這是 AWS CDK v2 開發人員指南。較舊的 CDK v1 已於 2022 年 6 月 1 日進入維護,並於 2023 年 6 月 1 日結束支援。 本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # 資產和 AWS CDK 資產是本機檔案、目錄或 Docker 映像,可以綁定到 AWS CDK 程式庫和應用程式中。例如,資產可能是包含 AWS Lambda 函數處理常式程式碼的目錄。資產可以代表應用程式需要操作的任何成品。 下列教學課程影片提供 CDK 資產的完整概觀,並說明如何在基礎設施中將其用作程式碼 (IaC)。 [![AWS Videos](http://img.youtube.com/vi/https://www.youtube.com/embed/jHNtXQmkKfw?rel=0/0.jpg)](http://www.youtube.com/watch?v=https://www.youtube.com/embed/jHNtXQmkKfw?rel=0) 您可以透過特定建構公開APIs AWS 新增資產。例如,當您定義建構時, [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html#code](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html#code) 屬性可讓您傳遞 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html) [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Code.html#static-fromwbrassetpath-options](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Code.html#static-fromwbrassetpath-options)(目錄)。 `Function`會使用資產來綁定目錄的內容,並將其用於函數的程式碼。同樣地,在定義 Amazon ECS 任務定義時, [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerImage.html#static-fromwbrassetdirectory-props](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerImage.html#static-fromwbrassetdirectory-props)會使用從本機目錄建置的 Docker 映像。 ## 資產詳細資訊 當您參考應用程式中的資產時,從您的應用程式合成的[雲端組件](deploy.md#deploy-how-synth-assemblies)會包含中繼資料資訊,以及 AWS CDK CLI 的說明。這些指示包括在何處尋找本機磁碟上的資產,以及要根據資產類型執行的綁定類型,例如壓縮 (zip) 的目錄或要建置的 Docker 映像。 AWS CDK 會產生資產的來源雜湊。這可以在建構時用來判斷資產的內容是否已變更。 根據預設, AWS CDK 會在雲端組件目錄中建立資產的複本,其預設為來源雜湊`cdk.out`下的 。如此一來,雲端組件會獨立運作,因此如果移至不同的主機進行部署,仍然可以部署。如需詳細資訊,請參閱[雲端組件](deploy.md#deploy-how-synth-assemblies)。 當 AWS CDK 部署參考資產的應用程式時 (直接透過應用程式程式碼或透過程式庫), AWS CDK CLI 會先準備並將資產發佈至 Amazon S3 儲存貯體或 Amazon ECR 儲存庫。(S3 儲存貯體或儲存庫會在引導期間建立。) 只有在那時,堆疊中定義的資源才會部署。 本節說明架構中可用的低階 APIs。 ## 資產類型 AWS CDK 支援下列類型的資產: Amazon S3 資產 這些是 AWS CDK 上傳至 Amazon S3 的本機檔案和目錄。 Docker 影像 這些是 AWS CDK 上傳至 Amazon ECR 的 Docker 映像。 以下各節會說明這些資產類型。 ## Amazon S3 資產 您可以將本機檔案和目錄定義為資產,而 AWS CDK 套件會透過 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_assets-readme.html](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_assets-readme.html)模組將其上傳至 Amazon S3。 下列範例定義本機目錄資產和檔案資產。 **Example** ``` import { Asset } from 'aws-cdk-lib/aws-s3-assets'; // Archived and uploaded to Amazon S3 as a .zip file const directoryAsset = new Asset(this, "SampleZippedDirAsset", { path: path.join(__dirname, "sample-asset-directory") }); // Uploaded to Amazon S3 as-is const fileAsset = new Asset(this, 'SampleSingleFileAsset', { path: path.join(__dirname, 'file-asset.txt') }); ``` ``` const { Asset } = require('aws-cdk-lib/aws-s3-assets'); // Archived and uploaded to Amazon S3 as a .zip file const directoryAsset = new Asset(this, "SampleZippedDirAsset", { path: path.join(__dirname, "sample-asset-directory") }); // Uploaded to Amazon S3 as-is const fileAsset = new Asset(this, 'SampleSingleFileAsset', { path: path.join(__dirname, 'file-asset.txt') }); ``` ``` import os.path dirname = os.path.dirname(__file__) from aws_cdk.aws_s3_assets import Asset # Archived and uploaded to Amazon S3 as a .zip file directory_asset = Asset(self, "SampleZippedDirAsset", path=os.path.join(dirname, "sample-asset-directory") ) # Uploaded to Amazon S3 as-is file_asset = Asset(self, 'SampleSingleFileAsset', path=os.path.join(dirname, 'file-asset.txt') ) ``` ``` import java.io.File; import software.amazon.awscdk.services.s3.assets.Asset; // Directory where app was started File startDir = new File(System.getProperty("user.dir")); // Archived and uploaded to Amazon S3 as a .zip file Asset directoryAsset = Asset.Builder.create(this, "SampleZippedDirAsset") .path(new File(startDir, "sample-asset-directory").toString()).build(); // Uploaded to Amazon S3 as-is Asset fileAsset = Asset.Builder.create(this, "SampleSingleFileAsset") .path(new File(startDir, "file-asset.txt").toString()).build(); ``` ``` using System.IO; using Amazon.CDK.AWS.S3.Assets; // Archived and uploaded to Amazon S3 as a .zip file var directoryAsset = new Asset(this, "SampleZippedDirAsset", new AssetProps { Path = Path.Combine(Directory.GetCurrentDirectory(), "sample-asset-directory") }); // Uploaded to Amazon S3 as-is var fileAsset = new Asset(this, "SampleSingleFileAsset", new AssetProps { Path = Path.Combine(Directory.GetCurrentDirectory(), "file-asset.txt") }); ``` ``` dirName, err := os.Getwd() if err != nil { panic(err) } awss3assets.NewAsset(stack, jsii.String("SampleZippedDirAsset"), awss3assets.AssetProps{ Path: jsii.String(path.Join(dirName, "sample-asset-directory")), }) awss3assets.NewAsset(stack, jsii.String("SampleSingleFileAsset"), awss3assets.AssetProps{ Path: jsii.String(path.Join(dirName, "file-asset.txt")), }) ``` 在大多數情況下,您不需要直接使用 `aws-s3-assets` 模組的 APIs。支援資產的模組,例如 `aws-lambda`,具有方便的方法,讓您可以使用資產。對於 Lambda [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Code.html#static-fromwbrassetpath-options](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Code.html#static-fromwbrassetpath-options) 函數,靜態方法可讓您在本機檔案系統中指定目錄或 .zip 檔案。 ### Lambda 函數範例 常見的使用案例是使用處理常式程式碼建立 Lambda 函數做為 Amazon S3 資產。 下列範例使用 Amazon S3 資產在本機目錄 中定義 Python 處理常式`handler`。它也會使用本機目錄資產做為 `code` 屬性來建立 Lambda 函數。以下是處理常式的 Python 程式碼。 ``` def lambda_handler(event, context): message = 'Hello World!' return { 'message': message } ``` 主要 AWS CDK 應用程式的程式碼看起來應該如下所示。 **Example** ``` import * as cdk from 'aws-cdk-lib'; import { Constructs } from 'constructs'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import * as path from 'path'; export class HelloAssetStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); new lambda.Function(this, 'myLambdaFunction', { code: lambda.Code.fromAsset(path.join(__dirname, 'handler')), runtime: lambda.Runtime.PYTHON_3_6, handler: 'index.lambda_handler' }); } } ``` ``` const cdk = require('aws-cdk-lib'); const lambda = require('aws-cdk-lib/aws-lambda'); const path = require('path'); class HelloAssetStack extends cdk.Stack { constructor(scope, id, props) { super(scope, id, props); new lambda.Function(this, 'myLambdaFunction', { code: lambda.Code.fromAsset(path.join(__dirname, 'handler')), runtime: lambda.Runtime.PYTHON_3_6, handler: 'index.lambda_handler' }); } } module.exports = { HelloAssetStack } ``` ``` from aws_cdk import Stack from constructs import Construct from aws_cdk import aws_lambda as lambda_ import os.path dirname = os.path.dirname(__file__) class HelloAssetStack(Stack): def __init__(self, scope: Construct, id: str, **kwargs): super().__init__(scope, id, **kwargs) lambda_.Function(self, 'myLambdaFunction', code=lambda_.Code.from_asset(os.path.join(dirname, 'handler')), runtime=lambda_.Runtime.PYTHON_3_6, handler="index.lambda_handler") ``` ``` import java.io.File; import software.amazon.awscdk.Stack; import software.amazon.awscdk.StackProps; import software.amazon.awscdk.services.lambda.Function; import software.amazon.awscdk.services.lambda.Runtime; public class HelloAssetStack extends Stack { public HelloAssetStack(final App scope, final String id) { this(scope, id, null); } public HelloAssetStack(final App scope, final String id, final StackProps props) { super(scope, id, props); File startDir = new File(System.getProperty("user.dir")); Function.Builder.create(this, "myLambdaFunction") .code(Code.fromAsset(new File(startDir, "handler").toString())) .runtime(Runtime.PYTHON_3_6) .handler("index.lambda_handler").build(); } } ``` ``` using Amazon.CDK; using Amazon.CDK.AWS.Lambda; using System.IO; public class HelloAssetStack : Stack { public HelloAssetStack(Construct scope, string id, StackProps props) : base(scope, id, props) { new Function(this, "myLambdaFunction", new FunctionProps { Code = Code.FromAsset(Path.Combine(Directory.GetCurrentDirectory(), "handler")), Runtime = Runtime.PYTHON_3_6, Handler = "index.lambda_handler" }); } } ``` ``` import ( "os" "path" "github.com/aws/aws-cdk-go/awscdk/v2" "github.com/aws/aws-cdk-go/awscdk/v2/awslambda" "github.com/aws/aws-cdk-go/awscdk/v2/awss3assets" "github.com/aws/constructs-go/constructs/v10" "github.com/aws/jsii-runtime-go" ) func HelloAssetStack(scope constructs.Construct, id string, props *HelloAssetStackProps) awscdk.Stack { var sprops awscdk.StackProps if props != nil { sprops = props.StackProps } stack := awscdk.NewStack(scope, id, sprops) dirName, err := os.Getwd() if err != nil { panic(err) } awslambda.NewFunction(stack, jsii.String("myLambdaFunction"), awslambda.FunctionProps{ Code: awslambda.AssetCode_FromAsset(jsii.String(path.Join(dirName, "handler")), awss3assets.AssetOptions{}), Runtime: awslambda.Runtime_PYTHON_3_6(), Handler: jsii.String("index.lambda_handler"), }) return stack } ``` `Function` 方法使用資產來綁定目錄的內容,並將其用於函數的程式碼。 **提示** Java `.jar` 檔案是具有不同副檔名的 ZIP 檔案。這些會依原狀上傳到 Amazon S3,但是當部署為 Lambda 函數時,會解壓縮它們包含的檔案,您可能不想這麼做。若要避免這種情況,請將 `.jar` 檔案放在 目錄中,並將該目錄指定為資產。 ### 部署時間屬性範例 Amazon S3 資產類型也會公開可在 AWS CDK 程式庫和應用程式中參考的[部署時間屬性](resources.md#resources-attributes)。 AWS CDK CLI 命令會將資產屬性`cdk synth`顯示為 AWS CloudFormation 參數。 下列範例使用部署時間屬性,將影像資產的位置傳遞至 Lambda 函數做為環境變數。(檔案的類型並不重要;此處使用的 PNG 映像只是範例。) **Example** ``` import { Asset } from 'aws-cdk-lib/aws-s3-assets'; import * as path from 'path'; const imageAsset = new Asset(this, "SampleAsset", { path: path.join(__dirname, "images/my-image.png") }); new lambda.Function(this, "myLambdaFunction", { code: lambda.Code.asset(path.join(__dirname, "handler")), runtime: lambda.Runtime.PYTHON_3_6, handler: "index.lambda_handler", environment: { 'S3_BUCKET_NAME': imageAsset.s3BucketName, 'S3_OBJECT_KEY': imageAsset.s3ObjectKey, 'S3_OBJECT_URL': imageAsset.s3ObjectUrl } }); ``` ``` const { Asset } = require('aws-cdk-lib/aws-s3-assets'); const path = require('path'); const imageAsset = new Asset(this, "SampleAsset", { path: path.join(__dirname, "images/my-image.png") }); new lambda.Function(this, "myLambdaFunction", { code: lambda.Code.asset(path.join(__dirname, "handler")), runtime: lambda.Runtime.PYTHON_3_6, handler: "index.lambda_handler", environment: { 'S3_BUCKET_NAME': imageAsset.s3BucketName, 'S3_OBJECT_KEY': imageAsset.s3ObjectKey, 'S3_OBJECT_URL': imageAsset.s3ObjectUrl } }); ``` ``` import os.path import aws_cdk.aws_lambda as lambda_ from aws_cdk.aws_s3_assets import Asset dirname = os.path.dirname(__file__) image_asset = Asset(self, "SampleAsset", path=os.path.join(dirname, "images/my-image.png")) lambda_.Function(self, "myLambdaFunction", code=lambda_.Code.asset(os.path.join(dirname, "handler")), runtime=lambda_.Runtime.PYTHON_3_6, handler="index.lambda_handler", environment=dict( S3_BUCKET_NAME=image_asset.s3_bucket_name, S3_OBJECT_KEY=image_asset.s3_object_key, S3_OBJECT_URL=image_asset.s3_object_url)) ``` ``` import java.io.File; import software.amazon.awscdk.Stack; import software.amazon.awscdk.StackProps; import software.amazon.awscdk.services.lambda.Function; import software.amazon.awscdk.services.lambda.Runtime; import software.amazon.awscdk.services.s3.assets.Asset; public class FunctionStack extends Stack { public FunctionStack(final App scope, final String id, final StackProps props) { super(scope, id, props); File startDir = new File(System.getProperty("user.dir")); Asset imageAsset = Asset.Builder.create(this, "SampleAsset") .path(new File(startDir, "images/my-image.png").toString()).build()) Function.Builder.create(this, "myLambdaFunction") .code(Code.fromAsset(new File(startDir, "handler").toString())) .runtime(Runtime.PYTHON_3_6) .handler("index.lambda_handler") .environment(java.util.Map.of( // Java 9 or later "S3_BUCKET_NAME", imageAsset.getS3BucketName(), "S3_OBJECT_KEY", imageAsset.getS3ObjectKey(), "S3_OBJECT_URL", imageAsset.getS3ObjectUrl())) .build(); } } ``` ``` using Amazon.CDK; using Amazon.CDK.AWS.Lambda; using Amazon.CDK.AWS.S3.Assets; using System.IO; using System.Collections.Generic; var imageAsset = new Asset(this, "SampleAsset", new AssetProps { Path = Path.Combine(Directory.GetCurrentDirectory(), @"images\my-image.png") }); new Function(this, "myLambdaFunction", new FunctionProps { Code = Code.FromAsset(Path.Combine(Directory.GetCurrentDirectory(), "handler")), Runtime = Runtime.PYTHON_3_6, Handler = "index.lambda_handler", Environment = new Dictionarystring, string { ["S3_BUCKET_NAME"] = imageAsset.S3BucketName, ["S3_OBJECT_KEY"] = imageAsset.S3ObjectKey, ["S3_OBJECT_URL"] = imageAsset.S3ObjectUrl } }); ``` ``` import ( "os" "path" "github.com/aws/aws-cdk-go/awscdk/v2" "github.com/aws/aws-cdk-go/awscdk/v2/awslambda" "github.com/aws/aws-cdk-go/awscdk/v2/awss3assets" ) dirName, err := os.Getwd() if err != nil { panic(err) } imageAsset := awss3assets.NewAsset(stack, jsii.String("SampleAsset"), awss3assets.AssetProps{ Path: jsii.String(path.Join(dirName, "images/my-image.png")), }) awslambda.NewFunction(stack, jsii.String("myLambdaFunction"), awslambda.FunctionProps{ Code: awslambda.AssetCode_FromAsset(jsii.String(path.Join(dirName, "handler"))), Runtime: awslambda.Runtime_PYTHON_3_6(), Handler: jsii.String("index.lambda_handler"), Environment: map[string]*string{ "S3_BUCKET_NAME": imageAsset.S3BucketName(), "S3_OBJECT_KEY": imageAsset.S3ObjectKey(), "S3_URL": imageAsset.S3ObjectUrl(), }, }) ``` ### 許可 如果您直接透過[https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_assets-readme.html](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_assets-readme.html)模組、IAM 角色、使用者或群組使用 Amazon S3 資產,且需要在執行時間讀取資產,則透過 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_assets.Asset.html#grantwbrreadgrantee](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_assets.Asset.html#grantwbrreadgrantee)方法授予這些資產 IAM 許可。 下列範例會授予檔案資產的 IAM 群組讀取許可。 **Example** ``` import { Asset } from 'aws-cdk-lib/aws-s3-assets'; import * as path from 'path'; const asset = new Asset(this, 'MyFile', { path: path.join(__dirname, 'my-image.png') }); const group = new iam.Group(this, 'MyUserGroup'); asset.grantRead(group); ``` ``` const { Asset } = require('aws-cdk-lib/aws-s3-assets'); const path = require('path'); const asset = new Asset(this, 'MyFile', { path: path.join(__dirname, 'my-image.png') }); const group = new iam.Group(this, 'MyUserGroup'); asset.grantRead(group); ``` ``` from aws_cdk.aws_s3_assets import Asset import aws_cdk.aws_iam as iam import os.path dirname = os.path.dirname(__file__) asset = Asset(self, "MyFile", path=os.path.join(dirname, "my-image.png")) group = iam.Group(self, "MyUserGroup") asset.grant_read(group) ``` ``` import java.io.File; import software.amazon.awscdk.Stack; import software.amazon.awscdk.StackProps; import software.amazon.awscdk.services.iam.Group; import software.amazon.awscdk.services.s3.assets.Asset; public class GrantStack extends Stack { public GrantStack(final App scope, final String id, final StackProps props) { super(scope, id, props); File startDir = new File(System.getProperty("user.dir")); Asset asset = Asset.Builder.create(this, "SampleAsset") .path(new File(startDir, "images/my-image.png").toString()).build(); Group group = new Group(this, "MyUserGroup"); asset.grantRead(group); } } ``` ``` using Amazon.CDK; using Amazon.CDK.AWS.IAM; using Amazon.CDK.AWS.S3.Assets; using System.IO; var asset = new Asset(this, "MyFile", new AssetProps { Path = Path.Combine(Path.Combine(Directory.GetCurrentDirectory(), @"images\my-image.png")) }); var group = new Group(this, "MyUserGroup"); asset.GrantRead(group); ``` ``` import ( "os" "path" "github.com/aws/aws-cdk-go/awscdk/v2" "github.com/aws/aws-cdk-go/awscdk/v2/awsiam" "github.com/aws/aws-cdk-go/awscdk/v2/awss3assets" ) dirName, err := os.Getwd() if err != nil { panic(err) } asset := awss3assets.NewAsset(stack, jsii.String("MyFile"), awss3assets.AssetProps{ Path: jsii.String(path.Join(dirName, "my-image.png")), }) group := awsiam.NewGroup(stack, jsii.String("MyUserGroup"), awsiam.GroupProps{}) asset.GrantRead(group) ``` ## Docker 映像資產 AWS CDK 支援透過 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets-readme.html](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets-readme.html)模組將本機 Docker 映像綁定為資產。 下列範例定義在本機建置並推送至 Amazon ECR 的 Docker 映像。映像是從本機 Docker 內容目錄 (使用 Dockerfile) 建置,並透過 AWS CDK CLI 或應用程式的 CI/CD 管道上傳至 Amazon ECR。您可以在 AWS CDK 應用程式中自然參考影像。 **Example** ``` import { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets'; const asset = new DockerImageAsset(this, 'MyBuildImage', { directory: path.join(__dirname, 'my-image') }); ``` ``` const { DockerImageAsset } = require('aws-cdk-lib/aws-ecr-assets'); const asset = new DockerImageAsset(this, 'MyBuildImage', { directory: path.join(__dirname, 'my-image') }); ``` ``` from aws_cdk.aws_ecr_assets import DockerImageAsset import os.path dirname = os.path.dirname(__file__) asset = DockerImageAsset(self, 'MyBuildImage', directory=os.path.join(dirname, 'my-image')) ``` ``` import software.amazon.awscdk.services.ecr.assets.DockerImageAsset; File startDir = new File(System.getProperty("user.dir")); DockerImageAsset asset = DockerImageAsset.Builder.create(this, "MyBuildImage") .directory(new File(startDir, "my-image").toString()).build(); ``` ``` using System.IO; using Amazon.CDK.AWS.ECR.Assets; var asset = new DockerImageAsset(this, "MyBuildImage", new DockerImageAssetProps { Directory = Path.Combine(Directory.GetCurrentDirectory(), "my-image") }); ``` ``` import ( "os" "path" "github.com/aws/aws-cdk-go/awscdk/v2" "github.com/aws/aws-cdk-go/awscdk/v2/awsecrassets" ) dirName, err := os.Getwd() if err != nil { panic(err) } asset := awsecrassets.NewDockerImageAsset(stack, jsii.String("MyBuildImage"), awsecrassets.DockerImageAssetProps{ Directory: jsii.String(path.Join(dirName, "my-image")), }) ``` `my-image` 目錄必須包含 Dockerfile。 AWS CDK CLI 會從 建置 Docker 映像`my-image`、將其推送至 Amazon ECR 儲存庫,並將儲存庫的名稱指定為 an AWS CloudFormation 參數到您的堆疊。Docker 映像資產類型公開可在 AWS CDK 程式庫和應用程式中參考的[部署時間屬性](resources.md#resources-attributes)。 AWS CDK CLI 命令`cdk synth`會顯示資產屬性為 AWS CloudFormation 參數。 ### Amazon ECS 任務定義範例 常見的使用案例是建立 Amazon ECS [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.TaskDefinition.html](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.TaskDefinition.html)以執行 Docker 容器。下列範例指定 AWS CDK 在本機建置並推送至 Amazon ECR 的 Docker 影像資產位置。 **Example** ``` import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as ecr_assets from 'aws-cdk-lib/aws-ecr-assets'; import * as path from 'path'; const taskDefinition = new ecs.FargateTaskDefinition(this, "TaskDef", { memoryLimitMiB: 1024, cpu: 512 }); const asset = new ecr_assets.DockerImageAsset(this, 'MyBuildImage', { directory: path.join(__dirname, 'my-image') }); taskDefinition.addContainer("my-other-container", { image: ecs.ContainerImage.fromDockerImageAsset(asset) }); ``` ``` const ecs = require('aws-cdk-lib/aws-ecs'); const ecr_assets = require('aws-cdk-lib/aws-ecr-assets'); const path = require('path'); const taskDefinition = new ecs.FargateTaskDefinition(this, "TaskDef", { memoryLimitMiB: 1024, cpu: 512 }); const asset = new ecr_assets.DockerImageAsset(this, 'MyBuildImage', { directory: path.join(__dirname, 'my-image') }); taskDefinition.addContainer("my-other-container", { image: ecs.ContainerImage.fromDockerImageAsset(asset) }); ``` ``` import aws_cdk.aws_ecs as ecs import aws_cdk.aws_ecr_assets as ecr_assets import os.path dirname = os.path.dirname(__file__) task_definition = ecs.FargateTaskDefinition(self, "TaskDef", memory_limit_mib=1024, cpu=512) asset = ecr_assets.DockerImageAsset(self, 'MyBuildImage', directory=os.path.join(dirname, 'my-image')) task_definition.add_container("my-other-container", image=ecs.ContainerImage.from_docker_image_asset(asset)) ``` ``` import java.io.File; import software.amazon.awscdk.services.ecs.FargateTaskDefinition; import software.amazon.awscdk.services.ecs.ContainerDefinitionOptions; import software.amazon.awscdk.services.ecs.ContainerImage; import software.amazon.awscdk.services.ecr.assets.DockerImageAsset; File startDir = new File(System.getProperty("user.dir")); FargateTaskDefinition taskDefinition = FargateTaskDefinition.Builder.create( this, "TaskDef").memoryLimitMiB(1024).cpu(512).build(); DockerImageAsset asset = DockerImageAsset.Builder.create(this, "MyBuildImage") .directory(new File(startDir, "my-image").toString()).build(); taskDefinition.addContainer("my-other-container", ContainerDefinitionOptions.builder() .image(ContainerImage.fromDockerImageAsset(asset)) .build(); ) ``` ``` using System.IO; using Amazon.CDK.AWS.ECS; using Amazon.CDK.AWS.Ecr.Assets; var taskDefinition = new FargateTaskDefinition(this, "TaskDef", new FargateTaskDefinitionProps { MemoryLimitMiB = 1024, Cpu = 512 }); var asset = new DockerImageAsset(this, "MyBuildImage", new DockerImageAssetProps { Directory = Path.Combine(Directory.GetCurrentDirectory(), "my-image") }); taskDefinition.AddContainer("my-other-container", new ContainerDefinitionOptions { Image = ContainerImage.FromDockerImageAsset(asset) }); ``` ``` import ( "os" "path" "github.com/aws/aws-cdk-go/awscdk/v2" "github.com/aws/aws-cdk-go/awscdk/v2/awsecrassets" "github.com/aws/aws-cdk-go/awscdk/v2/awsecs" ) dirName, err := os.Getwd() if err != nil { panic(err) } taskDefinition := awsecs.NewTaskDefinition(stack, jsii.String("TaskDef"), awsecs.TaskDefinitionProps{ MemoryMiB: jsii.String("1024"), Cpu: jsii.String("512"), }) asset := awsecrassets.NewDockerImageAsset(stack, jsii.String("MyBuildImage"), awsecrassets.DockerImageAssetProps{ Directory: jsii.String(path.Join(dirName, "my-image")), }) taskDefinition.AddContainer(jsii.String("MyOtherContainer"), awsecs.ContainerDefinitionOptions{ Image: awsecs.ContainerImage_FromDockerImageAsset(asset), }) ``` ### 部署時間屬性範例 下列範例示範如何使用部署時間屬性`imageUri`,`repository`以及使用 AWS Fargate 啟動類型建立 Amazon ECS 任務定義。請注意,Amazon ECR 儲存庫查詢需要映像的標籤,而不是其 URI,因此我們從資產的 URI 結尾將其剪下。 **Example** ``` import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as path from 'path'; import { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets'; const asset = new DockerImageAsset(this, 'my-image', { directory: path.join(__dirname, "..", "demo-image") }); const taskDefinition = new ecs.FargateTaskDefinition(this, "TaskDef", { memoryLimitMiB: 1024, cpu: 512 }); taskDefinition.addContainer("my-other-container", { image: ecs.ContainerImage.fromEcrRepository(asset.repository, asset.imageUri.split(":").pop()) }); ``` ``` const ecs = require('aws-cdk-lib/aws-ecs'); const path = require('path'); const { DockerImageAsset } = require('aws-cdk-lib/aws-ecr-assets'); const asset = new DockerImageAsset(this, 'my-image', { directory: path.join(__dirname, "..", "demo-image") }); const taskDefinition = new ecs.FargateTaskDefinition(this, "TaskDef", { memoryLimitMiB: 1024, cpu: 512 }); taskDefinition.addContainer("my-other-container", { image: ecs.ContainerImage.fromEcrRepository(asset.repository, asset.imageUri.split(":").pop()) }); ``` ``` import aws_cdk.aws_ecs as ecs from aws_cdk.aws_ecr_assets import DockerImageAsset import os.path dirname = os.path.dirname(__file__) asset = DockerImageAsset(self, 'my-image', directory=os.path.join(dirname, "..", "demo-image")) task_definition = ecs.FargateTaskDefinition(self, "TaskDef", memory_limit_mib=1024, cpu=512) task_definition.add_container("my-other-container", image=ecs.ContainerImage.from_ecr_repository( asset.repository, asset.image_uri.rpartition(":")[-1])) ``` ``` import java.io.File; import software.amazon.awscdk.services.ecr.assets.DockerImageAsset; import software.amazon.awscdk.services.ecs.FargateTaskDefinition; import software.amazon.awscdk.services.ecs.ContainerDefinitionOptions; import software.amazon.awscdk.services.ecs.ContainerImage; File startDir = new File(System.getProperty("user.dir")); DockerImageAsset asset = DockerImageAsset.Builder.create(this, "my-image") .directory(new File(startDir, "demo-image").toString()).build(); FargateTaskDefinition taskDefinition = FargateTaskDefinition.Builder.create( this, "TaskDef").memoryLimitMiB(1024).cpu(512).build(); // extract the tag from the asset's image URI for use in ECR repo lookup String imageUri = asset.getImageUri(); String imageTag = imageUri.substring(imageUri.lastIndexOf(":") + 1); taskDefinition.addContainer("my-other-container", ContainerDefinitionOptions.builder().image(ContainerImage.fromEcrRepository( asset.getRepository(), imageTag)).build()); ``` ``` using System.IO; using Amazon.CDK.AWS.ECS; using Amazon.CDK.AWS.ECR.Assets; var asset = new DockerImageAsset(this, "my-image", new DockerImageAssetProps { Directory = Path.Combine(Directory.GetCurrentDirectory(), "demo-image") }); var taskDefinition = new FargateTaskDefinition(this, "TaskDef", new FargateTaskDefinitionProps { MemoryLimitMiB = 1024, Cpu = 512 }); taskDefinition.AddContainer("my-other-container", new ContainerDefinitionOptions { Image = ContainerImage.FromEcrRepository(asset.Repository, asset.ImageUri.Split(":").Last()) }); ``` ``` import ( "os" "path" "github.com/aws/aws-cdk-go/awscdk/v2" "github.com/aws/aws-cdk-go/awscdk/v2/awsecrassets" "github.com/aws/aws-cdk-go/awscdk/v2/awsecs" ) dirName, err := os.Getwd() if err != nil { panic(err) } asset := awsecrassets.NewDockerImageAsset(stack, jsii.String("MyImage"), awsecrassets.DockerImageAssetProps{ Directory: jsii.String(path.Join(dirName, "demo-image")), }) taskDefinition := awsecs.NewFargateTaskDefinition(stack, jsii.String("TaskDef"), awsecs.FargateTaskDefinitionProps{ MemoryLimitMiB: jsii.Number(1024), Cpu: jsii.Number(512), }) taskDefinition.AddContainer(jsii.String("MyOtherContainer"), awsecs.ContainerDefinitionOptions{ Image: awsecs.ContainerImage_FromEcrRepository(asset.Repository(), asset.ImageTag()), }) ``` ### 組建引數範例 當 AWS CDK CLI 在部署期間建置映像時,您可以透過 `buildArgs`(Python:`build_args`) 屬性選項提供 Docker 建置步驟的自訂建置引數。 **Example** ``` const asset = new DockerImageAsset(this, 'MyBuildImage', { directory: path.join(__dirname, 'my-image'), buildArgs: { HTTP_PROXY: 'http://10.20.30.2:1234' } }); ``` ``` const asset = new DockerImageAsset(this, 'MyBuildImage', { directory: path.join(__dirname, 'my-image'), buildArgs: { HTTP_PROXY: 'http://10.20.30.2:1234' } }); ``` ``` asset = DockerImageAsset(self, "MyBuildImage", directory=os.path.join(dirname, "my-image"), build_args=dict(HTTP_PROXY="http://10.20.30.2:1234")) ``` ``` DockerImageAsset asset = DockerImageAsset.Builder.create(this, "my-image"), .directory(new File(startDir, "my-image").toString()) .buildArgs(java.util.Map.of( // Java 9 or later "HTTP_PROXY", "http://10.20.30.2:1234")) .build(); ``` ``` var asset = new DockerImageAsset(this, "MyBuildImage", new DockerImageAssetProps { Directory = Path.Combine(Directory.GetCurrentDirectory(), "my-image"), BuildArgs = new Dictionarystring, string { ["HTTP_PROXY"] = "http://10.20.30.2:1234" } }); ``` ``` dirName, err := os.Getwd() if err != nil { panic(err) } asset := awsecrassets.NewDockerImageAsset(stack, jsii.String("MyBuildImage"), awsecrassets.DockerImageAssetProps{ Directory: jsii.String(path.Join(dirName, "my-image")), BuildArgs: map[string]*string{ "HTTP_PROXY": jsii.String("http://10.20.30.2:1234"), }, }) ``` ### 許可 如果您使用支援 Docker 影像資產的模組,例如 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs-readme.html](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs-readme.html),當您直接或透過 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerImage.html#static-fromwbrecrwbrrepositoryrepository-tag](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ContainerImage.html#static-fromwbrecrwbrrepositoryrepository-tag)(Python:) 使用資產時, AWS CDK 會為您管理許可`from_ecr_repository`。如果您直接使用 Docker 映像資產,請確定取用主體具有提取映像的許可。 在大多數情況下,您應該使用 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr.Repository.html#grantwbrpullgrantee](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr.Repository.html#grantwbrpullgrantee) 方法 (Python:`grant_pull`)。這會修改主體的 IAM 政策,使其能夠從此儲存庫提取映像。如果提取映像的委託人不在同一個帳戶中,或者是不在帳戶中擔任角色 AWS 的服務 (例如 AWS CodeBuild),您必須授予資源政策的提取許可,而不是委託人的政策。使用 [https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr.Repository.html#addwbrtowbrresourcewbrpolicystatement](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr.Repository.html#addwbrtowbrresourcewbrpolicystatement)方法 (Python:`add_to_resource_policy`) 授予適當的委託人許可。 ## AWS CloudFormation 資源中繼資料 **注意** 本節僅適用於建構作者。在某些情況下,工具需要知道特定 CFN 資源正在使用本機資產。例如,您可以使用 AWS SAM CLI 在本機調用 Lambda 函數進行偵錯。如需詳細資訊,請參閱 [AWS SAM 整合](tools.md#sam)。 若要啟用這類使用案例,外部工具會參考 AWS CloudFormation 資源上的一組中繼資料項目: + `aws:asset:path` – 指向資產的本機路徑。 + `aws:asset:property` – 使用資產的資源屬性名稱。 使用這兩個中繼資料項目,工具可以識別特定資源使用的資產,並啟用進階本機體驗。 若要將這些中繼資料項目新增至資源,請使用 `asset.addResourceMetadata`(Python:`add_resource_metadata`) 方法。