如何使用 CloudFormation 创建具有 DocumentType 包的“AWS::SSM::Document”
[英]How to create an 'AWS::SSM::Document' with DocumentType of Package using CloudFormation
问题描述
This AWS CloudFormation document suggests that it is possible to administer an 'AWS::SSM::Document' resource with a DocumentType of 'Package'. 
此 AWS CloudFormation 文档建议可以管理 DocumentType 为“Package”的“AWS::SSM::Document”资源。 However the 'Content' required to achieve this remains a mystery.然而,实现这一目标所需的“内容”仍然是个谜。
Is it possible to create a Document of type 'Package' via CloudFormation, and if so, what is the equivalent of this valid CLI command written as a CloudFormation template (preferably with YAML formatting)?是否可以通过 CloudFormation 创建一个“包”类型的文档,如果可以,这个有效的 CLI 命令相当于一个 CloudFormation 模板(最好使用 YAML 格式)?
ssm create-document --name my-package --content "file://manifest.json" --attachments Key="SourceUrl",Values="s3://my-s3-bucket" --document-type Package
Failed Attempt.尝试失败。 The content used is an inline version of the manifest.json which was provided when using the CLI option.使用的内容是使用 CLI 选项时提供的 manifest.json 的内联版本。 There doesn't seem to be an option to specify an AttachmentSource when using CloudFormation:使用 CloudFormation 时似乎没有指定 AttachmentSource 的选项:
AWSTemplateFormatVersion: 2010-09-09
Resources:
Document:
Type: AWS::SSM::Document
Properties:
Name: 'my-package'
Content: !Sub |
{
"schemaVersion": "2.0",
"version": "Auto-Generated-1579701261956",
"packages": {
"windows": {
"_any": {
"x86_64": {
"file": "my-file.zip"
}
}
}
},
"files": {
"my-file.zip": {
"checksums": {
"sha256": "sha...."
}
}
}
}
DocumentType: Package
CloudFormation Error CloudFormation 错误
AttachmentSource not provided in the input request. (Service: AmazonSSM; Status Code: 400; Error Code: InvalidParameterValueException;
2 个解决方案
解决方案1
2 已采纳 2021-06-24 19:07:54
Yes, this is possible!是的,这是可能的! I've successfully created a resource with DocumentType: Package and the package shows up in the SSM console under Distributor Packages after the stack succeeds.我已经使用DocumentType: Package成功创建了一个资源,并且在堆栈成功后,该包显示在 Distributor Packages 下的 SSM 控制台中。
Your YAML is almost there, but you need to also include the Attachments property that is now available .您的 YAML 已准备就绪,但您还需要包含现在可用的Attachments属性。
Here is a working example:这是一个工作示例:
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample to create a Package type Document
Parameters:
S3BucketName:
Type: "String"
Default: "my-sample-bucket-for-package-files"
Description: "The name of the S3 bucket."
Resources:
CrowdStrikePackage:
Type: AWS::SSM::Document
Properties:
Attachments:
- Key: "SourceUrl"
Values:
- !Sub "s3://${S3BucketName}"
Content:
!Sub |
{
"schemaVersion": "2.0",
"version": "1.0",
"packages": {
"windows": {
"_any": {
"_any": {
"file": "YourZipFileName.zip"
}
}
}
},
"files": {
"YourZipFileName.zip": {
"checksums": {
"sha256": "7981B430E8E7C45FA1404FE6FDAB8C3A21BBCF60E8860E5668395FC427CE7070"
}
}
}
}
DocumentFormat: "JSON"
DocumentType: "Package"
Name: "YourPackageNameGoesHere"
TargetType: "/AWS::EC2::Instance"
Note: for the Attachments property you must use the SourceUrl key when using DocumentType: Package .注意:对于Attachments属性,在使用DocumentType: Package时必须使用SourceUrl键。 The creation process will append a "/" to this S3 bucket URL and concatenate it with each file name you have listed in the manifest that is the Content property when it creates the package.创建过程将在此 S3 存储桶 URL 后附加一个“/”,并将其与您在清单中列出的每个文件名连接起来,该文件名是创建包时的Content属性。
解决方案2
0 2020-04-07 23:44:26
Seems there is no direct way to create an SSM Document with Attachment via CloudFormation (CFN).似乎没有直接的方法可以通过 CloudFormation (CFN) 创建带有附件的 SSM 文档。 You can use a workaround as using a backed Lambda CFN where you will use a Lambda to call the API SDK to create SSM Document then use Custom Resource in CFN to invoke that Lambda.您可以使用一种变通方法,例如使用支持的 Lambda CFN,您将使用 Lambda 调用 API SDK 来创建 SSM 文档,然后使用 CFN 中的自定义资源来调用该 Lambda。
There are some notes on how to implement this solution as below:关于如何实施此解决方案有一些注意事项,如下所示:
- How to invoke Lambda from CFN: Is it possible to trigger a lambda on creation from CloudFormation template如何从 CFN 调用 Lambda: 是否可以在从 CloudFormation 模板创建时触发 lambda
- Sample of a Lambda sending response format (when using Custom Resource in CFN): https://github.com/stelligent/cloudformation-custom-resources Lambda 发送响应格式示例(在 CFN 中使用自定义资源时): https : //github.com/stelligent/cloudformation-custom-resources
- In order to deploy Lambda with best practices and easy upload the attachment, Document content from local, you should use
sam deployinstead of CFNcreate stack.为了使用最佳实践部署 Lambda 并轻松上传附件,本地文档内容,您应该使用sam deploy而不是 CFNcreate stack。 - You can get information of the newly created resource from lambda to the CFN by adding the resource detail into the
datajson in the response lambda send back and the CFN can use it with !GetAtt CustomResrc.Attribute, you can find more detail here .您可以通过将资源详细信息添加到响应 lambda 发送回的datajson 中来从 lambda 获取新创建资源的信息到 CFN,CFN 可以将其与 !GetAtt CustomResrc.Attribute 一起使用,您可以在此处找到更多详细信息。
There are some drawbacks on this solution:此解决方案有一些缺点:
- Add more complex to the original solution as you have to create resources for the Lambda execution such as (S3 to deploy Lambda, Role for Lambda execution and assume the SSM execution, SSM content file - or you have to use a 'long' inline content).向原始解决方案添加更复杂的内容,因为您必须为 Lambda 执行创建资源,例如(用于部署 Lambda 的 S3、用于 Lambda 执行的角色并承担 SSM 执行、SSM 内容文件 - 或者您必须使用“长”内联内容)。 It won't be a One-call CFN create-stack anymore.它不再是 One-call CFN 创建堆栈。 However, you can put everything into the SAM template because at the end of the day, it's just a CFN template但是,您可以将所有内容都放入 SAM 模板中,因为归根结底,它只是一个 CFN 模板
- When Delete the CFN stack, you have to implement the lambda when RequestType == Delete for cleaning up your resource.当删除 CFN 堆栈时,您必须在 RequestType == Delete 时实现 lambda 以清理您的资源。
PS: If you don't have to work strictly on CFN, then you can try with Terraform:https://www.terraform.io/docs/providers/aws/r/ssm_document.html PS:如果您不必严格在CFN上工作,那么您可以尝试使用Terraform:https ://www.terraform.io/docs/providers/aws/r/ssm_document.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.