Q&A
いつもお世話になっております。
terrform・AWSECS(FARGATE)を使用して、ポートフォリオのためのインフラを構成したいです。
独自ドメインを獲得し、AWSECSを使用して、nginxコンテナを立ち上げたいのですが、コンテナを立ち上げ(立ち上がってない?)て、https://独自ドメイン.comにアクセスすると
503 Service Temporarily Unavailable
とレスポンスが返ってきてしまいます。
http://独自ドメイン.comにhttp通信すると、
これは[HTTP]です。という設定したfixed responseが返ってきます。
以下、ecs.tf と task-definition.json alb.tfなど問題がありそうなソースコードを載せておきます
alb.tf
terraform
1# ALBの定義 2resource "aws_lb" "ck-ab" { 3 name = "ck-ab" 4 load_balancer_type = "application" 5 internal = false 6 idle_timeout = 60 7 enable_deletion_protection = false 8 9 subnets = [ 10 aws_subnet.public_0.id, 11 aws_subnet.public_1.id, 12 ] 13 14 15 access_logs { 16 bucket = aws_s3_bucket.alb_log.id 17 enabled = true 18 } 19 20 security_groups = [ 21 module.http_sg.security_group_id, 22 module.https_sg.security_group_id, 23 module.http_redirect_sg.security_group_id, 24 ] 25} 26 27output "alb_dns_name" { 28 value = aws_lb.ck-ab.dns_name 29} 30 31# ALBのセキュリティグループをモジュールで定義 32module "http_sg" { 33 source = "./security_group" 34 name = "http-sg" 35 vpc_id = aws_vpc.chells_kitchen.id 36 port = 80 37 cidr_blocks = ["0.0.0.0/0"] 38} 39 40module "https_sg" { 41 source = "./security_group" 42 name = "https-sg" 43 vpc_id = aws_vpc.chells_kitchen.id 44 port = 443 45 cidr_blocks = ["0.0.0.0/0"] 46} 47 48module "http_redirect_sg" { 49 source = "./security_group" 50 name = "http-redirect-sg" 51 vpc_id = aws_vpc.chells_kitchen.id 52 port = 8080 53 cidr_blocks = ["0.0.0.0/0"] 54} 55 56# HTTPリスナーの定義 57resource "aws_lb_listener" "http" { 58 load_balancer_arn = aws_lb.ck-ab.arn 59 port = "80" 60 protocol = "HTTP" 61 62 default_action { 63 type = "fixed-response" 64 65 fixed_response { 66 content_type = "text/plain" 67 message_body = "これはHTTPです" 68 status_code = "200" 69 } 70 } 71} 72 73# ホストゾーンのデータソース定義 74data "aws_route53_zone" "chealseasuke" { 75 name = "chealseasuke.com" 76} 77 78# ALBのDNSレコードの定義 79resource "aws_route53_record" "chealseasuke" { 80 zone_id = data.aws_route53_zone.chealseasuke.zone_id 81 name = data.aws_route53_zone.chealseasuke.name 82 type = "A" 83 84 alias { 85 name = aws_lb.ck-ab.dns_name 86 zone_id = aws_lb.ck-ab.zone_id 87 evaluate_target_health = true 88 } 89} 90 91output "domain_name" { 92 value = aws_route53_record.chealseasuke.name 93} 94 95# SSL証明書の定義 96resource "aws_acm_certificate" "chealseasuke" { 97 domain_name = aws_route53_record.chealseasuke.name 98 subject_alternative_names = [] 99 validation_method = "DNS" 100 101 lifecycle { 102 create_before_destroy = true 103 } 104} 105 106# SSL証明書の検証用レコードの定義 107resource "aws_route53_record" "chealseasuke_certificate" { 108 name = aws_acm_certificate.chealseasuke.domain_validation_options[0].resource_record_name 109 type = aws_acm_certificate.chealseasuke.domain_validation_options[0].resource_record_type 110 records = [aws_acm_certificate.chealseasuke.domain_validation_options[0].resource_record_value] 111 zone_id = data.aws_route53_zone.chealseasuke.id 112 ttl = 60 113} 114 115# SSL証明書の検証完了まで待機 116resource "aws_acm_certificate_validation" "chealseasuke" { 117 certificate_arn = aws_acm_certificate.chealseasuke.arn 118 validation_record_fqdns = [aws_route53_record.chealseasuke_certificate.fqdn] 119} 120 121# HTTPSリスナーの定義 122resource "aws_lb_listener" "https" { 123 load_balancer_arn = aws_lb.ck-ab.arn 124 port = "443" 125 protocol = "HTTPS" 126 certificate_arn = aws_acm_certificate.chealseasuke.arn 127 ssl_policy = "ELBSecurityPolicy-2016-08" 128 129 default_action { 130 type = "fixed-response" 131 132 fixed_response { 133 content_type = "text/plain" 134 message_body = "これはHTTPSです" 135 status_code = "200" 136 } 137 } 138} 139 140resource "aws_lb_listener" "redirect_http_to_https" { 141 load_balancer_arn = aws_lb.ck-ab.arn 142 port = "8080" 143 protocol = "HTTP" 144 145 default_action { 146 type = "redirect" 147 148 redirect { 149 port = "443" 150 protocol = "HTTPS" 151 status_code = "HTTP_301" 152 } 153 } 154} 155 156# ターゲットグループの定義 157resource "aws_lb_target_group" "ck-ab-target" { 158 name = "ck-ab-target" 159 target_type = "ip" 160 vpc_id = aws_vpc.chells_kitchen.id 161 port = 80 162 protocol = "HTTP" 163 deregistration_delay = 300 164 165 health_check { 166 path = "/" 167 healthy_threshold = 5 168 unhealthy_threshold = 2 169 timeout = 5 170 interval = 30 171 matcher = 200 172 port = "traffic-port" 173 protocol = "HTTP" 174 } 175 176 depends_on = [aws_lb.ck-ab] 177} 178 179resource "aws_lb_listener_rule" "ck-ab-rule" { 180 listener_arn = aws_lb_listener.https.arn 181 priority = 100 182 183 action { 184 type = "forward" 185 target_group_arn = aws_lb_target_group.ck-ab-target.arn 186 } 187 188 condition { 189 field = "path-pattern" 190 values = ["/*"] 191 } 192} 193
ecs.tf
terraform
1resource "aws_ecs_cluster" "ck-cluster" { 2 name = "ck-cluster" 3} 4 5# ECS タスクの定義 6resource "aws_ecs_task_definition" "ck-task-definition" { 7 family = "ck-task-definition" 8 cpu = "256" 9 memory = "512" 10 network_mode = "awsvpc" 11 requires_compatibilities = ["FARGATE"] 12 container_definitions = file("./container_definitions.json") 13 execution_role_arn = module.ecs_task_execution_role.iam_role_arn 14} 15 16# ECS サービスの定義 17resource "aws_ecs_service" "ck-service" { 18 name = "ck-service" 19 cluster = aws_ecs_cluster.ck-cluster.arn 20 task_definition = aws_ecs_task_definition.ck-task-definition.arn 21 desired_count = 2 22 launch_type = "FARGATE" 23 platform_version = "1.3.0" 24 health_check_grace_period_seconds = 60 25 26 network_configuration { 27 assign_public_ip = false 28 security_groups = [module.nginx_sg.security_group_id] 29 30 subnets = [ 31 aws_subnet.private_0.id, 32 aws_subnet.private_1.id, 33 ] 34 } 35 36 load_balancer { 37 target_group_arn = aws_lb_target_group.ck-ab-target.arn 38 container_name = "chellskitchen-nginx" 39 container_port = 80 40 } 41 42 lifecycle { 43 ignore_changes = [task_definition] 44 } 45 46 depends_on = [aws_lb_target_group.ck-ab-target] 47} 48 49module "nginx_sg" { 50 source = "./security_group" 51 name = "nginx-sg" 52 vpc_id = aws_vpc.chells_kitchen.id 53 port = 80 54 cidr_blocks = [aws_vpc.chells_kitchen.cidr_block] 55} 56 57# CloudWatch Logsの定義 58resource "aws_cloudwatch_log_group" "for_ecs" { 59 name = "/ecs/chellskitchen-logs" 60 retention_in_days = 180 61} 62 63# AmazonECSTaskExecutionRolePolicyの定義(CloudWatch Logsの捜査権限をECSに与える) 64data "aws_iam_policy" "ecs_task_execution_role_policy" { 65 arn = "arn:aws:iam::aws:policy/serrvice-role/AmazonECSTaskExexutionRolePolicy" 66} 67 68# ECSタスク実行IAMロールのポリシードキュメントの定義 69data "aws_iam_policy_document" "ecs_task_execution" { 70 source_json = data.aws_iam_policy.ecs_task_execution_role_policy.policy 71 72 statement { 73 effect = "Allow" 74 actions = ["ssm:GetParameters", "kms:Decrypt"] 75 resources = ["*"] 76 } 77} 78 79module "ecs_task_execution_role" { 80 source = "./iam_role" 81 name = "ecs-task-execution" 82 identifier = "ecs-tasks.amazonaws.com" 83 policy = data.aws_iam_policy_document.ecs_task_execution.json 84}
task-definition.json
terraform
1[ 2 { 3 "name": "chellskitchen-nginx", 4 "image": "807363467264.dkr.ecr.ap-northeast-1.amazonaws.com/ck-ecr-nginx:latest", 5 "essential": true, 6 "cpu": 128, 7 "memoryReservation": 256, 8 "logConfiguration": { 9 "logDriver": "awslogs", 10 "options": { 11 "awslogs-region": "ap-northeast-1", 12 "awslogs-stream-prefix": "nginx", 13 "awslogs-group": "/ecs/chellskitchen-logs" 14 } 15 }, 16 "portMappings": [ 17 { 18 "hostPort": 80, 19 "protocol": "tcp", 20 "containerPort": 80 21 } 22 ], 23 "command": ["nginx", "-g", "daemon off;", "-c", "/etc/nginx/nginx.conf"] 24 } 25]
以上です。
ぜひお力添え頂ければ幸いです。
また、全てのソースコードが見たい場合は私のgithubを載せておきますので、お手数ですが、ご確認ください。
https://github.com/kosuke-ikeura/DockerChellsKitchen/tree/master/terraform
何卒よろしくお願い致します。
あなたの回答
tips
プレビュー
