AWS SSM 运行命令:使用 Cloudformation 模板中的当前帐号
[英]AWS SSM Run command : use the current account number from a Cloudformation Template
问题描述
I have a CloudFormation template that create a set of SSM commands to manage my Linux EC2 instances.
我有一个 CloudFormation 模板,它创建了一组 SSM 命令来管理我的 Linux EC2 实例。 This commands must have access to my AWS account number to do some tasks.此命令必须有权访问我的 AWS 帐号才能执行某些任务。
On my CloudFormation template, I did :在我的 CloudFormation 模板上,我做了:
AWSTemplateFormatVersion: '2010-09-09'
Description: Sample SSM commands
MyCommand1:
Type: AWS::SSM::Document
Properties:
DocumentType: Command
Content:
schemaVersion: "2.2"
parameters: {}
mainSteps:
- action: aws:runShellScript
name : command1
inputs:
runCommand:
- echo "this command run on the selected EC2 instance" && echo "You are running this on account {{global:ACCOUNT_ID}}"
Outputs:
Command1ID:
Description: MyCommand1
Value: !Ref MyCommand1
This template install the function, and I can run it from the SSM web console.此模板安装该功能,我可以从 SSM Web 控制台运行它。
But the {{global:ACCOUNT_ID}} is not valued to my account number.但是 {{global:ACCOUNT_ID}} 不值我的帐号。 It is valued to the string "{{global:ACCOUNT_ID}}".它的值是字符串“{{global:ACCOUNT_ID}}”。 So I presume this is not the good syntax to use global var from an SSM command.所以我认为这不是从 SSM 命令使用全局变量的好语法。
So, after reading the doc here https://docs.aws.amazon.com/systems-manager/latest/userguide/walkthrough-cli.html I tried to test this via the CLI only (to quickly test other syntax) :因此,在阅读此处的文档https://docs.aws.amazon.com/systems-manager/latest/userguide/walkthrough-cli.html 后,我尝试仅通过 CLI 进行测试(以快速测试其他语法):
$> sh_command_id=$(aws ssm send-command --instance-ids "i-0cb0c0ea8ef7339f1" --document-name "AWS-RunShellScript" --parameters commands='echo You are running this on account {{global:ACCOUNT_ID}}' --output text --query "Command.CommandId")
but the command failed with a parsing error Error parsing parameter '--parameters': Expected: ',', received: '}' for input但命令失败,出现解析错误Error parsing parameter '--parameters': Expected: ',', received: '}' for input
What is the correct syntax to use the {{global:*}} things in SSM "runCommand" action ?在 SSM "runCommand" 操作中使用 {{global:*}} 事物的正确语法是什么?
2 个解决方案
解决方案1
2 已采纳 2020-01-07 12:43:43
您可以通过使用Fn::Sub函数来实现这一点:
- !Sub 'echo "this command run on the selected EC2 instance" && echo "You are running this on account ${AWS::AccountId}"'
解决方案2
-1 2020-01-07 12:22:43
The built in variable for ACCOUNT_ID is not going to be available to you.您将无法使用ACCOUNT_ID的内置变量。 Using SSM you are running a command on an instance and this command doesn't understand the ACCOUNT_ID.使用 SSM,您正在实例上运行命令,但此命令无法识别 ACCOUNT_ID。 Based on the cloud formation template I am assuming you are running this on a *ix based system.基于云形成模板,我假设您在基于 *ix 的系统上运行它。
One way to do is this use this in your actual command:一种方法是在您的实际命令中使用它:
ACCOUNT_ID=`curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep accountId| awk '{print $3}'|sed 's/"//g'|sed 's/,//g'` && echo "this command run on the selected EC2 instance" && echo "You are running this on account ${ACCOUNT_ID}"
This uses the ec2 instance metadata to figure out the Account ID.这使用ec2 实例元数据来计算帐户 ID。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.