#
ドキュメント
Document
自分のための備忘録です。
AWS App Runner
AWS App Runner は、コンテナ化されたウェブアプリケーションや API を開発者が簡単かつ迅速にデプロイできるフルマネージド型サービスです。
目次
- AppRunnerの利点
- Ref
- Webサーバの前提
- AppRunnerの種類
- 複数コンテナ
- 独自ドメイン
- キャッシュ
- CopilotでAppRunnerを実行
- CDK
- AppRunerからVPCコネクタを使用してVPCに接続
AppRunnerの利点
- ALBを内包
- デフォルトドメインHTTPS
Ref
- https://docs.aws.amazon.com/apprunner/latest/dg/what-is-apprunner.html (ドキュメントトップ)
- https://docs.aws.amazon.com/apprunner/latest/dg/develop.html (イメージからApp Runnerサービスを起動するためのドキュメント)
- https://docs.aws.amazon.com/apprunner/latest/dg/monitor-cwl.html (App Runnerのログ)
Webサーバの前提
Your container instance must listen to HTTP requests, on port 8080 by default.
https://docs.aws.amazon.com/apprunner/latest/dg/develop.html
WebサーバがApacheのときはポート番号8080でリッスンすることを忘れない。
具体的には/etc/apache2/ports.confに以下を追加する。
Listen 80
+ Listen 8080
AppRunnerの種類
- ECRから起動
- GitHubソースコードから起動(ただし現状はNode.js、Pythonにのみに対応)
複数コンテナ
App RunnerはECSのサイドカーやDocker Composeのように複数のコンテナを連携することができない。
ref. https://github.com/aws/apprunner-roadmap/issues/71
なのでPHPを使用する場合のApacheは、https://hub.docker.com/_/php?tab=tags&page=1&name=apache などを使用する。
独自ドメイン
カスタムドメインを設定
DNSのCNAMEを使用した設定
独自ドメインのCNAMEにApp RunnerのURLを指定する。 この方法はトップレベルドメインで可能か(Aレコードを指定せずとも可能か)
ゾーン:example.com
foo.example.comならCNAMEのホスト名にfoo.example.comを指定してVALUEにApp RunnerのURLを指定すればよい。
しかしRoute 53以外はAレコードにApp RunnerのURLは指定できない。 example.comのAレコードを指定せずにCNAMEでApp Runnerを指定できるのか(Aレコードを省略してCNAMEを設定可能か)。
CopilotでAppRunnerを実行
注意。
Attention Request-Driven Web Service はシークレットの利用をサポートしていません。
https://aws.github.io/copilot-cli/ja/docs/developing/secrets/
Copilot Application作成
$ copilot app init copilot-app-runner-symfony-micro-web
Copilot 環境作成
- アプリケーション:copilot-app-runner-symfony-micro-web
- 環境:prod
copilot env init -n prod -a copilot-app-runner-symfony-micro-web \
--override-vpc-cidr 10.4.0.0/16 \
--override-private-cidrs 10.4.2.0/24,10.4.3.0/24 \
--override-public-cidrs 10.4.0.0/24,10.4.1.0/24
copilot env initで作成されるもの
- CloudFormationスタック:copilot-app-runner-symfony-micro-web-prod
- VPC関連:copilot-copilot-app-runner-symfony-micro-web-prod
Copilot App Runnerサービス作成
$ svc init -a copilot-app-runner-symfony-micro-web
Note: It's best to run this command in the root of your workspace.
Which service type best represents your service's architecture? [Use arrows to move, type to filter, ? for more help]
> Request-Driven Web Service (App Runner)
Load Balanced Web Service (Internet to ECS on Fargate)
Backend Service (ECS on Fargate)
Worker Service (Events to SQS to ECS on Fargate)
Note: It's best to run this command in the root of your workspace.
Service type: Request-Driven Web Service
Service name: symfony-micro-web # <--- サービス名はsymfony-micro-webとした
Which Dockerfile would you like to use for symfony-micro-web? [Use arrows to move, type to filter, ? for more help]
> .docker/Dockerfile
Enter custom path for your Dockerfile
Use an existing image instead
Dockerfile: .docker/Dockerfile
parse EXPOSE: no EXPOSE statements in Dockerfile .docker/Dockerfile
Which port do you want customer traffic sent to? [? for help] (80) <--- portは80にした
Port: 80
✔ Wrote the manifest for service symfony-micro-web at copilot/symfony-micro-web/manifest.yml
Your manifest contains configurations like your container size and port (:80).
✔ Created ECR repositories for service symfony-micro-web..
Recommended follow-up actions:
- Update your manifest copilot/symfony-micro-web/manifest.yml to change the defaults.
Copilot サービスデプロイ
copilot/symonfy-micro-web/manifest.ymlを修正
- image:
- build: .docker/Dockerfile
+ build:
+ dockerfile: .docker/Dockerfile
+ context: .
port: 80
- cpu: 1024
- memory: 2048
$ copilot svc deploy -e prod
以下のエラーが発生
Properties validation failed for resource Service with message:
#/ServiceName: expected maxLength: 40, actual: 59
#/InstanceConfiguration/Memory: expected minLength: 4, actual: 3
#/InstanceConfiguration/Memory:failed validation constraint for keyword [pattern]
#/InstanceConfiguration/Cpu: expected minLength: 4, actual: 3
#/InstanceConfiguration/Cp u: failed validation constraint for keyword [pattern]
サービス名の文字数、Memory、CPUの桁数でエラー。
Application作成
$ copilot app init copilot-apprunner
✔ Created the infrastructure to manage services and jobs under application copilot-apprunner..
✔ The directory copilot will hold service manifests for application copilot-apprunner.
環境作成
$ copilot env init -n prod -a copilot-apprunner \
--override-vpc-cidr 10.4.0.0/16 \
--override-private-cidrs 10.4.2.0/24,10.4.3.0/24 \
--override-public-cidrs 10.4.0.0/24,10.4.1.0/24
Which credentials would you like to use to create prod? [Use arrows to move, type to filter, ? for more help]
Enter temporary credentials
> [profile default]
[profile work]
Credential source: [profile default]
✔ Linked account 132586704179 and region ap-northeast-1 to application copilot-apprunner..
✔ Proposing infrastructure changes for the copilot-apprunner-prod environment.
- Creating the infrastructure for the copilot-apprunner-prod environment. [create complete] [82.9s]
- An IAM Role for AWS CloudFormation to manage resources [create complete] [24.9s]
- An ECS cluster to group your services [create complete] [8.8s]
- Enable long ARN formats for the authenticated AWS principal [create complete] [3.7s]
- An IAM Role to describe resources in your environment [create complete] [26.0s]
- A security group to allow your containers to talk to each other [create complete] [5.6s]
- An Internet Gateway to connect to the public internet [create complete] [18.1s]
- Private subnet 1 for resources with no internet access [create complete] [19.0s]
- Private subnet 2 for resources with no internet access [create complete] [19.0s]
- Public subnet 1 for resources that can access the internet [create complete] [19.0s]
- Public subnet 2 for resources that can access the internet [create complete] [19.0s]
- A Virtual Private Cloud to control networking of your AWS resources [create complete] [15.5s]
✔ Created environment prod in region ap-northeast-1 under application copilot-apprunner.
(App Runner)サービス作成
$ copilot svc init -a copilot-apprunner -n symfony-micro-web
Note: It's best to run this command in the root of your workspace.
Which service type best represents your service's architecture? [Use arrows to move, type to filter, ? for more help]
> Request-Driven Web Service (App Runner)
Load Balanced Web Service (Internet to ECS on Fargate)
Backend Service (ECS on Fargate)
Worker Service (Events to SQS to ECS on Fargate)
copilot svc init -a copilot-apprunner -n symfony-micro-web
Note: It's best to run this command in the root of your workspace.
Service type: Request-Driven Web Service
Dockerfile: .docker/Dockerfile
Port: 80
✔ Manifest file for service symfony-micro-web already exists at copilot/symfony-micro-web/manifest.yml, skipping writing it.
Your manifest contains configurations like your container size and port (:80).
✔ Created ECR repositories for service symfony-micro-web..
Recommended follow-up actions:
- Update your manifest copilot/symfony-micro-web/manifest.yml to change the defaults.
- Run `copilot svc deploy --name symfony-micro-web --env test` to deploy your service to a test environment.
Copilot サービスデプロイ
copilot/symonfy-micro-web/manifest.ymlを修正
- image:
- build: .docker/Dockerfile
+ build:
+ dockerfile: .docker/Dockerfile
+ context: .
port: 80
- cpu: 1024
- memory: 2048
$ copilot svc deploy -e prod
copilot svc deploy -e prod
Only found one service, defaulting to: symfony-micro-web
Environment prod is already on the latest version v1.6.1, skip upgrade.
[+] Building 25.7s (9/9) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 37B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/php:apache 3.5s
=> [1/4] FROM docker.io/library/php:apache@sha256:456a0a47453ee517495f82cf334325c771845fc45d1dc52098f305a8d48e59af 0.0s
=> [internal] load build context 0.9s
=> => transferring context: 142.21kB 0.8s
=> CACHED [2/4] COPY .docker/000-default.conf /etc/apache2/sites-available/000-default.conf 0.0s
=> [3/4] COPY ./ ./ 4.2s
=> [4/4] RUN chown -R www-data:www-data /var/www/html 15.5s
=> exporting to image 1.1s
=> => exporting layers 1.0s
=> => writing image sha256:ee4b90a75a801cae59bfd077a44ee8b021949dfeffdd2ae0d631c6c85e8b7473 0.0s
=> => naming to 132586704179.dkr.ecr.ap-northeast-1.amazonaws.com/copilot-apprunner/symfony-micro-web 0.0s
WARNING! Your password will be stored unencrypted in /Users/shiroshi/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Using default tag: latest
The push refers to repository [132586704179.dkr.ecr.ap-northeast-1.amazonaws.com/copilot-apprunner/symfony-micro-web]
d5c3a188b106: Pushed
21efa5b353c6: Pushed
438aee246740: Pushed
d6d644a8fbe8: Pushed
7aee8e0136e3: Pushed
3c9e87772e90: Pushed
b3585c00aef5: Pushed
5ef94d07c8b2: Pushed
2d1bc467892e: Pushed
6c39776a30a0: Pushed
564928686313: Pushed
6e4300c6b758: Pushed
ee0ca96d307e: Pushed
0fdfbbf7aebd: Pushed
2a3138346faa: Pushed
2edcec3590a4: Pushed
latest: digest: sha256:aa0170be171a70821708155812af75ceb306da6717d249152d3982e04ebf1624 size: 3664
✔ Proposing infrastructure changes for stack copilot-apprunner-prod-symfony-micro-web
- Creating the infrastructure for stack copilot-apprunner-prod-symfony-micro-web [create complete] [301.7s]
- An IAM Role for App Runner to use on your behalf to pull your image from ECR [create complete] [22.1s]
- An IAM role to control permissions for the containers in your service [create complete] [22.1s]
- An App Runner service to run and manage your containers [create complete] [270.0s]
✔ Deployed service symfony-micro-web.
Recommended follow-up action:
You can access your service at https://wg6kppbkpn.ap-northeast-1.awsapprunner.com over the internet.
CDK
Ref.
CDKでApp Runnerを使用する
2021年12月31日時点のCDKのバージョンは2.3.0。
CDK 2系のApp Runnerはpreview。
よってCDK 1.137.0を使用する(追記 2021-01-09時点の最新は1.138.0)。
CDK 1.137.0 App Runner API Document
https://docs.aws.amazon.com/cdk/api/v1/docs/aws-apprunner-readme.html
cdk init
$ cdk init app --language typescript
- 上記コマンドを空でないディレクトリで実行するとエラー
- 作成される雛形はディレクトリ名と結びついている
- 作成される雛形はCDK 2.3.0のものなのでCDK 1.137.0で動くように修正
CDK 1.137.0の関連パッケージインストール
CDK 2.3.0のApp Runnerはpreviewなので1系の最新(1.137.0)を使用する。
$ npm i @aws-cdk/core
$ npm i @aws-cdk/aws-iam
$ npm i @aws-cdk/aws-ecr
$ npm i @aws-cdk/aws-apprunner
cdk deploy
- ECRを更新後に
cdk deployを実行しても更新イメージから起動されなかった(CDK側でなにか設定が必要?) - Webマネジメントコンソールで
デプロイを実行後にcdk deployしたら更新イメージから起動された
環境変数(ImageConfiguration.environment)
ImageConfiguration.environmentプロパティで渡す。
- CDK:class Service (construct) > class Source >
fromEcr(props)メソッドの引数prop:EcrProps > interface EcrProps > interface ImageConfiguration >environmentプロパティ - CloudFormation:AWS::AppRunner::Service > AWS::AppRunner::Service SourceConfiguration > AWS::AppRunner::Service CodeRepository
environment?🔹 { [string]: string } Environment variables that are available to your running App Runner service.
https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.ImageConfiguration.html
/*
* EcrProps
* @see https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.EcrProps.html
*/
const ecrProps: apprunner.EcrProps = {
repository: ecr.Repository.fromRepositoryArn(
this,
'cdk/httpd',
'arn:aws:ecr:ap-northeast-1:{{アカウントID}}:repository/cdk/httpd'
),
// @see https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.ImageConfiguration.html
imageConfiguration: {
environment: {
// 環境変数設定
'FOO': 'foo'
}
},
tag: 'latest',
};
/*
* Service
* @see https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.Service.html
*/
new apprunner.Service(this, 'Service', {
source: apprunner.Source.fromEcr(ecrProps),
accessRole: accessRole,
serviceName: 'httpd server',
});
環境変数が正しくApp Runnerに渡っていることをhttpdで確認する方法が記載されている。