本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 將操作建議與 整合到您的應用程式中 CloudFormation
在**操作建議**頁面中選擇**建立 CloudFormation 範本**後, 會 AWS Resilience Hub 建立 CloudFormation 範本,描述應用程式的特定警示、標準操作程序 (SOP) 或 AWS FIS 實驗。 CloudFormation 範本存放在 Amazon S3 儲存貯體中,您可以在**操作建議**頁面上的**範本詳細資訊**索引標籤中檢查範本的 S3 路徑。
例如,以下清單顯示 JSON 格式的 CloudFormation 範本,描述由 轉譯的警示建議 AWS Resilience Hub。這是名為 之 DynamoDB 資料表的讀取調節警示`Employees`。
範本的 `Resources`區段說明當 DynamoDB 資料表的讀取調節事件數目超過 1 時啟動的`AWS::CloudWatch::Alarm`警示。這兩個`AWS::SSM::Parameter`資源定義中繼資料,允許 AWS Resilience Hub 識別已安裝的資源,而無需掃描實際的應用程式。
```
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters" : {
"SNSTopicARN" : {
"Type" : "String",
"Description" : "The ARN of the Amazon SNS topic to which alarm status changes are to be sent. This must be in the same Region being deployed.",
"AllowedPattern" : "^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):sns:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{1,256}$"
}
},
"Resources" : {
"ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm" : {
"Type" : "AWS::CloudWatch::Alarm",
"Properties" : {
"AlarmDescription" : "An Alarm by AWS Resilience Hub that alerts when the number of read-throttle events are greater than 1.",
"AlarmName" : "ResilienceHub-ReadThrottleEventsAlarm-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9",
"AlarmActions" : [ {
"Ref" : "SNSTopicARN"
} ],
"MetricName" : "ReadThrottleEvents",
"Namespace" : "AWS/DynamoDB",
"Statistic" : "Sum",
"Dimensions" : [ {
"Name" : "TableName",
"Value" : "Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9"
} ],
"Period" : 60,
"EvaluationPeriods" : 1,
"DatapointsToAlarm" : 1,
"Threshold" : 1,
"ComparisonOperator" : "GreaterThanOrEqualToThreshold",
"TreatMissingData" : "notBreaching",
"Unit" : "Count"
},
"Metadata" : {
"AWS::ResilienceHub::Monitoring" : {
"recommendationId" : "dynamodb:alarm:health-read_throttle_events:2020-04-01"
}
}
},
"dynamodbalarmhealthreadthrottleevents20200401EmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9AlarmSSMParameter" : {
"Type" : "AWS::SSM::Parameter",
"Properties" : {
"Name" : "/ResilienceHub/Alarm/3f904525-4bfa-430f-96ef-58ec9b19aa73/dynamodb-alarm-health-read-throttle-events-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9",
"Type" : "String",
"Value" : {
"Fn::Sub" : "${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}"
},
"Description" : "SSM Parameter for identifying installed resources."
}
},
"dynamodbalarmhealthreadthrottleevents20200401EmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9AlarmInfoSSMParameter" : {
"Type" : "AWS::SSM::Parameter",
"Properties" : {
"Name" : "/ResilienceHub/Info/Alarm/3f904525-4bfa-430f-96ef-58ec9b19aa73/dynamodb-alarm-health-read-throttle-events-2020-04-01_Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9",
"Type" : "String",
"Value" : {
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
},
"Description" : "SSM Parameter for identifying installed resources."
}
}
}
}
```
## 修改 CloudFormation 範本
將警示、SOP 或 AWS FIS 資源整合到主要應用程式最簡單的方式,就是將其新增為範本中描述應用程式範本的另一個資源。以下提供的 JSON 格式檔案提供在 CloudFormation 範本中如何描述 DynamoDB 資料表的基本大綱。真正的應用程式可能包含更多資源,例如額外的資料表。
```
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00.000Z",
"Description": "Application Stack with Employees Table",
"Outputs": {
"DynamoDBTable": {
"Description": "The DynamoDB Table Name",
"Value": {"Ref": "Employees"}
}
},
"Resources": {
"Employees": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"BillingMode": "PAY_PER_REQUEST",
"AttributeDefinitions": [
{
"AttributeName": "USER_ID",
"AttributeType": "S"
},
{
"AttributeName": "RANGE_ATTRIBUTE",
"AttributeType": "S"
}
],
"KeySchema": [
{
"AttributeName": "USER_ID",
"KeyType": "HASH"
},
{
"AttributeName": "RANGE_ATTRIBUTE",
"KeyType": "RANGE"
}
],
"PointInTimeRecoverySpecification": {
"PointInTimeRecoveryEnabled": true
},
"Tags": [
{
"Key": "Key",
"Value": "Value"
}
],
"LocalSecondaryIndexes": [
{
"IndexName": "resiliencehub-index-local-1",
"KeySchema": [
{
"AttributeName": "USER_ID",
"KeyType": "HASH"
},
{
"AttributeName": "RANGE_ATTRIBUTE",
"KeyType": "RANGE"
}
],
"Projection": {
"ProjectionType": "ALL"
}
}
],
"GlobalSecondaryIndexes": [
{
"IndexName": "resiliencehub-index-1",
"KeySchema": [
{
"AttributeName": "USER_ID",
"KeyType": "HASH"
}
],
"Projection": {
"ProjectionType": "ALL"
}
}
]
}
}
}
}
```
若要允許使用應用程式部署警示資源,您現在需要將硬式編碼的資源取代為應用程式堆疊中的動態參考。
因此,在`AWS::CloudWatch::Alarm`資源定義中,變更下列項目:
```
"Value" : "Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9"
```
至下列:
```
"Value" : {"Ref": "Employees"}
```
在`AWS::SSM::Parameter`資源定義中的 下,變更下列項目:
```
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededDynamoDBEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"Employees-ON-DEMAND-0-DynamoDBTable-PXBZQYH3DCJ9\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
```
至下列:
```
"Fn::Sub" : "{\"alarmName\":\"${ReadthrottleeventsthresholdexceededEmployeesONDEMAND0DynamoDBTablePXBZQYH3DCJ9Alarm}\",\"referenceId\":\"dynamodb:alarm:health_read_throttle_events:2020-04-01\",\"resourceId\":\"${Employees}\",\"relatedSOPs\":[\"dynamodb:sop:update_provisioned_capacity:2020-04-01\"]}"
```
修改 SOPs 和 AWS FIS 實驗的 CloudFormation 範本時,您將採用相同的方法,將硬式編碼的參考 IDs 取代為動態參考,即使在硬體變更後仍可繼續運作。
透過使用 DynamoDB 資料表的參考,您可以 CloudFormation 允許 執行下列動作:
+ 請先建立資料庫資料表。
+ 一律使用警示中產生資源的實際 ID,如果 CloudFormation 需要取代資源,則動態更新警示。
**注意**
您可以選擇使用 管理應用程式資源 CloudFormation 的更進階方法,例如[巢狀堆疊](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-nested-stacks.html)或[參考個別 CloudFormation 堆疊中的資源輸出](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-crossstackref.html)。(但如果您想要將建議堆疊與主要堆疊分開,則需要設定在兩個堆疊之間傳遞資訊的方式。)
此外,第三方工具,例如 HashiCorp 的 Terraform,也可以用來佈建基礎設施即程式碼 (IaC)。