Auto Scaling 组 EC2 实例启动失败

Auto Scaling group EC2 instance launch failure

我正在尝试将 CloudFormation 堆栈启动到 运行 EC2 上的 ECS 服务。创建 Auto Scaling 组时我的堆栈创建失败,并且控制台 Activity 选项卡中的错误显示:

Status: Failed

Description: Launching a new EC2 instance. Status Reason: The requested configuration is currently not supported. Please check the documentation for supported configurations. Launching EC2 instance failed.

Cause: At 2020-10-26T23:47:46Z a user request update of AutoScalingGroup constraints to min: 1, max: 1, desired: 1 changing the desired capacity from 0 to 1. At 2020-10-26T23:47:48Z an instance was started in response to a difference between desired and actual capacity, increasing the capacity from 0 to 1.

我曾尝试使用我的 CFT,但到目前为止运气不佳。

AWSTemplateFormatVersion: '2010-09-09'
Description: Hhhhhhhhh Feed Services Containers

Parameters:
  VpcId:
    Type: String
  SubnetId:
    Type: String
  ECSCluster:
    Type: String
    Default: dev-ecs
  EcsSecurityGroup:
    Type: String
    Default: sg-74cb7b0c
  FeedServicesSecurityGroup:
    Type: String
    Default: sg-0a695957eec3371bc
  DesiredCount:
    Type: Number
    Default: '1'
  EC2InstanceAMI:
    Type: String
    Default: 'ami-0dba2cb6798deb6d8'
  InstanceType:
    Type: String
    Default: c6g.4xlarge
  KeyName:
    Type: String
    Default: devops
  Color:
    Type: String
    AllowedValues: ['blue', 'green']
    Description: The deployment color
    Default: 'blue'
  XxxRouteTableId:
    Type: String
    Default: rtb-03eeb623aac1c1ccf

Resources:
  YyyXxxLogsGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Join ['-', [/ecs/feed-services-Yyy-Xxx, !Ref Color]]
  YyyStableLogsGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Join ['-', [/ecs/feed-services-Yyy-stable, !Ref Color]]
  ZzzXxxLogsGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Join ['-', [/ecs/feed-services-Zzz-Xxx, !Ref Color]]
  ZzzStableLogsGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Join ['-', [/ecs/feed-services-Zzz-stable, !Ref Color]]
  WwwXxxLogsGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Join ['-', [/ecs/feed-services-Www-Xxx, !Ref Color]]
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: feed-services
      ExecutionRoleArn: arn:aws:iam::xxxxxxxxx:role/ecs-task-execution-role
      TaskRoleArn: !Ref FeedServicesRole
      ContainerDefinitions:
        - Name: feed-services-Yyy-Xxx
          Image: xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/feed-services/feed-services-Yyy-Xxx
          Essential: True
          Memory: 512
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref YyyXxxLogsGroup
              awslogs-region: us-east-1
              awslogs-stream-prefix: ecs
        - Name: feed-services-Yyy-stable
          Image: xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/feed-services/feed-services-Yyy-stable
          Essential: True
          Memory: 512
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref YyyStableLogsGroup
              awslogs-region: us-east-1
              awslogs-stream-prefix: ecs
        - Name: feed-services-Zzz-Xxx
          Image: xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/feed-services/feed-services-Zzz-Xxx
          Essential: True
          Memory: 8192
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref ZzzXxxLogsGroup
              awslogs-region: us-east-1
              awslogs-stream-prefix: ecs
        - Name: feed-services-Zzz-stable
          Image: xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/feed-services/feed-services-Zzz-stable
          Essential: True
          Memory: 512
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref ZzzStableLogsGroup
              awslogs-region: us-east-1
              awslogs-stream-prefix: ecs
        - Name: feed-services-Www-Xxx
          Image: xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/feed-services/feed-services-Www-Xxx
          Essential: True
          Memory: 512
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref WwwXxxLogsGroup
              awslogs-region: us-east-1
              awslogs-stream-prefix: ecs
      NetworkMode: awsvpc
  FeedServicesRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ['ec2.amazonaws.com']
            Action: ['sts:AssumeRole']
      Policies:
        - PolicyName: !Join ['-', [feed-services, !Ref Color, read-secrets]]
          PolicyDocument:
            Statement:
              - Effect: Allow
                Action:
                  - 'secretsmanager:ListSecrets'
                  - 'secretsmanager:DescribeSecret'
                  - 'secretsmanager:GetRandomPassword'
                  - 'secretsmanager:GetResourcePolicy'
                  - 'secretsmanager:GetSecretValue'
                  - 'secretsmanager:ListSecretVersionIds'
                Resource: ['arn:aws:secretsmanager:us-east-1:xxxxxxxxx:secret:prod/feed-services']
  ECSAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      VPCZoneIdentifier: [!Ref SubnetId]
      LaunchConfigurationName: !Ref ContainerInstances 
      MinSize: '1'
      MaxSize: '1'
      DesiredCapacity: '1'
    CreationPolicy:
      ResourceSignal:
        Timeout: PT15M
    UpdatePolicy:
      AutoScalingReplacingUpdate:
        WillReplace: 'true'
  ContainerInstances:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Join ['-', [feed-services, !Ref Color, launch-configuration]]
      AssociatePublicIpAddress: True
      ImageId: !Ref EC2InstanceAMI
      SecurityGroups: [!Ref FeedServicesSecurityGroup]
      InstanceType: !Ref InstanceType
      IamInstanceProfile: !Ref EC2InstanceProfile
      PlacementTenancy: default
      KeyName: !Ref KeyName
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash -xe
          echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config
          yum install -y aws-cfn-bootstrap
          /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource ECSAutoScalingGroup --region ${AWS::Region}
  FeedServices:
    Type: AWS::ECS::Service
    Properties:
      Cluster: !Ref ECSCluster
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 100
      DesiredCount: !Ref DesiredCount
      LaunchType: EC2
      NetworkConfiguration:
        AwsVpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups: [!Ref FeedServicesSecurityGroup]
          Subnets: [!Ref SubnetId]
      ServiceName: !Join ['-', [feed-services, !Ref Color]]
      TaskDefinition: !Ref TaskDefinition
  ServiceScalingTarget:
    Type: AWS::ApplicationAutoScaling::ScalableTarget
    DependsOn: FeedServices
    Properties:
      MaxCapacity: 1
      MinCapacity: 1
      ResourceId: !Join [ '', [ feed-services/, !Ref 'ECSCluster', /, !GetAtt [ FeedServices, Name ] ] ]
      RoleARN: !GetAtt [ AutoscalingRole, Arn ]
      ScalableDimension: ecs:service:DesiredCount
      ServiceNamespace: ecs
  EC2Role:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: [ ec2.amazonaws.com ]
            Action: [ 'sts:AssumeRole' ]
      Path: /
      Policies:
        - PolicyName: !Join ['-', [feed-services, !Ref Color, ecs-role]]
          PolicyDocument:
            Statement:
              - Effect: Allow
                Action: [ 'ecs:CreateCluster', 'ecs:DeregisterContainerInstance', 'ecs:DiscoverPollEndpoint',
                          'ecs:Poll', 'ecs:RegisterContainerInstance', 'ecs:StartTelemetrySession',
                          'ecs:Submit*', 'logs:CreateLogStream', 'logs:PutLogEvents' ]
                Resource: '*'
  AutoscalingRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: [ application-autoscaling.amazonaws.com ]
            Action: [ 'sts:AssumeRole' ]
      Path: /
      Policies:
        - PolicyName: !Join ['-', [feed-services, !Ref Color, autoscaling-role]]
          PolicyDocument:
            Statement:
              - Effect: Allow
                Action: [ 'application-autoscaling:*', 'cloudwatch:DescribeAlarms', 'cloudwatch:PutMetricAlarm',
                          'ecs:DescribeServices', 'ecs:UpdateService' ]
                Resource: '*'
  SubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref XxxRouteTableId
      SubnetId: !Ref SubnetId
  EC2InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles: [ !Ref 'EC2Role' ]

Outputs:
  feedservices:
    Value: !Ref FeedServices
  taskdefinition:
    Value: !Ref TaskDefinition

根据您的参数默认值,您正在尝试在实例类型 (c6g.4xlarge) 需要基于 ARM 的 AMI。

尝试将 AMI 切换到 ami-0ea142bd244023692,它(在撰写本文时)是 Ubuntu Server 20.04

基于 ARM 的 AMI