我有以下脚本:
Parameters:
bucket:
Type: CommaDelimitedList
Description: "Name of the Amazon S3 bucket that contains your file"
Default: "my-bucket"
fileuri:
Type: String
Description: "Path to the file in S3"
Default: "https://my-bucket.s3.eu-west-2.amazonaws.com/oauth-private.key"
authrole:
Type: String
Description: "Role with permissions to download the file from Amazon S3"
Default: "aws-elasticbeanstalk-ec2-role"
files:
/var/app/current/storage/oauth-private.key:
mode: "000600"
owner: webapp
group: webapp
source: { "Ref" : "fileuri" }
authentication: S3AccessCred
Resources:
AWSEBAutoScalingGroup:
Type: "AWS::AutoScaling::AutoScalingGroup"
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCred:
type: "S3"
roleName: { "Ref" : "authrole" }
buckets: { "Ref" : "bucket" }
我遇到的问题是,在部署此文件时,该文件不在/var/app/current/storage目录中。
我以为该脚本可能运行得太早,并且current目录尚未准备好,所以我尝试了ondeck目录,但这也行不通。
如果将路径更改为我的代码库目录之外的其他路径,则该路径将从S3复制。
有什么想法吗?谢谢。
container_command将其传输到当前目录中的应用程序。 此AWS doc在顶部附近提到了密钥的处理顺序。在files之前先处理commands键,然后在设置应用程序和Web服务器之前运行commands。但是,container_commands部分注意到它们用于“执行影响您的应用程序源代码的命令”。
因此您应该将脚本修改为类似以下内容:
Parameters: ...
Resources: ...
files:
"/tmp/oauth-private.key":
mode: "000600"
owner: webapp
group: webapp
source: { "Ref" : "fileuri" }
authentication: S3AccessCred
container_commands:
file_transfer_1:
command: "mkdir -p storage"
file_transfer_2:
command: "mv /tmp/oauth-private.key storage"