如何在 CloudFormation 模板中将数据从 AWS S3 复制到 EC2? [英] How do I copy data from AWS S3 to EC2 in a CloudFormation template?

问题描述

我创建了一个用于启动 AutoScaling 组的 CloudFormation 模板.在启动期间，允许 s3:GetObject 访问的策略附加到每个 EC2 实例.之后，我使用 User Data 安装 Apache Web 服务器和 PHP，然后更改相关文件夹的设置.然后，我需要在每个实例中将多个文件从 S3 存储桶(没有公共访问权限)复制到/var/www/html 文件夹，但是如果不恢复到手动复制或同步在 CloudFormation 堆栈完成后使用 CLI 生成文件 - 这必须是一个完全自动化的过程.

I've created a CloudFormation template that launches an AutoScaling group. During the launch, a policy allowing s3:GetObject access is attached to each EC2 instance. After this, I use User Data to install an Apache web server and PHP, and then change the settings for the relevant folders. I then need to copy multiple files from an S3 bucket (which has no public access) to the /var/www/html folder in each instance, but I can't work out how to do so without reverting to manually copying or syncing the files with the CLI after the CloudFormation stack has completed - this has to be an entirely automated process.

模板中的用户数据如下:

The user data in the template is as follows:

"UserData": {
    "Fn::Base64": {
        "Fn::Join": [
            "\n",
            [
                "#!/bin/bash",
                "yum update -y",
                "yum install -y httpd24 php56",
                "service httpd start",
                "chkconfig httpd on",
                "groupadd DMO",
                "usermod -a -G DMO ec2-user",
                "chgrp -R DMO /var/www",
                "chmod 2775 /var/www",
                "find /var/www -type d -exec chmod 2775 {} +",
                "find /var/www -type f -exec chmod 0664 {} +"
            ]
        ]
    }
}

推荐答案

为了坚持您已经在做的事情，您可以从您的用户数据脚本中运行 AWS CLI:

To stick with that you're already doing, you could run the AWS CLI from within your userdata script:

"UserData": {
    "Fn::Base64": {
        "Fn::Join": [
            "\n",
            [
                "#!/bin/bash",
                "yum update -y",
                "yum install -y httpd24 php56",
                "service httpd start",
                "chkconfig httpd on",
                "groupadd DMO",
                "usermod -a -G DMO ec2-user",
                "chgrp -R DMO /var/www",
                "chmod 2775 /var/www",
                "aws s3 cp s3://MYBUCKET/MYFILE.zip /tmp",
                "unzip -d /var/www /tmp/MYFILE.zip",
                "rm /tmp/MYFILE.zip",
                "find /var/www -type d -exec chmod 2775 {} +",
                "find /var/www -type f -exec chmod 0664 {} +"
            ]
        ]
    }
}

为此，您的 EC2 实例配置文件必须授予从 S3 读取文件的权限.

In order to do this, you EC2 instance profile must grant permission to read the file from S3.

另一种方法是使用 AWS::CloudFormation::Init:这是一个预定义的元数据键，您可以将其附加到 EC2::Instance 或 AutoScaling::LaunchConfiguration 资源，它允许您配置包、服务和单个文件(包括从 S3 检索和解压缩文件).

An alternative is to use AWS::CloudFormation::Init: it's a predefined metadata key that you can attach to either an EC2::Instance or AutoScaling::LaunchConfiguration resource, which allows you to configure packages, services, and individual files (including retrieving and unzipping a file from S3).

有一个教程这里

这篇关于如何在 CloudFormation 模板中将数据从 AWS S3 复制到 EC2?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！