Amazon web services 如何自动化根设备卷'；基于云信息的s标记_Amazon Web Services_Amazon Cloudformation

Amazon web services 如何自动化根设备卷'；基于云信息的s标记

amazon-web-services amazon-cloudformation

Amazon web services 如何自动化根设备卷'；基于云信息的s标记,amazon-web-services,amazon-cloudformation,Amazon Web Services,Amazon Cloudformation,我无法连接到using，因为它们没有传播到创建自的Amazon卷。它可以以任何方式自动使用吗？谢谢。用户数据这可以通过使用来实现-如果您运行的linux主机带有cloudinit和，则可以在脚本中运行以下命令来标记与实例关联的所有卷 "VOLUME_IDS=$(aws ec2 describe-volumes --output text --filters Name=attachment.instance-id,Values=$(curl http://169.254.169.254/late

我无法连接到using，因为它们没有传播到创建自的Amazon卷。它可以以任何方式自动使用吗？谢谢。

用户数据这可以通过使用来实现-如果您运行的linux主机带有cloudinit和，则可以在脚本中运行以下命令来标记与实例关联的所有卷

"VOLUME_IDS=$(aws ec2 describe-volumes --output text --filters Name=attachment.instance-id,Values=$(curl http://169.254.169.254/latest/meta-data/instance-id) --query 'Volumes[].VolumeId')",
"aws ec2 create-tags --resources ${VOLUME_IDS} --tags Key=my,Value=tag"

确保在启动EC2实例时，它有一个实例IAM策略，使其能够创建标记和描述卷

“保单文件”：{
“版本”：“2012-10-17”，
“声明”：[
{
“行动”：[
“ec2:CreateTags”，
“ec2:描述卷”
],
“效果”：“允许”，
“资源”：“*”
}
]
}

CloudWatch活动另一种实现自动化的方法是通过CloudWatch事件，设置事件规则侦听和EC2状态更改，然后在Lambda函数中标记卷，我在下面包含了几个CloudFormation片段

LambdaEC2CopyTagsToEBS:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Principal:
            Service:
              - lambda.amazonaws.com
          Action:
            - sts:AssumeRole
    Policies:
      - PolicyName: LambdaEC2CopyTagsToEBS
        PolicyDocument:
          Version: 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - ec2:DescribeInstances
                - ec2:CreateTags
              Resource: '*'

            - Effect: Allow
              Action:
                - logs:CreateLogGroup
                - logs:CreateLogStream
                - logs:PutLogEvents
              Resource: '*'

LambdaEC2CopyTagsToEBSEvent:
  Type: AWS::Events::Rule
  Properties:
    Description: Invokes CopyInstanceTagsToEBSVolumes when an Instance starts running
    EventPattern:
      source:
        - aws.ec2
      detail-type:
        - EC2 Instance State-change Notification
      detail:
        state:
          - running
    State: ENABLED
    Targets:
      - Arn: !GetAtt CopyInstanceTagsToEBSVolumes.Arn
        Id: !Ref CopyInstanceTagsToEBSVolumes

CopyInstanceTagsToEBSVolumes:
  Type: AWS::Lambda::Function
  Properties:
    Description: Copies Tags from and EC2 to all its EBS Volumes
    Code:
      ZipFile: |
        import boto3
        ec2 = boto3.client('ec2')


        def get_volume_ids(instance):
            for device in instance.get('BlockDeviceMappings', []):
                yield device.get('Ebs', {}).get('VolumeId')


        def handler(event, context):
            state, instance_id = event['detail']['state'], event['detail']['instance-id']
            if state == 'running':
                instance = ec2.describe_instances(InstanceIds=[instance_id])
                instance = instance['Reservations'][0]['Instances'][0]
                volume_ids = get_volume_ids(instance)
                tags = [tag for tag in instance['Tags'] if not tag['Key'].startswith('aws:')]
                ec2.create_tags(Resources=list(volume_ids),
                                Tags=tags
                                )

    Handler: index.handler
    Role: !GetAtt LambdaEC2CopyTagsToEBS.Arn
    Runtime: python3.6
    Timeout: 5


EventsInvokeCopyInstanceTagsToEBSVolumes:
  Type: AWS::Lambda::Permission
  Properties:
    Action: lambda:InvokeFunction
    FunctionName: !Ref CopyInstanceTagsToEBSVolumes
    Principal: events.amazonaws.com
    SourceArn: !GetAtt LambdaEC2CopyTagsToEBSEvent.Arn