AWS ECS の構築基礎

AWSTemplateFormatVersion: "2010-09-09"  # このテンプレートのバージョンを指定します（CloudFormation用）
Description: ECS Fargate Service with NGINX and full VPC setup + CloudWatch Logs  # テンプレートの簡単な説明です

Resources:  # ここからリソース定義が始まります

  # VPC
  MyVPC:
    Type: AWS::EC2::VPC  # VPC（仮想ネットワーク）を作成します
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:  # リソースに名前などのタグを付けます
        - Key: Name
          Value: MyECSVPC

  # Internet Gateway
  InternetGateway:
    Type: AWS::EC2::InternetGateway  # インターネットゲートウェイを作成します（外部との通信に必要）

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment  # VPC（仮想ネットワーク）を作成します
    Properties:
      VpcId: !Ref MyVPC
      InternetGatewayId: !Ref InternetGateway

  # Public Subnets
  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: true  # 起動するインスタンスにパブリックIPを自動で割り当てます
      AvailabilityZone: !Select [0, !GetAZs '']  # サブネットを配置するアベイラビリティゾーンを指定します
      Tags:  # リソースに名前などのタグを付けます
        - Key: Name
          Value: PublicSubnet1

  PublicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.2.0/24
      MapPublicIpOnLaunch: true  # 起動するインスタンスにパブリックIPを自動で割り当てます
      AvailabilityZone: !Select [1, !GetAZs '']  # サブネットを配置するアベイラビリティゾーンを指定します
      Tags:  # リソースに名前などのタグを付けます
        - Key: Name
          Value: PublicSubnet2

  # Route Table for public subnets
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref MyVPC

  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  SubnetRouteTableAssociation1:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref PublicRouteTable

  SubnetRouteTableAssociation2:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet2
      RouteTableId: !Ref PublicRouteTable

  # Security Group
  ECSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow HTTP
      VpcId: !Ref MyVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  # ECS Cluster
  ECSCluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: MyCluster

  # CloudWatch Log Group
  MyLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: /ecs/nginx-fargate
      RetentionInDays: 7

  # IAM Role for ECS Task Execution
  ECSTaskExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
      Policies:
        - PolicyName: AllowCWLogs
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: "*"

  # ECS Task Definition
  MyTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: nginx-fargate-task
      Cpu: 256
      Memory: 512
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ExecutionRoleArn: !GetAtt ECSTaskExecutionRole.Arn
      ContainerDefinitions:
        - Name: nginx
          Image: nginx:latest
          PortMappings:
            - ContainerPort: 80
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: /ecs/nginx-fargate
              awslogs-region: !Ref AWS::Region
              awslogs-stream-prefix: nginx

  # ECS Service
  ECSService:
    Type: AWS::ECS::Service
    DependsOn: MyLogGroup
    Properties:
      Cluster: !Ref ECSCluster
      DesiredCount: 1
      LaunchType: FARGATE
      TaskDefinition: !Ref MyTaskDefinition
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          Subnets:
            - !Ref PublicSubnet1
            - !Ref PublicSubnet2
          SecurityGroups:
            - !Ref ECSSecurityGroup
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 100
      HealthCheckGracePeriodSeconds: 60

Outputs:
  ServiceName:
    Description: ECS Service Name  # テンプレートの簡単な説明です
    Value: !Ref ECSService

  LogGroupName:
    Description: CloudWatch Log Group  # テンプレートの簡単な説明です
    Value: /ecs/nginx-fargate

  ClusterName:
    Description: ECS Cluster  # テンプレートの簡単な説明です これで終了
    Value: !Ref ECSCluster

[ VPC: 10.0.0.0/16 ]
     ├─ Subnet1: 10.0.1.0/24 ─┐
     ├─ Subnet2: 10.0.2.0/24 ─┘
     ↓
[ Route Table ]
     └─ Route: 0.0.0.0/0 → InternetGateway
     ↓
[ Internet Gateway ] ← 外部と通信可能