项目作者: mpon

项目描述 :
Operation of ECS Fargate by Terraform
高级语言: HCL
项目地址: git://github.com/mpon/tf-ecs-fargate-pipeline-example.git
创建时间: 2020-01-22T00:41:30Z
项目社区:https://github.com/mpon/tf-ecs-fargate-pipeline-example

开源协议:MIT License

下载


tf-ecs-fargate-pipeline-example

This is a terraform configuration for deploying a sample Rails application mpon/rails-blog-example in Fargate.

This repository is just an example, but we are aiming for a level that can be used even for production operations, and to complete the CI/CD only with AWS services, also without using shell like sed to replace image tag.

You can use this repository to try creating your own AWS infrastructure!

  • VPC
  • ECS on Fargate and Fargate Spot with capacity provider
  • ECS Application Auto Scaling by Target Tracking Scaling Policies
  • ECS Scheduled Task
  • CodePipline triggerd by GitHub
  • CodeBuild
  • CodeDeploy with B/G Deployments
  • RDS

structure
pipeline
ecs
fargate_spot
scheduled_task
codepipeline

Terraform Structure

  1. .
  2. └── terraform
  3. ├── common # resources that exist throught account, like a iam, ecr registry etc.
  4. ├── main.tf # provider, terraform backend settings etc.
  5. ├── outputs.tf # to use value from another terraform.state
  6. └── variables.tf # for constant variables
  7. ├── dev # development environments
  8. ├── stg # staging environments
  9. ├── prod # production environments
  10. └── modules # terraform module

Requirements

Getting Started

0. environments

  1. # You can set any region
  2. export AWS_DEFAULT_REGION=ap-northeast-1
  3. # S3 bucket to be used by Terraform remote backend
  4. export TF_VAR_remote_backend=<your s3 bucket>
  5. # GitHub personal token to be used by github provider
  6. export GITHUB_TOKEN=***********************
  7. # Configure aws-cli.
  8. # We have not confirmed the minimum policy, it works AdministratorAccess at least.
  9. # NOTE: In production environments, you have to reduce policy.
  10. aws configure

1. create remote backend

  1. aws s3api create-bucket --bucket $TF_VAR_remote_backend --region $AWS_DEFAULT_REGION \
  2. --create-bucket-configuration LocationConstraint=$AWS_DEFAULT_REGION
  3. aws s3api put-bucket-versioning --bucket $TF_VAR_remote_backend --versioning-configuration Status=Enabled

2. terraform apply(common)

We have to create ECR, IAM, and so on first. This output value will be used by another environments.

  1. cd terraform/common
  2. make init
  3. make plan
  4. make apply

3. terraform apply staging and production

Next, create some environments. If you would fail to apply, please retry once or twice.

  1. cd terraform/stg # also terraform/prod
  2. make init
  3. make plan
  4. make apply

Then, it shows ALB DNS name in terminal, you can access it.
At the same time, CodePipeline will be started and deploy rails application after a while.

Clean up

  1. cd terraform/stg
  2. terraform destroy
  3. cd terraform/prod
  4. terraform destroy
  5. cd terraform/common
  6. terraform destroy

Deploy pipeline

staging

  1. push staging branch in mpon/rails-blog-example
  2. start staging CodePipeline
  3. start CodeBuild
  4. build docker image and push ECR
  5. migrate database
  6. sync assets
  7. get files to deploy ECS from S3 (taskdef, appspec)
  8. start CodeDeploy B/G Deployments

production

  1. push master branch in mpon/rails-blog-example
  2. start production CodePipeline
  3. start CodeBuild
  4. build docker image and push ECR
  5. migrate database
  6. sync assets
  7. get files to deploy ECS from S3 (taskdef, appspec)
  8. start CodeDeploy B/G Deployments

Note for using in production

  • Use HTTPS listener
  • Set enable_deletion_protection of ALB to true
  • Set force_destroy of S3 bucket to false
  • Change RDS username/password
  • Change resource name using random_pet that makes it unique in this example