如何引用实例简介在.ebextension

Question

我需要一个队列在我的豆茎弹性的应用程序，所以我创建队列和我.ebextensions/app.conf在这个片段中的队列策略：

Resources: 
    BackgroundTaskQueue: 
     Type: "AWS::SQS::Queue" 
    AllowWorkerSQSPolicy: 
     Type: "AWS::SQS::QueuePolicy" 
     Properties: 
     Queues: 
      - 
      Ref: "BackgroundTaskQueue" 
     PolicyDocument: 
      Version: "2008-10-17" 
      Id: "PublicationPolicy" 
      Statement: 
      - 
       Sid: "Allow-Create-Task" 
       Effect: "Allow" 
       Principal: 
       AWS: "*" 
       Action: 
       - "sqs:SendMessage" 
       Resource: 
       Fn::GetAtt: 
        - "BackgroundTaskQueue" 
        - "Arn" 

不幸我无法找到一种方法来引用自动调节组中的EC2实例的实例配置文件。 （目前的队列是开放的世界）我尝试了两种方法：

1. 读取配置：

     Principal: 
         AWS: 
          Fn::GetOptionSetting: 
          OptionName: "IamInstanceProfile" 
   

的OPTIONNAME总是从aws:elasticbeanstalk:customoption命名空间，但在IamInstanceProfile检索据我所知，在aws:autoscaling:launchconfiguration命名空间中被定义。 - >没有运气

从实际AWSEBAutoScalingLaunchConfiguration资源读：

  Principal: 
      AWS: 
       Fn::GetAtt: 
       - "AWSEBAutoScalingLaunchConfiguration" 
       - "IamInstanceProfile" 

此方法未能使属性IamInstanceProfile不会露出。

有没有人找到一种方法来制定这样的政策工作？ 有谁知道如何指示GetOptionSetting在不同的命名空间中查找？ 任何人都找到了GetAtt实例配置文件的方法？

Answer 1

您需要在eb环境之外设置实例配置文件。您可以使用“AWS IAM”命令创建策略，角色和实例配置文件（http://docs.aws.amazon.com/cli/latest/reference/iam/index.html#cli-aws-iam），然后指定选项设置的配置文件：如果您使用的eb_deployer

namespace: aws:autoscaling:launchconfiguration 
    option_name: IamInstanceProfile 
    value: your-instance-profile-name 

，有一个自包含的方式做：

创建一个CloudFormation模板来定义您的资源堆栈，例如配置/我-resources.json：

{ 
    "Outputs": { 
    "InstanceProfile": { 
     "Description": "defines what ec2 instance can do with aws resources", 
     "Value": { "Ref": "InstanceProfile" } 
    } 
    }, 

    "Resources": { 
    "Role": { 
     "Type": "AWS::IAM::Role", 
     "Properties": { 
     "AssumeRolePolicyDocument": { 
      "Statement": [{ 
      "Effect": "Allow", 
      "Principal": { 
       "Service": ["ec2.amazonaws.com"] 
      }, 
      "Action": ["sts:AssumeRole"] 
      }] 
     }, 
     "Path": "/", 
     "Policies": [ { 
      "PolicyName": "S3Access", 
      "PolicyDocument": { 
      "Statement": [ 
       { 
       "Effect": "Allow", 
       "Action": [ 
        "s3:Get*", 
        "s3:List*", 
        "s3:PutObject" 
       ], 
       "Resource": "*" 
       } 
      ] 
      } 
     }, { 
      "PolicyName": "SQSAccess", 
      "PolicyDocument": { 
      "Statement": [ { 
       "Effect": "Allow", 
       "Action": [ 
       "sqs:ChangeMessageVisibility", 
       "sqs:DeleteMessage", 
       "sqs:ReceiveMessage", 
       "sqs:SendMessage" 
       ], 
       "Resource": "*" 
      }] 
      } 
     }] 
     } 
    }, 
    "InstanceProfile": { 
     "Type": "AWS::IAM::InstanceProfile", 
     "Properties": { 
     "Path": "/", 
     "Roles": [ { "Ref": "Role" } ] 
     } 
    } 
    } 
} 

一个“资源”部分添加到您的eb_deployer.yml

resources: 
    template: config/my-resources.json 
    capabilities: 
     - CAPABILITY_IAM 
    outputs: 
     InstanceProfile: 
     namespace: aws:autoscaling:launchconfiguration 
     option_name: IamInstanceProfile 

在我们定义的策略实例简介上面的例子中启用特定的访问S3和SQS。然后将实例配置文件名称（模板的输出）映射到Elastic Beanstalk选项设置。

看看这个：https://github.com/ThoughtWorksStudios/eb_deployer/wiki/Elastic-Beanstalk-Tips-and-Tricks#setup-instance-profile-for-your-ec2-instances