如何在 EC2 cfn-init 上克隆 CodeCommit 存储库?
How to clone CodeCommit repo on EC2 cfn-init?
我尝试使用 CloudFormation 设置我的堆栈,并且在我的 EC2 实例启动时我想从 CodeCommit 克隆一个存储库。该存储库来自其他 aws 帐户,因此我设置了具有正确权限的用户。
我尝试了很多不同的方法来克隆它,但都失败了。我尝试的最后一件事是直接在 UserData 中执行 git clone
,但出现两个错误:
1- 与 git clone https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo
fatal: could not read Username for 'https://git-codecommit.eu-west-1.amazonaws.com': No such device or address
2- 与 git clone https://UserFormAWS-65456:/PASSWORDGENERATEBYAWS@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo
fatal: unable to access 'https://TestUser-at-654654:/xyyyzzz=@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo/': Could not resolve host: TestUser-at-787897168481
这是我的模板:
{
"Resources": {
"ec2Bastion": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType":"t2.micro",
"AvailabilityZone" : "eu-west-1c",
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/xvda",
"Ebs" : {
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "8"
}
}
],
"DisableApiTermination": "false",
"ImageId" : "ami-09693313102a30b2c",
"KeyName" : "toto-aws",
"Monitoring" : "true",
"Tenancy" : "default",
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"GroupSet": [{ "Ref": "sgBastion" }],
"SubnetId": "subnet-0c0ef68588036e3a3"
}
]
}
},
"ec2App": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType":"t3.large",
"AvailabilityZone" : "eu-west-1c",
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/xvda",
"Ebs" : {
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "40"
}
}
],
"DisableApiTermination": "false",
"ImageId" : "ami-025da7a468de72fee",
"KeyName" : "toto-aws",
"Monitoring" : "true",
"Tenancy" : "default",
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": "false",
"DeviceIndex": "0",
"GroupSet": [{ "Ref": "sgApp" }],
"SubnetId": { "Ref": "subnetApp" }
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [ "", [
"#!/bin/bash -xe\n",
"yum install -y aws-cfn-bootstrap\n",
"mkdir /root/.aws\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource ec2App ",
" --configsets Configure ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"# Signal the status from cfn-init\n",
"cd /var/www\n",
"git clone https://TestUser-at-7874456456781:/3fgh54wJmRzlVvmYfg654sA5Q=@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo; \n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource ec2App ",
" --region ", { "Ref" : "AWS::Region" }, "\n"
]]
}
}
},
"Metadata" : {
"AWS::CloudFormation::Init" : {
"configSets" : {
"Configure": ["Configure"]
},
"Configure": {
"files": {
"/root/.gitconfig": {
"content" : { "Fn::Join" : [ "", [
"[credential]\n",
" helper = !aws codecommit credential-helper $@\n",
" UseHttpPath = true\n"
]]},
"mode" : "000644",
"owner" : "root",
"group" : "root"
},
"/root/.aws/config": {
"content" : { "Fn::Join" : [ "", [
"[default]\n",
"region = eu-west-1\n",
"output = json\n"
]]},
"mode" : "000600",
"owner" : "root",
"group" : "root"
},
"/root/.aws/credentials": {
"content" : { "Fn::Join" : [ "", [
"[default]\n",
"aws_access_key_id = MYKEY\n",
"aws_secret_access_key = SECRETKEY\n"
]]},
"mode" : "000600",
"owner" : "root",
"group" : "root"
}
}
}
}
}
},
"sgBastion": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": "vpc-0d2d3a7d301ffb3f2",
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp" : "0.0.0.0/32"
}
]
}
},
"sgApp": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": "vpc-0d2d3a7d301ffb3f2",
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId" : { "Ref": "sgBastion" }
}
]
}
},
"subnetApp" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId": "vpc-0d2d3a7d301ffb3f2",
"CidrBlock" : "10.0.10.0/24",
"AvailabilityZone" : "eu-west-1c"
}
},
"appSubnetRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "subnetApp" },
"RouteTableId" : { "Ref" : "appRouteTable" }
}
},
"appRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : "vpc-0d2d3a7d301ffb3f2"
}
},
"appRoute" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"RouteTableId" : { "Ref" : "appRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"NatGatewayId" : "nat-027c1f24384fc90e6"
}
}
}
}
你有什么想法吗?
提前致谢。
关于username:password的使用,语法中密码中不应包含任何'/':
https://UserFormAWS-65456:/PASSWORDGENERATEBYAWS@
?
# should be:
https://UserFormAWS-65456:PASSWORDGENERATEBYAWS@
(除非“/
”实际上是您密码的一部分)
此外,该密码中的任何特殊字符都必须是 percent encoded。
例如用 %3D
.
替换 '=
'
如果 /
实际上是密码的第一个字符,则应将其替换为 %2F
。
我尝试使用 CloudFormation 设置我的堆栈,并且在我的 EC2 实例启动时我想从 CodeCommit 克隆一个存储库。该存储库来自其他 aws 帐户,因此我设置了具有正确权限的用户。
我尝试了很多不同的方法来克隆它,但都失败了。我尝试的最后一件事是直接在 UserData 中执行 git clone
,但出现两个错误:
1- 与 git clone https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo
fatal: could not read Username for 'https://git-codecommit.eu-west-1.amazonaws.com': No such device or address
2- 与 git clone https://UserFormAWS-65456:/PASSWORDGENERATEBYAWS@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo
fatal: unable to access 'https://TestUser-at-654654:/xyyyzzz=@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo/': Could not resolve host: TestUser-at-787897168481
这是我的模板:
{
"Resources": {
"ec2Bastion": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType":"t2.micro",
"AvailabilityZone" : "eu-west-1c",
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/xvda",
"Ebs" : {
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "8"
}
}
],
"DisableApiTermination": "false",
"ImageId" : "ami-09693313102a30b2c",
"KeyName" : "toto-aws",
"Monitoring" : "true",
"Tenancy" : "default",
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"GroupSet": [{ "Ref": "sgBastion" }],
"SubnetId": "subnet-0c0ef68588036e3a3"
}
]
}
},
"ec2App": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType":"t3.large",
"AvailabilityZone" : "eu-west-1c",
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/xvda",
"Ebs" : {
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "40"
}
}
],
"DisableApiTermination": "false",
"ImageId" : "ami-025da7a468de72fee",
"KeyName" : "toto-aws",
"Monitoring" : "true",
"Tenancy" : "default",
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": "false",
"DeviceIndex": "0",
"GroupSet": [{ "Ref": "sgApp" }],
"SubnetId": { "Ref": "subnetApp" }
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [ "", [
"#!/bin/bash -xe\n",
"yum install -y aws-cfn-bootstrap\n",
"mkdir /root/.aws\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource ec2App ",
" --configsets Configure ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"# Signal the status from cfn-init\n",
"cd /var/www\n",
"git clone https://TestUser-at-7874456456781:/3fgh54wJmRzlVvmYfg654sA5Q=@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo; \n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource ec2App ",
" --region ", { "Ref" : "AWS::Region" }, "\n"
]]
}
}
},
"Metadata" : {
"AWS::CloudFormation::Init" : {
"configSets" : {
"Configure": ["Configure"]
},
"Configure": {
"files": {
"/root/.gitconfig": {
"content" : { "Fn::Join" : [ "", [
"[credential]\n",
" helper = !aws codecommit credential-helper $@\n",
" UseHttpPath = true\n"
]]},
"mode" : "000644",
"owner" : "root",
"group" : "root"
},
"/root/.aws/config": {
"content" : { "Fn::Join" : [ "", [
"[default]\n",
"region = eu-west-1\n",
"output = json\n"
]]},
"mode" : "000600",
"owner" : "root",
"group" : "root"
},
"/root/.aws/credentials": {
"content" : { "Fn::Join" : [ "", [
"[default]\n",
"aws_access_key_id = MYKEY\n",
"aws_secret_access_key = SECRETKEY\n"
]]},
"mode" : "000600",
"owner" : "root",
"group" : "root"
}
}
}
}
}
},
"sgBastion": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": "vpc-0d2d3a7d301ffb3f2",
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp" : "0.0.0.0/32"
}
]
}
},
"sgApp": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": "vpc-0d2d3a7d301ffb3f2",
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId" : { "Ref": "sgBastion" }
}
]
}
},
"subnetApp" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId": "vpc-0d2d3a7d301ffb3f2",
"CidrBlock" : "10.0.10.0/24",
"AvailabilityZone" : "eu-west-1c"
}
},
"appSubnetRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "subnetApp" },
"RouteTableId" : { "Ref" : "appRouteTable" }
}
},
"appRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : "vpc-0d2d3a7d301ffb3f2"
}
},
"appRoute" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"RouteTableId" : { "Ref" : "appRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"NatGatewayId" : "nat-027c1f24384fc90e6"
}
}
}
}
你有什么想法吗?
提前致谢。
关于username:password的使用,语法中密码中不应包含任何'/':
https://UserFormAWS-65456:/PASSWORDGENERATEBYAWS@
?
# should be:
https://UserFormAWS-65456:PASSWORDGENERATEBYAWS@
(除非“/
”实际上是您密码的一部分)
此外,该密码中的任何特殊字符都必须是 percent encoded。
例如用 %3D
.
替换 '=
'
如果 /
实际上是密码的第一个字符,则应将其替换为 %2F
。