Error : Network Configuration must be provided when networkMode 'awsvpc' is specified
Error : Network Configuration must be provided when networkMode 'awsvpc' is specified
我有这个任务定义代码,它有问题:
{
"family": "ikg-api",
"taskRoleArn": "",
"executionRoleArn": "arn:aws:iam::913xxxx371:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"containerDefinitions": [
{
"name": "ikg-api",
"image": "913xxxx371.dkr.ecr.us-west-2.amazonaws.com/ikg_api:fda0b49f8",
"cpu": 512,
"memory": 1024,
"memoryReservation": 1024,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "is_docker",
"value": "yes"
}
],
"secrets": [
{
"name": "bitbucket_password",
"valueFrom": "arn:aws:ssm:us-west-1:913xxxx0371:parameter/bitbucket_pwd"
}
],
"startTimeout": 10,
"stopTimeout": 19,
"user": "root",
"workingDirectory": "/apps",
"disableNetworking": false,
"privileged": false,
"readonlyRootFilesystem": false,
"interactive": false,
"pseudoTerminal": false,
"healthCheck": {
"command": [
"curl",
"localhost"
],
"interval": 30,
"timeout": 20,
"retries": 1,
"startPeriod": 50
}
}
],
"networkConfiguration": {
"awsvpcConfiguration": {
"assignPublicIp": "ENABLED",
"securityGroups": [
"sg-0a6e7d4a5238fe3c6"
],
"subnets": [
"subnet-05a6557c"
]
}
},
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "512",
"memory": "1024",
"tags": [
{
"key": "Project",
"value": "IKG"
}
]
}
当我上传定义时使用:
aws ecs run-task --cluster tutorial --task-definition ikg-api:1 --count 1
我收到这个错误:
An error occurred (InvalidParameterException) when calling the RunTask
operation: Network Configuration must be provided when networkMode
'awsvpc' is specified.
我这辈子都想不出如何解决它。我尝试为 networkConfiguration 设置我能找到的最合理的值...没有骰子。
有人知道我如何解决这个问题吗?
你需要像下面这样的东西(我工作时的快照)
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- !Ref ECSServicesSecurityGroup
Subnets:
- Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateA
- Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateB
- Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateC
这是包含网络配置的 运行 任务命令
aws ecs run-task --cluster your-cluster --task-definition your-task:1 --count 1 --launch-type FARGATE --network-configuration "awsvpcConfiguration={subnets=[subnet-0123456789],securityGroups=[sg-0123456789]}"
我认为@user2014363 的回答是正确的,我可以用它来 运行 我的任务。如果其他人试图在 CI 中执行此操作,您可能无法提前知道您的 subnet/security 组 ID。我能够使用 AWS CLI 获取这些(你需要有一些方法来识别你需要的 subnets/security 组,例如按标签过滤):
mytask:
image: python:3.8
stage: deploy
only:
- master
when: manual
before_script:
- pip install awscli
- apt-get -qq update && apt-get -y install jq
- |
subnets=$( \
aws ec2 describe-subnets \
--filters \
Name=tag:aws:cloudformation:stack-name,Values=${ENVIRONMENT}-${APP_NAME}-stack \
Name=tag:aws-cdk:subnet-type,Values=Public \
| jq -r '.Subnets | map(.SubnetId) | join(",")')
script:
- |
aws ecs run-task \
--cluster ${ENVIRONMENT}-${APP_NAME}-cluster \
--task-definition ${ENVIRONMENT}-${APP_NAME}-collectstatic \
--network-configuration "awsvpcConfiguration={subnets=[${subnets}],assignPublicIp=ENABLED}" \
--count 1 \
--launch-type FARGATE
我有这个任务定义代码,它有问题:
{
"family": "ikg-api",
"taskRoleArn": "",
"executionRoleArn": "arn:aws:iam::913xxxx371:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"containerDefinitions": [
{
"name": "ikg-api",
"image": "913xxxx371.dkr.ecr.us-west-2.amazonaws.com/ikg_api:fda0b49f8",
"cpu": 512,
"memory": 1024,
"memoryReservation": 1024,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "is_docker",
"value": "yes"
}
],
"secrets": [
{
"name": "bitbucket_password",
"valueFrom": "arn:aws:ssm:us-west-1:913xxxx0371:parameter/bitbucket_pwd"
}
],
"startTimeout": 10,
"stopTimeout": 19,
"user": "root",
"workingDirectory": "/apps",
"disableNetworking": false,
"privileged": false,
"readonlyRootFilesystem": false,
"interactive": false,
"pseudoTerminal": false,
"healthCheck": {
"command": [
"curl",
"localhost"
],
"interval": 30,
"timeout": 20,
"retries": 1,
"startPeriod": 50
}
}
],
"networkConfiguration": {
"awsvpcConfiguration": {
"assignPublicIp": "ENABLED",
"securityGroups": [
"sg-0a6e7d4a5238fe3c6"
],
"subnets": [
"subnet-05a6557c"
]
}
},
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "512",
"memory": "1024",
"tags": [
{
"key": "Project",
"value": "IKG"
}
]
}
当我上传定义时使用:
aws ecs run-task --cluster tutorial --task-definition ikg-api:1 --count 1
我收到这个错误:
An error occurred (InvalidParameterException) when calling the RunTask operation: Network Configuration must be provided when networkMode 'awsvpc' is specified.
我这辈子都想不出如何解决它。我尝试为 networkConfiguration 设置我能找到的最合理的值...没有骰子。 有人知道我如何解决这个问题吗?
你需要像下面这样的东西(我工作时的快照)
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- !Ref ECSServicesSecurityGroup
Subnets:
- Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateA
- Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateB
- Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateC
这是包含网络配置的 运行 任务命令
aws ecs run-task --cluster your-cluster --task-definition your-task:1 --count 1 --launch-type FARGATE --network-configuration "awsvpcConfiguration={subnets=[subnet-0123456789],securityGroups=[sg-0123456789]}"
我认为@user2014363 的回答是正确的,我可以用它来 运行 我的任务。如果其他人试图在 CI 中执行此操作,您可能无法提前知道您的 subnet/security 组 ID。我能够使用 AWS CLI 获取这些(你需要有一些方法来识别你需要的 subnets/security 组,例如按标签过滤):
mytask:
image: python:3.8
stage: deploy
only:
- master
when: manual
before_script:
- pip install awscli
- apt-get -qq update && apt-get -y install jq
- |
subnets=$( \
aws ec2 describe-subnets \
--filters \
Name=tag:aws:cloudformation:stack-name,Values=${ENVIRONMENT}-${APP_NAME}-stack \
Name=tag:aws-cdk:subnet-type,Values=Public \
| jq -r '.Subnets | map(.SubnetId) | join(",")')
script:
- |
aws ecs run-task \
--cluster ${ENVIRONMENT}-${APP_NAME}-cluster \
--task-definition ${ENVIRONMENT}-${APP_NAME}-collectstatic \
--network-configuration "awsvpcConfiguration={subnets=[${subnets}],assignPublicIp=ENABLED}" \
--count 1 \
--launch-type FARGATE