英文:
Servlerless framework how to get AWS subnet and security group id dynamically
问题
我正在使用Serverless Framework将Lambda部署到AWS,并使用Typescript。
当将Lambda附加到现有的VPC时,我们需要提供子网和安全组ID。
- 有没有办法动态获取我的云帐户的这些值?
- 将这些实际ID保存在git仓库中是否安全,但我想避免这样做?
index.ts如下所示:
import user from './schema';
import { handlerPath } from '@libs/handler-resolver';
export default {
handler: `${handlerPath(__dirname)}/handler.createuser`,
events: [
{
http: {
method: 'post',
path: 'user',
request: {
schemas: {
'application/json': user,
},
},
},
},
],
vpc: {
subnetIds: [
'subnet-1_ID',
'subnet-2_ID',
'subnet-3_ID',
], // 用您的实际子网ID替换
securityGroupIds: ['sg-1_ID'], // 用您的实际安全组ID替换
},
}
英文:
I am using Serverless Framework to deploy a Lambda to AWS with Typescript
When attaching Lambda to an existing VPC we need to provide the Subnet and Security group ids.
- Is there any way to get this value dynamically for my cloud account?
- Is it safe to save these actual ids in the git repo, but I want to avoid it?
index.ts as below
import user from './schema'
import { handlerPath } from '@libs/handler-resolver'
export default {
handler: `${handlerPath(__dirname)}/handler.createuser`,
events: [
{
http: {
method: 'post',
path: 'user',
request: {
schemas: {
'application/json': user,
},
},
},
},
],
vpc: {
subnetIds: [
'subnet-1_ID',
'subnet-2_ID',
'subnet-3_ID',
], // Replace with your actual subnet IDs
securityGroupIds: ['sg-1_ID'], // Replace with your actual security group ID
},
}
答案1
得分: 1
以下是翻译好的部分:
如果您的子网和安全组是通过CloudFormation部署的,那么您可以从CloudFormation堆栈中输出它们,并直接在您的无服务器配置中引用它们。更多信息在这里。
如果它们不是通过CloudFormation部署的,那么您可以使用AWS CLI获取它们,然后将它们设置为环境变量或作为参数传递。然后,您可以直接从无服务器配置中引用它们。
以下是一些您可以使用的命令来获取ID。请确保您的区域设置正确,并且假定您将为每个需要的值运行一次:
安全组:
aws ec2 describe-security-groups --filters Name=tag:Name,Values=<<REPLACE_WITH_NAME_OF_SECURITY_GROUP>> --query "SecurityGroups[*].GroupId" --output text
子网(由于您的VPC已经存在,您可以使用该ID):
aws --region us-east-1 ec2 describe-subnets --filter Name=vpc-id,Values=<<REPLACE_WITH_VPC_ID>> --query "Subnets[*].SubnetId"
子网命令将返回附加到该VPC的所有子网。如果您需要特定的子网,您应该适当地对其进行标记,并使用标记来筛选它们。在我看来,在这里使用CloudFormation是最佳选项,因为它使事情变得最简单。
英文:
Are your Subnets and Security groups deployed via CloudFormation? If so you could output them from the CloudFormation stack and reference them directly in your serverless config. More info here.
If they are not, then you can get them using the AWS CLI and either set them as env vars or pass them in as parameters. Then you can reference them directly from within the serverless config.
Here are some commands you can use to get the IDs. Be sure your region is set correctly and this assumes you will run it once for each value you need:
Security Groups:
aws ec2 describe-security-groups --filters Name=tag:Name,Values=<<REPLACE_WITH_NAME_OF_SECURITY_GROUP>> --query "SecurityGroups[*].GroupId" --output text
Subnets (Since your VPC already exists, you can use that ID):
aws --region us-east-1 ec2 describe-subnets --filter Name=vpc-id,Values=<<REPLACE_WITH_VPC_ID>> --query "Subnets[*].SubnetId"
The subnet command will return all of the subnets attached to that VPC. If you need specific ones you should tag them appropriately and use that to filter them. In my opinion, using CloudFormation is the best option here as it makes it the easiest.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论