使用 Cloudformation 为 EBS 快照创建 Cloudwatch 事件
[英]Create Cloudwatch Event for EBS Snapshot using Cloudformation
问题描述
I am trying to create cloudwatch scheduled event for taking snapshot of my ebs.
我正在尝试创建 cloudwatch 预定事件以拍摄我的 ebs 快照。 I am new to cloudformation not much familiar with it that's why having complexity in achieving this.我是 cloudformation 的新手,对它不太熟悉,这就是为什么要实现这一点很复杂。 I am attaching my current template which spawns my ec2 instance and override the default volume from 10gb to 20gb.我正在附加我当前的模板,该模板生成我的 ec2 实例并将默认卷从 10gb 覆盖到 20gb。 I want to create a cloudwatch event on exactly the same created volume to take the snapshot of this volume that has been created from this template.我想在完全相同的已创建卷上创建一个 cloudwatch 事件,以获取从该模板创建的该卷的快照。 I would be glad if anyone can help me in setting an event with target using the cloudformation syntax.如果有人可以帮助我使用 cloudformation 语法设置目标事件,我会很高兴。
Parameters:
KeyName:
Description: The EC2 Key Pair to allow SSH access to the instance
Type: 'AWS::EC2::KeyPair::KeyName'
Resources:
Ec2Instance:
Type: 'AWS::EC2::Instance'
DependsOn:
- InstanceSecurityGroup
- CWIAMRole
- EC2CWInstanceProfile
Properties:
KeyName: !Ref KeyName
ImageId: ami-057a963e8be173b19
InstanceType: t3a.micro
IamInstanceProfile: !Ref EC2CWInstanceProfile
NetworkInterfaces:
- AssociatePublicIpAddress: 'True'
DeleteOnTermination: 'True'
DeviceIndex: '0'
# Add subnet id below
SubnetId: subnet-031c6fb8172d780aa
GroupSet:
- !Ref InstanceSecurityGroup
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeType: gp2
DeleteOnTermination: 'true'
VolumeSize: '20'
LambdaSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH access via port 22
# Add you vpc id below
VpcId: vpc-02e91d5d082e3a097
GroupName: DS Lambda Security Group
InstanceSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
DependsOn:
- LambdaSecurityGroup
Properties:
GroupDescription: Enable SSH access via port 22
# Add you vpc id below
VpcId: vpc-02e91d5d082e3a097
GroupName: DS DB Instance Security Group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
# Add vpn ip below for e.g 192.168.78.2/32
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '5432'
ToPort: '5432'
SourceSecurityGroupId: !Ref LambdaSecurityGroup
CWIAMRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy'
RoleName: DS_CW_AGENT_ROLE
EC2CWInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
InstanceProfileName: EC2CWInstanceProfile
Roles:
- !Ref CWIAMRole
S3VPCEndpoint:
Type: 'AWS::EC2::VPCEndpoint'
Properties:
RouteTableIds:
- 'rtb-031f3057458433643'
ServiceName: com.amazonaws.ap-southeast-1.s3
VpcId: vpc-02e91d5d082e3a097
1 个解决方案
解决方案1
1 已采纳 2020-08-08 02:38:17
Sadly, you can't do this easily .可悲的是,你不能轻易做到这一点。 The reason is that the Instance resource does not return the id of its root volume.原因是 Instance 资源没有返回其根卷的 id。
What's more, you can't create an independent AWS::EC2::Volume resource and use it as a root volume in your instance.此外,您无法创建独立的AWS::EC2::Volume资源并将其用作实例中的根卷。 This is only for additional volumes.这仅适用于附加卷。
The only way to get the volume id of your root device would be through development of a custom resource .获取根设备的卷 ID 的唯一方法是开发自定义资源。 This would be in the form of lambda function , which would take the instance id, and use AWS SDK to find the volume id and return to cloud formation.这将采用lambda function的形式,它将采用实例 id,并使用 AWS SDK 查找卷 id 并返回到云结构。 With that volume id you could create CloudWatch Event rules.使用该卷 ID,您可以创建 CloudWatch 事件规则。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.