These Dockerfile examples demonstrate two options for running a script at container startup, then running the main container process. The example script downloads index.html from https://example.com/ and writes it into Tomcat webapps directory. The index.html is then served by the container at http://localhost:8080/default-app/.
docker build . -t tomcat-with-startup
docker run --rm -it -p 8080:8080 tomcat-with-startup
| # Prerequisites: | |
| # - ECS Fargate cluster | |
| # - ECS task IAM role: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html | |
| # Be sure to include ECS exec permissions: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html#ecs-exec-required-iam-permissions | |
| # - (optional) ECS task execution IAM role: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html | |
| aws ecs list-task-definitions | |
| # Register a task definition for alpine image running "sleep 600" so you can exec into the container for 10 min |
| description: Set all EBS volumes of an EC2 instance to delete on instance termination | |
| schemaVersion: '0.3' | |
| parameters: | |
| InstanceId: | |
| type: String | |
| AutomationAssumeRole: | |
| type: String | |
| default: 'arn:{{global:AWS_PARTITION}}:iam::{{global:ACCOUNT_ID}}:role/AWS-SystemsManager-AutomationExecutionRole' | |
| description: >- | |
| (Optional) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is |
| Parameters: | |
| RoleName: | |
| Description: Name of role to be created - this will be suffixed with the region name | |
| Type: String | |
| SourceRoleArn: | |
| Description: Source IAM role ARN to assume the role | |
| Type: String | |
| Resources: | |
| ConfigCrossAcctEvaluationRole: |
| terraform { | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = ">= 5.0" | |
| } | |
| } | |
| } | |
| resource "aws_config_organization_custom_policy_rule" "required_tags" { |
| terraform { | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = ">= 5.0" | |
| } | |
| } | |
| } | |
| data "aws_partition" "current" {} |
| # aws cloudformation deploy --stack-name LogEvents --template-file ./cloudformation-eventbridge-cloudwatch-logs.yml | |
| # | |
| # Use this EventBridge rule to send events to a CloudWatch Logs log group for review. An example | |
| # use case is to review CloudTrail logs w/ CloudWatch Logs Insights. Recently used this to identify | |
| # service and CloudTrail events from DRS to trigger custom automation (Lambda). | |
| # | |
| # Example CloudWatch Logs Insights query for the log group: | |
| # | |
| # fields @timestamp, @message, `detail-type`, `detail.eventName` | |
| # | filter detail.eventName in ["CreateSourceServerForDrs", "CreateRecoveryInstanceForDrs", "ReverseReplication"] |
| import json | |
| import boto3 | |
| import botocore | |
| import os | |
| import datetime | |
| import re | |
| import csv | |
| from functools import lru_cache | |
| sts = boto3.client("sts") |
| # See documented events sent by Config here: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_example-events.html | |
| # | |
| # It is much easier to write evaluations for rules using ConfigurationItemChangeNotification and | |
| # OversizedConfigurationItemChangeNotification. These notifications include the resource as recorded | |
| # by Config. The Lambda function can review the resource config json and submit an evaluation for | |
| # the resource. | |
| # | |
| # ScheduledNotification events are not specific to a resource, the event only includes | |
| # the account id and rule name. Lambda functions must list all the resources in the account using | |
| # service apis, call the appropriate apis to evaluate the resources config, and then submit |