我试图让弹性beanstalk自动配置一个elasticache实例.我试图找出如何在我的docker环境中访问运行时缓存实例的地址.我正在运行
python(在gevent上).

这是.ebextensions中的配置文件：

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupName: {Ref : AWSEBSecurityGroup}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

  MyCacheSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: "Lock cache down to webserver access only"
      SecurityGroupIngress :
        - IpProtocol : "tcp"
          FromPort :
            Fn::GetOptionSetting:
              OptionName : "CachePort"
              DefaultValue: "6379"
          ToPort :
            Fn::GetOptionSetting:
              OptionName : "CachePort"
              DefaultValue: "6379"
          SourceSecurityGroupName:
            Ref: "AWSEBSecurityGroup"
  MyElastiCache:
    Type: "AWS::ElastiCache::CacheCluster"
    Properties:
      CacheNodeType:
        Fn::GetOptionSetting:
          OptionName : "CacheNodeType"
          DefaultValue : "cache.t1.micro"
      NumCacheNodes:
        Fn::GetOptionSetting:
          OptionName : "NumCacheNodes"
          DefaultValue : "1"
      Engine:
        Fn::GetOptionSetting:
          OptionName : "Engine"
          DefaultValue : "redis"
      VpcSecurityGroupIds:
        -
          Fn::GetAtt:
            - MyCacheSecurityGroup
            - GroupId

option_settings:
  "aws:elasticbeanstalk:customoption":
    CacheNodeType : cache.t1.micro
    NumCacheNodes : 1
    Engine : redis
    CachePort : 6379

Outputs:
  ElastiCache:
    Description : "ID of ElastiCache Cache Cluster with Redis Engine"
    Value :
      Ref : "MyElastiCache"

files:
  /etc/nginx/conf.d/ssl.conf:
    mode: "000755"
    owner: root
    group: root
    content: |
      # HTTPS Server

      server {
        listen 443;
        server_name localhost;

        ssl on;
        ssl_certificate /etc/pki/tls/certs/server.crt;
        ssl_certificate_key /etc/pki/tls/certs/server.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_prefer_server_ciphers on;

        location / {
          proxy_pass http://docker;
          proxy_http_version 1.1;

          proxy_set_header Connection "";
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
      }
  /tmp/elasticache.env:
    mode: "000444"
    content: |
      export ELASTICACHE_CONFIGURATION_ENDPOINT="'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Address"]}':'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Port"]}'"

option_settings:
  - option_name: ELASTICACHE_DATA_FILE
    value: /var/app/elasticache

container_commands:
  copy_crt:
    command: cp .ebextensions/server.crt /etc/pki/tls/certs/server.crt
  copy_key:
    command: cp .ebextensions/server.key /etc/pki/tls/certs/server.key

我按照指南在这里：http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-environment-resources-elasticache.html#customize-environment-resources-elasticache-defaultvpc.并增加了对使用我们的tls证书的支持.

我的问题是无法从docker实例访问/tmp/elasticache.env文件.有没有更好的方法来获得弹性凭证？

最佳答案 如果您已经拥有ElastiCache端点,则可以使用app deployment hook将其注入Docker容器环境变量：

files:
  "/opt/elasticbeanstalk/hooks/appdeploy/pre/02injectdockerfile.sh":
    mode: "000755"
    content: |
      . /opt/elasticbeanstalk/hooks/common.sh
      EB_CONFIG_APP_CURRENT=$(/opt/elasticbeanstalk/bin/get-config container -k app_deploy_dir)
      cd $EB_CONFIG_APP_CURRENT
      echo "ENV ELASTICACHE_CONFIGURATION_ENDPOINT \"'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Address"]}':'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Port"]}'\"" >> Dockerfile

在https://stackoverflow.com/a/32458281/3427434中查看更多详细信息(在选项#2部分).