ss3*_*21c 5 amazon-ec2 amazon-web-services python-3.x amazon-cloudwatch boto3
我正在尝试使用 boto3 创建一个 Python 程序来创建 Amazon AutoScaling 组。定义扩展和缩减策略以及相应的 CloudWatch 警报。从程序启动新实例时提供上一步中创建的启动脚本。使用开放的安全组端口 80,\n这是程序,
\n\n# Check if the user has the Access & Secret key configured\nimport boto3\nfrom boto3 import Session\n\nsession = Session()\ncredentials = session.get_credentials()\ncurrent_credentials = credentials.get_frozen_credentials()\n\n# Break & Exit if any of the key is not present\nif current_credentials.access_key is None:\n print("Access Key missing, use `aws configure` to setup")\n exit()\n\nif current_credentials.secret_key is None:\n print("Secret Key missing, use `aws configure` to setup")\n exit()\n\n# VPC design for multi az deployments\nglobalVars = {}\nglobalVars[\'REGION_NAME\'] = "ap-south-1"\nglobalVars[\'AZ1\'] = "ap-south-1a"\nglobalVars[\'AZ2\'] = "ap-south-1b"\nglobalVars[\'CIDRange\'] = "10.240.0.0/23"\nglobalVars[\'az1_pvtsubnet_CIDRange\'] = "10.240.0.0/25"\nglobalVars[\'az1_pubsubnet_CIDRange\'] = "10.240.0.128/26"\nglobalVars[\'az1_sparesubnet_CIDRange\'] = "10.240.0.192/26"\nglobalVars[\'az2_pvtsubnet_CIDRange\'] = "10.240.1.0/25"\nglobalVars[\'az2_pubsubnet_CIDRange\'] = "10.240.1.128/26"\nglobalVars[\'az2_sparesubnet_CIDRange\'] = "10.240.1.192/26"\nglobalVars[\'Project\'] = { \'Key\': \'Name\', \'Value\': \'test1\'}\nglobalVars[\'tags\'] = [{\'Key\': \'Owner\', \'Value\': \'test1\'},\n {\'Key\': \'Environment\', \'Value\': \'Test\'},\n {\'Key\': \'Department\', \'Value\': \'TestD\'}]\n# EC2 Parameters\n\nglobalVars[\'EC2-Amazon-AMI-ID\'] = "ami-d783a9b8"\nglobalVars[\'EC2-InstanceType\'] = "t2.micro"\nglobalVars[\'EC2-KeyName\'] = "datastructutre key"\n\n# AutoScaling Parameters\nglobalVars[\'ASG-LaunchConfigName\'] = "ASG-Demo-LaunchConfig"\nglobalVars[\'ASG-AutoScalingGroupName\'] = "ASG-Demo-AutoScalingGrp"\n\n\n# Creating a VPC, Subnet, and Gateway\nec2 = boto3.resource(\'ec2\', region_name=globalVars[\'REGION_NAME\'])\nec2Client = boto3.client(\'ec2\', region_name=globalVars[\'REGION_NAME\'])\nvpc = ec2.create_vpc(CidrBlock=globalVars[\'CIDRange\'])\nasgClient = boto3.client(\'autoscaling\', region_name=globalVars[\'REGION_NAME\'])\nrds = boto3.client(\'rds\', region_name=globalVars[\'REGION_NAME\'])\n\n# AZ1 Subnets\naz1_pvtsubnet = vpc.create_subnet(CidrBlock=globalVars[\'az1_pvtsubnet_CIDRange\'], AvailabilityZone=globalVars[\'AZ1\'])\naz1_pubsubnet = vpc.create_subnet(CidrBlock=globalVars[\'az1_pubsubnet_CIDRange\'], AvailabilityZone=globalVars[\'AZ1\'])\naz1_sparesubnet = vpc.create_subnet(CidrBlock=globalVars[\'az1_sparesubnet_CIDRange\'], AvailabilityZone=globalVars[\'AZ1\'])\n# AZ2 Subnet\naz2_pvtsubnet = vpc.create_subnet(CidrBlock=globalVars[\'az2_pvtsubnet_CIDRange\'], AvailabilityZone=globalVars[\'AZ2\'])\naz2_pubsubnet = vpc.create_subnet(CidrBlock=globalVars[\'az2_pubsubnet_CIDRange\'], AvailabilityZone=globalVars[\'AZ2\'])\naz2_sparesubnet = vpc.create_subnet(CidrBlock=globalVars[\'az2_sparesubnet_CIDRange\'], AvailabilityZone=globalVars[\'AZ2\'])\n\n# Enable DNS Hostnames in the VPC\nvpc.modify_attribute(EnableDnsSupport={\'Value\': True})\nvpc.modify_attribute(EnableDnsHostnames={\'Value\': True})\n\n# Create the Internet Gatway & Attach to the VPC\nintGateway = ec2.create_internet_gateway()\nintGateway.attach_to_vpc(VpcId=vpc.id)\n\n# Create another route table for Public & Private traffic\nrouteTable = ec2.create_route_table(VpcId=vpc.id)\nrtbAssn=[]\nrtbAssn.append(routeTable.associate_with_subnet(SubnetId=az1_pubsubnet.id))\nrtbAssn.append(routeTable.associate_with_subnet(SubnetId=az1_pvtsubnet.id))\nrtbAssn.append(routeTable.associate_with_subnet(SubnetId=az2_pubsubnet.id))\nrtbAssn.append(routeTable.associate_with_subnet(SubnetId=az2_pvtsubnet.id))\n\n# Create a route for internet traffic to flow out\nintRoute = ec2Client.create_route(RouteTableId=routeTable.id, DestinationCidrBlock=\'0.0.0.0/0\', GatewayId=intGateway.id)\n\n# Tag the resources\nvpc.create_tags (Tags=globalVars[\'tags\'])\naz1_pvtsubnet.create_tags (Tags=globalVars[\'tags\'])\naz1_pubsubnet.create_tags (Tags=globalVars[\'tags\'])\naz1_sparesubnet.create_tags(Tags=globalVars[\'tags\'])\naz2_pvtsubnet.create_tags (Tags=globalVars[\'tags\'])\naz2_pubsubnet.create_tags (Tags=globalVars[\'tags\'])\naz2_sparesubnet.create_tags(Tags=globalVars[\'tags\'])\nintGateway.create_tags (Tags=globalVars[\'tags\'])\nrouteTable.create_tags (Tags=globalVars[\'tags\'])\n\nvpc.create_tags (Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-vpc\'}])\naz1_pvtsubnet.create_tags (Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-az1-private-subnet\'}])\naz1_pubsubnet.create_tags (Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-az1-public-subnet\'}])\naz1_sparesubnet.create_tags(Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-az1-spare-subnet\'}])\naz2_pvtsubnet.create_tags (Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-az2-private-subnet\'}])\naz2_pubsubnet.create_tags (Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-az2-public-subnet\'}])\naz2_sparesubnet.create_tags(Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-az2-spare-subnet\'}])\nintGateway.create_tags (Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-igw\'}])\nrouteTable.create_tags (Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-rtb\'}])\n\n# Let create the Public & Private Security Groups\nelbSecGrp = ec2.create_security_group(DryRun=False,\n GroupName=\'elbSecGrp\',\n Description=\'ElasticLoadBalancer_Security_Group\',\n VpcId=vpc.id\n )\n\npubSecGrp = ec2.create_security_group(DryRun=False,\n GroupName=\'pubSecGrp\',\n Description=\'Public_Security_Group\',\n VpcId=vpc.id\n )\n\npvtSecGrp = ec2.create_security_group(DryRun=False,\n GroupName=\'pvtSecGrp\',\n Description=\'Private_Security_Group\',\n VpcId=vpc.id\n )\n\nelbSecGrp.create_tags(Tags=globalVars[\'tags\'])\npubSecGrp.create_tags(Tags=globalVars[\'tags\'])\npvtSecGrp.create_tags(Tags=globalVars[\'tags\'])\n\nelbSecGrp.create_tags(Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-elb-security-group\'}])\npubSecGrp.create_tags(Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-public-security-group\'}])\npvtSecGrp.create_tags(Tags=[{\'Key\': \'Name\', \'Value\': globalVars[\'Project\'][\'Value\'] + \'-private-security-group\'}])\n\n# Add a rule that allows inbound SSH, HTTP, HTTPS traffic ( from any source )\nec2Client.authorize_security_group_ingress(GroupId=elbSecGrp.id,\n IpProtocol=\'tcp\',\n FromPort=80,\n ToPort=80,\n CidrIp=\'0.0.0.0/0\'\n )\n\n# Allow Public Security Group to receive traffic from ELB Security group\nec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,\n IpPermissions=[{\'IpProtocol\': \'tcp\',\n \'FromPort\': 80,\n \'ToPort\': 80,\n \'UserIdGroupPairs\': [{\'GroupId\': elbSecGrp.id}]\n }]\n )\n# Allow Private Security Group to receive traffic from Application Security group\nec2Client.authorize_security_group_ingress(GroupId=pvtSecGrp.id,\n IpPermissions=[{\'IpProtocol\': \'tcp\',\n \'FromPort\': 3306,\n \'ToPort\': 3306,\n \'UserIdGroupPairs\': [{\'GroupId\': pubSecGrp.id}]\n }]\n )\n\nec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,\n IpProtocol=\'tcp\',\n FromPort=80,\n ToPort=80,\n CidrIp=\'0.0.0.0/0\'\n )\nec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,\n IpProtocol=\'tcp\',\n FromPort=443,\n ToPort=443,\n CidrIp=\'0.0.0.0/0\'\n )\nec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,\n IpProtocol=\'tcp\',\n FromPort=22,\n ToPort=22,\n CidrIp=\'0.0.0.0/0\'\n )\n\n\n# The user defined code to install WebServer & Configure them\nuserDataCode = """\n#!/bin/bash\nset -e -x\n# Setting up the HTTP server \nyum install -y httpd \nservice httpd start\nchkconfig httpd on\ngroupadd www\nusermod -a -G www ec2-user\ncd /var/www/\n# Set the permissions\nchown -R root:www /var/www\nchmod 2775 /var/www\nfind /var/www -type d -exec chmod 2775 {} +\nfind /var/www -type f -exec chmod 0664 {} +\n# SE Linux permissive\n# setsebool -P httpd_can_network_connect=1\nservice httpd restart\n# Remove below file after testing\necho "<?php phpinfo(); ?>" > /var/www/html/phptestinfo.php\n"""\n\n# Create the Public Instance\n##### **DeviceIndex**:The network interface\'s position in the attachment order. For example, the first attached network interface has a DeviceIndex of 0\ninstanceLst = ec2.create_instances(ImageId=globalVars[\'EC2-Amazon-AMI-ID\'],\n MinCount=1,\n MaxCount=1,\n KeyName="datastructutre key",\n UserData=userDataCode,\n InstanceType=globalVars[\'EC2-InstanceType\'],\n NetworkInterfaces=[\n {\n \'SubnetId\': az1_pubsubnet.id,\n \'Groups\': [pubSecGrp.id],\n \'DeviceIndex\': 0,\n \'DeleteOnTermination\': True,\n \'AssociatePublicIpAddress\': True,\n }\n ]\n )\n\n\n# Create the Launch Configuration\n# InstanceId = \'string\'\nasgLaunchConfig = asgClient.create_launch_configuration(\n LaunchConfigurationName=globalVars[\'ASG-LaunchConfigName\'],\n ImageId=globalVars[\'EC2-Amazon-AMI-ID\'],\n KeyName=globalVars[\'EC2-KeyName\'],\n SecurityGroups=[pubSecGrp.id],\n UserData=userDataCode,\n InstanceType=globalVars[\'EC2-InstanceType\'],\n InstanceMonitoring={\'Enabled\': False },\n EbsOptimized=False,\n AssociatePublicIpAddress=False\n)\n\n# create Auto-Scaling Group\nASGSubnets = az1_pubsubnet.id + "," +az2_pubsubnet.id\nasGroup=asgClient.create_auto_scaling_group(\n AutoScalingGroupName=globalVars[\'ASG-AutoScalingGroupName\'],\n LaunchConfigurationName=globalVars[\'ASG-LaunchConfigName\'],\n MinSize=1,\n MaxSize=3,\n DesiredCapacity=2,\n DefaultCooldown=120,\n HealthCheckType=\'EC2\',\n HealthCheckGracePeriod=60,\n Tags=globalVars[\'tags\'],\n VPCZoneIdentifier=ASGSubnets\n )\n\nasgClient.create_or_update_tags(\n Tags=[\n {\n \'ResourceId\': globalVars[\'ASG-AutoScalingGroupName\'],\n \'ResourceType\': \'auto-scaling-group\',\n \'Key\': \'Name\',\n \'Value\': globalVars[\'Project\'][\'Value\'] + \'-ASG-Group\',\n \'PropagateAtLaunch\': True\n },\n ]\n)\n\n\n\n###### Print to Screen ########\nprint("VPC ID : {0}".format(vpc.id))\nprint("AZ1 Public Subnet ID : {0}".format(az1_pubsubnet.id))\nprint("AZ1 Private Subnet ID : {0}".format(az1_pvtsubnet.id))\nprint("AZ1 Spare Subnet ID : {0}".format(az1_sparesubnet.id))\nprint("Internet Gateway ID : {0}".format(intGateway.id))\nprint("Route Table ID : {0}".format(routeTable.id))\nprint("Public Security Group ID : {0}".format(pubSecGrp.id))\nprint("Private Security Group ID : {0}".format(pvtSecGrp.id))\nprint("EC2 Key Pair : {0}".format(globalVars[\'EC2-KeyName\']))\nprint("EC2 PublicIP : {0}".format(globalVars[\'EC2-KeyName\']))\nprint("RDS Endpoint : {0}".format(globalVars[\'Endpoint\']))\n###### Print to Screen ########\n\n\n"""\nFunction to clean up all the resources\n"""\ndef cleanAll(resourcesDict=None):\n # Delete the instances\n ids = []\n for i in instanceLst:\n ids.append(i.id)\n\n ec2.instances.filter(InstanceIds=ids).terminate()\n\n # Wait for the instance to be terminated\n waiter = ec2Client.get_waiter(\'instance_terminated\')\n waiter.wait(InstanceIds=[ids])\n ec2Client.delete_key_pair(KeyName=globalVars[\'EC2-KeyName\'])\n\n # Delete Routes & Routing Table\n for assn in rtbAssn:\n ec2Client.disassociate_route_table(AssociationId=assn.id)\n\n routeTable.delete()\n\n # Delete Subnets\n az1_pvtsubnet.delete()\n az1_pubsubnet.delete()\n az1_sparesubnet.delete()\n\n # Detach & Delete internet Gateway\n ec2Client.detach_internet_gateway(InternetGatewayId=intGateway.id, VpcId=vpc.id)\n intGateway.delete()\n\n # Delete Security Groups\n pubSecGrp.delete()\n pvtSecGrp.delete()\n\n vpc.delete()\n然而,我还没有达到在上面的代码中编写云监视警报的放大和缩小策略的阶段,只是在进一步执行之前执行它时,我遇到了以下错误,
\n\nautoscaling.py", line 51, in <module>\n vpc = ec2.create_vpc(CidrBlock=globalVars[\'CIDRange\'])\n File "E:\\installation2\\python3\\lib\\site-packages\\boto3\\resources\\factory.py", line 520, in do_action\n response = action(self, *args, **kwargs)\n File "E:\\installation2\\python3\\lib\\site-packages\\boto3\\resources\\action.py", line 83, in __call__\n response = getattr(parent.meta.client, operation_name)(**params)\n File "E:\\installation2\\python3\\lib\\site-packages\\botocore\\client.py", line 314, in _api_call\n return self._make_api_call(operation_name, kwargs)\n File "E:\\installation2\\python3\\lib\\site-packages\\botocore\\client.py", line 612, in _make_api_call\n raise error_class(parsed_response, operation_name)\nbotocore.exceptions.ClientError: An error occurred (VpcLimitExceeded) when calling the CreateVpc operation: The maximum number of VPCs has been reached.\n我应该怎么做才能消除此错误:已达到 VPC 的最大数量。
\n ,我使用亚马逊的免费套餐服务。
aws ec2 描述安全组的输出如下
\n\n {\n "SecurityGroups": [\n {\n "Description": "default VPC security group",\n "GroupName": "default",\n "IpPermissions": [\n {\n "IpProtocol": "-1",\n "IpRanges": [],\n "Ipv6Ranges": [],\n "PrefixListIds": [],\n "UserIdGroupPairs": [\n {\n "GroupId": "sg-03c0e0d31aca5827b",\n "UserId": "101010101010"\n }\n ]\n }\n ],\n "OwnerId": "101010101010",\n "GroupId": "sg-03c0e0d31aca5827b",\n "IpPermissionsEgress": [\n {\n "IpProtocol": "-1",\n "IpRanges": [\n {\n "CidrIp": "0.0.0.0/0"\n }\n ],\n "Ipv6Ranges": [],\n "PrefixListIds": [],\n "UserIdGroupPairs": []\n }\n ],\n "VpcId": "vpc-06eedbb5dc8c8e20b"\n },\n {\n "Description": "default VPC security group",\n "GroupName": "default",\n "IpPermissions": [\n {\n "IpProtocol": "-1",\n "IpRanges": [],\n "Ipv6Ranges": [],\n "PrefixListIds": [],\n "UserIdGroupPairs": [\n {\n "GroupId": "sg-080f42f6c90e60956",\n "UserId": "101010101010"\n }\n ]\n }\n ],\n "OwnerId": "101010101010",\n "GroupId": "sg-080f42f6c90e60956",\n "IpPermissionsEgress": [\n {\n "IpProtocol": "-1",\n "IpRanges": [\n {\n "CidrIp": "0.0.0.0/0"\n }\n ],\n "Ipv6Ranges": [],\n "PrefixListIds": [],\n "UserIdGroupPairs": []\n }\n ],\n "VpcId": "vpc-0a0a0699b064d3382"\n },\n {\n "Description": "default VPC security group",\n "GroupName": "default",\n "IpPermissions": [\n {\n "IpProtocol": "-1",\n "IpRanges": [],\n "Ipv6Ranges": [],\n "PrefixListIds": [],\n "UserIdGroupPairs": [\n {\n "GroupId": "sg-096d48a3a161a98cc",\n "UserId": "101010101010"\n }\n ]\n }\n ],\n "OwnerId": "101010101010",\n "GroupId": "sg-096d48a3a161a98cc",\n "IpPermissionsEgress": [\n {\n "IpProtocol": "-1",\n "IpRanges": [\n {\n "CidrIp": "0.0.0.0/0"\n }\n ],\n "Ipv6Ranges": [],\n "PrefixListIds": [],\n "UserIdGroupPairs": []\n }\n ],\n "VpcId": "vpc-090b6525d5e4166bd"\n },\n {\n "Description": "default VPC security group",\n "GroupName": "default",\n "IpPermissions": [\n {\n "IpProtocol": "-1",\n "IpRanges": [],\n "Ipv6Ranges": [],\n "PrefixListIds": [],\n "UserIdGroupPairs": [\n {\n
您不想每次都创建新的 VPC。因此,摆脱 ec2.create_vpc 调用。相反,只需从描述 vpcs 调用中定义您的 vpc 变量(不知道 boto3 中我脑子里想的是什么) - 可能类似于 ec2.describe_vpcs -> 然后选择您想要使用的任何一个。或者只是在脚本中硬编码 vpc id。
@Kush 是正确的 - 每个区域有 5 个 VPC 的软限制,但您实际上不需要为您所做的一切创建新的 VPC。如果出于安全原因您需要对 AWS 基础设施的不同方面进行分段,您可以依靠子网 ACL 和安全组来完成此操作。
| 归档时间: |
|
| 查看次数: |
12651 次 |
| 最近记录: |