错误:指定networkMode 'awsvpc‘时必须提供网络配置

Question

我有这个任务定义代码，它有一个问题：

{
  "family": "ikg-api",
  "taskRoleArn": "",
  "executionRoleArn": "arn:aws:iam::913xxxx371:role/ecsTaskExecutionRole",
  "networkMode": "awsvpc",
  "containerDefinitions": [
    {
      "name": "ikg-api",
      "image": "913xxxx371.dkr.ecr.us-west-2.amazonaws.com/ikg_api:fda0b49f8",
      "cpu": 512,
      "memory": 1024,
      "memoryReservation": 1024,
      "portMappings": [
        {
          "containerPort": 80,
          "hostPort": 80,
          "protocol": "tcp"
        }
      ],
      "essential": true,
      "environment": [
        {
          "name": "is_docker",
          "value": "yes"
        }
      ],
      "secrets": [
        {
          "name": "bitbucket_password",
          "valueFrom": "arn:aws:ssm:us-west-1:913xxxx0371:parameter/bitbucket_pwd"
        }
      ],
      "startTimeout": 10,
      "stopTimeout": 19,
      "user": "root",
      "workingDirectory": "/apps",
      "disableNetworking": false,
      "privileged": false,
      "readonlyRootFilesystem": false,
      "interactive": false,
      "pseudoTerminal": false,
      "healthCheck": {
        "command": [
          "curl",
          "localhost"
        ],
        "interval": 30,
        "timeout": 20,
        "retries": 1,
        "startPeriod": 50
      }
    }
  ],
  "networkConfiguration": {
    "awsvpcConfiguration": {
      "assignPublicIp": "ENABLED",
      "securityGroups": [
        "sg-0a6e7d4a5238fe3c6"
      ],
      "subnets": [
        "subnet-05a6557c"
      ]
    }
  },
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "cpu": "512",
  "memory": "1024",
  "tags": [
    {
      "key": "Project",
      "value": "IKG"
    }
  ]
}

当我上传定义时使用：

aws ecs run-task --cluster tutorial --task-definition ikg-api:1  --count 1

我知道这个错误：

调用InvalidParameterException操作时发生错误:当指定networkMode 'awsvpc‘时必须提供网络配置。

在我的生活中，我想不出如何解决这个问题.我试着把networkConfiguration最理智的值放到find...no骰子上。有人知道我是怎么解决这个的吗？

Answer 1

您将需要以下内容(我在工作中获得的快照)

NetworkConfiguration:
    AwsvpcConfiguration:
      AssignPublicIp: DISABLED
      SecurityGroups:
      - !Ref ECSServicesSecurityGroup
      Subnets:
      - Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateA
      - Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateB
      - Fn::ImportValue: !Sub ${VPCStack}-SubnetPrivateC

详情请参阅这和这

Answer 2

下面是包含网络配置的运行任务命令

aws ecs run-task --cluster your-cluster --task-definition your-task:1 --count 1 --launch-type FARGATE --network-configuration "awsvpcConfiguration={subnets=[subnet-0123456789],securityGroups=[sg-0123456789]}"

Answer 3

我认为@user2014363的答案是正确的，我能够使用它来执行我的任务。如果其他人试图在CI中这样做，您可能无法提前知道您的子网/安全组is。我能够使用AWS CLI获取这些信息(您需要有某种方法来识别您需要的子网/安全组，例如按标记进行过滤)：

mytask: 
  image: python:3.8
  stage: deploy
  only:
    - master
  when: manual
  before_script:
    - pip install awscli
    - apt-get -qq update && apt-get -y install jq
    - |
      subnets=$( \
        aws ec2 describe-subnets \
          --filters \
            Name=tag:aws:cloudformation:stack-name,Values=${ENVIRONMENT}-${APP_NAME}-stack \
            Name=tag:aws-cdk:subnet-type,Values=Public \
        | jq -r '.Subnets | map(.SubnetId) | join(",")')
  script:
    - |
      aws ecs run-task \
        --cluster ${ENVIRONMENT}-${APP_NAME}-cluster \
        --task-definition ${ENVIRONMENT}-${APP_NAME}-collectstatic \
        --network-configuration "awsvpcConfiguration={subnets=[${subnets}],assignPublicIp=ENABLED}" \
        --count 1 \
        --launch-type FARGATE