ECS "Select a valid deployment group for the service." CodeDeploy
ECS "Select a valid deployment group for the service." CodeDeploy
我是 运行 错误“Select 服务的有效部署组。”当我尝试在我的 ecs 服务上进行 blue/green 部署时。 (https://monosnap.bugsmasher.online/marcoschmiedel/20200716192812untnf_.png)
谁能告诉我什么是“有效部署组”?
这是我的环境作为 yaml 文件....
感谢帮助...
#
#--------------------------------------------------------------------------
# AWS TEMPLATE VERSION
#--------------------------------------------------------------------------
#
# FIRST WE DECLARE THE CLOUDFORMATION TEMPLATE VERSION SO THAT THE COMPILER
# WORK WITH THE CORRECT SYNTAX.
#
AWSTemplateFormatVersion: '2010-09-09'
#
#--------------------------------------------------------------------------
# PARAMETERS
#--------------------------------------------------------------------------
#
# WE SET GLOBAL PARAMETERS FOR BETTER HANDLING OF THE YAML FILE. THESE CAN
# BE EASILY ADJUSTED IF NECESSARY.
#
Parameters:
#
# APPSLUG IS DECLARED AS AN IDENTIFIER FOR THIS CLOUD FORMATION STACK.
# IT IS USED IN MOST OF THE RESOURCES (E.G. TAGS) FOR BETTER
# DIFFERENTIATION.
#
AppSlug:
Type: String
Default: "polaris-1337"
#
# THE WILDCARD SUBDOMAIN * .ITMAXCLOUD.COM WAS MANUALLY DEFINED FOR ALL
# ENVIRONMENTS. THE ASSOCIATED SSL CERTIFICATE MUST BE REFERENCED WITHIN
# THIS CLOUD FORMATION STACK.
#
WildcardDomain:
Type: String
Default: "itmaxcloud.com"
SSLCert:
Type: String
Default: "arn:aws:acm:eu-central-1:643325912344:certificate/b4df1ca3-6a5b-476e-8bd1-cec600ea6dc8"
#
# ????? CODE DEPLOY ARN
#
CodeDeployArn:
Type: String
Default: "arn:aws:iam::643325912344:role/CodeDeploy"
#
#--------------------------------------------------------------------------
# RESOURCES
#--------------------------------------------------------------------------
#
# RESOURCES ARE THE BUILDING BLOCKS THAT MAKE UP THE ENVIRONMENT.
#
Resources:
#------------------------------------------------------------------------
# NETWORK
#------------------------------------------------------------------------
#
# VPC
# A VPC (VIRTUAL PRIVATE CLOUD) IS LIKA A VIRTUAL CONTAINER IN WHICH ALL
# OUR NETWORKS ARE LOCATED.
#
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: '10.0.0.0/16'
EnableDnsHostnames: "true"
EnableDnsSupport: "true"
InstanceTenancy: "default"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-vpc"
#
# SUBNET
# SUBNETS ARE THE ACTUAL PHYSICAL NETWORKS WITHIN THE VPC. THESE ARE
# LOCATED IN THREE DIFFERENT AVAILABILITY ZONES.
#
SubnetAlpha:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: '10.0.10.0/24'
AvailabilityZone: !Sub "${AWS::Region}a"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-alpha"
SubnetBeta:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: '10.0.20.0/24'
AvailabilityZone: !Sub "${AWS::Region}b"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-beta"
SubnetGamma:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: '10.0.30.0/24'
AvailabilityZone: !Sub "${AWS::Region}c"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-gamma"
#
# INTERNET GATEWAY
# AN INTERNET GATEWAY IS JUST ANOTHER NETWORK IN OUR VPC. IT HAS A SIMILAR
# STATUS LIKE A SUBNET AND OFFERS "THE INTERNET AS A NETWORK".
#
InternetGateway:
Type: AWS::EC2::InternetGateway
InternetGatewayAttachement:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref 'Vpc'
InternetGatewayId: !Ref 'InternetGateway'
#
# ROUTE TABLE
# THE ROUTE TABLE IS THE ORCHESTRATOR IN OUR VPC. IT DECIDES WHO
# COMMUNICATES WITH WHOM.
#
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'Vpc'
#
# ALL NETWORKS MUST BE ASSOCIATED WITH THE ROUTE TABLE.
#
RouteInternetGateway:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachement
Properties:
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref 'InternetGateway'
RouteTableId: !Ref 'RouteTable'
RouteSubnetAlpha:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetAlpha
RouteTableId: !Ref RouteTable
RouteSubnetBeta:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetBeta
RouteTableId: !Ref RouteTable
RouteSubnetGamma:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetGamma
RouteTableId: !Ref RouteTable
#------------------------------------------------------------------------
# LOAD BALANCER
#------------------------------------------------------------------------
#
# SECURITY GROUP
# THE LOAD BALANCER GETS A SECURITY GROUP THAT ONLY ALLOWS DESIRED
# PORTS (E.G. 80 OR 443).
#
SecurityGroupPublicLoadBalancer:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub "${AppSlug}-public-loadbalancer-security"
GroupName: !Sub "${AppSlug}-public-loadbalancer-security"
VpcId: !Ref 'Vpc'
SecurityGroupIngress:
- Description: !Sub "${AppSlug}-public-loadbalancer-security-http"
IpProtocol: tcp
CidrIp: 0.0.0.0/0
FromPort: 80
ToPort: 80
- Description: !Sub "${AppSlug}-public-loadbalancer-security-https"
IpProtocol: tcp
CidrIp: 0.0.0.0/0
FromPort: 443
ToPort: 443
Tags:
- Key: Name
Value: !Sub "${AppSlug}-public-loadbalancer-security"
#
# LOAD BALANCER
# A LOAD BALANCER SERVES AS A BASTION BETWEEN THE VPC NETWORK AND THE
# OUTSIDE WORLD. IT CONTROLS THE TRAFFIC OF THE ECS CLUSTER.
#
PublicLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: '30'
Subnets:
- !Ref SubnetAlpha
- !Ref SubnetBeta
- !Ref SubnetGamma
SecurityGroups: [!Ref 'SecurityGroupPublicLoadBalancer']
Tags:
- Key: Name
Value: !Sub "${AppSlug}-public-loadbalancer"
#
# LOAD BALANCER LISTENER
# A LOAD BALANCER CAN REGISTER ONE LISTENER PER PORT. THIS LISTENER
# CAN BE EQUIPPED WITH VARIOUS RULES THEN. (IN OUR CASE WE EQUIP
# THE STANDARD PATH FROM PORT 80 WITH A REDIRECT TO 443. THE STANDARD
# PATH OF PORT 443 RETURNS THE HTTP ERROR 400.)
#
HttpListenerPublicLoadBalancer:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
DefaultActions:
- Type: "redirect"
RedirectConfig:
Protocol: "HTTPS"
Port: "443"
Host: "#{host}"
Path: "/#{path}"
Query: "#{query}"
StatusCode: "HTTP_301"
LoadBalancerArn: !Ref PublicLoadBalancer
Port: 80
Protocol: "HTTP"
HttpsListenerPublicLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: fixed-response
FixedResponseConfig:
StatusCode: 400
LoadBalancerArn: !Ref PublicLoadBalancer
Port: '443'
Protocol: HTTPS
Certificates:
- CertificateArn: !Sub "${SSLCert}"
#------------------------------------------------------------------------
# ECS
#------------------------------------------------------------------------
#
# ECS CLUSTER
# THE ECS CLUSTER MANAGES THE PROVISION OF VARIOUS SERVICES (E.G. DOCKER
# CONTAINERS). WITH FARGATE, THERE IS NO NEED TO MAINTAIN EC2 HARDWARE
# ANY LONGER.
#
EcsCluster:
Type: AWS::ECS::Cluster
Properties:
Tags:
- Key: Name
Value: !Sub "${AppSlug}-ecs"
#------------------------------------------------------------------------
# CodeDeploy
#------------------------------------------------------------------------
#
# ?
#
CodeDeploy:
Type: AWS::CodeDeploy::Application
Properties:
ApplicationName: !Sub "${AppSlug}-code-deploy"
ComputePlatform: Lambda
CodeDeployDeploymentGroup:
Type: 'AWS::CodeDeploy::DeploymentGroup'
Properties:
ApplicationName: !Ref CodeDeploy
DeploymentConfigName: CodeDeployDefault.LambdaAllAtOnce
DeploymentStyle:
DeploymentType: BLUE_GREEN
DeploymentOption: WITH_TRAFFIC_CONTROL
ServiceRoleArn: !Sub "${CodeDeployArn}"
#------------------------------------------------------------------------
# WEBAPP CONTAINER
#------------------------------------------------------------------------
#
# TASK
# A TASK IS A JOB THAT WE WANT TO RUN. IN THE CASE OF ECS AND FARGATE,
# THIS PART CONSISTS PARAMETERS FOR DOCKER AND THE FARGATE SERVER
# HARDWARE.
#
TaskWebapp:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
# DOCKER PARAMETERS
- Name: !Sub "${AppSlug}-webapp-container"
Image: "httpd:latest"
PortMappings:
- ContainerPort: 80
Protocol: "tcp"
StartTimeout: 60
# FARGATE PARAMETERS
Cpu: "256"
Memory: "512"
RequiresCompatibilities:
- "FARGATE"
NetworkMode: "awsvpc"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-task"
#
# SECURITY GROUP
# THE CONTAINER NEEDS A SECURITY GROUP WITH WHICH IT CAN BE REACHED
# FROM THE LOADBALANCER.
#
SecurityGroupWebapp:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub "${AppSlug}-webapp-security"
GroupName: !Sub "${AppSlug}-webapp-security"
SecurityGroupIngress:
- Description: !Sub "${AppSlug}-webapp-security-http"
IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref SecurityGroupPublicLoadBalancer
VpcId: !Ref Vpc
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-security"
#
# TARGET GROUP
# ?????
#
TargetGroupBlueWebapp:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckPath: /
HealthCheckPort: '80'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 2
HealthyThresholdCount: 3
Matcher:
HttpCode: '200'
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-target-blue"
TargetType: ip
UnhealthyThresholdCount: 4
VpcId: !Ref Vpc
TargetGroupGreenWebapp:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckPath: /
HealthCheckPort: '80'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 2
HealthyThresholdCount: 3
Matcher:
HttpCode: '200'
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-target-green"
TargetType: ip
UnhealthyThresholdCount: 4
VpcId: !Ref Vpc
# Regelwerk für listener
ListenerRuleWebapp:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
ForwardConfig:
TargetGroups:
- TargetGroupArn: !Ref TargetGroupBlueWebapp
Weight: 1
- TargetGroupArn: !Ref TargetGroupGreenWebapp
Weight: 2
Conditions:
- Field: host-header
HostHeaderConfig:
Values:
- !Sub "webapp.${WildcardDomain}"
ListenerArn: !Ref HttpsListenerPublicLoadBalancer
Priority: 1
#
# ECS SERVICE
# ?????
#
ServiceWebapp:
DependsOn: HttpsListenerPublicLoadBalancer
Type: AWS::ECS::Service
Properties:
Cluster: !Ref EcsCluster
DeploymentController:
Type: "CODE_DEPLOY"
DesiredCount: 2
LaunchType: "FARGATE"
LoadBalancers:
- ContainerName: !Sub "${AppSlug}-webapp-container"
ContainerPort: 80
TargetGroupArn: !Ref TargetGroupBlueWebapp
- ContainerName: !Sub "${AppSlug}-webapp-container"
ContainerPort: 80
TargetGroupArn: !Ref TargetGroupGreenWebapp
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: "ENABLED"
SecurityGroups:
- !Ref SecurityGroupWebapp
Subnets:
- !Ref SubnetAlpha
- !Ref SubnetBeta
- !Ref SubnetGamma
# PropagateTags: "TASK_DEFINITION"
SchedulingStrategy: "REPLICA"
TaskDefinition: !Ref TaskWebapp
# DNS ?
myDNSOne:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: itmaxcloud.com.
Comment: some comments maybe?.
RecordSets:
- Name: webapp.itmaxcloud.com.
Type: CNAME
TTL: '900'
SetIdentifier: Some Identifiery here
Weight: '1'
ResourceRecords:
- !GetAtt PublicLoadBalancer.DNSName
您正在使用 ECS,但您的 CodeDeploy 应用程序设置为 Lambda。应该设置为ECS:
CodeDeploy:
Type: AWS::CodeDeploy::Application
Properties:
ApplicationName: !Sub "${AppSlug}-code-deploy"
ComputePlatform: ECS # <-- NOT Lambda
可能还有更多问题,但不正确的 ComputePlatform 是最明显的一个。
我是 运行 错误“Select 服务的有效部署组。”当我尝试在我的 ecs 服务上进行 blue/green 部署时。 (https://monosnap.bugsmasher.online/marcoschmiedel/20200716192812untnf_.png)
谁能告诉我什么是“有效部署组”?
这是我的环境作为 yaml 文件....
感谢帮助...
#
#--------------------------------------------------------------------------
# AWS TEMPLATE VERSION
#--------------------------------------------------------------------------
#
# FIRST WE DECLARE THE CLOUDFORMATION TEMPLATE VERSION SO THAT THE COMPILER
# WORK WITH THE CORRECT SYNTAX.
#
AWSTemplateFormatVersion: '2010-09-09'
#
#--------------------------------------------------------------------------
# PARAMETERS
#--------------------------------------------------------------------------
#
# WE SET GLOBAL PARAMETERS FOR BETTER HANDLING OF THE YAML FILE. THESE CAN
# BE EASILY ADJUSTED IF NECESSARY.
#
Parameters:
#
# APPSLUG IS DECLARED AS AN IDENTIFIER FOR THIS CLOUD FORMATION STACK.
# IT IS USED IN MOST OF THE RESOURCES (E.G. TAGS) FOR BETTER
# DIFFERENTIATION.
#
AppSlug:
Type: String
Default: "polaris-1337"
#
# THE WILDCARD SUBDOMAIN * .ITMAXCLOUD.COM WAS MANUALLY DEFINED FOR ALL
# ENVIRONMENTS. THE ASSOCIATED SSL CERTIFICATE MUST BE REFERENCED WITHIN
# THIS CLOUD FORMATION STACK.
#
WildcardDomain:
Type: String
Default: "itmaxcloud.com"
SSLCert:
Type: String
Default: "arn:aws:acm:eu-central-1:643325912344:certificate/b4df1ca3-6a5b-476e-8bd1-cec600ea6dc8"
#
# ????? CODE DEPLOY ARN
#
CodeDeployArn:
Type: String
Default: "arn:aws:iam::643325912344:role/CodeDeploy"
#
#--------------------------------------------------------------------------
# RESOURCES
#--------------------------------------------------------------------------
#
# RESOURCES ARE THE BUILDING BLOCKS THAT MAKE UP THE ENVIRONMENT.
#
Resources:
#------------------------------------------------------------------------
# NETWORK
#------------------------------------------------------------------------
#
# VPC
# A VPC (VIRTUAL PRIVATE CLOUD) IS LIKA A VIRTUAL CONTAINER IN WHICH ALL
# OUR NETWORKS ARE LOCATED.
#
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: '10.0.0.0/16'
EnableDnsHostnames: "true"
EnableDnsSupport: "true"
InstanceTenancy: "default"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-vpc"
#
# SUBNET
# SUBNETS ARE THE ACTUAL PHYSICAL NETWORKS WITHIN THE VPC. THESE ARE
# LOCATED IN THREE DIFFERENT AVAILABILITY ZONES.
#
SubnetAlpha:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: '10.0.10.0/24'
AvailabilityZone: !Sub "${AWS::Region}a"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-alpha"
SubnetBeta:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: '10.0.20.0/24'
AvailabilityZone: !Sub "${AWS::Region}b"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-beta"
SubnetGamma:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: '10.0.30.0/24'
AvailabilityZone: !Sub "${AWS::Region}c"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-gamma"
#
# INTERNET GATEWAY
# AN INTERNET GATEWAY IS JUST ANOTHER NETWORK IN OUR VPC. IT HAS A SIMILAR
# STATUS LIKE A SUBNET AND OFFERS "THE INTERNET AS A NETWORK".
#
InternetGateway:
Type: AWS::EC2::InternetGateway
InternetGatewayAttachement:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref 'Vpc'
InternetGatewayId: !Ref 'InternetGateway'
#
# ROUTE TABLE
# THE ROUTE TABLE IS THE ORCHESTRATOR IN OUR VPC. IT DECIDES WHO
# COMMUNICATES WITH WHOM.
#
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'Vpc'
#
# ALL NETWORKS MUST BE ASSOCIATED WITH THE ROUTE TABLE.
#
RouteInternetGateway:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachement
Properties:
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref 'InternetGateway'
RouteTableId: !Ref 'RouteTable'
RouteSubnetAlpha:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetAlpha
RouteTableId: !Ref RouteTable
RouteSubnetBeta:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetBeta
RouteTableId: !Ref RouteTable
RouteSubnetGamma:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetGamma
RouteTableId: !Ref RouteTable
#------------------------------------------------------------------------
# LOAD BALANCER
#------------------------------------------------------------------------
#
# SECURITY GROUP
# THE LOAD BALANCER GETS A SECURITY GROUP THAT ONLY ALLOWS DESIRED
# PORTS (E.G. 80 OR 443).
#
SecurityGroupPublicLoadBalancer:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub "${AppSlug}-public-loadbalancer-security"
GroupName: !Sub "${AppSlug}-public-loadbalancer-security"
VpcId: !Ref 'Vpc'
SecurityGroupIngress:
- Description: !Sub "${AppSlug}-public-loadbalancer-security-http"
IpProtocol: tcp
CidrIp: 0.0.0.0/0
FromPort: 80
ToPort: 80
- Description: !Sub "${AppSlug}-public-loadbalancer-security-https"
IpProtocol: tcp
CidrIp: 0.0.0.0/0
FromPort: 443
ToPort: 443
Tags:
- Key: Name
Value: !Sub "${AppSlug}-public-loadbalancer-security"
#
# LOAD BALANCER
# A LOAD BALANCER SERVES AS A BASTION BETWEEN THE VPC NETWORK AND THE
# OUTSIDE WORLD. IT CONTROLS THE TRAFFIC OF THE ECS CLUSTER.
#
PublicLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: '30'
Subnets:
- !Ref SubnetAlpha
- !Ref SubnetBeta
- !Ref SubnetGamma
SecurityGroups: [!Ref 'SecurityGroupPublicLoadBalancer']
Tags:
- Key: Name
Value: !Sub "${AppSlug}-public-loadbalancer"
#
# LOAD BALANCER LISTENER
# A LOAD BALANCER CAN REGISTER ONE LISTENER PER PORT. THIS LISTENER
# CAN BE EQUIPPED WITH VARIOUS RULES THEN. (IN OUR CASE WE EQUIP
# THE STANDARD PATH FROM PORT 80 WITH A REDIRECT TO 443. THE STANDARD
# PATH OF PORT 443 RETURNS THE HTTP ERROR 400.)
#
HttpListenerPublicLoadBalancer:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
DefaultActions:
- Type: "redirect"
RedirectConfig:
Protocol: "HTTPS"
Port: "443"
Host: "#{host}"
Path: "/#{path}"
Query: "#{query}"
StatusCode: "HTTP_301"
LoadBalancerArn: !Ref PublicLoadBalancer
Port: 80
Protocol: "HTTP"
HttpsListenerPublicLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: fixed-response
FixedResponseConfig:
StatusCode: 400
LoadBalancerArn: !Ref PublicLoadBalancer
Port: '443'
Protocol: HTTPS
Certificates:
- CertificateArn: !Sub "${SSLCert}"
#------------------------------------------------------------------------
# ECS
#------------------------------------------------------------------------
#
# ECS CLUSTER
# THE ECS CLUSTER MANAGES THE PROVISION OF VARIOUS SERVICES (E.G. DOCKER
# CONTAINERS). WITH FARGATE, THERE IS NO NEED TO MAINTAIN EC2 HARDWARE
# ANY LONGER.
#
EcsCluster:
Type: AWS::ECS::Cluster
Properties:
Tags:
- Key: Name
Value: !Sub "${AppSlug}-ecs"
#------------------------------------------------------------------------
# CodeDeploy
#------------------------------------------------------------------------
#
# ?
#
CodeDeploy:
Type: AWS::CodeDeploy::Application
Properties:
ApplicationName: !Sub "${AppSlug}-code-deploy"
ComputePlatform: Lambda
CodeDeployDeploymentGroup:
Type: 'AWS::CodeDeploy::DeploymentGroup'
Properties:
ApplicationName: !Ref CodeDeploy
DeploymentConfigName: CodeDeployDefault.LambdaAllAtOnce
DeploymentStyle:
DeploymentType: BLUE_GREEN
DeploymentOption: WITH_TRAFFIC_CONTROL
ServiceRoleArn: !Sub "${CodeDeployArn}"
#------------------------------------------------------------------------
# WEBAPP CONTAINER
#------------------------------------------------------------------------
#
# TASK
# A TASK IS A JOB THAT WE WANT TO RUN. IN THE CASE OF ECS AND FARGATE,
# THIS PART CONSISTS PARAMETERS FOR DOCKER AND THE FARGATE SERVER
# HARDWARE.
#
TaskWebapp:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
# DOCKER PARAMETERS
- Name: !Sub "${AppSlug}-webapp-container"
Image: "httpd:latest"
PortMappings:
- ContainerPort: 80
Protocol: "tcp"
StartTimeout: 60
# FARGATE PARAMETERS
Cpu: "256"
Memory: "512"
RequiresCompatibilities:
- "FARGATE"
NetworkMode: "awsvpc"
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-task"
#
# SECURITY GROUP
# THE CONTAINER NEEDS A SECURITY GROUP WITH WHICH IT CAN BE REACHED
# FROM THE LOADBALANCER.
#
SecurityGroupWebapp:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub "${AppSlug}-webapp-security"
GroupName: !Sub "${AppSlug}-webapp-security"
SecurityGroupIngress:
- Description: !Sub "${AppSlug}-webapp-security-http"
IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref SecurityGroupPublicLoadBalancer
VpcId: !Ref Vpc
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-security"
#
# TARGET GROUP
# ?????
#
TargetGroupBlueWebapp:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckPath: /
HealthCheckPort: '80'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 2
HealthyThresholdCount: 3
Matcher:
HttpCode: '200'
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-target-blue"
TargetType: ip
UnhealthyThresholdCount: 4
VpcId: !Ref Vpc
TargetGroupGreenWebapp:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckPath: /
HealthCheckPort: '80'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 2
HealthyThresholdCount: 3
Matcher:
HttpCode: '200'
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: !Sub "${AppSlug}-webapp-target-green"
TargetType: ip
UnhealthyThresholdCount: 4
VpcId: !Ref Vpc
# Regelwerk für listener
ListenerRuleWebapp:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
ForwardConfig:
TargetGroups:
- TargetGroupArn: !Ref TargetGroupBlueWebapp
Weight: 1
- TargetGroupArn: !Ref TargetGroupGreenWebapp
Weight: 2
Conditions:
- Field: host-header
HostHeaderConfig:
Values:
- !Sub "webapp.${WildcardDomain}"
ListenerArn: !Ref HttpsListenerPublicLoadBalancer
Priority: 1
#
# ECS SERVICE
# ?????
#
ServiceWebapp:
DependsOn: HttpsListenerPublicLoadBalancer
Type: AWS::ECS::Service
Properties:
Cluster: !Ref EcsCluster
DeploymentController:
Type: "CODE_DEPLOY"
DesiredCount: 2
LaunchType: "FARGATE"
LoadBalancers:
- ContainerName: !Sub "${AppSlug}-webapp-container"
ContainerPort: 80
TargetGroupArn: !Ref TargetGroupBlueWebapp
- ContainerName: !Sub "${AppSlug}-webapp-container"
ContainerPort: 80
TargetGroupArn: !Ref TargetGroupGreenWebapp
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: "ENABLED"
SecurityGroups:
- !Ref SecurityGroupWebapp
Subnets:
- !Ref SubnetAlpha
- !Ref SubnetBeta
- !Ref SubnetGamma
# PropagateTags: "TASK_DEFINITION"
SchedulingStrategy: "REPLICA"
TaskDefinition: !Ref TaskWebapp
# DNS ?
myDNSOne:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: itmaxcloud.com.
Comment: some comments maybe?.
RecordSets:
- Name: webapp.itmaxcloud.com.
Type: CNAME
TTL: '900'
SetIdentifier: Some Identifiery here
Weight: '1'
ResourceRecords:
- !GetAtt PublicLoadBalancer.DNSName
您正在使用 ECS,但您的 CodeDeploy 应用程序设置为 Lambda。应该设置为ECS:
CodeDeploy:
Type: AWS::CodeDeploy::Application
Properties:
ApplicationName: !Sub "${AppSlug}-code-deploy"
ComputePlatform: ECS # <-- NOT Lambda
可能还有更多问题,但不正确的 ComputePlatform 是最明显的一个。