TerraformでECS環境を構築する。
驚くほど簡単にAWSでDocker環境ができてしまいます。 Terraformの基本的な話は割愛します。
設定内容(例)
EC2
ポイントはiam_instance_profile
とuser_data
です。
resource "aws_instance" "testInstance" { ami = "${data.aws_ami.amazon_linux.id}" instance_type = "t2.micro" key_name = ${var.key_name} vpc_security_group_ids = [ "${aws_security_group.hoge.id}", "${aws_security_group.hogehoge.id}" ] subnet_id = "${aws_subnet.public-c.id}" associate_public_ip_address = "true" iam_instance_profile = "instance_role" root_block_device = { volume_type = "gp2" volume_size = "8" } tags { Name = "testInstance" } user_data = "${file("userdata.sh")}" }
userdata
ECSクラスターと関連付けます。
#!/bin/bash echo ECS_CLUSTER=hogehoge >> /etc/ecs/ecs.config
ECS
resource "aws_ecs_cluster" "hogehoge" { name = "hogehoge" } resource "aws_ecs_task_definition" "hogehoge" { network_mode = "bridge" family = "hogehoge" container_definitions = "${file("task-definitions/hogehoge.json")}" } resource "aws_ecs_service" "hogehoge" { name = "hogehoge" cluster = "${aws_ecs_cluster.hogehoge.id}" task_definition = "${aws_ecs_task_definition.hogehoge.arn}" desired_count = 1 }
container_definitions
[ { "name": "hogehoge", "image": "hoge/hogehoge", "cpu": 10, "memory": 400, "essential": true, "portMappings": [ { "hostPort": 114514, "containerPort": 114514, "protocol": "tcp" } ], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "hogehoge", "awslogs-region": "ap-northeast-1", "awslogs-stream-prefix": "hogehoge" } } } ]
IAM role
resource "aws_iam_instance_profile" "instance_role" { name = "instance_role" roles = ["${aws_iam_role.instance_role.name}"] } resource "aws_iam_role" "instance_role" { name = "instance_role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } resource "aws_iam_role_policy" "instance_role_policy" { name = "instance_role_policy" role = "${aws_iam_role.instance_role.id}" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": [ "ecs:*", "logs:CreateLogStream", "logs:PutLogEvents", "logs:Describe*" ], "Effect": "Allow", "Resource": "*" } ] } EOF }
CloudWatchLogs
ECSでLogDriverにawslogs
を指定した場合、LogGroupを設定している必要がある。
resource "aws_cloudwatch_log_group" "hogehoge" { name = "hogehoge" }