让我们使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第6部分,蓝/绿部署的前半部分

首先

我想从头开始详细解释如何使用Rails和Nuxt3制作待办事项清单。

使用个人电脑时,请考虑使用Mac操作系统。

已完成的构图如下所示。

aws_structure.png

另外,GitHub仓库在这里。

 

每个系列如下所示。

使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第一部分,Rails基本设置
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第二部分,Rails API
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第三部分,Nuxt.js
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第四部分,TerraformECS前期
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第五部分,TerraformECS后期
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第六部分,Blue/Green部署前期
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第七部分,Blue/Green部署后期

代码管道

如果您能参考一下,我们正在使用一个容器进行蓝/绿部署的版本。

 

主.tf

在 main.tf 文件中添加以下内容。

为了等待ECS服务的启动,保持以下注释的状态并应用,
成功后,取消注释并重新应用。


module "codepipeline" {
  source             = "./modules/codepipeline"
  app_name           = var.app_name
  web_app_name       = var.web_app_name
  api_app_name       = var.api_app_name
  api_blue_arn       = module.elb.api_blue_arn
  web_blue_arn       = module.elb.web_blue_arn
  api_green_arn      = module.elb.api_green_arn
  web_green_arn      = module.elb.web_green_arn
  http_arn           = module.elb.http_arn
  api_blue_name      = module.elb.api_blue_name
  web_blue_name      = module.elb.web_blue_name
  api_green_name     = module.elb.api_green_name
  web_green_name     = module.elb.web_green_name
  cluster-name       = module.ecs.cluster-name
  api-service-name   = module.ecs.api-service-name
  web-service-name   = module.ecs.web-service-name
  api-definition-arn = module.ecs.api-definition-arn
  web-definition-arn = module.ecs.web-definition-arn
}

云监控

在将代码从GitHub镜像到CodeCommit之后,使用CloudWatch来监视CodePipeline的触发情况。

resource "aws_cloudwatch_event_rule" "image_push" {
  name     = "codecommit_push"
  role_arn = aws_iam_role.cwe_role.arn

  event_pattern = jsonencode({
    source      = ["aws.codecommit"]
    detail-type = ["CodeCommit Repository State Change"]
    resources   = ["${aws_codecommit_repository.codecommit_repository.arn}"]

    detail = {
      event         = ["referenceCreated", "referenceUpdated"]
      referenceType = ["branch"]
      referenceName = ["main"]
    }
  })
}
resource "aws_cloudwatch_event_target" "codepipeline" {
  rule      = aws_cloudwatch_event_rule.image_push.name
  target_id = "${var.app_name}-Image-Push-Codepipeline"
  arn       = aws_codepipeline.codepipeline.arn
  role_arn  = aws_iam_role.cwe_role.arn
}

第三个选项

代码流水线的资源首先保存到S3中,然后经过传输执行下一个动作。

代码源保存在CodeSource中,在CodeBuild中保存在BuildArtif目录中。

 

resource "aws_s3_bucket" "codepipeline_bucket" {
  bucket        = "codepipeline-bucket-${random_string.s3_unique_key.result}"
  force_destroy = true
}

resource "random_string" "s3_unique_key" {
  length  = 6
  upper   = false
  lower   = true
  numeric = true
  special = false
}

我是

我会给予CodePipeline、CodeCommit和CodeBuild许可。

resource "aws_iam_role" "codepipeline_role" {
  name = "codepipeline-role"
  assume_role_policy = jsonencode({

    Statement = [
      {
        Effect = "Allow"
        Action = "sts:AssumeRole"
        Principal = {
          Service = "codepipeline.amazonaws.com"
        }
      }
    ]
  })
  tags = {
    Name = "${var.app_name}-codepipeline-role"
  }
}

resource "aws_iam_role" "codebuild-role" {
  name = "${var.app_name}-codebuild-role"
  assume_role_policy = jsonencode({
    Statement = [
      {
        Effect = "Allow"
        Action = "sts:AssumeRole"
        Principal = {
          Service = "codebuild.amazonaws.com"
        }
      }
    ]
  })
  tags = {
    Name = "${var.app_name}-codebuild-role"
  }
}

resource "aws_iam_role" "codedeploy-role" {
  name = "${var.app_name}-codedeploy-role"
  assume_role_policy = jsonencode({
    Statement = [
      {
        Effect = "Allow"
        Action = "sts:AssumeRole"
        Principal = {
          Service = "codedeploy.amazonaws.com"
        }
      }
    ]
  })
  tags = {
    Name = "${var.app_name}-codedeploy-role"
  }
}

# cloud watch
resource "aws_iam_role" "cwe_role" {
  name = "${var.app_name}-cwe-role"
  assume_role_policy = jsonencode({

    Version = "2012-10-17"
    Statement = [
      {
        Sid    = ""
        Effect = "Allow"
        Action = "sts:AssumeRole"
        Principal = {
          Service = "events.amazonaws.com"
        }
      }
    ]
  })
  tags = {
    Name = "${var.app_name}-cwe-role"
  }
}
resource "aws_iam_role_policy" "codepipeline-policy" {
  name   = "codepipeline-policy"
  role   = aws_iam_role.codepipeline_role.id
  policy = data.aws_iam_policy_document.codepipeline-policy.json
}

data "aws_iam_policy_document" "codepipeline-policy" {
  statement {
    effect = "Allow"

    actions = [
      "s3:GetObject",
      "s3:GetObjectVersion",
      "s3:GetBucketVersioning",
      "s3:PutObjectAcl",
      "s3:PutObject",
    ]

    resources = [
      aws_s3_bucket.codepipeline_bucket.arn,
      "${aws_s3_bucket.codepipeline_bucket.arn}/*"
    ]
  }
  statement {
    effect = "Allow"

    actions = [
      "ecr:DescribeImages",
    ]

    resources = ["*"]
  }
  statement {
    effect = "Allow"

    actions = [
      "codedeploy:CreateDeployment",
      "codedeploy:GetDeployment",
      "codedeploy:GetApplication",
      "codedeploy:GetApplicationRevision",
      "codedeploy:RegisterApplicationRevision",
      "codedeploy:GetDeploymentConfig",
      "ecs:RegisterTaskDefinition"
    ]

    resources = ["*"]
  }
  statement {
    effect = "Allow"
    actions = [
      "codecommit:GetBranch",
      "codecommit:GetCommit",
      "codecommit:UploadArchive",
      "codecommit:GetUploadArchiveStatus",
      "codecommit:CancelUploadArchive"
    ]
    resources = ["${aws_codecommit_repository.codecommit_repository.arn}"]
  }
  statement {
    effect = "Allow"

    actions = [
      "codebuild:BatchGetBuilds",
      "codebuild:StartBuild",
    ]

    resources = ["*"]
  }
  statement {
    effect = "Allow"
    actions = [
      "iam:GetRole",
      "iam:PassRole"
    ]

    resources = ["*"]
  }
}

resource "aws_iam_role_policy" "codebuild-policy" {
  name   = "codebuild-policy"
  role   = aws_iam_role.codebuild-role.name
  policy = data.aws_iam_policy_document.codebuild-policy.json
}

data "aws_iam_policy_document" "codebuild-policy" {
  statement {
    effect = "Allow"

    actions = [
      "logs:CreateLogGroup",
      "logs:CreateLogStream",
      "logs:PutLogEvents",
    ]

    resources = ["*"]
  }
  statement {
    effect  = "Allow"
    actions = ["s3:*"]
    resources = [
      aws_s3_bucket.codepipeline_bucket.arn,
      "${aws_s3_bucket.codepipeline_bucket.arn}/*",
    ]
  }
  statement {
    effect    = "Allow"
    actions   = ["ecs:DescribeTaskDefinition"]
    resources = ["*"]
  }
}
# cloud watch
resource "aws_iam_policy" "cwe_policy" {
  name = "${var.app_name}-cwe-policy"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "codepipeline:StartPipelineExecution",
        ]
        Resource = [
          "${aws_codepipeline.codepipeline.arn}",
        ]
        Effect = "Allow"
      },
    ]
  })
}
resource "aws_iam_policy_attachment" "cws_policy_attachment" {

  name       = "${var.app_name}-cwe-policy"
  roles      = [aws_iam_role.cwe_role.name]
  policy_arn = aws_iam_policy.cwe_policy.arn
}

resource "aws_iam_role_policy_attachment" "AWSCodeDeployRoleForECS" {
  policy_arn = "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS"
  role       = aws_iam_role.codedeploy-role.name
}