Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@okdyy75

ECS Execで直接コンテナに入ってデバッグする方法

Posted at

こちらの記事の続きです
https://qiita.com/okdyy75/items/a20e81f122c90070c355

下準備

①SSM実行権限用のポリシーを作成

「ECSTaskExecutionSSMmessages」という名前でポリシー作成

aws iam create-policy --policy-name ECSTaskExecutionSSMmessages \
  --policy-document '{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "ssmmessages:CreateControlChannel",
          "ssmmessages:CreateDataChannel",
          "ssmmessages:OpenControlChannel",
          "ssmmessages:OpenDataChannel"
        ],
        "Resource": "*"
      }
    ]
  }'

②ECS用のロールに先ほど作成したポリシーを付与

ECS用のロール「y-oka-ecs-dev-task-execution」に作成したポリシーをアタッチ

ECS_ROLE="y-oka-ecs-dev-task-execution"
POLICY_ARN="arn:aws:iam::<awsのアカウントID>:policy/ECSTaskExecutionSSMmessages"

aws iam attach-role-policy \
  --role-name $ECS_ROLE \
  --policy-arn $POLICY_ARN

③ECSでExecができるようにサービス更新

ECS_CLUSTER="y-oka-ecs-dev"
ECS_SERVICE="y-oka-ecs-dev"

# サービス更新
aws ecs update-service \
  --no-cli-pager \
  --cluster $ECS_CLUSTER \
  --service $ECS_SERVICE \
  --enable-execute-command

④Exec実行用のタスク作成

ECS_CLUSTER="y-oka-ecs-dev"
ECS_SERVICE="y-oka-ecs-dev"
ECS_EXEC_CONTAINER="php-fpm"
ECS_TASK_FAMILY="y-oka-ecs-dev"

NETWORK_CONFIG=$(
  aws ecs describe-services \
    --cluster $ECS_CLUSTER \
    --services $ECS_SERVICE | jq '.services[0].networkConfiguration'
)

# タスク起動
task_arn=$(
  aws ecs run-task \
    --no-cli-pager \
    --launch-type FARGATE \
    --enable-execute-command \
    --cluster $ECS_CLUSTER \
    --task-definition $ECS_TASK_FAMILY \
    --network-configuration "${NETWORK_CONFIG}" | jq '.tasks[0].taskArn'
)

echo $task_arn

実行

⑤ECS Execを実行

ECS_CLUSTER="y-oka-ecs-dev"
ECS_TASK="8e8211471de642aea9723405f8255fa3"
ECS_EXEC_CONTAINER="php-fpm"

# execコマンド実行
aws ecs execute-command \
  --cluster $ECS_CLUSTER \
  --task $ECS_TASK \
  --container $ECS_EXEC_CONTAINER \
  --interactive \
  --command "/bin/sh"

後片付け

⑥作成したタスクを終了

ECS_CLUSTER="y-oka-ecs-dev"
ECS_TASK="8e8211471de642aea9723405f8255fa3"

aws ecs stop-task \
  --no-cli-pager \
  --cluster $ECS_CLUSTER \
  --task $ECS_TASK

⑦更新したサービスを元に戻す

ECS_CLUSTER="y-oka-ecs-dev"
ECS_SERVICE="y-oka-ecs-dev"

aws ecs update-service \
  --no-cli-pager \
  --cluster $ECS_CLUSTER \
  --service $ECS_SERVICE \
  --disable-execute-command

⑧作成したポリシーをデタッチ&削除

POLICY_ARN="arn:aws:iam::xxxxxxxxxxxx:policy/ECSTaskExecutionSSMmessages"

aws iam detach-role-policy \
  --role-name y-oka-ecs-dev-task-execution \
  --policy-arn $POLICY_ARN

aws iam delete-policy --policy-arn $POLICY_ARN
0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?