第 9 章:ECS 設定
Reference Link
ECS
aws ecs cluster
resource "aws_ecs_cluster" "foo" {
name = "white-hart"
setting {
name = "containerInsights"
value = "enabled"
}
}
aws ecs cluster with log
resource "aws_kms_key" "example" {
description = "example"
deletion_window_in_days = 7
}
resource "aws_cloudwatch_log_group" "example" {
name = "example"
}
resource "aws_ecs_cluster" "test" {
name = "example"
configuration {
execute_command_configuration {
kms_key_id = aws_kms_key.example.arn
logging = "OVERRIDE"
log_configuration {
cloud_watch_encryption_enabled = true
cloud_watch_log_group_name = aws_cloudwatch_log_group.example.name
}
}
}
}
aws ecs service
resource "aws_ecs_service" "mongo" {
name = "mongodb"
cluster = aws_ecs_cluster.foo.id
task_definition = aws_ecs_task_definition.mongo.arn
desired_count = 3
iam_role = aws_iam_role.foo.arn
depends_on = [aws_iam_role_policy.foo]
ordered_placement_strategy {
type = "binpack"
field = "cpu"
}
load_balancer {
target_group_arn = aws_lb_target_group.foo.arn
container_name = "mongo"
container_port = 8080
}
placement_constraints {
type = "memberOf"
expression = "attribute:ecs.availability-zone in [us-west-2a, us-west-2b]"
}
}
ECS service ignoring Changes to Desired Count
resource "aws_ecs_service" "example" {
# ... other configurations ...
# Example: Create service with 2 instances to start
desired_count = 2
# Optional: Allow external changes without Terraform plan difference
lifecycle {
ignore_changes = [desired_count]
}
}
Daemon Scheduling Strategy
resource "aws_ecs_service" "bar" {
name = "bar"
cluster = aws_ecs_cluster.foo.id
task_definition = aws_ecs_task_definition.bar.arn
scheduling_strategy = "DAEMON"
}
CloudWatch Deployment Alarms
resource "aws_ecs_service" "example" {
name = "example"
cluster = aws_ecs_cluster.example.id
alarms {
enable = true
rollback = true
alarm_names = [
aws_cloudwatch_metric_alarm.example.alarm_name
]
}
}
External Deployment Controller
resource "aws_ecs_service" "example" {
name = "example"
cluster = aws_ecs_cluster.example.id
deployment_controller {
type = "EXTERNAL"
}
}
ecs capacity provider
resource "aws_autoscaling_group" "test" {
# ... other configuration, including potentially other tags ...
tag {
key = "AmazonECSManaged"
value = true
propagate_at_launch = true
}
}
resource "aws_ecs_capacity_provider" "test" {
name = "test"
auto_scaling_group_provider {
auto_scaling_group_arn = aws_autoscaling_group.test.arn
managed_termination_protection = "ENABLED"
managed_scaling {
maximum_scaling_step_size = 1000
minimum_scaling_step_size = 1
status = "ENABLED"
target_capacity = 10
}
}
}
ecs cluster capacity providers
resource "aws_ecs_cluster" "example" {
name = "my-cluster"
}
resource "aws_ecs_cluster_capacity_providers" "example" {
cluster_name = aws_ecs_cluster.example.name
capacity_providers = ["FARGATE"]
default_capacity_provider_strategy {
base = 1
weight = 100
capacity_provider = "FARGATE"
}
}
ECS Task
ECS task
resource "aws_ecs_task_definition" "service" {
family = "service"
container_definitions = jsonencode([
{
name = "first"
image = "service-first"
cpu = 10
memory = 512
essential = true
portMappings = [
{
containerPort = 80
hostPort = 80
}
]
},
{
name = "second"
image = "service-second"
cpu = 10
memory = 256
essential = true
portMappings = [
{
containerPort = 443
hostPort = 443
}
]
}
])
volume {
name = "service-storage"
host_path = "/ecs/service-storage"
}
placement_constraints {
type = "memberOf"
expression = "attribute:ecs.availability-zone in [us-west-2a, us-west-2b]"
}
}
ECS task with AppMesh Proxy
resource "aws_ecs_task_definition" "service" {
family = "service"
container_definitions = file("task-definitions/service.json")
proxy_configuration {
type = "APPMESH"
container_name = "applicationContainerName"
properties = {
AppPorts = "8080"
EgressIgnoredIPs = "169.254.170.2,169.254.169.254"
IgnoredUID = "1337"
ProxyEgressPort = 15001
ProxyIngressPort = 15000
}
}
}
ECS with Docker Volume
resource "aws_ecs_task_definition" "service" {
family = "service"
container_definitions = file("task-definitions/service.json")
volume {
name = "service-storage"
docker_volume_configuration {
scope = "shared"
autoprovision = true
driver = "local"
driver_opts = {
"type" = "nfs"
"device" = "${aws_efs_file_system.fs.dns_name}:/"
"o" = "addr=${aws_efs_file_system.fs.dns_name},rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport"
}
}
}
}
ECS with EFS Volume
resource "aws_ecs_task_definition" "service" {
family = "service"
container_definitions = file("task-definitions/service.json")
volume {
name = "service-storage"
efs_volume_configuration {
file_system_id = aws_efs_file_system.fs.id
root_directory = "/opt/data"
transit_encryption = "ENABLED"
transit_encryption_port = 2999
authorization_config {
access_point_id = aws_efs_access_point.test.id
iam = "ENABLED"
}
}
}
}
ECS with FSX Volume
resource "aws_ecs_task_definition" "service" {
family = "service"
container_definitions = file("task-definitions/service.json")
volume {
name = "service-storage"
fsx_windows_file_server_volume_configuration {
file_system_id = aws_fsx_windows_file_system.test.id
root_directory = "\\data"
authorization_config {
credentials_parameter = aws_secretsmanager_secret_version.test.arn
domain = aws_directory_service_directory.test.name
}
}
}
}
resource "aws_secretsmanager_secret_version" "test" {
secret_id = aws_secretsmanager_secret.test.id
secret_string = jsonencode({ username : "admin", password : aws_directory_service_directory.test.password })
}
ECS task with container_definitions and inference_accelerator
resource "aws_ecs_task_definition" "test" {
family = "test"
container_definitions = <<TASK_DEFINITION
[
{
"cpu": 10,
"command": ["sleep", "10"],
"entryPoint": ["/"],
"environment": [
{"name": "VARNAME", "value": "VARVAL"}
],
"essential": true,
"image": "jenkins",
"memory": 128,
"name": "jenkins",
"portMappings": [
{
"containerPort": 80,
"hostPort": 8080
}
],
"resourceRequirements":[
{
"type":"InferenceAccelerator",
"value":"device_1"
}
]
}
]
TASK_DEFINITION
inference_accelerator {
device_name = "device_1"
device_type = "eia1.medium"
}
}
ECS task using runtime_platform and fargate
resource "aws_ecs_task_definition" "test" {
family = "test"
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
cpu = 1024
memory = 2048
container_definitions = <<TASK_DEFINITION
[
{
"name": "iis",
"image": "mcr.microsoft.com/windows/servercore/iis",
"cpu": 1024,
"memory": 2048,
"essential": true
}
]
TASK_DEFINITION
runtime_platform {
operating_system_family = "WINDOWS_SERVER_2019_CORE"
cpu_architecture = "X86_64"
}
}
ECS task set
resource "aws_ecs_task_set" "example" {
service = aws_ecs_service.example.id
cluster = aws_ecs_cluster.example.id
task_definition = aws_ecs_task_definition.example.arn
load_balancer {
target_group_arn = aws_lb_target_group.example.arn
container_name = "mongo"
container_port = 8080
}
}
ECS ignoring Changes to Scale
resource "aws_ecs_task_set" "example" {
# ... other configurations ...
# Example: Run 50% of the servcie's desired count
scale {
value = 50.0
}
# Optional: Allow external changes without Terraform plan difference
lifecycle {
ignore_changes = ["scale"]
}
}