- \u3042\u307e\u308a\u5909\u66f4\u304c\u5c11\u306a\u3044\u30a4\u30f3\u30d5\u30e9\u5468\u308a\u306fterraform\u304b\u3089\u66f4\u65b0<\/ul>\n<\/li>\n<\/ul>\n
- \n
- terraform<\/ul>\n<\/li>\n<\/ul>\n
- \n
- aws cli<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- session-manager-plugin<\/ul>\n
$ terraform -v\r\nTerraform v1.4.6\r\non darwin_amd64\r\n\r\n$ aws --version\r\naws-cli\/2.11.16 Python\/3.11.3 Darwin\/22.4.0 exe\/x86_64 prompt\/off\r\n<\/code><\/pre>\n\u9884\u8bbe<\/h2>\n
# tfstate\u7ba1\u7406\u7528\u306bS3\u30d0\u30b1\u30c3\u30c8\u4f5c\u6210<\/span>\r\naws s3 mb s3:\/\/y-oka-ecs-dev\r\n\r\n# ECR\u30ea\u30dd\u30b8\u30c8\u30ea\u4f5c\u6210<\/span>\r\naws ecr create-repository --repository-name<\/span> y-oka-ecs\/dev\/nginx\r\naws ecr create-repository --repository-name<\/span> y-oka-ecs\/dev\/php-fpm\r\n\r\n# tfvars\u30b3\u30d4\u30fc<\/span>\r\ncp <\/span>example.tfvars .\/environments\/dev\/dev.tfvars\r\n\r\n# terraform\u521d\u671f\u5316<\/span>\r\nterraform init\r\n<\/code><\/pre>\n\u521b\u5efaECS\u4efb\u52a1\u5b9a\u4e49<\/h3>\n
ECS\u7684\u914d\u7f6e\u7531terraform\u8fdb\u884c\u7ba1\u7406\uff0c\u4f46ECR\u548c\u4efb\u52a1\u5b9a\u4e49\u7531GitHub Actions\u8fdb\u884c\u7ba1\u7406\uff0c\u56e0\u6b64\u8981\u4e8b\u5148\u5728terraform\u548c\u4efb\u52a1\u5b9a\u4e49\u7684json\u4e2d\u7edf\u4e00\u89d2\u8272\u540d\u79f0\u548c\u65e5\u5fd7\u7ec4\u8def\u5f84\u3002<\/p>\n
- \n
- \n
- family\uff08\u4f8b\uff1ay-oka-ecs-dev\uff09<\/ul>\n<\/li>\n<\/ul>\n
- \n
- taskRoleArn\uff08\u4f8b\uff1ay-oka-ecs-task-execution\uff09<\/ul>\n<\/li>\n<\/ul>\n
- \n
- logConfiguration\u306eawslogs-group\uff08\u4f8b\uff1a\/y-oka-ecs\/ecs\uff09<\/ul>\n<\/li>\n<\/ul>\n
- \n
- secrets\u306evalueFrom\uff08\u4f8b\uff1a\/y-oka-ecs\/dev\/APP_KEY\uff09<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- \u3092\u63c3\u3048\u308b<\/ul>\n
ecs\/dev\/task_definition\/y-oka-ecs.json \u53ef\u4ee5\u88ab\u63cf\u8ff0\u4e3aecs\/dev\/task_definition\/y-oka-ecs.json\u53ef\u4ee5\u88ab\u5f62\u5bb9\u4e3a\u3002<\/p>\n
\"family\": \"y-oka-ecs-dev\",\r\n \"taskRoleArn\": \"arn:aws:iam::<aws\u306e\u30a2\u30ab\u30a6\u30f3\u30c8ID>:role\/y-oka-ecs-dev-task-execution\",\r\n \"executionRoleArn\": \"arn:aws:iam::<aws\u306e\u30a2\u30ab\u30a6\u30f3\u30c8ID>:role\/y-oka-ecs-dev-task-execution\",\r\n ...\r\n \"secrets\": [\r\n {\r\n \"name\": \"APP_KEY\",\r\n \"valueFrom\": \"\/y-oka-ecs\/dev\/APP_KEY\"\r\n },\r\n ...\r\n\r\n \"logConfiguration\": {\r\n \"logDriver\": \"awslogs\",\r\n \"options\": {\r\n \"awslogs-region\": \"ap-northeast-1\",\r\n \"awslogs-group\": \"\/y-oka-ecs\/ecs\",\r\n \"awslogs-stream-prefix\": \"dev\"\r\n }\r\n }\r\n<\/code><\/pre>\n\u7531\u4e8e\u96c6\u7fa4\u548c\u670d\u52a1\u5c1a\u672a\u901a\u8fc7Terraform\u521b\u5efa\uff0c\u56e0\u6b64\u8bf7\u5c06\u5176\u6ce8\u91ca\u6389\u3002<\/p>\n
-<\/span> name<\/span>:<\/span> Deploy to ECS TaskDefinition<\/span>\r\n uses<\/span>:<\/span> aws-actions\/amazon-ecs-deploy-task-definition@v1<\/span>\r\n with<\/span>:<\/span>\r\n task-definition<\/span>:<\/span> ${{ steps.render-nginx-container.outputs.task-definition }}<\/span>\r\n # cluster: ${{ env.ECS_CLUSTER }}<\/span>\r\n # service: ${{ env.ECS_SERVICE }}<\/span>\r\n\r\n<\/code><\/pre>\n\u4f7f\u7528GitHub Actions\u6267\u884c\u4efb\u52a1\u5b9a\u4e49\u521b\u5efaCI\u3002<\/h4>\n
\u5728\u6267\u884cCI\u4e4b\u524d\uff0c\u5728GitHub Actions\u4e2d\u8bbe\u7f6eSecrets\u3002\u8bbe\u7f6e\u597dSecrets\u540e\uff0c\u63a8\u9001\u5e76\u6267\u884cECS\u90e8\u7f72CI\u3002<\/p>\n
git push origin develop\r\n<\/code><\/pre>\n\u57df\u540d\u8a2d\u7f6e<\/h3>\n
\u8fd9\u6b21\u8981\u8bbe\u7f6e\u57df\u540d\u4ee5\u4fbf\u901a\u8fc7https\u8fde\u63a5\u3002\u56e0\u4e3a\u6211\u62e5\u6709\u4e00\u4e2a\u540d\u4e3a”okdyy75.com”\u7684\u57df\u540d\u5728Google\u57df\u540d\u4e0a\uff0c\u6240\u4ee5\u6211\u4f1a\u5728Route53\u4e0a\u521b\u5efa\u4e00\u4e2a\u540d\u4e3a”dev-laravel-ecs.okdyy75.com”\u7684\u65b0\u57df\u540d\uff0c\u5e76\u8bbe\u7f6e\u8bc1\u4e66\u3002<\/p>\n
\u901a\u8fc7Route53\u521b\u5efa\u57df\u540d<\/h4>\n
\u5728Route53\u4e0a\u521b\u5efa\u4e00\u4e2a\u540d\u4e3a\u201cdev-laravel-ecs.okdyy75.com\u201d\u7684\u4e3b\u673a\u533a\u57df\u3002<\/p>\n
\u521b\u5efa\u4e3b\u673a\u533a\u57df\u65f6\u4f1a\u81ea\u52a8\u751f\u6210NS\u8bb0\u5f55\u548cSOA\u8bb0\u5f55\u3002<\/p>\n
![\"Route53\u304b\u3089\u30c9\u30e1\u30a4\u30f3\u4f5c\u6210\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8941913a08637a6c579e\/28-0.png\" "\\"\\"")
<\/div>\n\u5c06\u8be5NS\u8bb0\u5f55\u7684\u57df\u540d\u670d\u52a1\u5668\u6ce8\u518c\u5230Google\u57df\u540d\u3002<\/p>\n
![\"\u30cd\u30fc\u30e0\u30b5\u30fc\u30d0\u30fc\u3092Google\u30c9\u30e1\u30a4\u30f3\u306b\u767b\u9332\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8941913a08637a6c579e\/30-0.png\" "\\"\\"")
<\/div>\n\u521b\u5efa\u7684\u57df\u540d\u8bc1\u4e66\u521b\u5efa<\/h4>\n
\u4eceAWS\u8bc1\u4e66\u7ba1\u7406\u5668\uff08ACM\uff09\u8bf7\u6c42\u201cdev-laravel-ecs.okdyy75.com\u201d\u57df\u7684\u8bc1\u4e66\uff0c
\n\u521b\u5efa\u540e\uff0c\u4ece\u8bc1\u4e66\u8be6\u7ec6\u9875\u9762\u6267\u884c\u201c\u5728Route53\u4e2d\u521b\u5efa\u8bb0\u5f55\u201d\u3002<\/p>\n![\"\u8a3c\u660e\u66f8\u3092Route53\u306b\u767b\u9332\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8941913a08637a6c579e\/33-0.png\" "\\"\\"")
<\/div>\n\u51c6\u5907\u5de5\u4f5c\u5df2\u7ecf\u5b8c\u6210\u4e86\uff01<\/p>\n
\n\u5f00\u53d1\u7684\u8fc7\u7a0b<\/h2>\n
- \n
- \n
- \u4ecedevelop\u5206\u652f\u521b\u5efatopic\u5206\u652f\u3002<\/ol>\n<\/li>\n<\/ol>\n
- \n
- \u5982\u679c\u8981\u66f4\u65b0\u57fa\u7840\u67b6\u6784\uff0c\u8bf7\u521b\u5efa\u4e00\u4e2a\u4fee\u6539\u4e86terraform\/\u76ee\u5f55\u7684\u5206\u652f\u3002<\/ol>\n<\/li>\n<\/ol>\n
- \n
- \u5982\u679c\u8981\u66f4\u65b0\u4efb\u52a1\u5b9a\u4e49\u6216\u8d44\u6e90\uff0c\u8bf7\u521b\u5efa\u4e00\u4e2a\u4fee\u6539\u4e86ecs\/\u6216web\/\u76ee\u5f55\u7684\u5206\u652f\u3002<\/ol>\n<\/li>\n<\/ol>\n
\u5728\u5408\u5e76\u4fee\u6539\u4e86terraform\u7684\u5206\u652f\u4e4b\u524d\uff0c\u624b\u52a8\u8fd0\u884cGitHub Actions\u4e2d\u7684Terraform\u8ba1\u5212CI\uff08terraform_plan_dev.yml\uff09\u6765\u786e\u8ba4\u3002
\n\u5c06topic\u5206\u652f\u5408\u5e76\u5230develop\u5206\u652f\u3002\u5408\u5e76\u540e\uff0c\u5404\u4e2aGitHub Actions\u5c06\u4f1a\u8fd0\u884c\u3002<\/p>\n\u5982\u679c\u4fee\u6539\u4e86terraform\/\u76ee\u5f55\uff0c\u5c06\u6267\u884cterraform apply\u3002<\/p>\n
\u5982\u679c\u4fee\u6539\u4e86ecs\/\u6216web\/\u76ee\u5f55\uff0c\u4efb\u52a1\u5b9a\u4e49\u5c06\u4f1a\u66f4\u65b0\uff0c\u65b0\u4efb\u52a1\u5c06\u4f1a\u90e8\u7f72\u3002<\/p>\n
\u5982\u679c\u60f3\u5728\u53d1\u5e03\u540e\u8fd0\u884cartisan\u547d\u4ee4\uff0c\u8bf7\u6267\u884cGitHub Actions\u4e2d\u7684ECS Exec\u547d\u4ee4CI\uff08ecs_exec_cmd_dev.yml\uff09\u3002<\/p>\n
\u4f8b\u5982\uff0c\u5982\u679c\u8981\u6267\u884cSeeder\uff0c\u53ef\u4ee5\u4f7f\u7528”php”\uff0c”\/var\/www\/web\/laravel\/artisan”\uff0c”db:seed”\uff0c”–class=UserSeeder”\uff0c”–force”\u8fd9\u6837\u7684\u547d\u4ee4\u6765\u6267\u884c\u3002<\/p>\n
\u89e3\u6790Terraform<\/h2>\n
\u57fa\u672c\u4e0a\uff0c\u6211\u4eec\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u73af\u5883\u5c06\u76ee\u5f55\u5206\u5f00\uff0c\u5e76\u5728terraform\/environments\/\u8def\u5f84\u4e0b\u6267\u884cterraform apply<\/p>\n
\u4e3b\u8981\u7684tf\u6587\u4ef6<\/h3>\n
\u7f51\u7edc\u8bbe\u7f6e\u6ca1\u6709\u6545\u610f\u6a21\u5757\u5316\uff0c\u800c\u662f\u6839\u636e\u6bcf\u4e2a\u73af\u5883\u6765\u521b\u5efa\u3002
\n\u8bf7\u6ce8\u610ftfstate\u6587\u4ef6\u540d\u662f\u786c\u7f16\u7801\u7684\u3002
\n\u8bf7\u9884\u5148\u5728Route53\u4e0a\u6ce8\u518c\u57df\u540d\u5e76\u751f\u6210\u8bc1\u4e66\u3002<\/p>\nterraform\/environments\/dev\/main.tf —> terraform\/\u73af\u5883\/dev\/main.tf<\/p>\n
terraform<\/span> {<\/span>\r\n required_version<\/span> =<\/span> \"~> 1.4.6\"<\/span>\r\n required_providers<\/span> {<\/span>\r\n aws<\/span> =<\/span> {<\/span>\r\n source<\/span> =<\/span> \"hashicorp\/aws\"<\/span>\r\n version<\/span> =<\/span> \"~> 4.65.0\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n backend<\/span> \"s3\"<\/span> {<\/span>\r\n bucket<\/span> =<\/span> \"y-oka-ecs-dev\"<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span>\r\n key<\/span> =<\/span> \"y-oka-ecs-dev.tfstate\"<\/span>\r\n encrypt<\/span> =<\/span> true<\/span>\r\n }<\/span>\r\n}<\/span>\r\n\r\nprovider<\/span> \"aws\"<\/span> {<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span>\r\n default_tags<\/span> {<\/span>\r\n tags<\/span> =<\/span> {<\/span>\r\n env<\/span> =<\/span> var<\/span>.<\/span>env<\/span>\r\n service<\/span> =<\/span> var<\/span>.<\/span>app_name<\/span>\r\n Name<\/span> =<\/span> var<\/span>.<\/span>app_name<\/span>\r\n }<\/span>\r\n }<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"env\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\nvariable<\/span> \"app_domain\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\nvariable<\/span> \"app_name\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\nvariable<\/span> \"app_key\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\nvariable<\/span> \"db_name\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\nvariable<\/span> \"db_username\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\nvariable<\/span> \"db_password\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\n\r\noutput<\/span> \"variable_env\"<\/span> {<\/span>\r\n value<\/span> =<\/span> var<\/span>.<\/span>env<\/span>\r\n}<\/span>\r\noutput<\/span> \"variable_app_name\"<\/span> {<\/span>\r\n value<\/span> =<\/span> var<\/span>.<\/span>app_name<\/span>\r\n}<\/span>\r\n\r\n###########################################################<\/span>\r\n### \u30cd\u30c3\u30c8\u30ef\u30fc\u30af <\/span>\r\n############################################################<\/span>\r\n### VPC ####################<\/span>\r\nresource<\/span> \"aws_vpc\"<\/span> \"main\"<\/span> {<\/span>\r\n cidr_block<\/span> =<\/span> \"10.0.0.0\/16\"<\/span>\r\n tags<\/span> =<\/span> {<\/span>\r\n Name<\/span> =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>app_name<\/span>}<\/span>-<\/span>${<\/span>var<\/span>.<\/span>env<\/span>}<\/span>-vpc\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n\r\n### Public ####################<\/span>\r\n## Subnet<\/span>\r\nresource<\/span> \"aws_subnet\"<\/span> \"public_1a\"<\/span> {<\/span>\r\n vpc_id<\/span> =<\/span> aws_vpc<\/span>.<\/span>main<\/span>.<\/span>id<\/span>\r\n availability_zone<\/span> =<\/span> \"ap-northeast-1a\"<\/span>\r\n cidr_block<\/span> =<\/span> \"10.0.1.0\/24\"<\/span>\r\n tags<\/span>
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \u983b\u7e41\u306b\u5909\u66f4\u3055\u308c\u308b\u30bd\u30fc\u30b9\u3084\u30bf\u30b9\u30af\u5b9a\u7fa9\u306fGitHub Actions\u304b\u3089\u66f4\u65b0<\/ul>\n
\u52aa\u529b\u53bb\u5b9e\u73b0\u3002<\/p>\n
\u5e0c\u671b\u6211\u6839\u636e\u4e0d\u540c\u73af\u5883\u5206\u914d\u76ee\u5f55\uff0c\u5e76\u8003\u8651\u5b9e\u9645\u8fd0\u884c\u60c5\u51b5\u8fdb\u884c\u6784\u5efa\uff0c\u5e0c\u671b\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\u3002<\/p>\n
\u793a\u4f8b\u4ee3\u7801\u53ef\u4ee5\u5728\u4ee5\u4e0b\u94fe\u63a5\u4e2d\u627e\u5230\uff1ahttps:\/\/github.com\/okdyy75\/dev-laravel-ecs-terraform-sample<\/p>\n
![\"\u30b7\u30b9\u30c6\u30e0\u69cb\u6210\u56f3\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8941913a08637a6c579e\/5-0.png\" "\\"\\"")
<\/div>\n\u76ee\u5f55\u7ed3\u6784<\/h2>\n.\r\n\u251c\u2500\u2500 docker ...\u30ed\u30fc\u30ab\u30eb\u958b\u767a\u7528Docker\r\n\u251c\u2500\u2500 docker-compose.yml ...\u30ed\u30fc\u30ab\u30eb\u958b\u767a\u7528Docker Compose\r\n\u251c\u2500\u2500 docker-compose.yml.dev ...ECR\u7528Dockerfile\u306e\u30d3\u30eb\u30c9\u53c2\u8003\u7528Docker Compose\r\n\u251c\u2500\u2500 ecs ...ecs\u95a2\u9023\uff08ECR\u30fb\u30bf\u30b9\u30af\u5b9a\u7fa9\uff09\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 dev\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 container ...ECR\u7528Dockerfile\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 task_definition ...\u30bf\u30b9\u30af\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\r\n\u251c\u2500\u2500 system.drawio ...\u30b7\u30b9\u30c6\u30e0\u69cb\u6210\u56f3\r\n\u251c\u2500\u2500 terraform ...terraform\u95a2\u9023\uff08\u30a4\u30f3\u30d5\u30e9\u5468\u308a\uff09\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 environments\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 dev ...dev\u74b0\u5883\u5411\u3051terraform\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 example.tfvars ...\u74b0\u5883\u5909\u6570\u30d5\u30a1\u30a4\u30eb\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 modules\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ecs ...ecs\u95a2\u9023\u306e\u69cb\u6210\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 rds ...rds\u95a2\u9023\u306e\u69cb\u6210\r\n\u2514\u2500\u2500 web\r\n \u2514\u2500\u2500 laravel ... Laravel\u672c\u4f53\r\n<\/code><\/pre>\n\u6267\u884c\u73af\u5883\u548c\u6240\u9700\u5de5\u5177<\/h2>\n\n
.\r\n\u251c\u2500\u2500 docker ...\u30ed\u30fc\u30ab\u30eb\u958b\u767a\u7528Docker\r\n\u251c\u2500\u2500 docker-compose.yml ...\u30ed\u30fc\u30ab\u30eb\u958b\u767a\u7528Docker Compose\r\n\u251c\u2500\u2500 docker-compose.yml.dev ...ECR\u7528Dockerfile\u306e\u30d3\u30eb\u30c9\u53c2\u8003\u7528Docker Compose\r\n\u251c\u2500\u2500 ecs ...ecs\u95a2\u9023\uff08ECR\u30fb\u30bf\u30b9\u30af\u5b9a\u7fa9\uff09\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 dev\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 container ...ECR\u7528Dockerfile\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 task_definition ...\u30bf\u30b9\u30af\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\r\n\u251c\u2500\u2500 system.drawio ...\u30b7\u30b9\u30c6\u30e0\u69cb\u6210\u56f3\r\n\u251c\u2500\u2500 terraform ...terraform\u95a2\u9023\uff08\u30a4\u30f3\u30d5\u30e9\u5468\u308a\uff09\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 environments\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 dev ...dev\u74b0\u5883\u5411\u3051terraform\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 example.tfvars ...\u74b0\u5883\u5909\u6570\u30d5\u30a1\u30a4\u30eb\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 modules\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ecs ...ecs\u95a2\u9023\u306e\u69cb\u6210\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 rds ...rds\u95a2\u9023\u306e\u69cb\u6210\r\n\u2514\u2500\u2500 web\r\n \u2514\u2500\u2500 laravel ... Laravel\u672c\u4f53\r\n<\/code><\/pre>\n\u6267\u884c\u73af\u5883\u548c\u6240\u9700\u5de5\u5177<\/h2>\n\n