Serverless框架如何动态获取AWS子网和安全组ID

huangapple go评论67阅读模式
英文:

Servlerless framework how to get AWS subnet and security group id dynamically

问题

我正在使用Serverless Framework将Lambda部署到AWS,并使用Typescript。

当将Lambda附加到现有的VPC时,我们需要提供子网和安全组ID。

  1. 有没有办法动态获取我的云帐户的这些值?
  2. 将这些实际ID保存在git仓库中是否安全,但我想避免这样做?

index.ts如下所示:

import user from './schema';
import { handlerPath } from '@libs/handler-resolver';

export default {
  handler: `${handlerPath(__dirname)}/handler.createuser`,
  events: [
    {
      http: {
        method: 'post',
        path: 'user',
        request: {
          schemas: {
            'application/json': user,
          },
        },
      },
    },
  ],
  vpc: {
    subnetIds: [
      'subnet-1_ID',
      'subnet-2_ID',
      'subnet-3_ID',
    ], // 用您的实际子网ID替换
    securityGroupIds: ['sg-1_ID'], // 用您的实际安全组ID替换
  },
}
英文:

I am using Serverless Framework to deploy a Lambda to AWS with Typescript
When attaching Lambda to an existing VPC we need to provide the Subnet and Security group ids.

  1. Is there any way to get this value dynamically for my cloud account?
  2. Is it safe to save these actual ids in the git repo, but I want to avoid it?

index.ts as below

import user from './schema'
import { handlerPath } from '@libs/handler-resolver'

export default {
  handler: `${handlerPath(__dirname)}/handler.createuser`,
  events: [
    {
      http: {
        method: 'post',
        path: 'user',
        request: {
          schemas: {
            'application/json': user,
          },
        },
      },
    },
  ],
  vpc: {
    subnetIds: [
      'subnet-1_ID',
      'subnet-2_ID',
      'subnet-3_ID',
    ], // Replace with your actual subnet IDs
    securityGroupIds: ['sg-1_ID'], // Replace with your actual security group ID
  },
}

答案1

得分: 1

以下是翻译好的部分:

如果您的子网和安全组是通过CloudFormation部署的,那么您可以从CloudFormation堆栈中输出它们,并直接在您的无服务器配置中引用它们。更多信息在这里

如果它们不是通过CloudFormation部署的,那么您可以使用AWS CLI获取它们,然后将它们设置为环境变量或作为参数传递。然后,您可以直接从无服务器配置中引用它们。

以下是一些您可以使用的命令来获取ID。请确保您的区域设置正确,并且假定您将为每个需要的值运行一次:

安全组:

aws ec2 describe-security-groups --filters Name=tag:Name,Values=<<REPLACE_WITH_NAME_OF_SECURITY_GROUP>> --query "SecurityGroups[*].GroupId" --output text

子网(由于您的VPC已经存在,您可以使用该ID):

aws --region us-east-1 ec2 describe-subnets --filter Name=vpc-id,Values=<<REPLACE_WITH_VPC_ID>> --query "Subnets[*].SubnetId"

子网命令将返回附加到该VPC的所有子网。如果您需要特定的子网,您应该适当地对其进行标记,并使用标记来筛选它们。在我看来,在这里使用CloudFormation是最佳选项,因为它使事情变得最简单。

英文:

Are your Subnets and Security groups deployed via CloudFormation? If so you could output them from the CloudFormation stack and reference them directly in your serverless config. More info here.

If they are not, then you can get them using the AWS CLI and either set them as env vars or pass them in as parameters. Then you can reference them directly from within the serverless config.

Here are some commands you can use to get the IDs. Be sure your region is set correctly and this assumes you will run it once for each value you need:

Security Groups:

aws ec2 describe-security-groups --filters Name=tag:Name,Values=&lt;&lt;REPLACE_WITH_NAME_OF_SECURITY_GROUP&gt;&gt; --query &quot;SecurityGroups[*].GroupId&quot; --output text

Subnets (Since your VPC already exists, you can use that ID):

aws --region us-east-1 ec2 describe-subnets --filter Name=vpc-id,Values=&lt;&lt;REPLACE_WITH_VPC_ID&gt;&gt; --query &quot;Subnets[*].SubnetId&quot;

The subnet command will return all of the subnets attached to that VPC. If you need specific ones you should tag them appropriately and use that to filter them. In my opinion, using CloudFormation is the best option here as it makes it the easiest.

huangapple
  • 本文由 发表于 2023年7月23日 20:28:17
  • 转载请务必保留本文链接:https://go.coder-hub.com/76748233.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定