クラウドフォーメーションスクリプトからECSサービスを作成したい。サービスはApplication Load Balancerで外部に公開する必要があります
Elastic Load Balancer、リスナー、ListnerRuleを作成しました
Resources:
Vpc:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Metadata:
'AWS::CloudFormation::Designer':
id: 0e3933ae-23c2-44e1-a0d9-82fcfba93511
PubSubnetAz1:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref Vpc
CidrBlock: 10.0.1.0/24
AvailabilityZone: 'ap-southeast-1a'
MapPublicIpOnLaunch: true
Metadata:
'AWS::CloudFormation::Designer':
id: 6c7ca021-4114-4ec8-acf8-4f103ff7011f
PubSubnetAz2:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref Vpc
CidrBlock: 10.0.2.0/24
AvailabilityZone: 'ap-southeast-1b'
MapPublicIpOnLaunch: true
Metadata:
'AWS::CloudFormation::Designer':
id: cfe07e5c-e00f-4918-b877-f567fa08c802
InternetGateway:
Type: 'AWS::EC2::InternetGateway'
Metadata:
'AWS::CloudFormation::Designer':
id: 46bddd21-3027-4ccb-9e5d-ebf887429453
AttachGateway:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
VpcId: !Ref Vpc
InternetGatewayId: !Ref InternetGateway
Metadata:
'AWS::CloudFormation::Designer':
id: 11b7e802-d5ba-437a-8695-4bd5406d4db7
RouteViaIgw:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref Vpc
Metadata:
'AWS::CloudFormation::Designer':
id: 1a2f2b53-09d3-4c2c-8286-295870b8c602
PublicRouteViaIgw:
Type: 'AWS::EC2::Route'
DependsOn:
- AttachGateway
Properties:
RouteTableId: !Ref RouteViaIgw
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
Metadata:
'AWS::CloudFormation::Designer':
id: 4b7c941a-8498-4e70-886b-9339018cc18a
PubSubnet1RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PubSubnetAz1
RouteTableId: !Ref RouteViaIgw
Metadata:
'AWS::CloudFormation::Designer':
id: cea0d60a-6d91-4922-90ea-f6db9f4378a9
PubSubnet2RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PubSubnetAz2
RouteTableId: !Ref RouteViaIgw
Metadata:
'AWS::CloudFormation::Designer':
id: c3b3c8e1-a9c8-47c6-8d26-b6f272bcd9e1
EcsSecurityGroup:
Condition: CreateNewSecurityGroup
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: ECS Allowed Ports
SecurityGroupIngress:
IpProtocol: tcp
FromPort: 30
ToPort: 150
CidrIp: 0.0.0.0/0
Metadata:
'AWS::CloudFormation::Designer':
id: 493fdb30-54ce-4e4e-9cd6-c9faa6e3f93b
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref Vpc
GroupDescription: Access to the load balancer that sits in front of ECS
SecurityGroupIngress:
# Allow access from anywhere to our ECS services
- CidrIp: 0.0.0.0/0
IpProtocol: -1
ECSCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: 'my-cluster'
EcsInstanceAsg:
DependsOn: ECSCluster
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
LaunchConfigurationName: !Ref EcsInstanceLc
AvailabilityZones:
- ap-southeast-1a
- ap-southeast-1b
MinSize: '2'
MaxSize: '3'
DesiredCapacity: '2'
Tags:
- Key: Name
Value: !Sub 'ECS Instance stack'
PropagateAtLaunch: 'true'
- Key: Description
Value: >-
This instance is the part of the Auto Scaling group which was
created through ECS Console
PropagateAtLaunch: 'true'
Metadata:
'AWS::CloudFormation::Designer':
id: 80731e0b-a9e5-461c-9049-e215aed2ad3d
EcsInstanceLc:
# DependsOn
Type: 'AWS::AutoScaling::LaunchConfiguration'
Properties:
ImageId: 'AMI-050865a806e0dae53'
InstanceType: 't2.large'
# AssociatePublicIpAddress: false
SecurityGroups:
- !Ref EcsSecurityGroup
Metadata:
'AWS::CloudFormation::Designer':
id: 0e8e3b5a-7b14-4ffc-92af-ef9be7e51689
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: 'my-load-balancer'
Subnets:
- !Ref PubSubnetAz1
- !Ref PubSubnetAz2
Listeners:
InstancePort: 80
InstanceProtocol: HTTP
LoadBalancerPort: 80
Protocol: HTTP
HealthCheck:
HealthyThreshold: '10'
Interval: '5'
Target: '10'
Timeout: '15'
UnhealthyThreshold: '20'
SecurityGroups: !Ref LoadBalancerSecurityGroup
Tags:
- Key: Name
Value: !Ref EcsClusterNam
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !Ref Vpc
Port: 80
Protocol: HTTP
HealthCheckIntervalSeconds: 10
HealthCheckPort: 80
HealthCheckPath: '/actuator/health'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 3
TargetType: instance
Matcher:
HttpCode: '200'
Listener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref TargetGroup
LoadBalancerArn: !Ref LoadBalancer
Port: '80'
Protocol: HTTP
ListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn: !Ref TargetGroup
LoadBalancerArn: !Ref LoadBalancer
Port: 80
Protocol: tcp
Priority: 1
Conditions:
- Field: path-pattern
Values: "/*"
ListenerArn: !Ref Listener
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: 'product-service'
Cpu: '256'
Memory: '512'
NetworkMode: bridge
RequiresCompatibilities:
- EC2
ExecutionRoleArn: 'ecserviceRole'
ContainerDefinitions:
- Name: 'product-service'
Cpu: '128'
Memory: '256'
Image: 'ccmcwolf/microservices:awstest'
PortMappings:
- HostPort: '80'
ContainerPort: '80'
Protocol: 'tcp'
# LogConfiguration:
# LogDriver: awslogs
# Options:
# awslogs-group: !Ref CloudWatchLogsGroup
# awslogs-region: !Ref AWS::Region
Service:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ECSCluster
Role: 'ecserviceRole'
DesiredCount: '2'
TaskDefinition: !Ref TaskDefinition
LoadBalancers:
- TargetGroupArn: !Ref TargetGroup
ContainerPort: 80
ContainerName: "product-service"
cloudformationでスクリプトを実行すると、エラーがスローされます
TargetGroupArn arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxx:targetgroup/iy6-TargetG-A6FWY20V6B6P/7e5d12f4cb4758a1のターゲットグループには、ロードバランサーが関連付けられていません
。 https://notepad.pw/ecsaws で利用できるAWSクラウド形成スクリプト全体
あなたが持っている究極の問題はAWS::ECS::Service
ターゲットグループがロードバランサーに追加される前に、ターゲットグループに接続しようとしています。その修正は非常に簡単です。
Service:
Type: AWS::ECS::Service
DependsOn: Listener # Line Added
Properties:
Cluster: !Ref ECSCluster
Role: 'ecserviceRole'
DesiredCount: '2'
TaskDefinition: !Ref TaskDefinition
LoadBalancers:
- TargetGroupArn: !Ref TargetGroup
ContainerPort: 80
ContainerName: "product-service"
そうは言っても、多くのエラーがあるため、LoadBalancer
定義も更新する必要があります。そのはず:
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: 'my-load-balancer'
Subnets:
- !Ref PubSubnetAz1
- !Ref PubSubnetAz2
SecurityGroups:
- !Ref LoadBalancerSecurityGroup