0

cloudformation JSON ファイルをゼロから作成しましたが、いくつかの問題があるようです...

私が観察しているのは、基本的に2つの問題です。

まず、私の ECS サービスはEC2ではなく起動タイプですFARGATE。ダッシュボードには次のように表示されます。

Status ACTIVE
Registered container instances 0
Pending tasks count 0 Fargate, 0 EC2
Running tasks count 0 Fargate, 0 EC2
Active service count 0 Fargate, 1 EC2
Draining service count  0 Fargate, 0 EC2

2 番目の問題は、cloudformation 自体にあり、サービスCREATE_IN_PROGRESSで何時間もスタックしてから、サービスが「安定できない」と表示されます。

FARGATE モードが可能にするものを理解していればAutoScalingGroup、 もLaunchConfigurationコンポーネントも作成する必要はありませんよね?

ここに私の完全なJSONがあります:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "test",
  "Resources": {
    "InstanceSecurityGroupOpenWeb": {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "test-open-web",
        "GroupDescription" : "Allow http to client host",
        "VpcId" : "vpc-89a8cfef",
        "SecurityGroupIngress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "80",
          "ToPort" : "80",
          "CidrIp" : "0.0.0.0/0"
        }],
        "SecurityGroupEgress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "80",
          "ToPort" : "80",
          "CidrIp" : "0.0.0.0/0"
        }]
      }
    },

    "InstanceSecurityGroupOpenFull": {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "test-open-full",
        "GroupDescription" : "Allow http to client host",
        "VpcId" : "vpc-89a8cfef",
        "SecurityGroupIngress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "0",
          "ToPort" : "65535",
          "CidrIp" : "0.0.0.0/0"
        }],
        "SecurityGroupEgress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "80",
          "ToPort" : "80",
          "CidrIp" : "0.0.0.0/0"
        }]
      }
    },

    "LoadBalancer" : {
      "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
      "DependsOn": [
        "InstanceSecurityGroupOpenWeb",
        "InstanceSecurityGroupOpenFull"
      ],
      "Properties": {
        "Name": "testalb",
        "Scheme" : "internal",
        "Subnets" : [
          "subnet-aaaaaaaa",
          "subnet-bbbbbbbb",
          "subnet-cccccccc"
        ],
        "LoadBalancerAttributes" : [
          { "Key" : "idle_timeout.timeout_seconds", "Value" : "50" }
        ],
        "SecurityGroups": [
          { "Ref": "InstanceSecurityGroupOpenWeb" },
          { "Ref" : "InstanceSecurityGroupOpenFull" }
        ]
      }
    },

    "TargetGroup" : {
      "Type" : "AWS::ElasticLoadBalancingV2::TargetGroup",
      "DependsOn": [
        "LoadBalancer"
      ],
      "Properties" : {
        "Name": "web",
        "Port": 3000,
        "TargetType": "ip",
        "Protocol": "HTTP",
        "HealthCheckIntervalSeconds": 30,
        "HealthCheckProtocol": "HTTP",
        "HealthCheckTimeoutSeconds": 10,
        "HealthyThresholdCount": 4,
        "Matcher" : {
          "HttpCode" : "200"
        },
        "TargetGroupAttributes": [{
          "Key": "deregistration_delay.timeout_seconds",
          "Value": "20"
        }],
        "UnhealthyThresholdCount": 3,
        "VpcId": "vpc-aaaaaaaa"
      }
    },

    "LoadBalancerListener": {
      "Type": "AWS::ElasticLoadBalancingV2::Listener",
      "DependsOn": [
        "TargetGroup"
      ],
      "Properties": {
        "DefaultActions": [{
          "Type": "forward",
          "TargetGroupArn": {
            "Ref": "TargetGroup"
          }
        }],
        "LoadBalancerArn": {
          "Ref": "LoadBalancer"
        },
        "Port": 80,
        "Protocol": "HTTP"
      }
    },

    "EcsCluster": {
      "Type": "AWS::ECS::Cluster",
      "DependsOn": [
        "LoadBalancerListener"
      ],
      "Properties": {
        "ClusterName": "test"
      }
    },

    "EcsTaskRole": {
      "Type":"AWS::IAM::Role",
      "Properties":{
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Effect":"Allow",
              "Principal": {
                "Service": [
                  "ecs.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path":"/",
        "Policies": [
          {
            "PolicyName": "ecs-task",
            "PolicyDocument": {
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "ecr:**",
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ]
      }
    },

    "WebServerTaskDefinition": {
      "Type": "AWS::ECS::TaskDefinition",
      "DependsOn": [
        "EcsCluster",
        "EcsTaskRole"
      ],
      "Properties": {
        "ExecutionRoleArn": {
          "Ref": "EcsTaskRole"
        },
        "RequiresCompatibilities": [
          "FARGATE"
        ],
        "NetworkMode": "awsvpc",
        "Cpu": "1024",
        "Memory": "2048",
        "ContainerDefinitions": [
        {
          "Name": "test-web",
          "Image": "xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/test-web:latest",
          "Cpu": "1024",
          "Memory": "2048",
          "PortMappings": [
            {
              "ContainerPort": "80",
              "HostPort": "80"
            }
          ],
          "Essential": "true"
        }]
      }
    },

    "EcsService": {
      "Type": "AWS::ECS::Service",
      "DependsOn": [
        "WebServerTaskDefinition"
      ],
      "Properties": {
        "Cluster": {
          "Ref": "EcsCluster"
        },
        "DesiredCount": "1",
        "DeploymentConfiguration": {
          "MaximumPercent": 100,
          "MinimumHealthyPercent": 0
        },
        "LoadBalancers": [
          {
            "ContainerName": "test-web",
            "ContainerPort": "80",
            "TargetGroupArn": {
              "Ref": "TargetGroup"
            }
          }
        ],
        "NetworkConfiguration": {
          "AwsvpcConfiguration": {
            "AssignPublicIp": "DISABLED",
            "SecurityGroups": [
              { "Ref": "InstanceSecurityGroupOpenWeb" },
              { "Ref": "InstanceSecurityGroupOpenFull" }
            ],
            "Subnets": [
              "subnet-aaaaaaaa",
              "subnet-bbbbbbbb",
              "subnet-cccccccc"
            ]
          }
        },
        "TaskDefinition": {
          "Ref": "WebServerTaskDefinition"
        }
      }
    }

  }
}
4

1 に答える 1