AWS CLI용 AWS CloudFormation 명령을 사용하여 Amazon ECS 리소스 생성
다음 자습서에서는 AWS CLI를 사용하여 AWS CloudFormation 템플릿을 통해 Amazon ECS 리소스를 생성하는 방법을 보여줍니다.
사전 조건
-
Amazon ECS 사용 설정의 단계가 완료되었습니다.
-
IAM 사용자는 AmazonECS_FullAccess IAM 정책 예제에 지정된 필수 권한을 가집니다.
1단계: 스택 생성
AWS CLI를 사용하여 스택을 생성하려면 다음 단계를 수행합니다.
-
원하는 텍스트 편집기를 사용하여
ecs-tutorial-template.yaml이라는 파일을 생성합니다. -
ecs-tutorial-template.yaml파일에 다음 템플릿을 붙여 넣고 변경 사항을 저장합니다.AWSTemplateFormatVersion: 2010-09-09 Description: A template that deploys an application that is built on an Apache web server Docker image by creating an Amazon ECS cluster, task definition, and service. The template also creates networking and logging resources, and an Amazon ECS task execution role. Parameters: ClusterName: Type: String Default: CFNCluster Description: Name of the ECS Cluster TaskFamily: Type: String Default: task-definition-cfn Description: Family name for the Task Definition ServiceName: Type: String Default: cfn-service Description: Name of the ECS Service ContainerImage: Type: String Default: public.ecr.aws/docker/library/httpd:2.4 Description: Container image to use for the task TaskCpu: Type: Number Default: 256 AllowedValues: [256, 512, 1024, 2048, 4096] Description: CPU units for the task TaskMemory: Type: Number Default: 512 AllowedValues: [512, 1024, 2048, 4096, 8192, 16384] Description: Memory (in MiB) for the task DesiredCount: Type: Number Default: 1 Description: Desired number of tasks to run LogGroupName: Type: String Default: /ecs/fargate-task-definition Description: CloudWatch Log Group name VpcCidr: Type: String Default: 10.0.0.0/16 Description: CIDR block for the VPC PublicSubnet1Cidr: Type: String Default: 10.0.0.0/24 Description: CIDR block for public subnet 1 PublicSubnet2Cidr: Type: String Default: 10.0.1.0/24 Description: CIDR block for public subnet 2 Resources: # VPC and Networking Resources VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCidr EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-VPC InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Sub ${AWS::StackName}-IGW InternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [0, !GetAZs ''] CidrBlock: !Ref PublicSubnet1Cidr MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicSubnet1 PublicSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [1, !GetAZs ''] CidrBlock: !Ref PublicSubnet2Cidr MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicSubnet2 PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicRouteTable DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: InternetGatewayAttachment Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet1 PublicSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet2 # Security Group ECSSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security group for ECS tasks VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 # IAM Roles ECSTaskExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy # CloudWatch Logs TaskLogGroup: Type: AWS::Logs::LogGroup DeletionPolicy: Retain UpdateReplacePolicy: Retain Properties: LogGroupName: !Ref LogGroupName RetentionInDays: 30 # ECS Resources ECSCluster: Type: AWS::ECS::Cluster Properties: ClusterName: !Ref ClusterName ECSTaskDefinition: Type: AWS::ECS::TaskDefinition Properties: ContainerDefinitions: - Command: - >- /bin/sh -c "echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' > /usr/local/apache2/htdocs/index.html && httpd-foreground"s EntryPoint: - sh - '-c' Essential: true Image: !Ref ContainerImage LogConfiguration: LogDriver: awslogs Options: mode: non-blocking max-buffer-size: 25m awslogs-create-group: 'true' awslogs-group: !Ref LogGroupName awslogs-region: !Ref 'AWS::Region' awslogs-stream-prefix: ecs Name: sample-fargate-app PortMappings: - ContainerPort: 80 HostPort: 80 Protocol: tcp Cpu: !Ref TaskCpu ExecutionRoleArn: !GetAtt ECSTaskExecutionRole.Arn Family: !Ref TaskFamily Memory: !Ref TaskMemory NetworkMode: awsvpc RequiresCompatibilities: - FARGATE RuntimePlatform: OperatingSystemFamily: LINUX ECSService: Type: AWS::ECS::Service DependsOn: - PublicSubnet1RouteTableAssociation - PublicSubnet2RouteTableAssociation Properties: ServiceName: !Ref ServiceName Cluster: !Ref ECSCluster DesiredCount: !Ref DesiredCount LaunchType: FARGATE NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: ENABLED SecurityGroups: - !Ref ECSSecurityGroup Subnets: - !Ref PublicSubnet1 - !Ref PublicSubnet2 TaskDefinition: !Ref ECSTaskDefinition Outputs: ClusterName: Description: The name of the ECS cluster Value: !Ref ECSCluster TaskDefinitionArn: Description: The ARN of the task definition Value: !Ref ECSTaskDefinition ServiceName: Description: The name of the ECS service Value: !Ref ECSService VpcId: Description: The ID of the VPC Value: !Ref VPC PublicSubnet1: Description: The ID of public subnet 1 Value: !Ref PublicSubnet1 PublicSubnet2: Description: The ID of public subnet 2 Value: !Ref PublicSubnet2 SecurityGroup: Description: The ID of the security group Value: !Ref ECSSecurityGroup ExecutionRoleArn: Description: The ARN of the task execution role Value: !GetAtt ECSTaskExecutionRole.Arn -
템플릿 파일을 생성한 후 다음 명령을 사용하여 스택을 생성합니다.
--capabilities플래그는 템플릿에 지정된 대로 Amazon ECS 태스크 실행 역할을 생성하는 데 필요합니다.--parameters플래그를 지정하여 템플릿 파라미터를 사용자 지정할 수도 있습니다.aws cloudformation create-stack \ --stack-nameecs-stack\ --template-body file://ecs-tutorial-template.yaml\ --capabilities CAPABILITY_IAM
2단계: 리소스 생성 확인
리소스가 올바르게 생성되었는지 확인하려면 다음 단계를 수행합니다. Amazon ECS 콘솔에서 확인할 수도 있습니다.
-
다음 명령을 실행하여 AWS 리전의 모든 태스크 정의를 나열합니다.
aws ecs list-task-definitions이 명령은 태스크 정의 Amazon 리소스 이름(ARN) 목록을 반환합니다. 템플릿을 사용하여 생성한 태스크 정의의 ARN은 다음 형식으로 표시됩니다.
{ "taskDefinitionArns": [ ..... "arn:aws:ecs:aws-region:111122223333:task-definition/task-definition-cfn:1", ..... ] } -
다음 명령을 실행하여 AWS 리전의 모든 클러스터를 나열합니다.
aws ecs list-clusters이 명령은 클러스터 ARN 목록을 반환합니다. 템플릿을 사용하여 생성한 클러스터의 ARN은 다음 형식으로 표시됩니다.
{ "clusterArns": [ ..... "arn:aws:ecs:aws-region:111122223333:cluster/CFNCluster", ..... ] } -
다음 명령을 실행하여 클러스터
CFNCluster의 모든 서비스를 나열합니다.aws ecs list-services \ --clusterCFNCluster이 명령은 서비스 ARN 목록을 반환합니다. 템플릿을 사용하여 생성한 서비스의 ARN은 다음 형식으로 표시됩니다.
{ "serviceArns": [ "arn:aws:ecs:aws-region:111122223333:service/CFNCluster/cfn-service" ] }
3단계: 정리
생성한 리소스를 정리하려면 다음 명령을 실행합니다.
aws cloudformation delete-stack \ --stack-nameecs-stack
delete-stack 명령은 이 자습서에서 생성된 AWS CloudFormation 스택의 삭제를 시작하여 스택의 모든 리소스를 삭제합니다. 삭제를 확인하려면 2단계: 리소스 생성 확인의 절차를 반복하면 됩니다. 출력의 ARN 목록에는 더 이상 task-definition-cfn이라는 태스크 정의 또는 CFNCLuster라는 클러스터가 포함되지 않습니다. list-services 호출이 실패합니다.
