Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
3
Help us understand the problem. What is going on with this article?
@yktakaha4

ECS(Fargate)のバッチをCloudFormationで作成する

More than 1 year has passed since last update.

お試しで作ったものの備忘メモ

  • 以下のリソースが作成されます
    • ECS
      • クラスタ
      • タスク定義
        • Fargateタイプ
        • ネットワークモードはawsvpc
      • タスクスケジュール(CloudWatch Events)
        • 毎日12時に動く
    • ECR
      • 直近2イメージのみ保持
  • 以下が前提になります
    • プライベートサブネット、セキュリティグループが作成済
    • ecsTaskExecutionRoleが作成済
    • SSMのパラメーターストアにてyour_secrets_valueという名前のシークレットが作成済
      • 必要なければSecretsを消せばOK
  • 本日時点で、AWS::Events::Rule EcsParametersの日本語記事を読むとNetworkConfigurationなどの指定ができないように思えますが、英語版には普通に書いてある...ということを伝えたくて書きました
    • フィードバックは送り済みなのでそのうち直るかも
sample.yml
AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  ResourceName:
    Type: String
    Description: Resource Name
  RepositoryName:
    Type: String
    Description: Repository Name
  ImageTagName:
    Type: String
    Description: Image Tag Name
  TaskDefinitionCpu:
    Type: Number
    Description: TaskDefinition Cpu
  TaskDefinitionMemory:
    Type: Number
    Description: TaskDefinition Memory
  TaskExecutionSecurityGroups:
    Type: List<AWS::EC2::SecurityGroup::Id>
    Description: Service SecurityGroups
  TaskExecutionSubnets:
    Type: List<AWS::EC2::Subnet::Id>
    Description: Service Subnets

Resources:
  Cluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName:
        Ref: ResourceName

  Repository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName:
        Ref: RepositoryName
      LifecyclePolicy:
        # https://dev.classmethod.jp/cloud/aws/cfn-for-ecr-lifecyclepolicy/
        LifecyclePolicyText: |
          {
            "rules" : [
              {
                "rulePriority" : 1,
                "description" : "Delete more than 2 images",
                "selection" : {"countType" : "imageCountMoreThan", "countNumber" : 2, "tagStatus" : "any"},
                "action" : {"type" : "expire"}
              }
            ]
          }

  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family:
        Ref: ResourceName
      Cpu:
        Ref: TaskDefinitionCpu
      Memory:
        Ref: TaskDefinitionMemory
      NetworkMode: awsvpc
      ExecutionRoleArn:
        Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole
      RequiresCompatibilities:
        - FARGATE
      ContainerDefinitions:
        - Name:
            Ref: ResourceName
          Image:
            Fn::Sub: ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${RepositoryName}:${ImageTagName}
          Secrets:
            # https://dev.classmethod.jp/cloud/aws/ecs-secrets/
            - Name: YOUR_SECRETS_VALUE
              ValueFrom: your_secrets_value
          LogConfiguration:
            LogDriver: awslogs
            Options:
              "awslogs-region":
                Ref: AWS::Region
              "awslogs-stream-prefix": ecs
              "awslogs-group":
                Fn::Sub: /aws/ecs/${ResourceName}

  TaskSchedule:
    Type: AWS::Events::Rule
    Properties:
      Name: sample_task
      State: ENABLED
      ScheduleExpression: cron(0 3 * * ? *)
      Targets:
        - Id: sample_task
          Arn:
            Fn::GetAtt: [Cluster, Arn]
          RoleArn:
            Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/ecsEventsRole
          EcsParameters:
            # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-ecsparameters.html
            TaskDefinitionArn:
              Ref: TaskDefinition
            LaunchType: FARGATE
            PlatformVersion: LATEST
            NetworkConfiguration:
              AwsVpcConfiguration:
                AssignPublicIp: DISABLED
                Subnets:
                  Ref: TaskExecutionSubnets
                SecurityGroups:
                  Ref: TaskExecutionSecurityGroups
          Input:
            # コマンドは任意に設定してください!
            Fn::Sub: |
              {
                "containerOverrides" : [
                  {
                    "name" : "${ResourceName}",
                    "command" : ["python3", "-m", "sample_task"]
                  }
                ]
              }

  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName:
        Fn::Sub: /aws/ecs/${ResourceName}
      RetentionInDays: 30

以下のような設定ファイルを定義して

parameters.ini
ResourceName=sample-resource
RepositoryName=sample-repository
ImageTagName=smpl
TaskDefinitionCpu=256
TaskDefinitionMemory=512
TaskExecutionSecurityGroups=sg-xxxx
TaskExecutionSubnets=subnet-yyyy,subnet-zzzz

以下のような感じで実行すると楽

ターミナル
# 作成
$ aws cloudformation deploy \
  --stack-name sample-stack \
  --template-file sample.yml \
  --no-fail-on-empty-changeset \
  --parameter-overrides $(cat parameters.ini | tr '\n' ' ')

# オマケ
# DockerイメージをビルドしてECRにpush(99999999はアカウントID)
$ $(aws ecr get-login --no-include-email)
$ docker build -t 99999999.dkr.ecr.ap-northeast-1.amazonaws.com/sample-repository:smpl .
$ docker push 99999999.dkr.ecr.ap-northeast-1.amazonaws.com/sample-repository:smpl

結構面倒でしたが、実際に定義から環境ができると楽しいですね!

3
Help us understand the problem. What is going on with this article?
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
yktakaha4
なにかしら作るのが好きです
admin-guild
「Webサービスの運営に必要なあらゆる知見」を共有できる場として作られた、運営者のためのコミュニティです。

Comments

No comments
Sign up for free and join this conversation.
Sign Up
If you already have a Qiita account Login
3
Help us understand the problem. What is going on with this article?