AWS Copilot with AWS CDK

nakanoshima.dev #33 - LT Night -
2022.12.20
AWS Copilot 🚀
with AWS CDK ⚙

View Slide

藤原吉規
Amazon Web Services Japan, ⼤阪
Snr. Solutions Architect
好きな AWS サービス:
- AWS CDK
- AWS Support

View Slide

© 2022, Amazon Web Services, Inc. or its Aﬃliates. All rights reserved.
"84$PQJMPU🚀
$ copilot
👩✈ Launch and manage containerized applications on AWS.
Commands
Getting Started 🌱
init Create a new ECS or App Runner application.
docs Open the copilot docs.
Develop ✨
app Commands for applications.
Applications are a collection of services and environments.
env Commands for environments.
Environments are deployment stages shared between services.
svc Commands for services.
Services are long-running ECS or App Runner services.
job Commands for jobs.
Jobs are tasks that are triggered by events.
task Commands for tasks.
One-off Amazon ECS tasks that terminate once their work is done.
Release 🚀
pipeline Commands for pipelines.
Continuous delivery pipelines to release services.
deploy Deploy a Copilot job or service.
Extend 🧸
storage Commands for working with storage and databases.
secret Commands for secrets.
Secrets are sensitive information that you need in your application.
AWS でコンテナ化されたアプ
リケーションを素早く起動し、
管理することを可能にするコマ
ンドラインインターフェイス
- Load Balanced Web Service:
Fargate for ECS
- Job: Fargate for ECS
- Request-Driven Web Service: App
Runner
- Continuous Delivery Pipeline

View Slide

AWS Cloud Development Kit (CDK) ⚙
Your language
Just classes and methods
AutoComplete
Inline documentation
Sane defaults
Reusable classes

View Slide

双⽅、開発・運⽤をシンプル
かつ⾼速化にするのに役⽴つ ✨

View Slide

じゃあ、組み合わせちゃおう 🌱

View Slide

Availability Zone 3
Availability Zone 2
Availability Zone 1
Copilot with CDK 例
全体像
Public subnet
Ingress
Private subnet
Database
Private subnet
Application
Security group
ElastiCacheRedis
Security group
ECSTask
Security group Nat
ElastiCache for Redis
Cluster
Cache node
ElastiCache SubnetGroup
Nat Instance
Security group ALB
Application Load
Balancer
Fargate Task
Web Service
ECS Cluster
ECS Service
Amazon ECR
Amazon Route 53
VPC
AWS CDK
Copilot CLI
Internet gateway Aurora PostgreSQL Cluster
AuroraCluster SubnetGroup
Security group
AuroraCluster
Serverless v2 instance
Fargate Task
Job database
update AWS Step Functions

View Slide

これらの CI/CD 環境が
サッと⼿にはいりますよ 👩✈

View Slide

まずは CDK で周辺リソース作成 ⚙

View Slide

Availability Zone 3
Availability Zone 2
Availability Zone 1
VPC, Nat Instance, Redis Cluster,
Aurora Serverless v2 Cluster
Public subnet
Ingress
Private subnet
Database
Private subnet
Application
Security group
ElastiCacheRedis
Security group
ECSTask
Security group Nat
Cluster
Cache node
Nat Instance
VPC
AWS CDK
Security group
AuroraCluster

View Slide

CfnOutput で CDK のリソースを出⼒しておく
$ cdk deploy
...
✅ CdkStack
✨ Deployment time: 55.77s
Outputs:
CdkStack.ApplicationPrivateSubnetIds = subnet-0ca67b7ea914244b1,subnet-04bf4f7894a3c17d2,subnet-06c2443b4887f63fe
CdkStack.AuroraClusterSecretName = AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF
CdkStack.ECSTaskSecurityGroupId = sg-0d95b978462ddf4e9
CdkStack.ElastiCacheRedisClusterConfigEndpoint = abc12defg12hi12.1jklm3.clustercfg.apne1.cache.amazonaws.com:6379
CdkStack.IngressPublicSubnetIds = subnet-03d9e899632926b72,subnet-00722e20f8ac61fd2,subnet-0ad496ab093a199b5
CdkStack.VpcId = vpc-01bb6548eb2f8ae3f
Stack ARN:
arn:aws:cloudformation:ap-northeast-1:123456789012:stack/CdkStack/e682f0a0-6ecf-11ed-97fb-0e6a2c4e429d
✨ Total time: 64.05s
// Output
new cdk.CfnOutput(this, 'VpcId', {
value: vpc.vpcId,
});
…

View Slide

copilot CLI で application
template を⽣成 🧸

View Slide

Availability Zone 3
Availability Zone 2
Availability Zone 1
ALB, ECS Cluster, ECR
for staging env
Public subnet
Ingress
Private subnet
Database
Private subnet
Application
Security group
ElastiCacheRedis
Security group
ECSTask
Security group Nat
Cluster
Cache node
Nat Instance
Security group ALB
Application Load
Balancer
ECS Cluster
Amazon ECR
VPC
AWS CDK
Copilot CLI
Security group
AuroraCluster

View Slide

CDK で作成したリソースを import
$ copilot init --app asp-net-core-6 --dockerfile App/Dockerfile --name web --type "Load Balanced Web
Service"
$ copilot env init --name staging --import-vpc-id vpc-01bb6548eb2f8ae3f \
--import-public-subnets subnet-03d9e899632926b72,subnet-00722e20f8ac61fd2,subnet-0ad496ab093a199b5 \
--import-private-subnets subnet-0ca67b7ea914244b1,subnet-04bf4f7894a3c17d2,subnet-06c2443b4887f63fe \
--import-cert-arns arn:aws:acm:ap-northeast-1:123456789012:certificate/6abc1f85-4b0b-4a3f-9f15-
b42006860321
$ copilot app init --domain ctdevenvsb.twingo-b.net

View Slide

Copilot manifest.yml を編集して
カスタマイズ ⚙

View Slide

Availability Zone 3
Availability Zone 2
Availability Zone 1
ECS Service,ECR Image,
Task, ALB Zone Record
for web
Public subnet
Ingress
Private subnet
Database
Private subnet
Application
Security group
ElastiCacheRedis
Security group
ECSTask
Security group Nat
Cluster
Cache node
Nat Instance
Security group ALB
Application Load
Balancer
Fargate Task
Web Service
ECS Cluster
ECS Service
Amazon ECR
Amazon Route 53
VPC
AWS CDK
Copilot CLI
Security group
AuroraCluster

View Slide

copilot/web/manifest.yml で, subnet, ALB
zone alias, 環境変数, secret, SG を設定
network:
vpc:
placement: private
environments:
staging:
http:
alias: asp-net-core-6-staging-web.ctdevenvsb.twingo-b.net
hosted_zone: A12345678BC1D1EF1GHIJ
variables:
ConnectionStrings__ElastiCacheRedisClusterConfigEndpoint: 'abc12defg12hi12.1jklm3.clustercfg.apne1.cache.amazonaws.com:6379'
PostgreSQLConfig__MinimumPoolSize: '10'
PostgreSQLConfig__MaximumPoolSize: '10'
secrets:
PostgreSQLConfig__Host:
secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:host::'
PostgreSQLConfig__Port:
secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:port::'
PostgreSQLConfig__Database:
secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:dbname::'
PostgreSQLConfig__Username:
secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:username::'
PostgreSQLConfig__Password:
secretsmanager: 'AuroraClusterSecret8E4F2BC8-eB3B8HAhbmuF-wvrbHr:password::'
network:
vpc:
security_groups: [sg-0d95b978462ddf4e9]
$ copilot env deploy --name web --env staging

View Slide

よくある課題の ORM database
migration もできますよ 🌱

View Slide

Availability Zone 3
Availability Zone 2
Availability Zone 1
Public subnet
Ingress
Private subnet
Database
Private subnet
Application
Security group
ElastiCacheRedis
Security group
ECSTask
Security group Nat
Cluster
Cache node
Nat Instance
Security group ALB
Application Load
Balancer
ECS Cluster
Amazon ECR
VPC
AWS CDK
Copilot CLI
Security group
AuroraCluster
Fargate Task
Job database
update AWS Step Functions
ECR Image, Task,
Step Functions for job

View Slide

job init, copilot/dotnet-ef/manifest.yml で
schedule を無効にして deploy, 必要時に run
# Trigger for your task.
on:
# The scheduled trigger for your job. You can specify a Unix cron schedule or keyword (@weekly) or a rate (@every 1h30m)
# AWS Schedule Expressions are also accepted: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html
schedule: "none"
$ copilot job deploy --name dotnet-ef --env staging
$ copilot job init --app asp-net-core-6 --dockerfile App/Dockerfile.ef --name dotnet-ef
$ copilot job run --name dotnet-ef --env staging
$ copilot job logs --name dotnet-ef --env staging
copilot/dotnet-ef/7de2018 Build started...
copilot/dotnet-ef/7de2018 Build succeeded.
copilot/dotnet-ef/7de2018 The Entity Framework tools version
'6.0.11' is older than that of the runtime '7.0.0'. Update
the tools for the latest features and bug fixes. See
https://aka.ms/AAc1fbw for more information.
copilot/dotnet-ef/7de2018 No migrations were applied. The
database is already up to date.
copilot/dotnet-ef/7de2018 Done.

View Slide

皆様のお役に⽴てれば幸いです 🍻

View Slide

THANK YOU!

View Slide

AWS Copilot with AWS CDK

AWS Copilot with AWS CDK

@twingo_b

More Decks by @twingo_b

Other Decks in Technology

Featured

Transcript