AWS CDKでECS on FargateのCI/CDを実現する際の理想と現実 / ideal-and-reality-when-implementing-cicd-for-ecs-on-fargate-with-aws-cdk

© 2022, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CDKͰECS on FargateͷCI/CDΛ ࣮ݱ͢Δࡍͷཧ૝ͱݱ࣮ ࠤ౻ ஐथ C - 4 εϖγϟϦετ Ϋϥεϝιουגࣜձࣾ

rights reserved. ࣗݾ঺հ ࠤ౻ஐथ Ϋϥεϝιουגࣜձࣾ CXࣄۀຊ෦ Delivery෦ ΞʔΩςΫτνʔϜ ݱࡏɿαʔόʔαΠυ݉ΠϯϑϥશൠͷΞʔΩςΫτ JAWS-UG CDKࢧ෦ ӡӦ ޷͖ͳAWSαʔϏεɿAWS Lambda AWS Cloud Development Kit (CDK) @tmk2154 @tomoki10

rights reserved. • AWSαʔϏεͷ͓͞Β͍ • AWS CDK͔Terraform͔ • ίϯςφ • ίϯςφΠϝʔδͷબఆ • ϩά؅ཧ༻αΠυΧʔ • ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ • ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ • λάͷ෇͚ํ • ίϯςφϦϙδτϦͷ؅ཧ • ίϯςφͷσϓϩΠํ๏ ΞδΣϯμ ※Ұ෦CDKͱؔ࿈ബ͍͕ݕ౼ࣄ߲ʹͳΓ΍͍͢಺༰ΛೖΕ͍ͯ·͢

rights reserved. AWS CDKͱ͸ • ࢖͍׳ΕͨϓϩάϥϛϯάݴޠͰAWSϦιʔεΛϓϩϏδϣχϯάͰ͖ΔπʔϧΩοτ݉AWSͷ αʔϏε • TypeScript/JavaScript, Python, Java, C#, Go Ͱهड़Մೳɻπʔϧ಺෦ͷ։ൃ͸TypeScriptϝΠϯ πʔϧʹԠͨ͡DSL΍yaml/jsonͰͳ͘׳ΕͨݴޠͰΠϯϑϥΛίʔυهड़Ͱ͖Δ • ίʔυิ׬΍ߴ଎σϓϩΠ(hotswap/watch)ͳͲͷ༏Εͨ։ൃମݧʹΑΔΠϯϑϥߏங͕Մೳ AWS Cloud Development Kit (AWS CDK)

rights reserved. AWS Fargate AWS Fargate ͱ͸ ※ https://dev.classmethod.jp/articles/cmdevio2019-container/#toc-10 • AWS্ͰΠϯελϯε΍Ϋϥελʔ؅ཧͳ͠ʹίϯςφΛ࣮ߦՄೳͳαʔϏε • Amazon EC2Λ࢖͏৔߹ͱൺֱͯ͠ϗετʹରͯ͠ҎԼͷख͕ؒແ͘ͳΔ ※ • ఆظతͳηΩϡϦςΟϝϯςφϯε • ༨৒Ϧιʔεͷࣄલ֬อ • Πϯελϯεଆͷอक؅ཧ • Φʔτεέʔϧઃఆ • ӡ༻্ͷίετΛݮΒ͠։ൃʹूத͠΍͍͢

rights reserved. Amazon ECS ͱ͸ • AWSϚωʔδυͳίϯςφΦʔέετϨʔγϣϯαʔϏε ※ • ؆୯ͳΦʔτεέʔϧઃఆ • ALB/NLBͱͷ౷߹ • ίϯςφΛAWS IAMͷݖݶͰ؅ཧ • ίϯςφͷηΩϡϦςΟάϧʔϓ؅ཧ • Amazon CloudWatch Metricsͱͷ౷߹ • Amazon CloudWatch Logsͱͷ౷߹ • εέδϡʔϧ࣮ߦʢAmazon EventBridgeͱͷ౷߹ʣ Amazon Elastic Container Service (Amazon ECS) ※ࢀߟ https://dev.classmethod.jp/articles/cmdevio2019-container/#toc-8

rights reserved. AWS͕ެ։͍ͯ͠ΔAWS CDKͰͷαϯϓϧ Amazon ECS/AWS Fargateʹඞཁͳߏ੒͕AWS CDKͰίʔυԽ͞ΕಡΉ͜ͱͰ࡞Γํ͕෼͔Δ※ CDK PipelinesΛ࢖͍CI/CDΛߏ੒ͯ͠σϓϩΠ͢Δํ๏͕෼͔ΔɻҎԼ͸ߏ੒ͷࢀߟ֓ཁਤ ※ https://github.com/aws-samples/baseline-environment-on-aws/tree/main/usecases/guest-webapp-sample

rights reserved. Amazon ECS/AWS Fargateͷ࿩ͳΒ·ͣ͜ͷຊ https://www.amazon.co.jp/AWSίϯςφઃܭɾߏங-ຊ֨-ೖ໳-גࣜձࣾ໺ଜ૯߹ݚڀॴ/dp/4815607656 • Amazon ECS΍AWS FargateΛબఆ͢Δࡍͷج४ ηΩϡϦςΟɺߏஙɺӡ༻ઃܭɺߏஙͷϋϯζΦϯͳͲ ͜Ε͔Β࢝ΊΔ࣌ඞཁͳ৘ใ͕هࡌ • ωοτ্ͷ֤ॴʹ఺ࡏ͍ͯͨ͠ϕετϓϥΫςΟε΍ ϊ΢ϋ΢͕΄΅͜ͷ1࡭ʹڽॖ • ຊ౰ʹࠓݱ৔Ͱඞཁͱ͞Ε͍ͯΔ஌͕ࣝू໿ (ࣗ෼΋Ҋ݅લʹಡΜͰཧղ͕ਂ·ͬͨ෦෼ଟ਺) • AWS্Ͱίϯςφ࢝ΊΔͱͳͬͨΒͱΓ͋͑ͣ ങͬͱ͚ͱݴ͑Δ1࡭

rights reserved. ຊൃදͰ࿩͢͜ͱ/໨ඪ AWS CDK + Amazon ECS/AWS Fargateߏ੒΍CI/CDߏஙͷͨΊͷྑ࣭ͳίϯςϯπ͸طʹ͋Δ ͕ͩݱ࣮Ͱ͸໎͏෦෼΋ଟ͍ͷͰ࣮ࡍʹ໎ͬͨ෦෼Λ঺հ͠ߏஙͷ্ͰͷצॴΛ཈͑ʹ͍͘ ࢹௌର৅ऀ • AWS Cloud Development Kit (CDK) Λ࢖ͬͨ͜ͱ͕͋Δ • Amazon ECSɺAWS FargateͳͲAWSͷίϯςφؔ࿈ٕज़ͷجຊ͸೺Ѳ͍ͯ͠Δ • ίϯςφಛ༗ͷΠϝʔδλάͷ؅ཧɺCI/CDͳͲ͸Ͳ͏૊Ί͹ྑ͍͔೰Ή ໨ඪ • Amazon ECS on AWS Fargate ͱAWS CDKͰΞϓϦΛσϓϩΠ/ӡ༻͢Δࡍͷߟྀ఺͕େମ෼͔Δ • ݱঢ়ͷ՝୊ʹ͍ͭͯཧղٕͯ͠ज़બఆͰ͖Δ

rights reserved. AWS CDK ͔ Terraform ͔ AWS CDKͷར఺ • ίϯςφͷϏϧυपΓ΋AWS CDKͷίʔυ಺ʹؚΊΔ͜ͱͰAWS CDKʹดͯ͡؅ཧ͠΍͍͢ • ൚༻తͳϓϩάϥϛϯάݴޠͰهड़Ͱ͖ɺಠࣗDSLΛ֮͑Δඞཁ͕ͳ͍ • ΑΓએݴతͳهड़͕ՄೳͰϩʔϧͷ؅ཧͳͲ͕͠΍͍͢ AWS CDKͷܽ఺ • AWS CDKʹؚΉϦιʔεΛ੾Γ཭ͤͳ͍ͷͰɺΠϯϑϥͱΞϓϦͷσϓϩΠΛ෼཭͢Δ৔߹ ΠϯϑϥଆͷϦιʔεσϓϩΠ࣌ʹλεΫఆٛΛಉظͤ͞ΔͳͲ޻෉͕ඞཁ • ͔ͳΓ޻෉͢Ε͹Ϧιʔεߋ৽ͱ੾Γ཭͢͜ͱ͸Ͱ͖ΔʢBlue/GreenσϓϩΠͰ঺հʣ

rights reserved. AWS CDK ͔ Terraform ͔ Terraformͷར఺ • λεΫఆٛͳͲΛignore_changesͰTerraformͷσϓϩΠϥΠϑαΠΫϧ͔Β੾Γ཭ͤΔͷͰ ΞϓϦͷσϓϩΠΛ෼཭͠΍͍͢ • ࠷ॳͷߏ੒ཁૉ͕ൺֱతগͳ͍ͷͰϓϩάϥϜະܦݧऀ͕ଟ͍৔߹͸࢝Ί΍͍͢ Terraformͷܽ఺ • ignore_changesʹઃఆͨ͠λεΫఆٛઃఆͳͲͷॳظઃఆ͕ϑΝΠϧʹ࢒Γݱঢ়ͱҧ͏ઃఆ͕ ࢒Γଓ͚ΔɻTerraform୯ମΛݟ͚ͨͩͰ͸ݱࡏͷλεΫఆٛͷઃఆ͕෼͔Βͳ͍ • ecspressoͳͲผͷσϓϩΠπʔϧͱͷซ༻͕΄΅ඞਢʹͳΔ

rights reserved. ίϯςφΠϝʔδͷબఆ ҰൠతͳLinuxσΟετϦϏϡʔγϣϯͷίϯςφΠϝʔδΛ࢖༻͢Δͱ ෆཁͳύοέʔδ͕੬ऑੑݕ஌πʔϧʹҾ͔͔ͬΓɺΞοϓσʔτ΍मਖ਼ͷස౓͕૿͑΍͍͢ Amazon InspectorV2ͷεΩϟϯ݁Ռɿͱ͋ΔΠϝʔδͷlatest൛Λऔಘޙɺ໿3ϲ݄΄Ͳ์ஔͨ͠΋ͷ

rights reserved. ίϯςφΠϝʔδͷબఆ ύοέʔδʹΑΔ੬ऑੑ΍੬ऑੑରԠͷෛ୲Λ࠷খԽ͢ΔͨΊɺ࠷௿ݶͷύοέʔδͷΈؚ͕·ΕΔ alpine ΍ slimɺdistroless ͳͲͷΠϝʔδΛબ୒͢Δ͜ͱ͕ྑ͍ͱ͞Ε͍ͯΔ ݱ࣮Ͱͷ஫ҙ఺ • ։ൃதʹঢ়ଶΛௐ΂Δπʔϧ͕ೖ͍ͬͯͳ͍΋ͷ΋͋ΓσόοάͳͲͷखؒ͸͔ͳΓ૿͑Δ • ΠϝʔδαΠζ͸ݮΔ͕ґଘؔ܎ͷղܾ΍μ΢ϯϩʔυʹΑͬͯϏϧυʹ͕͔͔࣌ؒΔ৔߹΋ σόοάͷखؒ΁ͷରࡦʢӈهϒϩά͔ΒҰ෦ൈਮʣɿ • σόοά༻ͷπʔϧʢpsɺvimͳͲʣͷಋೖ • Ұ࣌తʹϕʔεΠϝʔδΛfatͳ΋ͷʹೖΕସ͑ͯ໰୊ͷ੾Γ෼͚ • Docker Execʢdistroless ͳΒshellͷ࣋ͪࠐΈ͔Β࣮ࢪʣ https://iximiuz.com/en/posts/docker-debug-slim-containers/

rights reserved. ϩά؅ཧ༻αΠυΧʔ ϩάग़ྗΛ୯ମͰAmazon CloudWatch Logsʹྲྀ͢ͱεέʔϧͨ͠ࡍʹߴֹʹͳΔՄೳੑ͕͋ΔͷͰ Fluentbit/FluentdͳͲͷαΠυΧʔΛ࢖͍ɺϩάग़ྗΛ੾Γସ͑Δ ։ൃ͸σόοά࣌஗ԆճආͷͨΊɺຊ൪͸Τϥʔ௨஌ͷͨΊAmazon CloudWatchͷซ༻΋͋Γ FluentBit Fluentd Amazon ECS Container Sidecar Container Amazon CloudWatch Amazon Kinesis Data Firehose Amazon Simple Storage Service (Amazon S3) Amazon Athena ։ൃ/ӡ༻ऀ σόοά΍Τϥʔ֬ೝ ໰୊ൃੜ࣌ͷΈௐࠪ Dev؀ڥ or ERROR INFO Τϥʔ௨஌

rights reserved. ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ ίϯςφΛCI/CD؀ڥ͔ΒσϓϩΠ͢Δ৔߹ɺେ·͔ʹҎԼͷաఔʹͳΔʢԼਤ͸֓ཁྫʣ 1. ίϯςφΠϝʔδͷϏϧυ 2. Πϝʔδ΁ͷλά෇͚ 3. ΠϝʔδΛϨδετϦʹϓογϡ 4. ϨδετϦ͔ΒΠϝʔδΛϓϧ/࣮ߦ Code Repo Amazon ECR Amazon ECS 4.Pull Image 3.Image Push AWS CodePipeline AWS CodeBuild 1.Image Build Event AWS CDK Update 2.Add Tag

rights reserved. ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ ίϯςφΛϏϧυͯ͠σϓϩΠ͢Δ·ͰͷաఔΛҎԼͷ߲໨Ͱݕ౼͢Δ 1. ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ 2. Πϝʔδ΁ͷλά෇͚ͷํ๏ 3. ίϯςφϨδετϦͷϦϙδτϦ؅ཧ • ཧ૝తͳίϯςφϨδετϦͷϦϙδτϦ؅ཧ • ݱ࣮Ͱ௚໘͢Δ՝୊ 4. ίϯςφͷσϓϩΠํ๏ • σϓϩΠํ๏ͷछྨʢϩʔϦϯάΞοϓσʔτɺBlue/Green σϓϩΠ) • ཧ૝ͷσϓϩΠํ๏ • ݱ࣮Ͱબ୒ͨ͠σϓϩΠํ๏

rights reserved. ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ Amazon ECSͰίϯςφΛσϓϩΠ͢ΔͨΊʹ͸ΠϝʔδͷϏϧυ͕ඞཁ ཧ૝ɿAWS LambdaͷNodeJsFunctionʹࣅͨόϯυϧ/σϓϩΠػೳ͕ඪ४ύοέʔδʹೖ͍ͬͯΔ ݱ࣮ɿඪ४ύοέʔδ͕ඍົʹ࢖͍ͮΒ͍ AWS CDKܦ༝ͰσϓϩΠ͢Δ৔߹ͷύλʔϯͷྫ • aws-ecr-assets/DockerImageAssetΛ࢖͏ํ๏ • Stack.synthesizer.addDockerImageAssetΛ࢖͏ํ๏ • ֎෦ύοέʔδͷcdk-ecr-deploymentΛ࢖͏ํ๏ • ΧελϜϦιʔε͔ΒAWS CodeBuildΛ࢖͏ํ๏ ΞϓϦίʔυͱΠϯϑϥίʔυΛ੾Γ཭͢৔߹ͳͲ͸ผ్CI/CDαʔϏε্Ͱ ௚઀DockerίϚϯυΛ࣮ߦͯ͠Ϗϧυ͢Δํ๏ͳͲ΋͋Δ͕লུ

rights reserved. aws-ecr-assets/DockerImageAsset Λ࢖͏ํ๏ AWS CDKͷඪ४ύοέʔδʹؚ·Ε͍ͯΔDockerImageAssetΛར༻͢Δ ར఺ • AWS CDKͷඪ४ύοέʔδͰΠϝʔδͷϏϧυ/ϓογϡ͕׬݁͢Δ ܽ఺ • ϓογϡઌͷAmazon ECRͷϦϙδτϦΛࢦఆͰ͖ͳ͍ͨΊɺࣗಈੜ੒͞Ε໊ͨલʹͳΔ • Πϝʔδλά໊ΛࢦఆͰ͖ͳ͍ͨΊɺιʔεΛτϨʔεͮ͠Β͍ const ecrAssets = new ecr_assets.DockerImageAsset(this, `${id}-DockerImageAsset`, { // Dockerfile΍ιʔε͕͋ΔσΟϨΫτϦΛࢦఆ directory: path.join(__dirname, `../assets/${props.envName}/sample-app`), });

rights reserved. Stack.synthesizer.addDockerImageAssetΛ࢖͏ํ๏ AWS CDKͷඪ४ύοέʔδʹؚ·Ε͍ͯΔStack.synthesizer.addDockerImageAssetΛར༻͢Δ ར఺ • AWS CDKͷඪ४ύοέʔδͰΠϝʔδͷϏϧυ/ϓογϡ͕׬݁͢Δ ܽ఺ • ࠓ͸ϓογϡઌͷAmazon ECRͷϦϙδτϦΛࢦఆͰ͖ͳ͍ʢิ଍ࢀরʣ • Πϝʔδλά໊ΛࢦఆͰ͖ͳ͍ ิ଍ɿ ੲ͸ϓογϡઌͷϦϙδτϦΛࢦఆͰ͖͕ͨɺDockerAssetsͷѻ͍Λ؆ૉԽ͢Δ࣮૷Ͱ ɹɹɹ ϦϙδτϦ໊ͷࢦఆ͸DeprecatedͱͳΓAWS CDK v2Ͱ͸࢖༻ෆՄͱͳͬͨ ※ ※ https://github.com/aws/aws-cdk/commit/b52b43ddfea0398b3f6e05002bf5b97bc831d1a7 this.synthesizer.addDockerImageAsset({ // Dockerfile΍ιʔε͕͋ΔσΟϨΫτϦΛࢦఆ directoryName: path.join(__dirname, `../assets/${props.envName}/sample-app`), });

rights reserved. ֎෦ύοέʔδͷcdk-ecr-deploymentΛ࢖͏ํ๏ ར఺ • ΠϝʔδΛϓογϡ͢ΔઌͷϦϙδτϦ΍Πϝʔδλά໊ΛࢦఆͰ͖Δ • AWS CDK։ൃνʔϜ͕อक͍ͯ͠ΔύοέʔδͰAWS CDKຊମʹऔΓࠐ·ΕΔՄೳੑ΋͋Δ ܽ఺ • ࠷ॳͷผͷϦϙδτϦʹΠϝʔδΛϓογϡͨ͠ޙɺίϐʔ͞ΕΔͷͰ AWS CDK؅ཧͷϦϙδτϦͱࢦఆͷϦϙδτϦͷ2ՕॴʹΠϝʔδ͕Ͱ͖2ഒͷྉ͕͔͔ۚΔ EcrDeployment: https://github.com/cdklabs/cdk-ecr-deployment const ecrAssets = new ecr_assets.DockerImageAsset(this, `${id}-DockerImageAsset`, { directory: path.join(__dirname, `../assets/${props.envName}/sample-app`), }); new ECRDeployment(this, `${id}-DeployDockerImage`, { src: new DockerImageName(ecrAssets.imageUri), dest: new DockerImageName( `${props.env?.account}.dkr.ecr.${props.env?.region}.amazonaws.com/${ecrRepository.repositoryName}:${tagName}` ), })

rights reserved. ΧελϜϦιʔε͔ΒAWS CodeBuildΛ࢖͏ํ๏ ΧελϜϦιʔεͷAWS LambdaΛܦ༝͠ AWS CodeBuildΛ࣮ߦͯ͠Ϗϧυ/ϓογϡ ར఺ • AWS CodeBuildͰϏϧυ؀ڥΛৄࡉʹ ઃఆՄೳ • Πϝʔδͷෳ਺ϦϙδτϦอଘ͕ෆཁ • AWS͕ఏڙ͢Δࢀߟ࣮૷͕͋Δ※ ܽ఺ • 2ճ໨Ҏ߱ͷσϓϩΠΛ࣮ߦ͢ΔͨΊ ελοΫͷมߋࠩ෼Λڧ੍తʹ࡞ΔͳͲ ޻෉͕ඞཁ // CI/CDαʔϏε্͔ΒCDKͷCLI࣮ߦ࣌ʹࠓճ෇͚Δλά໊ΛελοΫʹ౉͢ const imageTag = props.imageTag; // ڧ੍σϓϩΠύλʔϯ1 // AwsCustomResourceͰid໊ʹλά໊(imageTag)Λ௥Ճ͠ຖճLambdaΛߋ৽͢Δ const project = new codebuild.Project(this, `${id}-project`, { source: codebuild.Source.s3({ … }); new cr.AwsCustomResource(this, `${id}-startBuilds-${imageTag}`, { … onCreate: sdkcallForStartBuild, onUpdate: sdkcallForStartBuild, }); // ڧ੍σϓϩΠύλʔϯ2 // Lambda͸ผ్࡞ΓɺΧελϜϦιʔεͷpropertiesʹtagNameΛ෇͚Δ const provider = new cr.Provider(this, "Provider", { onEventHandler: containerStartBuildLambda, // ࡞੒ࡁLambdaΛࢦఆ }); new cdk.CustomResource(this, "Custom::EcsDeploy", { serviceToken: provider.serviceToken, properties: { imageTag }, }); ※ https://github.com/aws-samples/baseline-environment-on-aws/blob/main/usecases/guest-webapp-sample/lib/blea-build-container-stack.ts

rights reserved. Πϝʔδ΁ͷλά෇͚ͷํ๏ Πϝʔδλά͸Πϛϡʔλϒϧ(มߋෆՄ)ͳλάΛ෇͚Δ͜ͱ͕ਪ঑͞Ε͍ͯΔ • Amazon ECS ͷϕετϓϥΫςΟεΨΠυ-λεΫͱίϯςφͷηΩϡϦςΟͷ಺༰Λཁ໿ • Amazon ECR ͰෆมλάΛ࢖༻͢Δ※1 • λάͷ্ॻ͖Λ๷ࢭ͢Δ͜ͱͰ߈ܸऀ͕ಉ͡λάͰΠϝʔδͷ৵֐͞ΕͨόʔδϣϯΛ push͢Δ͜ͱΛ๷͙ • NIST SP800-190 ΞϓϦέʔγϣϯίϯςφηΩϡϦςΟΨΠυ͔ΒҾ༻※2 • ݹ͘ͳͬͨΠϝʔδΛ࢖༻͢ΔϦεΫ͸ɺ2 ͭͷجຊతͳํ๏Ͱܰݮ͢Δ͜ͱ͕Ͱ͖Δ(தུ) Ұͭ໨ͷํ๏͸ɺ૊৫͕ɺ ΋͏࢖༻͢Δ͜ͱ͕ͳ͍ɺ੬ऑੑ͕͋ͬͯ҆શͰ͸ͳ͍Πϝʔδͷ ొ࿥Λ࡟আ(தུ)2 ͭ໨ͷํ๏͸ɺӡ༻ ϓϥΫςΟεʹ͓͍ͯɺ࢖༻͢ΔΠϝʔδͷݸผͷ όʔδϣϯΛಛఆ͢ΔΠϛϡʔλϒϧͳ໊લΛ࢖༻ͯ͠ΠϝʔδʹΞΫηε͢Δ͜ͱ ※1 https://docs.aws.amazon.com/ja_jp/AmazonECS/latest/bestpracticesguide/security-tasks-containers.html ※2 https://www.ipa.go.jp/files/000085279.pdf

rights reserved. Πϛϡʔλϒϧͳλά෇͚Λߦ͏ํ๏ Πϛϡʔλϒϧͳλά໊ͷΑ͋͘Δ෇͚ํ • ΠϝʔδλάʹGitHubͳͲͷίϛοτϋογϡΛ࢖༻͠ιʔεͱΠϝʔδΛ࿈ಈ • ηϚϯςΟοΫόʔδϣχϯάΛ࢖༻ ֎෦഑෍ͷ৔߹͸ɺߋ৽Λ෼͔Γ΍͘͢͢ΔͨΊύοέʔδͷΑ͏ʹόʔδϣϯ൪߸Λ෇͚Δ GitHubͷRelease TagΛ࢖ͬͯΔ৔߹ɺҰகͤ͞ΔͱτϨʔε͠΍͍͢ CI/CDͷதͰGitHubͷίϛοτϋογϡΛλάʹ෇༩͢Δํ๏ͷྫ • AWS CodeBuild ͷ৔߹ɿCODEBUILD_RESOLVED_SOURCE_VERSIONఆ਺Λऔಘ • GitHub Actionsͷ৔߹ɿgithub.shaͰίϛοτϋογϡΛऔಘ

rights reserved. AWS CDK͸جຊAWS CloudFormationґଘͳͷͰϦιʔεͷ੾Γ཭͕͠Ͱ͖ͳ͍ ΞϓϦͱΠϯϑϥͷCI/CDΛผͰ࡞Δ৔߹ɺιʔε΍λεΫఆٛͷಉظ͕ඞཁɻҎԼ͸ࣦഊྫ ΠϛϡʔλϒϧλάͰى͖Δ໰୊ AWS CodePipeline AWS CodePipeline App༻ Infra༻ tag: 123456 σϓϩΠ1ճ໨ AWS CodePipeline AWS CodePipeline App༻ Infra༻ tag: asdfgh σϓϩΠ2ճ໨Ҏ߱ AWS CodePipeline AWS CodePipeline App༻ Infra༻ tag: 789012 InfraଆͰλεΫఆٛߋ৽࣌ ݹ͍assets͕ σϓϩΠʁ Task Definition Task Definition read/update Task Definition update create

rights reserved. ҎԼͷΑ͏ʹλάΛAWS Systems ManagerͷύϥϝʔλετΞʹొ࿥ͯ͠λάΛಉظͤ͞Δ͜ͱͰ ઌ૆ฦΓΛ๷͙ɻҎԼ͸InfraଆͰλεΫఆٛߋ৽࣌Ͱ΋࠷৽ͷλάΛࢀরͯ͠ಉظ͢Δྫ Πϛϡʔλϒϧλά໰୊ͷରࡦྫ AWS CodePipeline AWS CodePipeline σϓϩΠ1ճ໨ AWS CodePipeline AWS CodePipeline σϓϩΠ2ճ໨Ҏ߱ AWS CodePipeline AWS CodePipeline App༻ Infra༻ App༻ Infra༻ App༻ Infra༻ InfraଆͰλεΫఆٛߋ৽࣌ tag: 123456 Task Definition AWS Systems Manager write tag create tag: asdfgh Task Definition read/update AWS Systems Manager write tag AWS Systems Manager tag: asdfgh Task Definition read tag update ↑ Image Push΋࣮ߦ͠ͳ͍Α͏ʹઃܭ

rights reserved. ཧ૝తͳίϯςφϨδετϦͷϦϙδτϦ؅ཧ ։ൃ͸։ൃͰಠཱ͠ɺݕূ/ຊ൪؀ڥ༻ͷΠϝʔδ͸ڞ༗͞ΕΔ Ϗϧυޙʹݕূͨ͠ΠϝʔδͰຊ൪؀ڥʹ΋σϓϩΠͰ͖ɺϏϧυ࣌ͷࣄނΛݮΒͤΔ Amazon ECR ։ൃ؀ڥ Amazon ECS Amazon ECS Amazon ECR ݕূ؀ڥ ຊ൪؀ڥ Amazon ECS Amazon ECR Replication Code Repo Pull Image Push Image Pull Image Image Pull Event Image Push AWS CodePipeline AWS CodeBuild CI/CD؀ڥ

rights reserved. ݱ࣮Ͱߟ͑ΔϦϙδτϦ౷Ұ࣌ͷ՝୊ ݕূ/ຊ൪Ͱ؀ڥ͝ͱͷࠩ෼Λٵऩ͢ΔͨΊɺ֎෦ʹઃఆΛ੾Γग़͢ඞཁ͕͋Δɻ Amazon ECR ݕূ؀ڥ Code Repo ҎԼͷ؀ڥࠩҟΛͲ͏෼͚Δͷ͔ • ؀ڥݻ༗৘ใ(SaaS઀ଓઌͳͲʣ • ೝূ৘ใ(DBͳͲ) • ػೳ(Feature Flag) ؀ڥࠩ෼ΛਤͷΑ͏ʹ؀ڥଆͷ αʔϏεʹԡ͠ࠐΊ͹Մೳ ※ϑϨʔϜϫʔΫ͕Ϗϧυ࣌ʹ ఆ਺ΛຒΊࠐΉͷͰ೉͍͠৔߹΋… AWS Secrets Manager AWS Systems Manager Parameter Store AWS AppConfig Image ؀ڥݻ༗৘ใࢀর ೝূ৘ใࢀর ػೳࠩҟࢀর Push

rights reserved. ݱ࣮ͰબΜͩϦϙδτϦ؅ཧ Ϋϥ΢υ׳Ε͍ͯ͠Δϝϯόʔ͕গͳ͔ͬͨͨΊɺ࠷௿ݶ Secrets ManagerͳͲͰηΩϡΞͳ৘ใ͸ ෼཭͠ΠϝʔδࣗମͷϏϧυ͸ݸผʹ࣮ࢪɻpackage-lock.jsonͳͲͰؔ࿈͢Δύοέʔδ͸ݻఆԽ Amazon ECR ։ൃ؀ڥ Amazon ECS Amazon ECS Amazon ECR ݕূ؀ڥ ຊ൪؀ڥ Amazon ECS Amazon ECR Code Repo Pull Image Push Image Pull Image Image Pull Event CodePipeline CodeBuild Image Push CodePipeline CodeBuild Event Image Push CodePipeline CodeBuild Event Secrets Manager ࢀর Secrets Manager ࢀর Secrets Manager ࢀর

rights reserved. ίϯςφͷσϓϩΠํ๏ Amazon ECS͕ఏڙ͢ΔσϓϩΠํ๏ʹ͸େ·͔ʹ2छྨ͋Δ • ϩʔϦϯάΞοϓσʔτ • ݹ͍ίϯςφΛՔಇͤͭͭ͞৽͍͠ίϯςφΛσϓϩΠ͢Δɻঃʑʹ৽͍͠ίϯςφʹ τϥϑΟοΫΛྲྀ͠ɺݹ͍ίϯςφΛLB͔Β੾Γ཭ͯ͠ఀࢭ͠ೖΕସ͑Δ • Blue/GreenσϓϩΠ • Blue؀ڥʢݹ͍ʣͱGreen؀ڥʢ৽͍͠ʣΛҰఆ࣌ؒฒߦͰՔಇͯ͠ೖΕସ͑Δ Τϥʔ΍໰୊ൃੜ࣌ʹࣗಈ/खಈͰଈ࠲ʹ੾Γ໭ͤΔɻAWS CDK(AWS CloudFormation)Λ ࢖ͬͨAmazon ECSͷBlue/Green σϓϩΠʹ͸ҎԼͷ2छྨ͕͋Δ • CloudFormationHookΛ࢖͏ํ๏ ɿAWS CloudFormationͷಈ࡞ʹ࿈ಈ • CodeDeploy୯ମΛ࢖͏ํ๏ɿAWS CloudFormationͱͷ࿈ಈΛҰ෦੾Δ ※ https://github.com/aws-samples/baseline-environment-on-aws/blob/main/usecases/guest-webapp-sample/lib/blea-build-container-stack.ts

rights reserved. ϩʔϦϯάΞοϓσʔτ ఀࢭ࣌ؒͳ͠Ͱݹ͍ίϯςφΛঃʑʹ৽͍͠ίϯςφʹೖΕସ͍͑ͯ͘ ҎԼ͸ minHealthyPercent:50% maxHealthyPercent:200% DesiredCount:2 ͷ৔߹ ※஫ҙɿCPU/ϝϞϦ࢖༻཰ͷߴ͍λεΫͷ৔߹͸ɺminHealthyPercent:100%ͰσϓϩΠ͢Δ͜ͱ Ord Task New Task Application Load Balancer σϓϩΠલ Application Load Balancer σϓϩΠத Application Load Balancer σϓϩΠத Stopped Task ࣌ؒ ܦա ࣌ؒ ܦա

rights reserved. Amazon ECSͷBlue/GreenσϓϩΠ Blue؀ڥʢݹ͍ʣͱGreen؀ڥʢ৽͍͠ʣΛҰఆ࣌ؒฒߦͰՔಇ͠LBͰτϥϑΟοΫΛ੾Γସ͑Δ Τϥʔ΍໰୊ൃੜ࣌ʹࣗಈ΍खಈͰଈ࠲ʹ੾Γ໭͢͜ͱ͕Ͱ͖Δ Ord Task New Task Application Load Balancer σϓϩΠલ Application Load Balancer σϓϩΠத(ଈ੾Γ໭͠Մೳ) Application Load Balancer σϓϩΠ׬ྃ ࣌ؒ ܦա ࣌ؒ ܦա Traffic Traffic Traffic Stopped Task

rights reserved. ૝૾ͨ͠ཧ૝ͷσϓϩΠํ๏ ίϯςφΛBlue/GreenσϓϩΠͰো֐ൃੜ࣌ʹ͸ଈ࠲ʹ੾Γ໭ͤΔɻσϓϩΠ͸AWS CDKͰ׬݁͠ AWS CDKͷίʔυ͸ՔಇதͷλεΫ/ίϯςφͷঢ়ଶͱҰக͠ɺίʔυ͚ͩݟΕ͹ઃఆ͕෼͔Δ Application Load Balancer Application Load Balancer Application Load Balancer ࣌ؒ ܦա ࣌ؒ ܦա Traffic Traffic Traffic AWS CDK Ord Task New Task Stopped Task

rights reserved. Blue/GreenσϓϩΠ CloudFormationHookΛ࢖͏ํ๏ AWS CDKͰAmazon ECSͷBlue/GreenσϓϩΠΛߦ͏ࡍɺҎલ(2022/09ࠒ·Ͱ)ਪ঑͞Ε͍ͯͨํ๏ • AWS CloudFormationͷσϓϩΠεςʔλεʹ࿈ಈͯ͠ɺBlue/GreenσϓϩΠΛ࣮ߦ • AWS CloudFormationσϓϩΠதͷεςʔλεͰԿΒ͔ͷΤϥʔ͕ൃੜͨ͠৔߹ AWSCloudFormationͷελοΫ͝ͱϩʔϧόοΫͯ͠ॲཧΛ໭͢͜ͱ͕Ͱ͖Δ AWS CDKͷαϯϓϧ࣮૷͸ެ։͞Ε͍ͯΔ※ ※ https://github.com/aws-samples/aws-reinvent-trivia-game/blob/master/trivia-backend/infra/cdk/ecs-service-blue-green.ts

rights reserved. Blue/GreenσϓϩΠ CloudFormationHookΛ࢖͏ํ๏ CloudFormationHookΛ࢖͏৔߹ͷߟྀࣄ߲ʢެࣜυΩϡϝϯτΑΓҾ༻˞ʣ • ʮECS ϒϧʔ/άϦʔϯσϓϩΠΛτϦΨʔ͢ΔϦιʔεͷߋ৽ʯͰઆ໌͞Ε͍ͯΔΑ͏ʹɺಛఆͷϦιʔεʹର͢Δߋ৽ͷΈ͕άϦʔϯσϓϩΠΛ։࢝͠·͢ɻ • ʮECS ϒϧʔ/άϦʔϯσϓϩΠΛτϦΨʔ͢ΔϦιʔεͷߋ৽ʯͰઆ໌͞Ε͍ͯΔΑ͏ʹɺάϦʔϯσϓϩΠΛ։࢝͢ΔϦιʔε΁ͷߋ৽ͱଞͷϦιʔε΁ͷߋ৽Λಉ͡ελοΫߋ৽ʹؚΊΔ͜ͱ ͸Ͱ͖·ͤΜɻ • σϓϩΠλʔήοτͱͯ͠ࢦఆͰ͖Δ ECS αʔϏε͸ɺ1 ͚ͭͩͰ͢ɻ • CloudFormation ʹΑͬͯ೉ಡԽ͞Εͨ஋Λ࣋ͭύϥϝʔλ͸ɺάϦʔϯσϓϩΠ࣌ʹ CodeDeploy αʔϏεʹΑͬͯߋ৽Ͱ͖ͣΤϥʔ΍ελοΫͷߋ৽ʹࣦഊ͠·͢ɻ۩ମతʹ͸࣍ͷͱ͓ΓͰ͢ɻ • NoEcho ଐੑͰఆٛ͞Εͨύϥϝʔλɻ • ಈతͳࢀরΛ࢖༻ͯ͠֎෦αʔϏε͔Β஋Λऔಘ͢Δύϥϝʔλɻৄࡉʹ͍ͭͯ͸ɺʮಈతͳࢀরΛ࢖༻ͯ͠ςϯϓϨʔτ஋Λࢦఆ͢ΔʯΛࢀর͍ͯͩ͘͠͞ɻ • ·ͩਐߦதͷάϦʔϯσϓϩΠΛΩϟϯηϧ͢Δʹ͸ɺCodeDeploy ·ͨ͸ ECS Ͱ͸ͳ͘ɺCloudFormation ͰελοΫͷߋ৽ΛΩϟϯηϧ͠·͢ɻৄࡉʹ͍ͭͯ͸ɺʮελοΫߋ৽ͷΩϟϯηϧʯ Λࢀর͍ͯͩ͘͠͞ɻ(ߋ৽͕׬ྃͨ͠ޙʹΩϟϯηϧ͢Δ͜ͱ͸Ͱ͖·ͤΜɻͨͩ͠ɺҎલͷઃఆΛ࢖༻ͯ͠ελοΫΛ࠶౓ߋ৽͢Δ͜ͱ͸Ͱ͖·͢ɻ • ϒϧʔ/άϦʔϯ ECS σϓϩΠΛఆٛ͢ΔςϯϓϨʔτͰ͸ɺग़ྗ஋ͷએݴ΍ଞͷελοΫ͔Βͷ஋ͷΠϯϙʔτ͸ݱࡏαϙʔτ͞Ε͍ͯ·ͤΜɻ • ϒϧʔ/άϦʔϯ ECS σϓϩΠΛఆٛ͢ΔςϯϓϨʔτͰ͸ɺطଘͷϦιʔεͷΠϯϙʔτ͸ݱࡏαϙʔτ͞Ε͍ͯ·ͤΜɻ • ωετ͞ΕͨελοΫϦιʔεΛؚΉςϯϓϨʔτͰ͸ɺAWS::CodeDeploy::BlueGreen ϑοΫΛ࢖༻Ͱ͖·ͤΜɻ • ωετ͞ΕͨελοΫͰ͸ AWS::CodeDeploy::BlueGreen ϑοΫΛ࢖༻Ͱ͖·ͤΜɻ ※ https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/blue-green.html

rights reserved. Blue/GreenσϓϩΠ CloudFormationHookΛ࢖͏ํ๏ ࣮ࡍʹಈ࡞֬ೝͨ࣌͠ͷಈ͖ɹ˞ݸਓͷݕূͷͨΊؾʹͳΔ৔߹͸࣮ࡍʹಈ࡞ݕূ͍ͯͩ͘͠͞ • ผελοΫఆٛͷVPCͳͲϦιʔεΛprops΍ArnͰݺͼग़ͯ͠࢖༻ˠσϓϩΠࣦഊʢಈతύϥϝʔλ͸࢖༻Ͱ͖ͳ͍ʣ • CfnParameter Λ࢖ͬͯVPCͳͲΛݺͿʢAWS CDKతʹ͸ඇਪ঑ʣˠσϓϩΠ੒ޭ • αʔϏεϩʔϧͷϩʔϧΛArnࢦఆͰݺͼग़ͯ͠HooksͰ࢖༻ˠσϓϩΠࣦഊʢಈతύϥϝʔλ͸࢖༻Ͱ͖ͳ͍ʣ • αʔϏεϩʔϧΛϩʔϧ໊௚ࢦఆͰݺͼग़ͯ͠HooksͰ࢖༻ˠσϓϩΠ੒ޭ • disiredCount୯ମΛมߋˠσϓϩΠࣦഊ • CfnCodeDeployBlueGreenHookͷҰ෦ͷύϥϝʔλΛมߋˠσϓϩΠ੒ޭ͕ͩno changeɻมߋʹ͸Hookͷ࠶࡞੒͕ඞཁ • TransformͱHooksΛίϝϯτΞ΢τͯ͠σϓϩΠ͠ɺ࠶౓ύϥϝʔλมߋޙσϓϩΠˠσϓϩΠ੒ޭ • TransformͱHooksΛίϝϯτΞ΢τͯ͠σϓϩΠޙɺdisiredCountΛมߋˠσϓϩΠࣦഊ αʔϏε/λεΫʹର͢Δૢ࡞ʹ͸ɺHook΍TransformͷίϝϯτΞ΢τ͕ඞཁʹͳΔͷͰखಈσϓϩΠ͕΄΅ඞਢ αʔϏε/λεΫपΓ࠶ઃఆʹ͸ελοΫͷ࠶࡞੒͕ඞཁʹͳΔՄೳੑ͕͋ΔͨΊɺेೋ෼ͳݕূΛߦͬͨޙ࢖༻͢Δ͜ͱ͕͓͢͢Ί ※ https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/blue-green.html

rights reserved. Blue/GreenσϓϩΠ CodeDeploy୯ମΛ࢖͏ํ๏ AWS CDKͷެࣜυΩϡϝϯτͰ࢖ΘΕͳ͍ͱهࡌ͞Ε͍ͯΔ※1 ͷͰ৮ͬͯͳ͔ͬͨ ࠷ۙAWS CloudFormation(Cfn)पΓͰΞοϓσʔτ͕͋Γࣄ৘͕มΘ͖ͬͯͨ ্هͷهࡌʹରͯ͠૝ఆ͞ΕΔཧ༝ʢएׯԱଌ͋Γʣ • ੲ(গͳ͘ͱ΋2021/3࣌఺·Ͱ)͸CfnͰAWS::CodeDeploy::DeploymentGroupͷ Blue/GreenσϓϩΠʹؔ͢Δύϥϝʔλ͕ઃఆͰ͖ͳ͔ͬͨ※2 ͷͰ্هͷهࡌʹͳͬͨʁ • ݱࡏ͸CfnͰ্هͷύϥϝʔλ͕࢖༻Մೳʹͳͬͨ※3 ͷͰࠓ͸هࡌ͕͋ͬͯͳ͍ʁ AWS CDKଆͷPRͰ࠷ۙL2 ConstructΛ࣮૷ऀ͕͍ΔͷͰࠓޙʹظ଴※4 ͱॻ͍ͨΒϚʔδ͞Εͨ ※1 https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codedeploy.CfnDeploymentGroup.html Amazon ECS blue/green deployments through CodeDeploy do not use the AWS::CodeDeploy::DeploymentGroup resource. To perform Amazon ECS blue/green deployments, use the AWS::CodeDeploy::BlueGreen hook. See Perform Amazon ECS blue/green deployments through CodeDeploy using AWS CloudFormation for more information. ※2 https://dev.classmethod.jp/articles/cloudformation-with-custom-resource-for-fargate-blue-green-deployment/ ※3 https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/483 ※4 https://github.com/aws/aws-cdk/pull/22295

rights reserved. Blue/GreenσϓϩΠ CodeDeploy୯ମΛ࢖͏ํ๏ طʹL2ͷ࣮૷ऀʹΑΔαϯϓϧ࣮૷͕ެ։͞Ε͍ͯΔ※ ҎԼ͸αϯϓϧ࣮૷ͷߏ੒ͷ֓ཁਤ AWS CDKͷ؅ཧ͔ΒAWS CodeDeployͱAmazon ECSͷαʔϏε/λεΫఆٛΛ੾Γ཭͢Α͏ʹ࡞Δ ॳճσϓϩΠҎ߱͸AWS CodeDeployͷAPI΍APIΛϥοϓ͍ͯ͠ΔecspressoͳͲ͔ΒσϓϩΠ͢Δ ※ https://github.com/aws-samples/aws-reinvent-trivia-game/blob/master/trivia-backend/infra/codedeploy-blue-green/deployment-setup.ts AWS CloudFormation(Cfn) Stack Stack ALB Amazon VPC Amazon ECS ࢀর Fn.importValueͳͲΛ࢖͍ CDK্ͷࢀরΛ࢒͞ͳ͍ AWS CDK ։ൃ/ӡ༻͕ଓ͘͝ͱʹ AWS CDK্ͷߏ੒ͱ ࣮؀ڥͷߏ੒ʹࠩ෼͕ ग़ΔͷͰ஫ҙ σϓϩΠ σϓϩΠ AWS CodeDeploy

rights reserved. Amazon ECSͷΈσϓϩΠ͢Δํ๏ ecspresso※1 ͳͲAmazon ECSͷσϓϩΠʹؔ࿈͢Δ࠷খݶͷϦιʔεͷΈΛ؅ཧͰ͖ΔπʔϧΛ࢖͏ ALB/NLB΍IAM RoleͳͲͷίʔυ؅ཧ͸ผ్ߦ͍ɺAmazon ECSͷσϓϩΠͷΈߦ͏ ࡉ͔͘σϓϩΠํ๏Λࢦఆ͍ͨ͠৔߹΍ΠϯϑϥͱΞϓϦͷσϓϩΠΛ෼཭͍ͨ͠৔߹ʹ༗ޮ ҎԼ͸૝ఆ͞ΕΔӡ༻ͷܗʢӡ༻࣌ʹࢀরͰ໰୊͕ൃੜ͠ͳ͍͔͸ཁݕূʣ ※1 https://github.com/kayac/ecspresso ecspressoͰ σϓϩΠΛ࣮ࢪ σϓϩΠࡁͷαʔϏε͕ ࢀরͷΈߦ͏ AWS CloudFormation(Cfn) Stack Stack AWS CodeDeploy ALB Amazon VPC Amazon ECS AWS CDK σϓϩΠ σϓϩΠ

rights reserved. Amazon ECSͱAWS CDKͷBlue/GreenσϓϩΠʹ͍ͭͯ Amazon ECSͱAWS CDKͰBlue/GreenσϓϩΠΛ࢖͏৔߹ͷྺ࢙Λ஌Γ͍ͨํ͸ҎԼͷissueͷ ίϝϯτཝΛνΣοΫɻCloudFormationHookͷ৔߹Λ࢖͏৔߹Կ͕໰୊ͩͬͨͷ͔ CodeDeploy୯ମ͸͍ͭ࢖͑ΔΑ͏ʹͳͬͨͷ͔ͳͲͷܦҢ͕෼͔Γ·͢ ※ https://github.com/aws/aws-cdk/issues/1559 ໿3೥ڧͷ݄೔Λܦͯ ࠷ۙ(2022/10/28)΍ͬͱΫϩʔζ ຊ౰͸AWS CDKͰܧଓ؅ཧͰ͖Δߏ੒͕ཉ͍͠…

rights reserved. ౰࣌બ୒ͨ͠σϓϩΠํ๏ AWS CDKܦ༝ͰͷϩʔϦϯάΞοϓσʔτΛબ୒ɻҎԼ͸બఆཧ༝ • Blue/GreenσϓϩΠ͕౰࣌͸ෆ҆ఆ or ΧελϚΠζ͕ଟ͘ͳΔ • CloudFormationHookͷಈ࡞͕ෆ໌֬ͰAWS CDK/AWS CloudFormation/Hookͷཧղ͕ ૬౰ඞཁɻμ΢ϯλΠϜ͕ͳ͚Ε͹มߋෆՄͳ಺༰΋͋ΓҾ͖ܧ͗ޙͷϦεΫ͕େ͖͍ • ΧελϜϦιʔεͰ࣮૷͢Δํ๏΋͋Δ͕ಠ࣮ࣗ૷͕૿͑Δͱཧղ͕ࠔ೉ʹͳΔ • ϩʔϦϯάΞοϓσʔτͷར఺ΛվΊͯ֬ೝ • σϓϩΠ࣌ʹμ΢ϯλΠϜ͸ൃੜͤͣɺαʔΩοτϒϨʔΧʔͰ࠷௿ݶͷ੾Γ໭͠͸Մೳ • AWS CDKͷίʔυΛݟΔ͚ͩͰAmazon ECSͷαʔϏε/λεΫઃఆΛ֬ೝͰ͖Δ • Blue/GreenσϓϩΠͱͷେ͖ͳҧ͍͸ɺ৽چλεΫͷࠞࡏ΍੾Γ໭࣌͠ͷλΠϜϥά͕ͩ ڐ༰Մೳͱ൑அͯ͠બ୒

rights reserved. ϩʔϦϯάΞοϓσʔτ ECSͷαʔϏε෦෼ͷ࣮૷ͰઃఆՄೳʢϩʔϦϯάΞοϓσʔτ͕σϑΥϧτͳͷͰ໌ࣔ͸ෆཁʣ const fargateService = new ecs.FargateService(this, `${id}-FargateService`, { cluster, vpcSubnets: props.myVpc.selectSubnets({ subnetGroupName: "Protected" }), securityGroups: [securityGroupForFargate], taskDefinition: serviceTaskDefinition, desiredCount: 1, // ϩʔϦϯάΞοϓσʔτ࣌ͷڍಈʹӨڹ maxHealthyPercent: 200, minHealthyPercent: 50, // ECS Exec͕ඞཁͳ࣌ͷΈ༗ޮԽ enableExecuteCommand: true, // ECS ServiceͰࢦఆՄೳ(σϑΥϧτ͕ϩʔϦϯάΞοϓσʔτͳͷͰࢦఆͳ͠Ͱ΋Մೳ) deploymentController: { type: ecs.DeploymentControllerType.ECS }, // αʔΩοτϒϨʔΧʔΛ༗ޮԽ͢Δͱɺίϯςφىಈࣦഊ࣌ʹϩʔϧόοΫͰ͖Δ circuitBreaker: { rollback: true }, });

rights reserved. Amazon ECSͷσϓϩΠΛߴ଎Խ͍ͨ͠৔߹ͷࢀߟ https://toris.io/2021/04/speeding-up-amazon-ecs-container-deployments/ LBͷϔϧενΣοΫ஋ɺίωΫγϣϯυϨΠϯɺ SIGTERMͷ଴ͪ࣌ؒௐ੔ͳͲݕ౼ࣄ߲͕هࡌ ϩʔϦϯάΞοϓσʔτͷಈ͖΍σϓϩΠ଎౓Λվળ͢Δࡍͷߟྀ఺ͳͲ͕ࢀߟʹͳΔ

rights reserved. Amazon ECSͷσϓϩΠΛߴ଎Խ͍ͨ͠৔߹(։ൃ࣌ͷΈ) https://zenn.dev/intercept6/articles/ed2dfded5aae03 AWS CDKͰ͸Hotswap deployments͕͋ΔͷͰɺ௚઀APIܦ༝Ͱߴ଎ʹλεΫͷߋ৽͕Մೳ ※ ஫ҙɿhotswap deployments͸λεΫ͕Ұ࣌తʹ0ʹͳΔͷͰར༻͸։ൃ͚࣌ͩʹཹΊΔ จதͷtimeίϚϯυʹΑΔܭଌྫ

rights reserved. ·ͱΊ • AWS CDK + Amazon ECS on AWS Fargateͷߏ੒ͷྑ࣭ͳίϯςϯπ͸͋Δ͕ݱঢ়Ͱ΋ߟྀ఺͸݁ߏ͋Δ • ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ • ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ • AWS CDKܦ༝ͳΒࠓ͸cdk-ecr-deployment͔ΧελϜϦιʔε+CodeBuild͕༗ྗ • Πϝʔδ΁ͷλά෇͚ͷํ๏ • Πϛϡʔλϒϧͳλά෇͚ͷਪ঑ͱλάͷಉظʹ͍ͭͯղઆ • ίϯςφϦϙδτϦͷ؅ཧ • γϯάϧϦϙδτϦͰ؅ཧ͍͕ͨ͠ݱ࣮͸೉͍͠৔߹΋… • ೉͍͠৔߹͸ผϏϧυͰ࠷௿ݶύοέʔδݻఆ΍ηΩϡΞͳ৘ใ͸֎෦͔Βऔಘ • ίϯςφͷσϓϩΠํ๏ • ҆ఆ͸ϩʔϦϯάΞοϓσʔτɺBlue/GreenσϓϩΠ͸ཁݕূ

AWS CDKでECS on FargateのCI/CDを実現する際の理想と現実 / idea...

AWS CDKでECS on FargateのCI/CDを実現する際の理想と現実 / ideal-and-reality-when-implementing-cicd-for-ecs-on-fargate-with-aws-cdk

More Decks by tomoki10

Other Decks in Technology

Featured

Transcript