請遵循下方的逐步指示來建置無伺服器後端。按一下每一個步驟號碼來展開區段。
-
步驟 1.為自訂 IAM 角色建立 IAM 政策。
要授與處理網站後端請求的許可,您可建立一個自訂 IAM 政策,以授與以下 AWS 服務許可:
- Step Functions
- StartExecution (stateMachine:examplecorp_eao)
- Sts:AssumeRole
- Lambda
- function:examplecorp_eao_createfleet
- function:examplecorp_eao_createimagebuilder
- function:examplecorp_eao_getimagename
- function:examplecorp_eao_getstatus
- function:examplecorp_eao_sendstreamingurl
- function:examplecorp_eao_stopresources
- Sts:AssumeRole
- AppStream 2.0
- AssociateFleet (Fleet/*)
- CreateFleet (Fleet/*)
- CreateImageBuilder (Image-Builder/*)
- CreateImageBuilderStreamingURL (Image-Builder/*)
- CreateStack (Stack/*)
- CreateStreamingURL (Fleet/*)
- DescribeFleets (Fleet/*)
- DescribeImageBuilders (Image-Builder/*)
- DescribeImages (Image/*)
- StartFleet (Fleet/*)
- StartImageBuilder (Image-Builder/*)
- StopFleet (Fleet/*)
- StopImageBuilder (Image-Builder/*)
- SES
- SendEmail
- API Gateway
- Sts:AssumeRole
- CloudWatch
- *
完成以下步驟以建立自訂 IAM 政策。
1.在以下網址開啟 IAM 主控台:https://console.aws.amazon.com/iam/
2.在導覽窗格中,選擇政策。
3.如果您是第一次選擇政策,則會顯示 歡迎使用受管政策頁面。選擇開始使用。
4.選擇建立政策。
5.選擇 JSON 標籤。
6.複製以下 JSON 政策並將其貼至政策文件欄位。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "lambda:InvokeFunction", "appstream:DescribeImages", "appstream:StartFleet", "appstream:StopImageBuilder", "appstream:CreateStack", "appstream:CreateImageBuilderStreamingURL", "appstream:AssociateFleet", "appstream:DescribeImageBuilders", "appstream:StopFleet", "appstream:CreateImageBuilder", "appstream:CreateFleet", "appstream:DescribeFleets", "states:StartExecution", "appstream:StartImageBuilder", "appstream:CreateStreamingURL" ], "Resource": [ "arn:aws:appstream:*:*:fleet/*", "arn:aws:appstream:*:*:image/*", "arn:aws:appstream:*:*:stack/*", "arn:aws:appstream:*:*:image-builder/*", "arn:aws:states:<REGION-CODE>:<AWS-ACCOUNT-ID>:stateMachine:examplecorp_eao", "arn:aws:lambda:<REGION-CODE>:<AWS-ACCOUNT-ID>:function:examplecorp_eao_sendstreamingurl", "arn:aws:lambda:<REGION-CODE>:<AWS-ACCOUNT-ID>:function:examplecorp_eao_createimagebuilder", "arn:aws:lambda:<REGION-CODE>:<AWS-ACCOUNT-ID>:function:examplecorp_eao_getstatus", "arn:aws:lambda:<REGION-CODE>:<AWS-ACCOUNT-ID>:function:examplecorp_eao_getimagename", "arn:aws:lambda:<REGION-CODE>:<AWS-ACCOUNT-ID>:function:examplecorp_eao_createfleet", "arn:aws:lambda:<REGION-CODE>:<AWS-ACCOUNT-ID>:function:examplecorp_eao_stopresources" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "ses:SendEmail", "logs:CreateLogStream", "cloudwatch:*", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": "*" } ] }7. 使用與您要在其中部署應用程式上線入口網站的 AWS 區域對應的值取代<REGION-CODE>。值必須全部為小寫。如需有關 AppStream 2.0 的 AWS 區域程式碼清單,請參閱 AWS 一般參考中的 Amazon AppStream 2.0 端點資料表的區域欄。使用您的 AWS 帳戶 ID 取代 <AWS-ACCOUNT-ID>。
8.完成後,選擇檢閱政策。
9.針對名稱,為您的新政策鍵入以下名稱:examplecorp_eao_policy。
10.選擇建立政策。
- Step Functions
-
步驟 2.建立 IAM 服務連結角色,讓 Lambda 函數呼叫 AWS 服務。
Lambda 需要 IAM 服務連結角色,以允許該服務代表您存取其他服務中的資源。完成以下步驟,以建立 IAM 服務連結角色並將您建立的政策連接至該角色。
1.在以下網址開啟 IAM 主控台:https://console.aws.amazon.com/iam/
2.在導覽窗格中的角色下,選擇建立角色。
3.針對選取受信任實體的類型,將 AWS 服務保持選取的狀態。
4.選擇 Lambda,然後選擇下一步:許可。
5.在篩選政策搜尋方塊中,鍵入 examplecorp_eao_policy。當清單中出現該政策時,選取政策名稱旁的核取方塊。
6.選擇下一步:標籤。 儘管您可以為政策指定標籤,但不需要標籤。
7.選擇下一步:檢閱。
8.針對角色名稱,鍵入 examplecorp_eao_role。
9.選擇建立角色。
10.在搜尋方塊中,鍵入 examplecorp_eao_role。當清單中出現該角色時,選取角色名稱。
11.在摘要頁面頂部,會顯示角色 ARN。記下此 ARN。此 ARN 稍後在專案中需要用到。
12.選擇信任關係標籤,然後選擇編輯信任關係。
13.在政策文件下,設定信任關係,以包含適用於 lambda.amazonaws.com、states.amazonaws.com 和 apigateway.amazonaws.com 服務委託人 的 sts:AssumeRole 動作。格式應如下所示:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com", “states.amazonaws.com”, "apigateway.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }14.完成後,選擇更新信任政策,以儲存您的變更。
-
步驟 3.建立並設定六個 Lambda 函數。
完成以下步驟以建立六個 Lambda 函數。
1.在以下網址開啟 Lambda 主控台:https://console.aws.amazon.com/lambda/
2.執行以下其中一項:
• 如果您尚未建立任何 Lambda 函數,則會顯示「入門」頁面。在入門下,選擇建立函數。
• 如果您已建立 Lambda 函數,則在函數頁面的右上角,選擇建立函數。
3.在建立函數頁面,將從頭編寫保持選取的狀態
4.在基本資訊下,執行以下操作:
• 針對名稱,鍵入 examplecorp_eao_createimagebuilder。
• 針對執行時間,選擇 Python 3.7。
5.在許可下,選擇選擇或建立執行角色旁的圖示。然後,執行以下操作:
• 針對執行角色,選擇使用現有的角色。
• 針對現有角色,從清單中選擇 examplecorp_eao_role。
6.選擇「建立函數」。
7.在函數程式碼區段的 lambda_function 標籤中,會顯示預留位置程式碼。刪除預留位置程式碼,複製以下程式碼並將其貼至標籤上:
from __future__ import print_function import json import boto3 appstream = boto3.client('appstream') def lambda_handler(event, context): # Log the received event print("Received event: " + json.dumps(event, indent=2)) # Get variables from web form strIBName = event['ib_name'] strIBARN = event['ib_arn'] strInstType = event['instance_type'] strSubnetId = event['subnet1id'] strSecurityGroups = event['securitygroups'] strUserEmail = event['email'] strUserName = event['user_name'] strUserEmail = strUserEmail.strip() strUserName= strUserName.strip() try: response = appstream.create_image_builder( Name=strIBName, ImageArn=strIBARN, VpcConfig={ 'SubnetIds':[ strSubnetId ], 'SecurityGroupIds':[ strSecurityGroups ] }, InstanceType=strInstType) print("Started: " + strIBName) return 1 except Exception as e: print(e) message = 'Error creating image builder' print(message)8.儲存函數。此函數會建立 AppStream 2.0 映像產生器。
9.對以下每個 Lambda 函數重複步驟 2 至 8。
注意:對於步驟 7,請貼上相應 Lambda 函數的程式碼。Lambda 函數 2:獲取 AppStream 2.0 映像產生器和叢集的狀態
建立此函數後,將其命名為 examplecorp_eao_getstatus。
from __future__ import print_function import json import boto3 print('Loading function') appstream = boto3.client('appstream') def Status_to_Return(received_state): switcher = { "PENDING": 0, "RUNNING": 1, "SNAPSHOTTING": 2, "STOPPED": 3, "STOPPING": 4, "STARTING": 5 } return switcher.get(received_state, -1) def lambda_handler(event, context): # Log the received event print("Received event: " + json.dumps(event, indent=2)) # Get names to query against strIBName = event['ib_name'] strFleetName = event['fleet_name'] strType = event['type'] try: #Fleet status check if strType == 2: print ("Type is Fleet") AS2state = appstream.describe_fleets(Names=[strFleetName]) Status = AS2state['Fleets'][0]['State'] print ("State: " + Status) #Image Builder status check elif strType == 1: print ("Type is ImageBuilder") AS2state = appstream.describe_image_builders(Names=[strIBName]) Status = AS2state['ImageBuilders'][0]['State'] print ("State: " + Status) return Status_to_Return(Status) except Exception as e: print(e) print("Error getting status") return -1Lambda 函數 3:傳送串流 URL
建立此函數後,將其命名為 examplecorp_eao_sendstreamingurl。
注意:儲存此函數前,請搜尋 <REGION-CODE>,並使用與您已設定 SES 的 AWS 區域對應的區域程式碼取代。然後搜尋 Source='noreply@example.com' 並將該值變更為您在上一個單元的 SES 中確認的電子郵件地址
from __future__ import print_function import json import boto3 print('Loading function') appstream = boto3.client('appstream') ses = boto3.client('ses',region_name=<REGION-CODE>) def lambda_handler(event, context): # Log the received event print("Received event: " + json.dumps(event, indent=2)) # Get resource names strUserName = event['user_name'] strUserName = strUserName.strip() strEmail = event['email'] strEmail = strEmail.strip() strIBName = event['ib_name'] strFleetName = event['fleet_name'] strStackName = event['stack_name'] strType = event['type'] try: #Create Fleet Streaming URL if strType == 2: print ("Type is Fleet") mailBody = "Your fleet is now created and ready for verification. Please use the connect link below to connect to the instance." url = appstream.create_streaming_url( StackName=strStackName, FleetName=strFleetName, UserId=strUserName, Validity=604800 ) #Create Image Builder Streaming URL elif strType == 1: print ("Type is ImageBuilder") mailBody = "If this is your first time installing your application with AppStream2.0, you can check the getting started guide below for assistance. Otherwise, please click the connect link below to get started." url = appstream.create_image_builder_streaming_url( Name=strIBName, Validity=604800 ) strStreamingURL = url['StreamingURL'] print("Streaming URL: " + strStreamingURL) #Send Streaming URL in E-mail via SES ses.send_email( Source='noreply@example.com', Destination={ 'ToAddresses': [strEmail], }, Message={ 'Body': { 'Html': { 'Charset': 'UTF-8', 'Data': '<html><head><title>Example Corp</title></head><body bgcolor="#e0e0e0">' + strUserName + ',<p>Thank you for trying out the Example Corp <strong>Enterprise Application Onboarding</strong> demo. ' + mailBody + '</p><p><a href=" ' + strStreamingURL + ' ">Connect</a></p><a href="https://d1.awsstatic.com/product-marketing/AppStream2.0/Amazon%20AppStream%202.0%20Getting%20Started%20Guide%20April%202018.pdf">Getting Started Guide</a></body></html>', }, }, 'Subject': { 'Charset': 'UTF-8', 'Data': 'Example Corp Enterprise Application Onboarding for ' + strUserName }, } ) return 1 except Exception as e: print(e) print("Error getting streaming URL") return -1Lambda 函數 4:獲取 AppStream 2.0 映像名稱
建立此函數後,將其命名為 examplecorp_eao_getimagename。
from __future__ import print_function import json import boto3 import datetime print('Loading function') appstream = boto3.client('appstream') def lambda_handler(event, context): # Log the received event print("Received event: " + json.dumps(event, indent=2)) # Get names to query against strIBName = event['ib_name'] try: ImagesCMD = appstream.describe_images(Type='PRIVATE') Images = ImagesCMD['Images'] for Image in Images: if Image.get('ImageBuilderName','') == strIBName: ImageTime = Image['CreatedTime'] now = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc) howold = now - ImageTime HowOldSec = howold.total_seconds() if HowOldSec < 3600: imagename = Image['Name'] return (imagename) except Exception as e: print(e) print("Error getting Image Name") return -1Lambda 函數 5:建立 AppStream 叢集和堆疊,並建立叢集與堆疊的關聯
建立此函數後,將其命名為 examplecorp_eao_createfleet。
from __future__ import print_function import json import boto3 print('Loading function') appstream = boto3.client('appstream') def lambda_handler(event, context): # Log the received event print("Received event: " + json.dumps(event, indent=2)) strFleetName = event['fleet_name'] strStackName = event['stack_name'] strImageName = event['imagename'] strInstType = event['instance_type'] strSubnet1Id = event['subnet1id'] strSubnet2Id = event['subnet2id'] strSecurityGroups = event['securitygroups'] try: #Create AppStream fleet fleet = appstream.create_fleet( Name=strFleetName, ImageName=strImageName, ComputeCapacity={ 'DesiredInstances': 1 }, VpcConfig={ 'SubnetIds':[ strSubnet1Id, strSubnet2Id ], 'SecurityGroupIds':[ strSecurityGroups ] }, InstanceType=strInstType) #Create AppStream stack stack = appstream.create_stack( Name=strStackName, StorageConnectors=[ { 'ConnectorType': 'HOMEFOLDERS' }, ], UserSettings=[ { 'Action': 'CLIPBOARD_COPY_FROM_LOCAL_DEVICE', 'Permission': 'ENABLED' }, ], ApplicationSettings={ 'Enabled': False } ) #Associate Stack to Fleet associate = appstream.associate_fleet( FleetName=strFleetName, StackName=strStackName ) startfleet = appstream.start_fleet( Name=strFleetName ) return 2 except Exception as e: print(e) print("Error creating fleet") return -1Lambda 函數 6:停止 AppStream 2.0 叢集和映像產生器
建立此函數後,將其命名為 examplecorp_eao_stopresources。
from __future__ import print_function import json import boto3 print('Loading function') appstream = boto3.client('appstream') def Status_to_Return(received_state): switcher = { "PENDING": 0, "RUNNING": 1, "SNAPSHOTTING": 2, "STOPPED": 3, "STOPPING": 4 } return switcher.get(received_state, -1) def lambda_handler(event, context): # Log the received event print("Received event: " + json.dumps(event, indent=2)) # Get names to query against strIBName = event['ib_name'] strFleetName = event['fleet_name'] strType = event['type'] try: #Fleet status check if strType == 2: print ("Type is Fleet") AS2state = appstream.describe_fleets(Names=[strFleetName]) Status = AS2state['Fleets'][0]['State'] State = Status_to_Return(Status) if State < 3: print (strFleetName + " is " + Status + " attempting to stop") AS2stop = appstream.stop_fleet(Name=strFleetName) print ("State: " + Status) #Image Builder status check elif strType == 1: print ("Type is ImageBuilder") AS2state = appstream.describe_image_builders(Names=[strIBName]) Status = response['ImageBuilders'][0]['State'] State = Status_to_Return(Status) if State < 3: print (strIBName + " is " + Status + " attempting to stop") AS2stop = appstream.stop_image_builder(Names=[strIBName]) print ("State: " + Status) return Status_to_Return(Status) except Exception as e: print(e) print("Error stopping services") return -1