search

kaitokimuraofficial / blog-infra

0 stars 0 forks source link

ECS化する #45

Open kaitokimuraofficial opened 1 month ago

kaitokimuraofficial commented 1 month ago

What

Describe the solution you'd like

Why

Describe related problems

Others

Describe what you want to describe

Refs

kaitokimuraofficial commented 4 weeks ago

権限

タスク実行ロール

タスク実行時にアクセスしたいAWSリソースの権限を管理

タスクロール

タスク実行して起動したコンテナがアクセスしたいAWSリソースの権限を管理

kaitokimuraofficial commented 1 week ago

プライベートサブネットからECRのイメージを使うためには以下の二つのVCPエンドポイントを設定する必要がある

resource "aws_vpc_endpoint" "ecr_api" {
  vpc_id              = aws_vpc.main.id
  service_name        = "com.amazonaws.ap-northeast-1.ecr.api"
  vpc_endpoint_type   = "Interface"
  private_dns_enabled = true
  policy              = data.aws_iam_policy_document.ssm_vpc_endpoint.json

  subnet_ids = [
    aws_subnet.subnets["private-1c"].id
  ]

  security_group_ids = [
    aws_security_group.ssm_vpc_endpoint.id
  ]

  tags = {
    Name = "ecr-api-private-1c-${local.name_suffix}"
  }
}

resource "aws_vpc_endpoint" "ecr_dkr" {
  vpc_id              = aws_vpc.main.id
  service_name        = "com.amazonaws.ap-northeast-1.ecr.dkr"
  vpc_endpoint_type   = "Interface"
  private_dns_enabled = true
  policy              = data.aws_iam_policy_document.ssm_vpc_endpoint.json

  subnet_ids = [
    aws_subnet.subnets["private-1c"].id
  ]

  security_group_ids = [
    aws_security_group.ssm_vpc_endpoint.id
  ]

  tags = {
    Name = "ecr-dkr-private-1c-${local.name_suffix}"
  }
}