在定义ECS任务计划时,我似乎找不到指定现有安全组的方法。可以使用aws cdk在何处配置任何指针?
在下面的代码片段中,您将看到我能够创建一个cron,指定要计划的docker映像,并通过指定现有的集群和vpc来创建计划本身。但是,没有选项可以指定现有的安全组。是否可以指定现有的安全组?
schedule_cron = scaling.Schedule.cron(minute=manifest['schedule']['minute'],
hour=manifest['schedule']['hour'],
day=manifest['schedule']['day'],
month=manifest['schedule']['month'],
year=manifest['schedule']['year'])
image_option = ecs_patterns.ScheduledFargateTaskImageOptions(image=img,
cpu=manifest["resources"]["cpu"],
memory_limit_mib=manifest["resources"]["memory"],
log_driver=ecs.AwsLogDriver(log_group=log_group,
stream_prefix=manifest["app_name"]),
secrets=secrets,
environment= env)
schedule_pattern = ecs_patterns.ScheduledFargateTask(self, f"scheduledtask{app_name}",
schedule= schedule_cron, scheduled_fargate_task_image_options=image_option, cluster=cluster,
desired_task_count=manifest["replica_count"], vpc=vpc)
答案 0 :(得分:0)
ECS模式尚不支持此功能。但是,底层构造确实可以。因此,您必须自己指定TaskDefinition,Event和Event Target。通过Event指定时间表,并通过Event Target设置SecurityGroup。
这是使用TypeScript的示例实现。请使用aws_cdk.aws_events和aws_cdk.aws_events_targets模块将其调整为Python。
import aas = require('@aws-cdk/aws-applicationautoscaling');
import cdk = require('@aws-cdk/core');
import events = require("@aws-cdk/aws-events")
import event_targets = require("@aws-cdk/aws-events-targets");
import ec2 = require('@aws-cdk/aws-ec2');
const securityGroup = new ec2.SecurityGroup(this, "SecurityGroup", {
vpc: vpc,
});
const task = new ecs.FargateTaskDefinition(this, "TaskDefinition", {
family: "ScheduledTask",
cpu: ..,
memoryLimitMiB: ..,
});
task.addContainer("app_name", ...);
const rule = new events.Rule(this, "Rule", {
description: "ScheduledTask app_name Trigger",
enabled: true,
schedule: aas.Schedule.rate(cdk.Duration.hours(1)),
targets: [
new event_targets.EcsTask({
cluster: cluster,
taskDefinition: task,
securityGroup: securityGroup,
}),
],
});
请注意,EcsTask事件目标仅允许一个安全组。这个问题是在GitHub上提出的:https://github.com/aws/aws-cdk/issues/3312