cloudformation JSON ファイルをゼロから作成しましたが、いくつかの問題があるようです...
私が観察しているのは、基本的に2つの問題です。
まず、私の ECS サービスはEC2
ではなく起動タイプですFARGATE
。ダッシュボードには次のように表示されます。
Status ACTIVE
Registered container instances 0
Pending tasks count 0 Fargate, 0 EC2
Running tasks count 0 Fargate, 0 EC2
Active service count 0 Fargate, 1 EC2
Draining service count 0 Fargate, 0 EC2
2 番目の問題は、cloudformation 自体にあり、サービスCREATE_IN_PROGRESS
で何時間もスタックしてから、サービスが「安定できない」と表示されます。
FARGATE モードが可能にするものを理解していればAutoScalingGroup
、 もLaunchConfiguration
コンポーネントも作成する必要はありませんよね?
ここに私の完全なJSONがあります:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "test",
"Resources": {
"InstanceSecurityGroupOpenWeb": {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupName" : "test-open-web",
"GroupDescription" : "Allow http to client host",
"VpcId" : "vpc-89a8cfef",
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}]
}
},
"InstanceSecurityGroupOpenFull": {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupName" : "test-open-full",
"GroupDescription" : "Allow http to client host",
"VpcId" : "vpc-89a8cfef",
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}]
}
},
"LoadBalancer" : {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"DependsOn": [
"InstanceSecurityGroupOpenWeb",
"InstanceSecurityGroupOpenFull"
],
"Properties": {
"Name": "testalb",
"Scheme" : "internal",
"Subnets" : [
"subnet-aaaaaaaa",
"subnet-bbbbbbbb",
"subnet-cccccccc"
],
"LoadBalancerAttributes" : [
{ "Key" : "idle_timeout.timeout_seconds", "Value" : "50" }
],
"SecurityGroups": [
{ "Ref": "InstanceSecurityGroupOpenWeb" },
{ "Ref" : "InstanceSecurityGroupOpenFull" }
]
}
},
"TargetGroup" : {
"Type" : "AWS::ElasticLoadBalancingV2::TargetGroup",
"DependsOn": [
"LoadBalancer"
],
"Properties" : {
"Name": "web",
"Port": 3000,
"TargetType": "ip",
"Protocol": "HTTP",
"HealthCheckIntervalSeconds": 30,
"HealthCheckProtocol": "HTTP",
"HealthCheckTimeoutSeconds": 10,
"HealthyThresholdCount": 4,
"Matcher" : {
"HttpCode" : "200"
},
"TargetGroupAttributes": [{
"Key": "deregistration_delay.timeout_seconds",
"Value": "20"
}],
"UnhealthyThresholdCount": 3,
"VpcId": "vpc-aaaaaaaa"
}
},
"LoadBalancerListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"DependsOn": [
"TargetGroup"
],
"Properties": {
"DefaultActions": [{
"Type": "forward",
"TargetGroupArn": {
"Ref": "TargetGroup"
}
}],
"LoadBalancerArn": {
"Ref": "LoadBalancer"
},
"Port": 80,
"Protocol": "HTTP"
}
},
"EcsCluster": {
"Type": "AWS::ECS::Cluster",
"DependsOn": [
"LoadBalancerListener"
],
"Properties": {
"ClusterName": "test"
}
},
"EcsTaskRole": {
"Type":"AWS::IAM::Role",
"Properties":{
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect":"Allow",
"Principal": {
"Service": [
"ecs.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path":"/",
"Policies": [
{
"PolicyName": "ecs-task",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:**",
],
"Resource": "*"
}
]
}
}
]
}
},
"WebServerTaskDefinition": {
"Type": "AWS::ECS::TaskDefinition",
"DependsOn": [
"EcsCluster",
"EcsTaskRole"
],
"Properties": {
"ExecutionRoleArn": {
"Ref": "EcsTaskRole"
},
"RequiresCompatibilities": [
"FARGATE"
],
"NetworkMode": "awsvpc",
"Cpu": "1024",
"Memory": "2048",
"ContainerDefinitions": [
{
"Name": "test-web",
"Image": "xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/test-web:latest",
"Cpu": "1024",
"Memory": "2048",
"PortMappings": [
{
"ContainerPort": "80",
"HostPort": "80"
}
],
"Essential": "true"
}]
}
},
"EcsService": {
"Type": "AWS::ECS::Service",
"DependsOn": [
"WebServerTaskDefinition"
],
"Properties": {
"Cluster": {
"Ref": "EcsCluster"
},
"DesiredCount": "1",
"DeploymentConfiguration": {
"MaximumPercent": 100,
"MinimumHealthyPercent": 0
},
"LoadBalancers": [
{
"ContainerName": "test-web",
"ContainerPort": "80",
"TargetGroupArn": {
"Ref": "TargetGroup"
}
}
],
"NetworkConfiguration": {
"AwsvpcConfiguration": {
"AssignPublicIp": "DISABLED",
"SecurityGroups": [
{ "Ref": "InstanceSecurityGroupOpenWeb" },
{ "Ref": "InstanceSecurityGroupOpenFull" }
],
"Subnets": [
"subnet-aaaaaaaa",
"subnet-bbbbbbbb",
"subnet-cccccccc"
]
}
},
"TaskDefinition": {
"Ref": "WebServerTaskDefinition"
}
}
}
}
}