nakanoshima.dev #33 - LT Night - 2022.12.20 AWS Copilot 🚀 with AWS CDK ⚙

藤原 吉規 Amazon Web Services Japan, ⼤阪 Snr. Solutions Architect 好きな AWS サービス: - AWS CDK - AWS Support

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. "84$PQJMPU🚀 $ copilot 👩✈ Launch and manage containerized applications on AWS. Commands Getting Started 🌱 init Create a new ECS or App Runner application. docs Open the copilot docs. Develop ✨ app Commands for applications. Applications are a collection of services and environments. env Commands for environments. Environments are deployment stages shared between services. svc Commands for services. Services are long-running ECS or App Runner services. job Commands for jobs. Jobs are tasks that are triggered by events. task Commands for tasks. One-off Amazon ECS tasks that terminate once their work is done. Release 🚀 pipeline Commands for pipelines. Continuous delivery pipelines to release services. deploy Deploy a Copilot job or service. Extend 🧸 storage Commands for working with storage and databases. secret Commands for secrets. Secrets are sensitive information that you need in your application. AWS でコンテナ化されたアプ リケーションを素早く起動し、 管理することを可能にするコマ ンドラインインターフェイス - Load Balanced Web Service: Fargate for ECS - Job: Fargate for ECS - Request-Driven Web Service: App Runner - Continuous Delivery Pipeline

AWS Cloud Development Kit (CDK) ⚙ Your language Just classes and methods AutoComplete Inline documentation Sane defaults Reusable classes

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 双⽅、開発・運⽤をシンプル かつ⾼速化にするのに役⽴つ ✨

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. じゃあ、組み合わせちゃおう 🌱

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 3 Availability Zone 2 Availability Zone 1 Copilot with CDK 例 全体像 Public subnet Ingress Private subnet Database Private subnet Application Security group ElastiCacheRedis Security group ECSTask Security group Nat ElastiCache for Redis Cluster Cache node ElastiCache SubnetGroup Nat Instance Security group ALB Application Load Balancer Fargate Task Web Service ECS Cluster ECS Service Amazon ECR Amazon Route 53 VPC AWS CDK Copilot CLI Internet gateway Aurora PostgreSQL Cluster AuroraCluster SubnetGroup Security group AuroraCluster Serverless v2 instance Fargate Task Job database update AWS Step Functions

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. これらの CI/CD 環境が サッと⼿にはいりますよ 👩✈

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. まずは CDK で周辺リソース作成 ⚙

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 3 Availability Zone 2 Availability Zone 1 VPC, Nat Instance, Redis Cluster, Aurora Serverless v2 Cluster Public subnet Ingress Private subnet Database Private subnet Application Security group ElastiCacheRedis Security group ECSTask Security group Nat ElastiCache for Redis Cluster Cache node ElastiCache SubnetGroup Nat Instance VPC AWS CDK Internet gateway Aurora PostgreSQL Cluster AuroraCluster SubnetGroup Security group AuroraCluster Serverless v2 instance

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CfnOutput で CDK のリソースを出⼒しておく $ cdk deploy ... ✅ CdkStack ✨ Deployment time: 55.77s Outputs: CdkStack.ApplicationPrivateSubnetIds = subnet-0ca67b7ea914244b1,subnet-04bf4f7894a3c17d2,subnet-06c2443b4887f63fe CdkStack.AuroraClusterSecretName = AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF CdkStack.ECSTaskSecurityGroupId = sg-0d95b978462ddf4e9 CdkStack.ElastiCacheRedisClusterConfigEndpoint = abc12defg12hi12.1jklm3.clustercfg.apne1.cache.amazonaws.com:6379 CdkStack.IngressPublicSubnetIds = subnet-03d9e899632926b72,subnet-00722e20f8ac61fd2,subnet-0ad496ab093a199b5 CdkStack.VpcId = vpc-01bb6548eb2f8ae3f Stack ARN: arn:aws:cloudformation:ap-northeast-1:123456789012:stack/CdkStack/e682f0a0-6ecf-11ed-97fb-0e6a2c4e429d ✨ Total time: 64.05s // Output new cdk.CfnOutput(this, 'VpcId', { value: vpc.vpcId, }); …

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. copilot CLI で application template を⽣成 🧸

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 3 Availability Zone 2 Availability Zone 1 ALB, ECS Cluster, ECR for staging env Public subnet Ingress Private subnet Database Private subnet Application Security group ElastiCacheRedis Security group ECSTask Security group Nat ElastiCache for Redis Cluster Cache node ElastiCache SubnetGroup Nat Instance Security group ALB Application Load Balancer ECS Cluster Amazon ECR VPC AWS CDK Copilot CLI Internet gateway Aurora PostgreSQL Cluster AuroraCluster SubnetGroup Security group AuroraCluster Serverless v2 instance

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CDK で作成したリソースを import $ copilot init --app asp-net-core-6 --dockerfile App/Dockerfile --name web --type "Load Balanced Web Service" $ copilot env init --name staging --import-vpc-id vpc-01bb6548eb2f8ae3f \ --import-public-subnets subnet-03d9e899632926b72,subnet-00722e20f8ac61fd2,subnet-0ad496ab093a199b5 \ --import-private-subnets subnet-0ca67b7ea914244b1,subnet-04bf4f7894a3c17d2,subnet-06c2443b4887f63fe \ --import-cert-arns arn:aws:acm:ap-northeast-1:123456789012:certificate/6abc1f85-4b0b-4a3f-9f15- b42006860321 $ copilot app init --domain ctdevenvsb.twingo-b.net

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Copilot manifest.yml を編集して カスタマイズ ⚙

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 3 Availability Zone 2 Availability Zone 1 ECS Service,ECR Image, Task, ALB Zone Record for web Public subnet Ingress Private subnet Database Private subnet Application Security group ElastiCacheRedis Security group ECSTask Security group Nat ElastiCache for Redis Cluster Cache node ElastiCache SubnetGroup Nat Instance Security group ALB Application Load Balancer Fargate Task Web Service ECS Cluster ECS Service Amazon ECR Amazon Route 53 VPC AWS CDK Copilot CLI Internet gateway Aurora PostgreSQL Cluster AuroraCluster SubnetGroup Security group AuroraCluster Serverless v2 instance

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. copilot/web/manifest.yml で, subnet, ALB zone alias, 環境変数, secret, SG を設定 network: vpc: placement: private environments: staging: http: alias: asp-net-core-6-staging-web.ctdevenvsb.twingo-b.net hosted_zone: A12345678BC1D1EF1GHIJ variables: ConnectionStrings__ElastiCacheRedisClusterConfigEndpoint: 'abc12defg12hi12.1jklm3.clustercfg.apne1.cache.amazonaws.com:6379' PostgreSQLConfig__MinimumPoolSize: '10' PostgreSQLConfig__MaximumPoolSize: '10' secrets: PostgreSQLConfig__Host: secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:host::' PostgreSQLConfig__Port: secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:port::' PostgreSQLConfig__Database: secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:dbname::' PostgreSQLConfig__Username: secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:username::' PostgreSQLConfig__Password: secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:password::' network: vpc: security_groups: [sg-0d95b978462ddf4e9] $ copilot env deploy --name web --env staging

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. よくある課題の ORM database migration もできますよ 🌱

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 3 Availability Zone 2 Availability Zone 1 Public subnet Ingress Private subnet Database Private subnet Application Security group ElastiCacheRedis Security group ECSTask Security group Nat ElastiCache for Redis Cluster Cache node ElastiCache SubnetGroup Nat Instance Security group ALB Application Load Balancer ECS Cluster Amazon ECR VPC AWS CDK Copilot CLI Internet gateway Aurora PostgreSQL Cluster AuroraCluster SubnetGroup Security group AuroraCluster Serverless v2 instance Fargate Task Job database update AWS Step Functions ECR Image, Task, Step Functions for job

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. job init, copilot/dotnet-ef/manifest.yml で schedule を無効にして deploy, 必要時に run # Trigger for your task. on: # The scheduled trigger for your job. You can specify a Unix cron schedule or keyword (@weekly) or a rate (@every 1h30m) # AWS Schedule Expressions are also accepted: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html schedule: "none" $ copilot job deploy --name dotnet-ef --env staging $ copilot job init --app asp-net-core-6 --dockerfile App/Dockerfile.ef --name dotnet-ef $ copilot job run --name dotnet-ef --env staging $ copilot job logs --name dotnet-ef --env staging copilot/dotnet-ef/7de2018 Build started... copilot/dotnet-ef/7de2018 Build succeeded. copilot/dotnet-ef/7de2018 The Entity Framework tools version '6.0.11' is older than that of the runtime '7.0.0'. Update the tools for the latest features and bug fixes. See https://aka.ms/AAc1fbw for more information. copilot/dotnet-ef/7de2018 No migrations were applied. The database is already up to date. copilot/dotnet-ef/7de2018 Done.

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 皆様のお役に⽴てれば幸いです 🍻

© 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2022, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU!