Written by nodejs-style
on 

[CICD / ECS] CodePipeline으로 ECS Fargate 배포 자동화 #3 - 테라폼...

[CICD / ECS] CodePipeline으로 ECS Fargate 배포 자동화 #3 - 테라폼...

Terraform을 활용하여 간단한 인프라 환경을 프로비저닝 하였다.

❯ tree . ├── alb.tf ├── autoscaling.tf ├── data.tf ├── ec2.tf ├── ecr.tf ├── ecs.tf ├── env │ └── test.tfvars ├── global_vars.tf -> ../common/variables/global_vars.tf ├── iam_roles.tf ├── locals.tf ├── outputs.tf ├── provider.tf ├── scripts │ └── common │ └── amz2_init.sh ├── security_groups.tf ├── templates │ └── taskdef │ └── nodejs_app.json.tpl ├── variables.tf └── vpc.tf 5 directories, 17 files

VPC 생성 설명은 생략

1. ALB

Blue - Green 배포를 위해 ALB에 Target Group을 2EA 생성하였다.

locals { ssl_policy = "ELBSecurityPolicy-2016-08" nodejs_app_listener_http_port = 80 nodejs_app_listener_https_port = 443 } ############################################################################ # Route 53 -> WEB ALB ( A Record ) ############################################################################ resource "aws_route53_record" "nodejs_app" { zone_id = data.aws_route53_zone.pingping2_shop.zone_id name = var.domain type = "A" alias { name = aws_lb.nodejs_app.dns_name zone_id = aws_lb.nodejs_app.zone_id evaluate_target_health = true } } ############################################################################ # WEB ALB - Security Group ############################################################################ resource "aws_security_group" "nodejs_app" { name = "${local.name_prefix}-nodejs-app-alb-sg" description = "nodejs_app ALB Security Group" vpc_id = module.main_vpc.vpc_id # Outbound egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } # Inbound ingress { description = "http" from_port = 80 to_port = 80 protocol = "TCP" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "https" from_port = 443 to_port = 443 protocol = "TCP" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "${local.name_prefix}-nodejs_app-alb-sg" Environment = var.tags.Environment } } ############################################################################ # WEB ALB ############################################################################ resource "aws_lb" "nodejs_app" { name = "${local.name_prefix}-nodejs-app-alb" internal = false # Internet Facing load_balancer_type = "application" security_groups = [aws_security_group.nodejs_app.id] subnets = module.main_vpc.public_subnets_ids enable_deletion_protection = var.nodejs_app_alb_enable_deletion_protection tags = { Name = "${local.name_prefix}-nodejs_app-alb" Environment = var.tags.Environment } } ############################################################################ # ALB Listener ############################################################################ resource "aws_lb_listener" "nodejs_app" { load_balancer_arn = aws_lb.nodejs_app.arn port = local.nodejs_app_listener_https_port # 443 protocol = "HTTPS" certificate_arn = data.aws_acm_certificate.this.arn ssl_policy = local.ssl_policy default_action { type = "forward" target_group_arn = aws_lb_target_group.nodejs_app-A.id } } ############################################################################ # ALB Listener - Redirect ############################################################################ resource "aws_lb_listener" "nodejs_app_https_redirect" { load_balancer_arn = aws_lb.nodejs_app.arn port = local.nodejs_app_listener_http_port #80 protocol = "HTTP" default_action { type = "redirect" redirect { port = "443" protocol = "HTTPS" status_code = "HTTP_301" } } } ############################################################################ # ALB Target Group - A (Blue) ############################################################################ resource "aws_lb_target_group" "nodejs_app-A" { name = "${local.name_prefix}-nodejs-app-tg-A" vpc_id = module.main_vpc.vpc_id port = var.backend_port protocol = "HTTP" health_check { interval = 30 path = "/" port = "traffic-port" protocol = "HTTP" timeout = 5 healthy_threshold = 3 unhealthy_threshold = 3 matcher = 200 } target_type = "ip" lifecycle { create_before_destroy = true } } ############################################################################ # ALB Target Group - B (Green) ############################################################################ resource "aws_lb_target_group" "nodejs_app-B" { name = "${local.name_prefix}-nodejs-app-tg-B" vpc_id = module.main_vpc.vpc_id port = var.backend_port protocol = "HTTP" health_check { interval = 30 path = "/" port = "traffic-port" protocol = "HTTP" timeout = 5 healthy_threshold = 3 unhealthy_threshold = 3 matcher = 200 } target_type = "ip" lifecycle { create_before_destroy = true } }%

2. ECS

클러스터만 생성해주었다.

////////////////////////////////////// // 1. ECS ////////////////////////////////////// resource "aws_ecs_cluster" "this" { name = local.cluster tags = { "Name" = local.name_prefix Environment = var.tags.Environment } }

3. ECR

ECR 1개를 생성하였으며, ECR Lifecycle Policy도 설정하였음.

resource "aws_ecr_repository" "nodejs_app" { name = "nodejs_app" image_scanning_configuration { scan_on_push = true } tags = { Name = "nodejs_app" Environment = var.tags.Environment } } resource "aws_ecr_lifecycle_policy" "nodejs_app_policy" { repository = aws_ecr_repository.nodejs_app.name policy = <

4. tfvars 파일

TEST 환경에서 필요한 각종 변수들을 기입해주었다.

# VPC Configuration available_azs = ["ap-northeast-2a", "ap-northeast-2c"] cidr_block = "10.60.0.0/18" public_subnet_cidr = ["10.60.0.0/20", "10.60.16.0/20"] private_subnet_cidr = ["10.60.32.0/22", "10.60.36.0/22"] # db_subnet_cidr = ["10.60.40.0/24", "10.60.41.0/24"] tags = { Service = "node" Environment = "dev" RegionAlias = "apne2" } # EC2 Configurations default_instance_type = "t3.micro" key_pair = "pingping95-key" # Security Groups Rules bastion_ingress_rules =[ # From, To, Protocol, Source CIDR, Description [22, 22, "tcp", ["0.0.0.0/0"], "SSH Inbound"] ] nodejs_app_ingress_rules =[ # From, To, Protocol, Source CIDR, Description [8080, 8080, "tcp", ["10.60.0.0/18"], "SSH Inbound"] ] # ECS Configurations // Route 53, ALB, ACM domain = "pingping2.shop" // ELB backend_port = "8080"

이후에는 웹콘솔 환경에서 CodeBuild, CodeDeploy, CodePipeline 및 IAM Roles 생성에 대해서 진행 후 CI/CD 파이프라인 생성을 진행할 예정

from http://nyyang.tistory.com/99 by ccl(A) rewrite - 2021-09-27 23:00:10