{"id":17319,"date":"2019-10-29T21:00:19","date_gmt":"2019-10-29T12:00:19","guid":{"rendered":"http:\/\/www.skyarch.net\/blog\/?p=17319"},"modified":"2019-10-29T17:46:47","modified_gmt":"2019-10-29T08:46:47","slug":"aws-systems-manager-%e3%82%aa%e3%83%bc%e3%83%88%e3%83%a1%e3%83%bc%e3%82%b7%e3%83%a7%e3%83%b3%e3%81%ab%e3%82%88%e3%82%8b-autoscaling-%e3%82%b0%e3%83%ab%e3%83%bc%e3%83%97%e3%81%aeami%e6%9b%b4%e6%96%b0","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/aws-systems-manager-%e3%82%aa%e3%83%bc%e3%83%88%e3%83%a1%e3%83%bc%e3%82%b7%e3%83%a7%e3%83%b3%e3%81%ab%e3%82%88%e3%82%8b-autoscaling-%e3%82%b0%e3%83%ab%e3%83%bc%e3%83%97%e3%81%aeami%e6%9b%b4%e6%96%b0\/","title":{"rendered":"AWS Systems Manager \u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u306b\u3088\u308b AutoScaling \u30b0\u30eb\u30fc\u30d7\u306eAMI\u66f4\u65b0"},"content":{"rendered":"

EC2 AutoScaling\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u74b0\u5883\u3067\u306f\u3001OS\u5185\u306e\u66f4\u65b0\u306b\u4f34\u3044\u8d77\u52d5\u5143AMI\u3092\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3059\u308b\u5fc5\u8981\u304c\u51fa\u3066\u304d\u307e\u3059\u3002
\n\u4f8b\u3048\u3070\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306bAMI\u66f4\u65b0\u7528\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9(AutoScaling\u30b0\u30eb\u30fc\u30d7\u306b\u6240\u5c5e\u3057\u306a\u3044)\u3092\u7528\u610f\u3057\u3066\u304a\u304d\u3001<\/p>\n\"\"<\/a>\n

    \n
  1. AMI\u66f4\u65b0\u7528\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u3001OS\u5185\u306e\u66f4\u65b0\u4f5c\u696d\u3092\u5b9f\u65bd<\/li>\n
  2. AMI\u66f4\u65b0\u7528\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u5143\u306bAMI\u3092\u4f5c\u6210<\/li>\n
  3. \u4f5c\u6210\u3057\u305fAMI\u3092\u5143\u306bAutoScaling\u8d77\u52d5\u8a2d\u5b9a\u3092\u4f5c\u6210<\/li>\n
  4. \u5bfe\u8c61\u306eAutoScaling\u30b0\u30eb\u30fc\u30d7\u3092\u3001\u4f5c\u6210\u3057\u305f\u8d77\u52d5\u8a2d\u5b9a\u3092\u53c2\u7167\u3059\u308b\u3088\u3046\u66f4\u65b0<\/li>\n<\/ol>\n

    \u3068\u3044\u3063\u305f\u6d41\u308c\u3067\u884c\u3044\u307e\u3059\u3002
    \n\u4eca\u56de\u306f\u3001SSM Automation \uff0b CloudWatch Events \u3092\u5229\u7528\u3057\u3001(2)\uff5e(4)\u3092\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u5b9f\u884c\u3055\u305b\u3066\u307f\u307e\u3059\u3002<\/p>\n

    \u8a2d\u5b9a\u65b9\u6cd5<\/h3>\n

    CloudFormation\u30b9\u30bf\u30c3\u30af\u4f5c\u6210<\/h4>\n

    \u4ee5\u4e0b\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u5229\u7528\u3057CloudFormation\u30b9\u30bf\u30c3\u30af\u3092\u4f5c\u6210\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n

    AWSTemplateFormatVersion: \"2010-09-09\"\nDescription: \n  IAM Role and SSM Automation Document for Updating AutoScaling AMI.\n\n# ------------------------------------------------------------#\n# METADATA\n# ------------------------------------------------------------#\nMetadata: \n  \"AWS::CloudFormation::Interface\": \n    ParameterGroups: \n      - Label: \n          default: \"IAM Role: CloudWatch Events executes SSM Automation\"\n        Parameters: \n          - CloudWatchEventsRoleName\n          - CloudWatchEventsRolePolicyName\n      - Label: \n          default: \"IAM Role: SSM Automation updates AutoScalingGroup AMI\"\n        Parameters: \n          - SSMAutomationRoleName\n          - SSMAutomationRolePolicyName\n\n    ParameterLabels: \n      CloudWatchEventsRoleName: \n        default: \"IAM Role Name\"\n      CloudWatchEventsRolePolicyName: \n        default: \"IAM Policy Name\"\n      SSMAutomationRoleName: \n        default: \"IAM Role Name\"\n      SSMAutomationRolePolicyName: \n        default: \"IAM Policy Name\"\n\n# ------------------------------------------------------------#\n# PARAMETERS\n# ------------------------------------------------------------# \nParameters:\n  CloudWatchEventsRoleName:\n    Type: String\n    Default: \"EventsRoleForExecSSMAutomation\"\n\n  CloudWatchEventsRolePolicyName:\n    Type: String\n    Default: \"PolicyForExecSSMAutomation\"\n\n  SSMAutomationRoleName:\n    Type: String\n    Default: \"SSMRoleForUpdateAutoScalingGroupAMI\"\n\n  SSMAutomationRolePolicyName:\n    Type: String\n    Default: \"PolicyForUpdateAutoScalingGroupAMI\"\n\n# ------------------------------------------------------------#\n# RESOURCES\n# ------------------------------------------------------------#\nResources: \n# IAM Role: CloudWatch Events executes SSM Automation\n  CloudWatchEventsRole:\n    Type: AWS::IAM::Role\n    Properties:\n      RoleName: !Ref CloudWatchEventsRoleName\n      AssumeRolePolicyDocument:\n        Version: '2012-10-17'\n        Statement:\n        - Effect: Allow\n          Principal:\n            Service:\n            - events.amazonaws.com\n          Action:\n          - sts:AssumeRole\n      Policies: \n        - \n          PolicyName: !Ref CloudWatchEventsRolePolicyName\n          PolicyDocument: \n            Version: \"2012-10-17\"\n            Statement: \n              - \n                Effect: \"Allow\"\n                Action: \n                  - \"ssm:StartAutomationExecution\"\n                  - \"iam:PassRole\"\n                Resource: \"*\"\n\n# IAM Role: SSM Automation updates AutoScalingGroup AMI\n  SSMAutomationRole:\n    Type: AWS::IAM::Role\n    Properties:\n      RoleName: !Ref SSMAutomationRoleName\n      AssumeRolePolicyDocument:\n        Version: '2012-10-17'\n        Statement:\n        - Effect: Allow\n          Principal:\n            Service:\n            - ssm.amazonaws.com\n          Action:\n          - sts:AssumeRole\n      Policies: \n        - \n          PolicyName: !Ref SSMAutomationRolePolicyName\n          PolicyDocument: \n            Version: \"2012-10-17\"\n            Statement: \n              - \n                Effect: \"Allow\"\n                Action: \n                  - \"autoscaling:CreateLaunchConfiguration\"\n                  - \"autoscaling:UpdateAutoScalingGroup\"\n                  - \"ec2:CreateImage\"\n                  - \"ec2:DescribeImages\"\n                Resource: \"*\"\n\n# SSM Automation Document\n  AutomationDocument:\n    Type: \"AWS::SSM::Document\"\n    Properties:\n      DocumentType: Automation\n      Content:\n        description: Automation Document for Updating AMI for AutoScaling Group\n        schemaVersion: '0.3'\n        assumeRole: \"{{ AutomationAssumeRole }}\"\n        parameters:\n          AutomationAssumeRole:\n            type: String\n            description: \"(Optional) The ARN of the role that allows Automation to perform the actions on your behalf.\"\n            default: !GetAtt SSMAutomationRole.Arn\n          InstanceId:\n            type: String\n            description: \"(Required) Instance id of instance that ami is created from.\"\n          LaunchConfigPrefix:\n            type: String\n            description: \"(Required) Name Prefix of Launch Configuration to create.\"\n          AutoScalingGroupName:\n            type: String\n            description: \"(Required) Name of AutoScaling Group which already exists.\"\n        mainSteps:\n        - name: createImage\n          action: aws:createImage\n          inputs:\n            InstanceId: \"{{ InstanceId }}\"\n            ImageName: \"{{ InstanceId }}_{{ global:DATE }}\"\n            NoReboot: true\n            ImageDescription: \"{{ InstanceId }}_{{ global:DATE }}\"\n        - name: CreateLaunchConfiguration\n          action: aws:executeAwsApi\n          inputs:\n            Service: autoscaling\n            Api: CreateLaunchConfiguration\n            InstanceId: \"{{ InstanceId }}\"\n            ImageId: \"{{ createImage.ImageId }}\"\n            LaunchConfigurationName: \"{{ LaunchConfigPrefix }}_{{ global:DATE }}\"\n        - name: UpdateAutoScalingGroup\n          action: aws:executeAwsApi\n          inputs:\n            Service: autoscaling\n            Api: UpdateAutoScalingGroup\n            AutoScalingGroupName: \"{{ AutoScalingGroupName }}\"\n            LaunchConfigurationName: \"{{ LaunchConfigPrefix }}_{{ global:DATE }}\"\n\n# ------------------------------------------------------------#\n# OUTPUTS\n# ------------------------------------------------------------#\nOutputs:\n  AutomationDocument:\n    Description: Automation Document Name\n    Value: !Ref AutomationDocument\n<\/pre>\n
    \u3053\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3067\u3001\u4ee5\u4e0b\u30ea\u30bd\u30fc\u30b9\u304c\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n