テンプレートは下記の通りです。
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"ProjectName": {
"Type": "String",
"Default": "Cloudpack"
},
"RoleName": {
"Type": "String",
"Default": "Ecs"
},
"KeyName": {
"Type": "AWS::EC2::KeyPair::KeyName"
},
"InstanceType": {
"Type": "String",
"Default": "t2.micro"
},
"CommonSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup::Id"
},
"VpcId": {
"Type": "AWS::EC2::VPC::Id"
},
"Az1VpcZoneIdentifier": {
"Type": "AWS::EC2::Subnet::Id"
},
"Az2VpcZoneIdentifier": {
"Type": "AWS::EC2::Subnet::Id"
},
"DesiredCapacity": {
"Type": "String",
"Default": "0"
}
},
"Mappings": {
"RegionMapping": {
"us-east-1": { "ImageId": "ami-5f59ac34" },
"us-west-2": { "ImageId": "ami-c188b0f1" },
"eu-west-1": { "ImageId": "ami-3db4ca4a" },
"ap-northeast-1": { "ImageId": "ami-ca01d8ca" },
"ap-southeast-2": { "ImageId": "ami-5b5d2661" }
}
},
"Resources": {
"Cluster": {
"Type": "AWS::ECS::Cluster"
},
"RoleSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": { "Fn::Join" : [ "", [
{ "Ref": "ProjectName" },
{ "Ref": "RoleName" }
] ] },
"VpcId": { "Ref": "VpcId" },
"SecurityGroupIngress": [],
"SecurityGroupEgress": [],
"Tags": [ {
"Key": "Name",
"Value": { "Fn::Join" : [ "", [
{ "Ref": "ProjectName" },
{ "Ref": "RoleName" },
"Instance"
] ] }
} ]
}
},
"Role": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": { "Service": [ "ec2.amazonaws.com" ] },
"Action": [ "sts:AssumeRole" ]
} ]
},
"Path": "/",
"Policies": [ {
"PolicyName": { "Fn::Join" : [ "", [
{ "Ref": "ProjectName" },
"Ecs"
] ] },
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:Submit*"
],
"Resource": [ "*" ]
} ]
}
} ]
}
},
"InstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ {
"Ref": "Role"
} ]
}
},
"LaunchConfiguration": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": "true",
"KeyName": { "Ref": "KeyName" },
"ImageId": { "Fn::FindInMap": [ "RegionMapping", { "Ref": "AWS::Region" }, "ImageId" ] },
"InstanceType": { "Ref": "InstanceType" },
"IamInstanceProfile": { "Ref": "InstanceProfile" },
"SecurityGroups": [
{ "Ref": "CommonSecurityGroup" },
{ "Ref": "RoleSecurityGroup" }
],
"UserData": { "Fn::Base64": { "Fn::Join" : [ "n", [
"#!/bin/bash",
"yum -y update",
"grubby --default-kernel | grep `uname -r` || reboot",
{ "Fn::Join" : [ "", [
"echo ECS_CLUSTER=",
{ "Ref": "Cluster" },
" >> /etc/ecs/ecs.config"
] ] }
] ] } }
}
},
"AutoScalingGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchConfigurationName": { "Ref": "LaunchConfiguration" },
"MinSize": "0",
"MaxSize": "4",
"DesiredCapacity": { "Ref": "DesiredCapacity" },
"Cooldown": "0",
"VPCZoneIdentifier": [
{ "Ref" : "Az1VpcZoneIdentifier" },
{ "Ref" : "Az2VpcZoneIdentifier" }
],
"Tags": [ {
"Key": "Name",
"Value": { "Fn::Join" : [ "", [
{ "Ref": "ProjectName" },
{ "Ref": "RoleName" }
] ] },
"PropagateAtLaunch": "true"
} ]
},
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "1"
}
}
}
},
"Outputs": {
"Cluster": {
"Value": { "Ref": "Cluster" }
},
"Role": {
"Value": { "Ref": "Role" }
},
"RoleSecurityGroup": {
"Value": { "Ref": "RoleSecurityGroup" }
}
}
}
以下、ポイントとなります。
▼CloudFormationのスタックが作られるリージョンのECSイメージが勝手に利用されるように
AMI名が”amzn-ami-2015.03.c-amazon-ecs-optimized”のものを
次のように設定しています。
"RegionMapping": {
"us-east-1": { "ImageId": "ami-5f59ac34" },
"us-west-2": { "ImageId": "ami-c188b0f1" },
"eu-west-1": { "ImageId": "ami-3db4ca4a" },
"ap-northeast-1": { "ImageId": "ami-ca01d8ca" },
"ap-southeast-2": { "ImageId": "ami-5b5d2661" }
}
▼ ECSのエージェントが動作するためのポリシーをIAMロールに指定
“ecs:*”的な操作を許可してます。
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:Submit*"
]
▼ ECSクラスター名を”/etc/ecs/ecs.config”に登録
これやっとかないとECSクラスターに登録されません!
"UserData": { "Fn::Base64": { "Fn::Join" : [ "n", [
"#!/bin/bash",
"yum -y update",
"grubby --default-kernel | grep `uname -r` || reboot",
{ "Fn::Join" : [ "", [
"echo ECS_CLUSTER=",
{ "Ref": "Cluster" },
" >> /etc/ecs/ecs.config"
] ] }
] ] } }
CloudFormationのスタック作成時のパラメータはこんな感じです。
(既にVPCやSubnetが存在する前提です)
スタックが作成し終わると、次のような”Auto Scaling”の”Launch Configuration”が
作られていることを確認できます。(“User Data”も設定されています)
“Auto Scaling Group”でインスタンスが二つ起動していることも確認できました。
ということで、ECSクラスターに登録されたEC2も二つになっていました。
元記事はこちら
CloudFormationで”Container Instance”が”Auto Scaling”で管理されているECSのクラスターを作成してみた
