#
ドキュメント

Document

自分のための備忘録です。

AWS App Runner

AWS App Runner は、コンテナ化されたウェブアプリケーションや API を開発者が簡単かつ迅速にデプロイできるフルマネージド型サービスです。

https://aws.amazon.com/jp/apprunner/

App Runnerの種類

  • ECRから起動
  • GitHubソースコードから起動(ただしNode.js、Pythonのみに対応)

複数コンテナ

App RunnerはECSのサイドカーやDocker Composeのように複数のコンテナを連携できない。
ref. https://github.com/aws/apprunner-roadmap/issues/71

なのでPHPをApacheで動かす場合はAppRunnerでは、https://hub.docker.com/_/php?tab=tags&page=1&name=apache などを使用する。

カスタムドメイン(独自ドメイン)を設定

AWS_App_Runner AWS_App_Runner Banners_and_Alerts_と_Route_53_Console_Hosted_Zones

カスタムドメインの疑問

サブドメインではなく、ルートドメインにApp Runnerを追加することはできるのか。

  • app-runner.example.com <-- これはCNAMEを使って可能
  • example.com <-- これをApp Runnerで動かせるのか

CopilotでApp Runnerを実行

注意。

Attention Request-Driven Web Service はシークレットの利用をサポートしていません。

https://aws.github.io/copilot-cli/ja/docs/developing/secrets/

Copilot Application作成

$  copilot app init copilot-app-runner-symfony-micro-web

Copilot 環境作成

  • アプリケーション:copilot-app-runner-symfony-micro-web
  • 環境:prod
copilot env init -n prod -a copilot-app-runner-symfony-micro-web \
--override-vpc-cidr      10.4.0.0/16 \
--override-private-cidrs 10.4.2.0/24,10.4.3.0/24 \
--override-public-cidrs  10.4.0.0/24,10.4.1.0/24

copilot env initで作成されるもの

  • CloudFormationスタック:copilot-app-runner-symfony-micro-web-prod
  • VPC関連:copilot-copilot-app-runner-symfony-micro-web-prod

Copilot App Runnerサービス作成

$ svc init -a copilot-app-runner-symfony-micro-web

Note: It's best to run this command in the root of your workspace.

  Which service type best represents your service's architecture?  [Use arrows to move, type to filter, ? for more help]
  > Request-Driven Web Service  (App Runner)
    Load Balanced Web Service   (Internet to ECS on Fargate)
    Backend Service             (ECS on Fargate)
    Worker Service              (Events to SQS to ECS on Fargate)

Note: It's best to run this command in the root of your workspace.
Service type: Request-Driven Web Service
Service name: symfony-micro-web  # <--- サービス名はsymfony-micro-webとした

  Which Dockerfile would you like to use for symfony-micro-web?  [Use arrows to move, type to filter, ? for more help]
  > .docker/Dockerfile
    Enter custom path for your Dockerfile
    Use an existing image instead
Dockerfile: .docker/Dockerfile
parse EXPOSE: no EXPOSE statements in Dockerfile .docker/Dockerfile

  Which port do you want customer traffic sent to? [? for help] (80) <--- portは80にした
  Port: 80
✔ Wrote the manifest for service symfony-micro-web at copilot/symfony-micro-web/manifest.yml
Your manifest contains configurations like your container size and port (:80).

✔ Created ECR repositories for service symfony-micro-web..

Recommended follow-up actions:
  - Update your manifest copilot/symfony-micro-web/manifest.yml to change the defaults.
Banners_and_Alerts_と_tmux_と_note_aws-app-runner_md_at_master_·_s-hiroshi_note_と_copilot_env_init_-n_prod_-a_copilot-app-_•_Untitled-1_—_aws-playground Amazon_ECR

Copilot サービスデプロイ

copilot/symonfy-micro-web/manifest.ymlを修正

- image:
-   build: .docker/Dockerfile
+   build:
+      dockerfile: .docker/Dockerfile
+      context: .
  port: 80

- cpu: 1024
- memory: 2048
$ copilot svc deploy -e prod

以下のエラーが発生

Properties validation failed for resource Service with message:
#/ServiceName: expected maxLength: 40, actual: 59
#/InstanceConfiguration/Memory: expected minLength: 4, actual: 3
#/InstanceConfiguration/Memory:failed validation constraint for keyword [pattern]
#/InstanceConfiguration/Cpu: expected minLength: 4, actual: 3
#/InstanceConfiguration/Cp u: failed validation constraint for keyword [pattern]

サービス名の文字数、Memory、CPUの桁数でエラー。

Application作成

$  copilot app init copilot-apprunner
✔ Created the infrastructure to manage services and jobs under application copilot-apprunner..

✔ The directory copilot will hold service manifests for application copilot-apprunner.

環境作成

$ copilot env init -n prod -a copilot-apprunner \
--override-vpc-cidr      10.4.0.0/16 \
--override-private-cidrs 10.4.2.0/24,10.4.3.0/24 \
--override-public-cidrs  10.4.0.0/24,10.4.1.0/24

  Which credentials would you like to use to create prod?  [Use arrows to move, type to filter, ? for more help]
    Enter temporary credentials
  > [profile default]
    [profile work]

Credential source: [profile default]
✔ Linked account 132586704179 and region ap-northeast-1 to application copilot-apprunner..

✔ Proposing infrastructure changes for the copilot-apprunner-prod environment.
- Creating the infrastructure for the copilot-apprunner-prod environment.  [create complete]  [82.9s]
  - An IAM Role for AWS CloudFormation to manage resources                 [create complete]  [24.9s]
  - An ECS cluster to group your services                                  [create complete]  [8.8s]
  - Enable long ARN formats for the authenticated AWS principal            [create complete]  [3.7s]
  - An IAM Role to describe resources in your environment                  [create complete]  [26.0s]
  - A security group to allow your containers to talk to each other        [create complete]  [5.6s]
  - An Internet Gateway to connect to the public internet                  [create complete]  [18.1s]
  - Private subnet 1 for resources with no internet access                 [create complete]  [19.0s]
  - Private subnet 2 for resources with no internet access                 [create complete]  [19.0s]
  - Public subnet 1 for resources that can access the internet             [create complete]  [19.0s]
  - Public subnet 2 for resources that can access the internet             [create complete]  [19.0s]
  - A Virtual Private Cloud to control networking of your AWS resources    [create complete]  [15.5s]
✔ Created environment prod in region ap-northeast-1 under application copilot-apprunner.

(App Runner)サービス作成

$ copilot svc init -a copilot-apprunner -n symfony-micro-web
Note: It's best to run this command in the root of your workspace.

  Which service type best represents your service's architecture?  [Use arrows to move, type to filter, ? for more help]
  > Request-Driven Web Service  (App Runner)
    Load Balanced Web Service   (Internet to ECS on Fargate)
    Backend Service             (ECS on Fargate)
    Worker Service              (Events to SQS to ECS on Fargate)
copilot svc init -a copilot-apprunner -n symfony-micro-web
Note: It's best to run this command in the root of your workspace.
Service type: Request-Driven Web Service
Dockerfile: .docker/Dockerfile
Port: 80
✔ Manifest file for service symfony-micro-web already exists at copilot/symfony-micro-web/manifest.yml, skipping writing it.
Your manifest contains configurations like your container size and port (:80).

✔ Created ECR repositories for service symfony-micro-web..

Recommended follow-up actions:
  - Update your manifest copilot/symfony-micro-web/manifest.yml to change the defaults.
  - Run `copilot svc deploy --name symfony-micro-web --env test` to deploy your service to a test environment.

デプロイ

Copilot サービスデプロイ

copilot/symonfy-micro-web/manifest.ymlを修正

- image:
-   build: .docker/Dockerfile
+   build:
+      dockerfile: .docker/Dockerfile
+      context: .
  port: 80

- cpu: 1024
- memory: 2048
$ copilot svc deploy -e prod

copilot svc deploy -e prod
Only found one service, defaulting to: symfony-micro-web
Environment prod is already on the latest version v1.6.1, skip upgrade.
[+] Building 25.7s (9/9) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                          0.1s
 => => transferring dockerfile: 37B                                                                                                                                           0.0s
 => [internal] load .dockerignore                                                                                                                                             0.0s
 => => transferring context: 2B                                                                                                                                               0.0s
 => [internal] load metadata for docker.io/library/php:apache                                                                                                                 3.5s
 => [1/4] FROM docker.io/library/php:apache@sha256:456a0a47453ee517495f82cf334325c771845fc45d1dc52098f305a8d48e59af                                                           0.0s
 => [internal] load build context                                                                                                                                             0.9s
 => => transferring context: 142.21kB                                                                                                                                         0.8s
 => CACHED [2/4] COPY .docker/000-default.conf /etc/apache2/sites-available/000-default.conf                                                                                  0.0s
 => [3/4] COPY ./ ./                                                                                                                                                          4.2s
 => [4/4] RUN chown -R www-data:www-data /var/www/html                                                                                                                       15.5s
 => exporting to image                                                                                                                                                        1.1s
 => => exporting layers                                                                                                                                                       1.0s
 => => writing image sha256:ee4b90a75a801cae59bfd077a44ee8b021949dfeffdd2ae0d631c6c85e8b7473                                                                                  0.0s
 => => naming to 132586704179.dkr.ecr.ap-northeast-1.amazonaws.com/copilot-apprunner/symfony-micro-web                                                                        0.0s
WARNING! Your password will be stored unencrypted in /Users/shiroshi/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
Using default tag: latest
The push refers to repository [132586704179.dkr.ecr.ap-northeast-1.amazonaws.com/copilot-apprunner/symfony-micro-web]
d5c3a188b106: Pushed
21efa5b353c6: Pushed
438aee246740: Pushed
d6d644a8fbe8: Pushed
7aee8e0136e3: Pushed
3c9e87772e90: Pushed
b3585c00aef5: Pushed
5ef94d07c8b2: Pushed
2d1bc467892e: Pushed
6c39776a30a0: Pushed
564928686313: Pushed
6e4300c6b758: Pushed
ee0ca96d307e: Pushed
0fdfbbf7aebd: Pushed
2a3138346faa: Pushed
2edcec3590a4: Pushed
latest: digest: sha256:aa0170be171a70821708155812af75ceb306da6717d249152d3982e04ebf1624 size: 3664
✔ Proposing infrastructure changes for stack copilot-apprunner-prod-symfony-micro-web
- Creating the infrastructure for stack copilot-apprunner-prod-symfony-micro-web  [create complete]  [301.7s]
  - An IAM Role for App Runner to use on your behalf to pull your image from ECR  [create complete]  [22.1s]
  - An IAM role to control permissions for the containers in your service         [create complete]  [22.1s]
  - An App Runner service to run and manage your containers                       [create complete]  [270.0s]
✔ Deployed service symfony-micro-web.
Recommended follow-up action:
    You can access your service at https://wg6kppbkpn.ap-northeast-1.awsapprunner.com over the internet.

CDK

Ref.

CDKでApp Runnerを使用する

2021年12月31日時点のCDKのバージョンは2.3.0。
CDK 2系のApp Runnerはpreview。
よってCDK 1.137.0を使用する(追記 2021-01-09時点の最新は1.138.0)。

CDK 1.137.0 App Runner API Document

https://docs.aws.amazon.com/cdk/api/v1/docs/aws-apprunner-readme.html

cdk init

$ cdk init app --language typescript
  • 上記コマンドを空でないディレクトリで実行するとエラー
  • 作成される雛形はディレクトリ名と結びついている
  • 作成される雛形はCDK 2.3.0のものなのでCDK 1.137.0で動くように修正

CDK 1.137.0の関連パッケージインストール

CDK 2.3.0のApp Runnerはpreviewなので1系の最新(1.137.0)を使用する。

$ npm i @aws-cdk/core
$ npm i @aws-cdk/aws-iam
$ npm i @aws-cdk/aws-ecr
$ npm i @aws-cdk/aws-apprunner

cdk deploy

  • ECRを更新後にcdk deployを実行しても更新イメージから起動されなかった(CDK側でなにか設定が必要?)
  • Webマネジメントコンソールでデプロイを実行後にcdk deployしたら更新イメージから起動された
AWS_App_Runner

環境変数(ImageConfiguration.environment)

ImageConfiguration.environmentプロパティで渡す。

environment?🔹 { [string]: string } Environment variables that are available to your running App Runner service.

https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.ImageConfiguration.html

      /*
       * EcrProps 
       * @see https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.EcrProps.html
       */
      const ecrProps: apprunner.EcrProps = {
          repository: ecr.Repository.fromRepositoryArn(
              this,
              'cdk/httpd',
              'arn:aws:ecr:ap-northeast-1:{{アカウントID}}:repository/cdk/httpd'
          ),
          // @see https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.ImageConfiguration.html
          imageConfiguration: {
            environment: {
              // 環境変数設定
              'FOO': 'foo'
            }
          },
          tag: 'latest',
      };

       /*
        * Service
        * @see https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apprunner.Service.html
        */
       new apprunner.Service(this, 'Service', {
        source: apprunner.Source.fromEcr(ecrProps),
        accessRole: accessRole,
        serviceName: 'httpd server',
    });

環境変数が正しくApp Runnerに渡っていることをhttpdで確認する方法が記載されている。

FargateのApacheコンテナの環境変数デバッグ方法