如何在 ECS 中使用 AWS Nitro Enclave?

huangapple go评论74阅读模式
英文:

How to use AWS Nitro Enclave with ECS?

问题

我正在尝试使用AWS Cloudformation设置AWS Nitro Enclave与ECS配合使用,但在为ECS服务分配启动模板方面遇到了困难。

据我所知,在创建ECS服务时,我们可以指定launchType的值为EC2,但没有办法操作启动参数。

任何带有示例的帮助将不胜感激。

英文:

I am trying to setup AWS Nitro Enclave with ECS using AWS Cloudformation but I am struggling with assigning a launch template to an ECS service.

As far as I know, we can specify a launchType with the value of EC2 while creating the ECS Service but there is no way to manipulate the launch parameters.

Any help with examples will be appreciated.

答案1

得分: 1

氮气隔离区是EC2服务器的一部分。ECS服务只是在EC2服务器上运行的一个Docker容器。在启动ECS服务之前,EC2服务器必须已经正常运行(例如,已经配置好了氮气隔离区)。ECS服务的launchType参数只是指定它是否应该在Fargate或EC2上运行。

你不能通过ECS服务配置来配置集群的EC2服务器。你需要通过集群的容量提供者配置来配置ECS集群中的EC2服务器。具体来说,因为你使用的是EC2而不是Fargate,你需要使用一个配置了EC2启动模板的EC2自动扩展组来配置容量提供者,该模板处理了氮气隔离区的设置。


清楚地说,我从未听说过有人在ECS中使用氮气隔离区,我认为实际上你不能在氮气隔离区内运行ECS服务。最多你可以在同一台服务器上运行同时运行ECS服务和运行一些其他进程的氮气隔离区。

英文:

The Nitro Enclave is part of the EC2 server. An ECS service is just a docker container running on the EC2 server. The EC2 server has to already be up and running (with things like Nitro Enclave already configured) before the ECS service is started on the server. The launchType parameter of the ECS Service just specifies if it should run on Fargate or EC2.

You can't configure your cluster's EC2 servers through an ECS service configuration. You would configure the EC2 servers in the ECS cluster through the cluster's Capacity Provider configuration. Specifically, since you are using EC2 instead of Fargate, you would need to configure the capacity provider with an EC2 auto-scaling group which is configured with an EC2 launch template that handles the Nitro Enclave setup.


To be clear, I've never heard of anyone using Nitro Enclaves with ECS, and I don't think you can actually run ECS services inside the Nitro Enclave. At most you could have ECS services running on the same server that also has a Nitro Enclave running some other process.

huangapple
  • 本文由 发表于 2023年1月9日 19:48:34
  • 转载请务必保留本文链接:https://go.coder-hub.com/75056842.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定