github actions, ecs, ecr을 이용한 CI/CD

infra

github actions, ecs, ecr을 이용한 CI/CD - 3

jinheung90 2023. 2. 26. 16:27

ecs 설정

클러스터를 먼저 생성 해준다

이것을 테라폼으로 표현 해볼예정이다

ecs 클러스터 생성이다

resource "aws_ecs_cluster_capacity_providers" "aws_ecs_cluster_cps" {
  cluster_name = aws_ecs_cluster.jhc_cluster.name

  capacity_providers = [aws_ecs_capacity_provider.jhc-ecs-cp.name]

  default_capacity_provider_strategy {
    base              = 1
    weight            = 100
    capacity_provider = aws_ecs_capacity_provider.jhc-ecs-cp.name
  }
}

resource "aws_ecs_capacity_provider" "jhc-ecs-cp" {
  name = "${var.app_name}-${var.app_environment}-ecs-cp"

  auto_scaling_group_provider {
    auto_scaling_group_arn = aws_autoscaling_group.asg.arn
  }
}

resource "aws_ecs_cluster" "jhc_cluster" {
  name = "${var.app_name}-${var.app_environment}-ecs-cluster"

  configuration {
    execute_command_configuration {
      kms_key_id = aws_kms_key.ecs_cluster_kms_key.arn
      logging    = "OVERRIDE"

      log_configuration {
        cloud_watch_encryption_enabled = true
        cloud_watch_log_group_name     = aws_cloudwatch_log_group.ecs_cluster_log.name
        s3_bucket_name = ""
      }
    }
  }
}

아래는 보안그룹 및 위에서 연결한 autoscaling group, ec2 instance profile에 관한 내용이다

여기서 좀 헤멘 부분이 ami인데 이것을 ecs가 설치 된 ami를 선택한다

- terraform script


resource "aws_iam_instance_profile" "ecs_agent" {
  name = "ecs-agent"
  role = aws_iam_role.ecs_agent.name
}


resource "aws_security_group" "ec2-sg" {
  vpc_id = aws_vpc.jhc_vpc.id

  ingress {
    from_port        = 443
    to_port          = 443
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  ingress {
    from_port        = 8080
    to_port          = 8080
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  ingress {
    from_port        = 22
    to_port          = 22
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }
  tags = {
    Name        = "${var.app_name}-sg"
    Environment = var.app_environment
  }
}


resource "aws_launch_configuration" "ecs_launch_config" {
  image_id      = "ami-0b6d6fc5fe3f750f1" #amazon ec2
  iam_instance_profile = aws_iam_instance_profile.ecs_agent.name
  security_groups      = [aws_security_group.ec2-sg.id]
  user_data = <<EOF
        #!/bin/bash
        echo ECS_CLUSTER=${aws_ecs_cluster.jhc_cluster.name} >> /etc/ecs/ecs.config
        EOF
  instance_type        = "t3.small"
  name_prefix = "${var.app_name}-${var.app_environment}"
  key_name = "test_key"
}

resource "aws_autoscaling_group" "asg" {
  vpc_zone_identifier       = aws_subnet.public.*.id
  name                      = "${var.app_name}-${var.app_environment}-asg"
  max_size                  = 2
  min_size                  = 1
  health_check_grace_period = 300
  health_check_type         = "EC2"
  desired_capacity          = 2
  force_delete              = true #운영단에서는 false 취급한다
  target_group_arns = [aws_lb_target_group.target_group.arn]
  launch_configuration = aws_launch_configuration.ecs_launch_config.name
}