_for_operation "$OPERATION_ID" else echo "Instance data-instance already exists" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("instance:$DATA_SERVICE_ID:data-instance") # Step 4: Create an IAM role for Lambda echo "Step 4: Creating IAM role for Lambda..." | tee -a "$LOG_FILE" # Create a trust policy for Lambda cat > lambda-trust-policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF # Check if role already exists echo "Checking if IAM role already exists..." | tee -a "$LOG_FILE" ROLE_EXISTS=$(aws iam get-role --role-name cloudmap-tutorial-role 2>&1 || echo "NOT_EXISTS") if [[ $ROLE_EXISTS == *"NoSuchEntity"* || $ROLE_EXISTS == "NOT_EXISTS" ]]; then log_cmd "aws iam create-role --role-name cloudmap-tutorial-role --assume-role-policy-document file://lambda-trust-policy.json" aws iam tag-role --role-name cloudmap-tutorial-role --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes else echo "Role cloudmap-tutorial-role already exists, using existing role" | tee -a "$LOG_FILE" fi # Create a custom policy with least privilege cat > cloudmap-policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:Scan" ], "Resource": "arn:aws:dynamodb:*:*:table/cloudmap" }, { "Effect": "Allow", "Action": [ "servicediscovery:DiscoverInstances" ], "Resource": "*" } ] } EOF # Check if policy already exists POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='CloudMapTutorialPolicy'].Arn" --output text 2>/dev/null || echo "") if [[ -z "$POLICY_ARN" ]]; then echo "Creating CloudMapTutorialPolicy..." | tee -a "$LOG_FILE" echo "$ aws iam create-policy --policy-name CloudMapTutorialPolicy --policy-document file://cloudmap-policy.json" | tee -a "$LOG_FILE" CREATE_OUTPUT=$(aws iam create-policy --policy-name CloudMapTutorialPolicy --policy-document file://cloudmap-policy.json) echo "$CREATE_OUTPUT" | tee -a "$LOG_FILE" POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='CloudMapTutorialPolicy'].Arn" --output text) else echo "Policy CloudMapTutorialPolicy already exists with ARN: $POLICY_ARN" | tee -a "$LOG_FILE" fi echo "$ aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn $POLICY_ARN" | tee -a "$LOG_FILE" aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn "$POLICY_ARN" | tee -a "$LOG_FILE" echo "$ aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" | tee -a "$LOG_FILE" aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole | tee -a "$LOG_FILE" # Wait for role to propagate echo "Waiting for IAM role to propagate..." | tee -a "$LOG_FILE" sleep 10 ROLE_ARN=$(aws iam get-role --role-name cloudmap-tutorial-role --query 'Role.Arn' --output text) CREATED_RESOURCES+=("role:cloudmap-tutorial-role") # Step 5: Create an AWS Cloud Map app service echo "Step 5: Creating AWS Cloud Map app service..." | tee -a "$LOG_FILE" # Get all services in the namespace SERVICES=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query 'Services[*].[Id,Name]' --output text 2>/dev/null || echo "") # Check if app service already exists APP_SERVICE_ID="" while read -r id name || [[ -n "$id" ]]; do if [[ "$name" == "app-service" ]]; then APP_SERVICE_ID="$id" break fi done <<< "$SERVICES" if [[ -z "$APP_SERVICE_ID" ]]; then echo "App service does not exist, creating it..." | tee -a "$LOG_FILE" # Create the service and capture the ID directly echo "$ aws servicediscovery create-service --name app-service --namespace-id $NAMESPACE_ID --creator-request-id app-service-request-\$(date +%s)" | tee -a "$LOG_FILE" CREATE_OUTPUT=$(aws servicediscovery create-service --name app-service --namespace-id "$NAMESPACE_ID" --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes --creator-request-id "app-service-request-$(date +%s)") echo "$CREATE_OUTPUT" | tee -a "$LOG_FILE" # Extract the service ID using AWS CLI query APP_SERVICE_ID=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query "Services[?Name=='app-service'].Id" --output text) echo "App service created with ID: $APP_SERVICE_ID" | tee -a "$LOG_FILE" else echo "App service already exists with ID: $APP_SERVICE_ID" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("service:$APP_SERVICE_ID") # Step 6: Create a Lambda function to write data echo "Step 6: Creating Lambda function to write data..." | tee -a "$LOG_FILE" # Create Lambda function code cat > writefunction.py << 'EOF' import boto3 import json import random import os def lambda_handler(event, context): # Use AWS Cloud Map to discover the DynamoDB table serviceclient = boto3.client('servicediscovery') try: # Discover the data service instance response = serviceclient.discover_instances( NamespaceName='cloudmap-tutorial', ServiceName='data-service' ) if not response.get('Instances'): return { 'statusCode': 404, 'body': json.dumps('No service instances found') } # Extract table name and region from the instance attributes attributes = response['Instances'][0].get('Attributes', {}) tablename = attributes.get('tablename', 'cloudmap') region = attributes.get('region', os.environ.get('AWS_REGION', 'us-east-1')) # Create DynamoDB client in the specified region dynamodb = boto3.resource('dynamodb', region_name=region) table = dynamodb.Table(tablename) # Write data to the table table.put_item( Item={ 'id': str(random.randint(1, 100)), 'todo': str(event) } ) return { 'statusCode': 200, 'body': json.dumps('Data written successfully!') } except Exception as e: return { 'statusCode': 500, 'body': json.dumps(f'Error: {str(e)}') } EOF # Zip the function code log_cmd "zip writefunction.zip writefunction.py" # Create the Lambda function FUNCTION_EXISTS=$(aws lambda list-functions --query "Functions[?FunctionName=='writefunction'].FunctionName" --output text 2>/dev/null || echo "") if [[ -z "$FUNCTION_EXISTS" ]]; then log_cmd "aws lambda create-function --function-name writefunction --runtime python3.12 --role $ROLE_ARN --handler writefunction.lambda_handler --zip-file fileb://writefunction.zip --architectures x86_64 --timeout 10 --tags project=doc-smith,tutorial=cloudmap-custom-attributes" # Wait for the Lambda function to be active before updating echo "Waiting for Lambda function to become active..." | tee -a "$LOG_FILE" function_state="Pending" while [ "$function_state" == "Pending" ]; do sleep 5 function_state=$(aws lambda get-function --function-name writefunction --query 'Configuration.State' --output text) echo "Current function state: $function_state" | tee -a "$LOG_FILE" done else echo "Lambda function writefunction already exists" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("lambda:writefunction") # Step 7: Register the Lambda write function as an AWS Cloud Map service instance echo "Step 7: Registering Lambda write function as a service instance..." | tee -a "$LOG_FILE" # Check if instance already exists INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id "$APP_SERVICE_ID" --query "Instances[?Id=='write-instance'].Id" --output text 2>/dev/null || echo "") if [[ -z "$INSTANCE_EXISTS" ]]; then log_cmd "aws servicediscovery register-instance --service-id $APP_SERVICE_ID --instance-id write-instance --attributes action=write,functionname=writefunction" OPERATION_ID=$(aws servicediscovery register-instance --service-id "$APP_SERVICE_ID" --instance-id write-instance --attributes action=write,functionname=writefunction --query 'OperationId' --output text) # Wait for instance registration to complete echo "Waiting for write instance registration to complete..." | tee -a "$LOG_FILE" wait_for_operation "$OPERATION_ID" else echo "Instance write-instance already exists" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("instance:$APP_SERVICE_ID:write-instance") # Step 8: Create a Lambda function to read data echo "Step 8: Creating Lambda function to read data..." | tee -a "$LOG_FILE" # Create Lambda function code cat > readfunction.py << 'EOF' import boto3 import json import os def lambda_handler(event, context): # Use AWS Cloud Map to discover the DynamoDB table serviceclient = boto3.client('servicediscovery') try: # Discover the data service instance response = serviceclient.discover_instances( NamespaceName='cloudmap-tutorial', ServiceName='data-service' ) if not response.get('Instances'): return { 'statusCode': 404, 'body': json.dumps('No service instances found') } # Extract table name and region from the instance attributes attributes = response['Instances'][0].get('Attributes', {}) tablename = attributes.get('tablename', 'cloudmap') region = attributes.get('region', os.environ.get('AWS_REGION', 'us-east-1')) # Create DynamoDB client in the specified region dynamodb = boto3.resource('dynamodb', region_name=region) table = dynamodb.Table(tablename) # Read data from the table response = table.scan() return { 'statusCode': 200, 'body': json.dumps(response.get('Items', [])) } except Exception as e: return { 'statusCode': 500, 'body': json.dumps(f'Error: {str(e)}') } EOF # Zip the function code log_cmd "zip readfunction.zip readfunction.py" # Create the Lambda function FUNCTION_EXISTS=$(aws lambda list-functions --query "Functions[?FunctionName=='readfunction'].FunctionName" --output text 2>/dev/null || echo "") if [[ -z "$FUNCTION_EXISTS" ]]; then log_cmd "aws lambda create-function --function-name readfunction --runtime python3.12 --role $ROLE_ARN --handler readfunction.lambda_handler --zip-file fileb://readfunction.zip --architectures x86_64 --timeout 10 --tags project=doc-smith,tutorial=cloudmap-custom-attributes" # Wait for the Lambda function to be active before updating echo "Waiting for Lambda function to become active..." | tee -a "$LOG_FILE" function_state="Pending" while [ "$function_state" == "Pending" ]; do sleep 5 function_state=$(aws lambda get-function --function-name readfunction --query 'Configuration.State' --output text) echo "Current function state: $function_state" | tee -a "$LOG_FILE" done else echo "Lambda function readfunction already exists" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("lambda:readfunction") # Step 9: Register the Lambda read function as an AWS Cloud Map service instance echo "Step 9: Registering Lambda read function as a service instance..." | tee -a "$LOG_FILE" # Check if instance already exists INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id "$APP_SERVICE_ID" --query "Instances[?Id=='read-instance'].Id" --output text 2>/dev/null || echo "") if [[ -z "$INSTANCE_EXISTS" ]]; then log_cmd "aws servicediscovery register-instance --service-id $APP_SERVICE_ID --instance-id read-instance --attributes action=read,functionname=readfunction" OPERATION_ID=$(aws servicediscovery register-instance --service-id "$APP_SERVICE_ID" --instance-id read-instance --attributes action=read,functionname=readfunction --query 'OperationId' --output text) # Wait for read instance registration to complete echo "Waiting for read instance registration to complete..." | tee -a "$LOG_FILE" wait_for_operation "$OPERATION_ID" else echo "Instance read-instance already exists" | tee -a "$LOG_FILE" fi CREATED_RESOURCES+=("instance:$APP_SERVICE_ID:read-instance") # Step 10: Create Python clients to interact with the services echo "Step 10: Creating Python clients..." | tee -a "$LOG_FILE" cat > writeclient.py << 'EOF' #!/usr/bin/env python3 import boto3 import json import sys try: serviceclient = boto3.client('servicediscovery') response = serviceclient.discover_instances( NamespaceName='cloudmap-tutorial', ServiceName='app-service', QueryParameters={'action': 'write'} ) if not response.get('Instances'): print("No write service instances found", file=sys.stderr) sys.exit(1) functionname = response["Instances"][0]["Attributes"]["functionname"] lambdaclient = boto3.client('lambda') resp = lambdaclient.invoke( FunctionName=functionname, Payload=json.dumps('This is a test data'), InvocationType='RequestResponse' ) print(resp["Payload"].read().decode()) except Exception as e: print(f"Error: {str(e)}", file=sys.stderr) sys.exit(1) EOF cat > readclient.py << 'EOF' #!/usr/bin/env python3 import boto3 import json import sys try: serviceclient = boto3.client('servicediscovery') response = serviceclient.discover_instances( NamespaceName='cloudmap-tutorial', ServiceName='app-service', QueryParameters={'action': 'read'} ) if not response.get('Instances'): print("No read service instances found", file=sys.stderr) sys.exit(1) functionname = response["Instances"][0]["Attributes"]["functionname"] lambdaclient = boto3.client('lambda') resp = lambdaclient.invoke( FunctionName=functionname, InvocationType='RequestResponse' ) print(resp["Payload"].read().decode()) except Exception as e: print(f"Error: {str(e)}", file=sys.stderr) sys.exit(1) EOF chmod +x writeclient.py readclient.py echo "Running write client..." | tee -a "$LOG_FILE" log_cmd "python3 writeclient.py" || echo "Write client execution completed with warnings" | tee -a "$LOG_FILE" echo "Running read client..." | tee -a "$LOG_FILE" log_cmd "python3 readclient.py" || echo "Read client execution completed with warnings" | tee -a "$LOG_FILE" # Step 11: Clean up resources echo "Resources created:" | tee -a "$LOG_FILE" for resource in "${CREATED_RESOURCES[@]}"; do echo "- $resource" | tee -a "$LOG_FILE" done echo "" | tee -a "$LOG_FILE" echo "==========================================" | tee -a "$LOG_FILE" echo "CLEANUP CONFIRMATION" | tee -a "$LOG_FILE" echo "==========================================" | tee -a "$LOG_FILE" echo "Cleaning up all created resources..." | tee -a "$LOG_FILE" cleanup echo "Script completed at $(date)" | tee -a "$LOG_FILE" ``` + Untuk detail API, lihat topik berikut di *Referensi Perintah AWS CLI *. + [CreateHttpNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreateHttpNamespace) + [CreateService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreateService) + [DeleteNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteNamespace) + [DeleteService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteService) + [DeregisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeregisterInstance) + [GetOperation](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/GetOperation) + [ListNamespaces](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListNamespaces) + [ListServices](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListServices) + [RegisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/RegisterInstance) ### Penemuan layanan Cloud Map Contoh kode berikut ini menunjukkan cara untuk melakukan: + Buat namespace DNS publik dengan integrasi zona yang dihosting Route 53 + Buat layanan yang dapat ditemukan melalui kueri DNS dan panggilan API + Daftarkan instance layanan dengan konfigurasi penemuan yang berbeda + Temukan layanan menggunakan kueri DNS dan Cloud Map API + Verifikasi penemuan layanan menggunakan perintah dig dan panggilan API + Bersihkan sumber daya dalam urutan yang tepat (contoh, layanan, namespace) **AWS CLI dengan skrip Bash** Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankan di repositori [tutorial pengembang Sample](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/010-cloudmap-service-discovery). ``` #!/bin/bash # AWS Cloud Map Private Namespace Tutorial Script # This script demonstrates how to use AWS Cloud Map for service discovery # with DNS queries and API calls # Exit on error set -e # Configuration REGION="us-east-2" NAMESPACE_NAME="cloudmap-tutorial.com" LOG_FILE="cloudmap-tutorial.log" CREATOR_REQUEST_ID=$(date +%s) # Function to log messages log() { local message="$1" echo "$(date '+%Y-%m-%d %H:%M:%S') - $message" | tee -a "$LOG_FILE" } # Function to check operation status check_operation() { local operation_id="$1" local status="" log "Checking operation status for $operation_id..." while [[ "$status" != "SUCCESS" ]]; do sleep 5 status=$(aws servicediscovery get-operation \ --operation-id "$operation_id" \ --region "$REGION" \ --query "Operation.Status" \ --output text) log "Operation status: $status" if [[ "$status" == "FAIL" ]]; then log "Operation failed. Exiting." exit 1 fi done log "Operation completed successfully." } # Function to clean up resources cleanup() { log "Starting cleanup process..." if [[ -n "$FIRST_INSTANCE_ID" ]]; then log "Deregistering first service instance..." aws servicediscovery deregister-instance \ --service-id "$PUBLIC_SERVICE_ID" \ --instance-id "$FIRST_INSTANCE_ID" \ --region "$REGION" || log "Failed to deregister first instance" fi if [[ -n "$SECOND_INSTANCE_ID" ]]; then log "Deregistering second service instance..." aws servicediscovery deregister-instance \ --service-id "$BACKEND_SERVICE_ID" \ --instance-id "$SECOND_INSTANCE_ID" \ --region "$REGION" || log "Failed to deregister second instance" fi if [[ -n "$PUBLIC_SERVICE_ID" ]]; then log "Deleting public service..." aws servicediscovery delete-service \ --id "$PUBLIC_SERVICE_ID" \ --region "$REGION" || log "Failed to delete public service" fi if [[ -n "$BACKEND_SERVICE_ID" ]]; then log "Deleting backend service..." aws servicediscovery delete-service \ --id "$BACKEND_SERVICE_ID" \ --region "$REGION" || log "Failed to delete backend service" fi if [[ -n "$NAMESPACE_ID" ]]; then log "Deleting namespace..." aws servicediscovery delete-namespace \ --id "$NAMESPACE_ID" \ --region "$REGION" || log "Failed to delete namespace" fi log "Cleanup completed." } # Set up trap for cleanup on script exit trap cleanup EXIT INT TERM # Initialize log file > "$LOG_FILE" log "Starting AWS Cloud Map tutorial script" # Step 1: Create an AWS Cloud Map namespace log "Creating AWS Cloud Map namespace: $NAMESPACE_NAME" OPERATION_RESULT=$(aws servicediscovery create-public-dns-namespace \ --name "$NAMESPACE_NAME" \ --creator-request-id "cloudmap-tutorial-$CREATOR_REQUEST_ID" \ --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-service-discovery \ --region "$REGION") OPERATION_ID=$(echo "$OPERATION_RESULT" | jq -r '.OperationId') log "Namespace creation initiated. Operation ID: $OPERATION_ID" # Check operation status check_operation "$OPERATION_ID" # Get the namespace ID log "Getting namespace ID..." NAMESPACE_ID=$(aws servicediscovery list-namespaces \ --region "$REGION" \ --query "Namespaces[?Name=='$NAMESPACE_NAME'].Id" \ --output text) log "Namespace ID: $NAMESPACE_ID" # Get the hosted zone ID log "Getting Route 53 hosted zone ID..." HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name \ --dns-name "$NAMESPACE_NAME" \ --query "HostedZones[0].Id" \ --output text | sed 's|/hostedzone/||') log "Hosted Zone ID: $HOSTED_ZONE_ID" # Step 2: Create the AWS Cloud Map services log "Creating public service..." PUBLIC_SERVICE_RESULT=$(aws servicediscovery create-service \ --name "public-service" \ --namespace-id "$NAMESPACE_ID" \ --dns-config "RoutingPolicy=MULTIVALUE,DnsRecords=[{Type=A,TTL=300}]" \ --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-service-discovery \ --region "$REGION") PUBLIC_SERVICE_ID=$(echo "$PUBLIC_SERVICE_RESULT" | jq -r '.Service.Id') log "Public service created. Service ID: $PUBLIC_SERVICE_ID" log "Creating backend service..." BACKEND_SERVICE_RESULT=$(aws servicediscovery create-service \ --name "backend-service" \ --namespace-id "$NAMESPACE_ID" \ --type "HTTP" \ --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-service-discovery \ --region "$REGION") BACKEND_SERVICE_ID=$(echo "$BACKEND_SERVICE_RESULT" | jq -r '.Service.Id') log "Backend service created. Service ID: $BACKEND_SERVICE_ID" # Step 3: Register the AWS Cloud Map service instances log "Registering first service instance..." FIRST_INSTANCE_RESULT=$(aws servicediscovery register-instance \ --service-id "$PUBLIC_SERVICE_ID" \ --instance-id "first" \ --attributes "AWS_INSTANCE_IPV4=192.168.2.1" \ --region "$REGION") FIRST_INSTANCE_ID="first" FIRST_OPERATION_ID=$(echo "$FIRST_INSTANCE_RESULT" | jq -r '.OperationId') log "First instance registration initiated. Operation ID: $FIRST_OPERATION_ID" # Check operation status check_operation "$FIRST_OPERATION_ID" log "Registering second service instance..." SECOND_INSTANCE_RESULT=$(aws servicediscovery register-instance \ --service-id "$BACKEND_SERVICE_ID" \ --instance-id "second" \ --attributes "service-name=backend" \ --region "$REGION") SECOND_INSTANCE_ID="second" SECOND_OPERATION_ID=$(echo "$SECOND_INSTANCE_RESULT" | jq -r '.OperationId') log "Second instance registration initiated. Operation ID: $SECOND_OPERATION_ID" # Check operation status check_operation "$SECOND_OPERATION_ID" # Step 4: Discover the AWS Cloud Map service instances log "Getting Route 53 name servers..." NAME_SERVERS=$(aws route53 get-hosted-zone \ --id "$HOSTED_ZONE_ID" \ --query "DelegationSet.NameServers[0]" \ --output text) log "Name server: $NAME_SERVERS" log "Using dig to query DNS records (this will be simulated)..." log "Command: dig @$NAME_SERVERS public-service.$NAMESPACE_NAME" log "Expected output would show: public-service.$NAMESPACE_NAME. 300 IN A 192.168.2.1" log "Using AWS CLI to discover backend service instances..." DISCOVER_RESULT=$(aws servicediscovery discover-instances \ --namespace-name "$NAMESPACE_NAME" \ --service-name "backend-service" \ --region "$REGION") log "Discovery result: $(echo "$DISCOVER_RESULT" | jq -c '.')" # Display created resources log "Resources created:" log "- Namespace: $NAMESPACE_NAME (ID: $NAMESPACE_ID)" log "- Public Service: public-service (ID: $PUBLIC_SERVICE_ID)" log "- Backend Service: backend-service (ID: $BACKEND_SERVICE_ID)" log "- Service Instance: first (Service: public-service)" log "- Service Instance: second (Service: backend-service)" # Ask user if they want to clean up resources read -p "Do you want to clean up all created resources? (y/n): " CLEANUP_RESPONSE if [[ "$CLEANUP_RESPONSE" == "y" || "$CLEANUP_RESPONSE" == "Y" ]]; then log "User confirmed cleanup. Proceeding with resource deletion." # Cleanup function will be called automatically on exit else log "User chose not to clean up resources. Exiting without cleanup." trap - EXIT exit 0 fi ``` + Untuk detail API, lihat topik berikut di *Referensi Perintah AWS CLI *. + [CreatePublicDnsNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreatePublicDnsNamespace) + [CreateService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreateService) + [DeleteNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteNamespace) + [DeleteService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteService) + [DeregisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeregisterInstance) + [DiscoverInstances](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DiscoverInstances) + [GetOperation](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/GetOperation) + [ListNamespaces](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListNamespaces) + [RegisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/RegisterInstance) ### Konfigurasikan Amazon ECS Service Connect Contoh kode berikut ini menunjukkan cara untuk melakukan: + Buat infrastruktur VPC + Mengatur pencatatan + Buat cluster ECS + Konfigurasikan peran IAM + Buat layanan dengan Service Connect + Verifikasi penyebaran + Pembersihan sumber daya **AWS CLI dengan skrip Bash** Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankan di repositori [tutorial pengembang Sample](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/085-amazon-ecs-service-connect). ``` #!/bin/bash # ECS Service Connect Tutorial Script v4 - Modified to use Default VPC # This script creates an ECS cluster with Service Connect and deploys an nginx service # Uses the default VPC to avoid VPC limits set -e # Exit on any error # Configuration SCRIPT_NAME="ECS Service Connect Tutorial" LOG_FILE="ecs-service-connect-tutorial-v4-default-vpc.log" REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null)}} if [ -z "$REGION" ]; then echo "ERROR: No AWS region configured." echo "Set one with: aws configure set region us-east-1" exit 1 fi ENV_PREFIX="tutorial" CLUSTER_NAME="${ENV_PREFIX}-cluster" NAMESPACE_NAME="service-connect" # Generate random suffix for unique resource names RANDOM_SUFFIX=$(openssl rand -hex 6) # Arrays to track created resources for cleanup declare -a CREATED_RESOURCES=() # Logging function log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE" } # Error handling function handle_error() { log "ERROR: Script failed at line $1" log "Attempting to clean up resources..." cleanup_resources exit 1 } # Set up error handling trap 'handle_error $LINENO' ERR # Function to add resource to tracking array track_resource() { CREATED_RESOURCES+=("$1") log "Tracking resource: $1" } # Function to check if command output contains actual errors check_for_errors() { local output="$1" local command_name="$2" # Check for specific AWS CLI error patterns, not just any occurrence of "error" if echo "$output" | grep -qi "An error occurred\|InvalidParameterException\|AccessDenied\|ValidationException\|ResourceNotFoundException"; then log "ERROR in $command_name: $output" return 1 fi return 0 } # Function to get AWS account ID get_account_id() { ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) log "Using AWS Account ID: $ACCOUNT_ID" } # Function to wait for resources to be ready wait_for_resource() { local resource_type="$1" local resource_id="$2" case "$resource_type" in "cluster") log "Waiting for cluster $resource_id to be active..." local attempt=1 local max_attempts=30 while [ $attempt -le $max_attempts ]; do local status=$(aws ecs describe-clusters --clusters "$resource_id" --query 'clusters[0].status' --output text) if [ "$status" = "ACTIVE" ]; then log "Cluster is now active" return 0 fi log "Cluster status: $status (attempt $attempt/$max_attempts)" sleep 10 ((attempt++)) done log "ERROR: Cluster did not become active within expected time" return 1 ;; "service") log "Waiting for service $resource_id to be stable..." aws ecs wait services-stable --cluster "$CLUSTER_NAME" --services "$resource_id" ;; "nat-gateway") log "Waiting for NAT Gateway $resource_id to be available..." aws ec2 wait nat-gateway-available --nat-gateway-ids "$resource_id" ;; esac } # Function to use default VPC infrastructure setup_default_vpc_infrastructure() { log "Using default VPC infrastructure..." # Get default VPC VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" --query 'Vpcs[0].VpcId' --output text) if [[ "$VPC_ID" == "None" || -z "$VPC_ID" ]]; then log "ERROR: No default VPC found. Please create a default VPC first." exit 1 fi log "Using default VPC: $VPC_ID" # Get default subnets SUBNETS=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" "Name=default-for-az,Values=true" --query 'Subnets[].SubnetId' --output text) SUBNET_ARRAY=($SUBNETS) if [ ${#SUBNET_ARRAY[@]} -lt 2 ]; then log "ERROR: Need at least 2 subnets for ECS Service Connect. Found: ${#SUBNET_ARRAY[@]}" exit 1 fi PUBLIC_SUBNET1=${SUBNET_ARRAY[0]} PUBLIC_SUBNET2=${SUBNET_ARRAY[1]} log "Using subnets: $PUBLIC_SUBNET1, $PUBLIC_SUBNET2" # Create security group for ECS tasks SG_OUTPUT=$(aws ec2 create-security-group \ --group-name "${ENV_PREFIX}-ecs-sg-${RANDOM_SUFFIX}" \ --description "Security group for ECS Service Connect tutorial" \ --vpc-id "$VPC_ID" \ --tag-specifications 'ResourceType=security-group,Tags=[{Key=project,Value=doc-smith},{Key=tutorial,Value=amazon-ecs-service-connect}]' 2>&1) check_for_errors "$SG_OUTPUT" "create-security-group" SECURITY_GROUP_ID=$(echo "$SG_OUTPUT" | grep -o '"GroupId": "[^"]*"' | cut -d'"' -f4) track_resource "SG:$SECURITY_GROUP_ID" log "Created security group: $SECURITY_GROUP_ID" # Add inbound rules to security group aws ec2 authorize-security-group-ingress \ --group-id "$SECURITY_GROUP_ID" \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/0 >/dev/null 2>&1 || true aws ec2 authorize-security-group-ingress \ --group-id "$SECURITY_GROUP_ID" \ --protocol tcp \ --port 443 \ --cidr 0.0.0.0/0 >/dev/null 2>&1 || true log "Default VPC infrastructure setup completed" } # Function to create CloudWatch log groups create_log_groups() { log "Creating CloudWatch log groups..." # Create log group for nginx container aws logs create-log-group --log-group-name "/ecs/service-connect-nginx" --tags project=doc-smith,tutorial=amazon-ecs-service-connect 2>&1 | grep -v "ResourceAlreadyExistsException" || { if [ ${PIPESTATUS[0]} -eq 0 ]; then log "Log group /ecs/service-connect-nginx created" track_resource "LOG_GROUP:/ecs/service-connect-nginx" else log "Log group /ecs/service-connect-nginx already exists" fi } # Create log group for service connect proxy aws logs create-log-group --log-group-name "/ecs/service-connect-proxy" --tags project=doc-smith,tutorial=amazon-ecs-service-connect 2>&1 | grep -v "ResourceAlreadyExistsException" || { if [ ${PIPESTATUS[0]} -eq 0 ]; then log "Log group /ecs/service-connect-proxy created" track_resource "LOG_GROUP:/ecs/service-connect-proxy" else log "Log group /ecs/service-connect-proxy already exists" fi } } # Function to create ECS cluster with Service Connect create_ecs_cluster() { log "Creating ECS cluster with Service Connect..." CLUSTER_OUTPUT=$(aws ecs create-cluster \ --cluster-name "$CLUSTER_NAME" \ --service-connect-defaults namespace="$NAMESPACE_NAME" \ --tags key=Environment,value=tutorial key=project,value=doc-smith key=tutorial,value=amazon-ecs-service-connect 2>&1) check_for_errors "$CLUSTER_OUTPUT" "create-cluster" track_resource "CLUSTER:$CLUSTER_NAME" log "Created ECS cluster: $CLUSTER_NAME" wait_for_resource "cluster" "$CLUSTER_NAME" # Track the Service Connect namespace that gets created # Wait a moment for the namespace to be created sleep 5 NAMESPACE_ID=$(aws servicediscovery list-namespaces \ --filters Name=TYPE,Values=HTTP \ --query "Namespaces[?Name=='$NAMESPACE_NAME'].Id" --output text 2>/dev/null || echo "") if [[ -n "$NAMESPACE_ID" && "$NAMESPACE_ID" != "None" ]]; then track_resource "NAMESPACE:$NAMESPACE_ID" log "Service Connect namespace created: $NAMESPACE_ID" fi } # Function to create IAM roles create_iam_roles() { log "Creating IAM roles..." # Check if ecsTaskExecutionRole exists if aws iam get-role --role-name ecsTaskExecutionRole >/dev/null 2>&1; then log "IAM role ecsTaskExecutionRole exists" else log "Creating ecsTaskExecutionRole..." aws iam create-role \ --role-name ecsTaskExecutionRole \ --assume-role-policy-document '{ "Version":"2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": "ecs-tasks.amazonaws.com"}, "Action": "sts:AssumeRole" }] }' >/dev/null 2>&1 aws iam attach-role-policy \ --role-name ecsTaskExecutionRole \ --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy >/dev/null 2>&1 track_resource "ROLE:ecsTaskExecutionRole" aws iam tag-role --role-name ecsTaskExecutionRole --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-ecs-service-connect log "Created ecsTaskExecutionRole" sleep 10 fi # Check if ecsTaskRole exists, create if not if aws iam get-role --role-name ecsTaskRole >/dev/null 2>&1; then log "IAM role ecsTaskRole exists" else log "IAM role ecsTaskRole does not exist, will create it" # Create trust policy for ECS tasks cat > /tmp/ecs-task-trust-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF aws iam create-role \ --role-name ecsTaskRole \ --assume-role-policy-document file:///tmp/ecs-task-trust-policy.json >/dev/null track_resource "IAM_ROLE:ecsTaskRole" aws iam tag-role --role-name ecsTaskRole --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-ecs-service-connect log "Created ecsTaskRole" # Wait for role to be available sleep 10 fi } # Function to create task definition create_task_definition() { log "Creating task definition..." # Create task definition JSON cat > /tmp/task-definition.json << EOF { "family": "service-connect-nginx", "networkMode": "awsvpc", "requiresCompatibilities": ["FARGATE"], "cpu": "256", "memory": "512", "executionRoleArn": "arn:aws:iam::${ACCOUNT_ID}:role/ecsTaskExecutionRole", "taskRoleArn": "arn:aws:iam::${ACCOUNT_ID}:role/ecsTaskRole", "containerDefinitions": [ { "name": "nginx", "image": "public.ecr.aws/docker/library/nginx:latest", "portMappings": [ { "containerPort": 80, "protocol": "tcp", "name": "nginx-port" } ], "essential": true, "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/service-connect-nginx", "awslogs-region": "${REGION}", "awslogs-stream-prefix": "ecs" } } } ] } EOF TASK_DEF_OUTPUT=$(aws ecs register-task-definition --cli-input-json file:///tmp/task-definition.json 2>&1) check_for_errors "$TASK_DEF_OUTPUT" "register-task-definition" TASK_DEF_ARN=$(echo "$TASK_DEF_OUTPUT" | grep -o '"taskDefinitionArn": "[^"]*"' | cut -d'"' -f4) track_resource "TASK_DEF:service-connect-nginx" log "Created task definition: $TASK_DEF_ARN" # Clean up temporary file rm -f /tmp/task-definition.json } # Function to create ECS service with Service Connect create_ecs_service() { log "Creating ECS service with Service Connect..." # Create service definition JSON cat > /tmp/service-definition.json << EOF { "serviceName": "service-connect-nginx-service", "cluster": "${CLUSTER_NAME}", "taskDefinition": "service-connect-nginx", "desiredCount": 1, "launchType": "FARGATE", "networkConfiguration": { "awsvpcConfiguration": { "subnets": ["${PUBLIC_SUBNET1}", "${PUBLIC_SUBNET2}"], "securityGroups": ["${SECURITY_GROUP_ID}"], "assignPublicIp": "ENABLED" } }, "serviceConnectConfiguration": { "enabled": true, "namespace": "${NAMESPACE_NAME}", "services": [ { "portName": "nginx-port", "discoveryName": "nginx", "clientAliases": [ { "port": 80, "dnsName": "nginx" } ] } ], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/service-connect-proxy", "awslogs-region": "${REGION}", "awslogs-stream-prefix": "ecs-service-connect" } } }, "tags": [ { "key": "Environment", "value": "tutorial" }, { "key": "project", "value": "doc-smith" }, { "key": "tutorial", "value": "amazon-ecs-service-connect" } ] } EOF SERVICE_OUTPUT=$(aws ecs create-service --cli-input-json file:///tmp/service-definition.json 2>&1) check_for_errors "$SERVICE_OUTPUT" "create-service" track_resource "SERVICE:service-connect-nginx-service" log "Created ECS service: service-connect-nginx-service" wait_for_resource "service" "service-connect-nginx-service" # Clean up temporary file rm -f /tmp/service-definition.json } # Function to verify deployment verify_deployment() { log "Verifying deployment..." # Check service status SERVICE_STATUS=$(aws ecs describe-services \ --cluster "$CLUSTER_NAME" \ --services "service-connect-nginx-service" \ --query 'services[0].status' --output text) log "Service status: $SERVICE_STATUS" # Check running tasks RUNNING_COUNT=$(aws ecs describe-services \ --cluster "$CLUSTER_NAME" \ --services "service-connect-nginx-service" \ --query 'services[0].runningCount' --output text) log "Running tasks: $RUNNING_COUNT" # Get task ARN TASK_ARN=$(aws ecs list-tasks \ --cluster "$CLUSTER_NAME" \ --service-name "service-connect-nginx-service" \ --query 'taskArns[0]' --output text) if [[ "$TASK_ARN" != "None" && -n "$TASK_ARN" ]]; then log "Task ARN: $TASK_ARN" # Try to get task IP address TASK_IP=$(aws ecs describe-tasks \ --cluster "$CLUSTER_NAME" \ --tasks "$TASK_ARN" \ --query 'tasks[0].attachments[0].details[?name==`privateIPv4Address`].value' \ --output text 2>/dev/null || echo "") if [[ -n "$TASK_IP" && "$TASK_IP" != "None" ]]; then log "Task IP address: $TASK_IP" else log "Could not retrieve task IP address" fi fi # Check Service Connect namespace NAMESPACE_STATUS=$(aws servicediscovery list-namespaces \ --filters Name=TYPE,Values=HTTP \ --query "Namespaces[?Name=='$NAMESPACE_NAME'].Id" --output text 2>/dev/null || echo "") if [[ -n "$NAMESPACE_STATUS" && "$NAMESPACE_STATUS" != "None" ]]; then log "Service Connect namespace '$NAMESPACE_NAME' is active" else log "Service Connect namespace '$NAMESPACE_NAME' not found or not active" fi # Display Service Connect configuration log "Service Connect configuration:" aws ecs describe-services \ --cluster "$CLUSTER_NAME" \ --services "service-connect-nginx-service" \ --query 'services[0].serviceConnectConfiguration' 2>/dev/null || true } # Function to display created resources display_resources() { echo "" echo "===========================================" echo "CREATED RESOURCES" echo "===========================================" for resource in "${CREATED_RESOURCES[@]}"; do echo "- $resource" done echo "===========================================" echo "" } # Function to cleanup resources cleanup_resources() { log "Starting cleanup process..." # Delete resources in reverse order of creation for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do resource="${CREATED_RESOURCES[i]}" resource_type=$(echo "$resource" | cut -d':' -f1) resource_id=$(echo "$resource" | cut -d':' -f2) log "Cleaning up $resource_type: $resource_id" case "$resource_type" in "SERVICE") aws ecs update-service --cluster "$CLUSTER_NAME" --service "$resource_id" --desired-count 0 2>&1 | grep -qi "error" && log "Warning: Failed to scale down service $resource_id" aws ecs wait services-stable --cluster "$CLUSTER_NAME" --services "$resource_id" 2>/dev/null || true aws ecs delete-service --cluster "$CLUSTER_NAME" --service "$resource_id" --force 2>&1 | grep -qi "error" && log "Warning: Failed to delete service $resource_id" ;; "TASK_DEF") TASK_DEF_ARNS=$(aws ecs list-task-definitions --family-prefix "$resource_id" --query 'taskDefinitionArns' --output text 2>/dev/null) for arn in $TASK_DEF_ARNS; do aws ecs deregister-task-definition --task-definition "$arn" >/dev/null 2>&1 || true done ;; "ROLE") aws iam detach-role-policy --role-name "$resource_id" --policy-arn "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 2>/dev/null || true aws iam delete-role --role-name "$resource_id" 2>&1 | grep -qi "error" && log "Warning: Failed to delete role $resource_id" ;; "IAM_ROLE") aws iam detach-role-policy --role-name "$resource_id" --policy-arn "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 2>/dev/null || true aws iam delete-role --role-name "$resource_id" 2>&1 | grep -qi "error" && log "Warning: Failed to delete role $resource_id" ;; "CLUSTER") aws ecs delete-cluster --cluster "$resource_id" 2>&1 | grep -qi "error" && log "Warning: Failed to delete cluster $resource_id" ;; "SG") for attempt in 1 2 3 4 5; do if aws ec2 delete-security-group --group-id "$resource_id" 2>/dev/null; then break fi log "Security group $resource_id still has dependencies, retrying in 30s ($attempt/5)..." sleep 30 done ;; "LOG_GROUP") aws logs delete-log-group --log-group-name "$resource_id" 2>&1 | grep -qi "error" && log "Warning: Failed to delete log group $resource_id" ;; "NAMESPACE") # First, delete any services in the namespace NAMESPACE_SERVICES=$(aws servicediscovery list-services \ --filters Name=NAMESPACE_ID,Values="$resource_id" \ --query 'Services[].Id' --output text 2>/dev/null || echo "") if [[ -n "$NAMESPACE_SERVICES" && "$NAMESPACE_SERVICES" != "None" ]]; then for service_id in $NAMESPACE_SERVICES; do aws servicediscovery delete-service --id "$service_id" >/dev/null 2>&1 || true sleep 2 done fi # Then delete the namespace aws servicediscovery delete-namespace --id "$resource_id" >/dev/null 2>&1 || true ;; esac sleep 2 # Brief pause between deletions done # Clean up temporary files rm -f /tmp/ecs-task-trust-policy.json rm -f /tmp/task-definition.json rm -f /tmp/service-definition.json log "Cleanup completed" } # Main execution main() { log "Starting $SCRIPT_NAME v4 (Default VPC)" log "Region: $REGION" log "Log file: $LOG_FILE" # Get AWS account ID get_account_id # Setup infrastructure using default VPC setup_default_vpc_infrastructure # Create CloudWatch log groups create_log_groups # Create ECS cluster create_ecs_cluster # Create IAM roles create_iam_roles # Create task definition create_task_definition # Create ECS service create_ecs_service # Verify deployment verify_deployment log "Tutorial completed successfully!" # Display created resources display_resources # Ask user if they want to clean up echo "" echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Do you want to clean up all created resources? (y/n): " CLEANUP_CHOICE="y" if [[ "$CLEANUP_CHOICE" =~ ^[Yy]$ ]]; then cleanup_resources log "All resources have been cleaned up" else log "Resources left intact. You can clean them up later by running the cleanup function." echo "" echo "To clean up resources later, you can use the AWS CLI commands or the AWS Management Console." echo "Remember to delete resources in the correct order to avoid dependency issues." fi } # Make script executable and run chmod +x "$0" main "$@" ``` + Untuk detail API, lihat topik berikut di *Referensi Perintah AWS CLI *. + [AttachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/AttachRolePolicy) + [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AuthorizeSecurityGroupIngress) + [CreateCluster](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/CreateCluster) + [CreateLogGroup](https://docs.aws.amazon.com/goto/aws-cli/logs-2014-03-28/CreateLogGroup) + [CreateRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateRole) + [CreateSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSecurityGroup) + [CreateService](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/CreateService) + [DeleteCluster](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/DeleteCluster) + [DeleteLogGroup](https://docs.aws.amazon.com/goto/aws-cli/logs-2014-03-28/DeleteLogGroup) + [DeleteNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteNamespace) + [DeleteRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteRole) + [DeleteSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteSecurityGroup) + [DeleteService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteService) + [DeregisterTaskDefinition](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/DeregisterTaskDefinition) + [DescribeClusters](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/DescribeClusters) + [DescribeServices](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/DescribeServices) + [DescribeSubnets](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSubnets) + [DescribeTasks](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/DescribeTasks) + [DescribeVpcs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeVpcs) + [DetachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DetachRolePolicy) + [GetCallerIdentity](https://docs.aws.amazon.com/goto/aws-cli/sts-2011-06-15/GetCallerIdentity) + [GetRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/GetRole) + [ListNamespaces](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListNamespaces) + [ListServices](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListServices) + [ListTaskDefinitions](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/ListTaskDefinitions) + [ListTasks](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/ListTasks) + [RegisterTaskDefinition](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/RegisterTaskDefinition) + [UpdateService](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/UpdateService) + [Tunggu](https://docs.aws.amazon.com/goto/aws-cli/ecs-2014-11-13/Wait)