課題

• fargateで運用している場合、sshで接続してコマンドを実行ということができない。そのため外部からツールを利用して実行しなければいけない

対処法

• 今回は例としてseedを考える

• seed用のタスク定義を作成する.

{
    "networkMode": "awsvpc",
    "cpu": "256",
    "memory": "512",
    "requiresCompatibilities": [ "FARGATE"],
    "executionRoleArn": "arn:aws:iam::467531687456:role/ecs_task_execution_role",
    "containerDefinitions":
    [
      {
        "name": "seed",
        "image": "467531687456.dkr.ecr.ap-northeast-1.amazonaws.com/match-project-app-development:latest",
        "essential": true,
        "entryPoint": ["/bin/sh"],
        "command": ["-c", "php artisan db:seed --class=DatabaseSeeder"],
        "environment": [
          {
            "name": "APP_NAME",
            "value": "match-project"
          },
          {
            "name": "APP_ENV",
            "value": "development"
          },
          {
            "name": "APP_DEBUG",
            "value": "true"
          },
          {
            "name": "LOG_CHANNEL",
            "value": "cloudwatch"
          },
          {
            "name": "CLOUDWATCH_LOG_RETENTION",
            "value": "60"
          },
          {
            "name": "DB_CONNECTION",
            "value": "mysql"
          },
          {
            "name": "DB_HOST",
            "value": "match-project-dev-aurora-cluster.cluster-clfk8ycueurb.ap-northeast-1.rds.amazonaws.com"
          },
          {
            "name": "DB_PORT",
            "value": "3306"
          },
          {
            "name": "DB_USERNAME",
            "value": "organizer"
          },
          {
            "name": "DB_PASSWORD",
            "value": "pass1234"
          },
          {
            "name": "DB_DATABASE",
            "value": "lara_match"
          },
          {
            "name": "BROADCAST_DRIVER",
            "value": "log"
          },
          {
            "name": "CACHE_DRIVER",
            "value": "redis"
          },
          {
            "name": "SESSION_DRIVER",
            "value": "redis"
          },
          {
            "name": "SESSION_LIFETIME",
            "value": "10080"
          },
          {
            "name": "REDIS_HOST",
            "value": "$REDIS_HOST_DEV"
          },
          {
            "name": "REDIS_PASSWORD",
            "value": "null"
          },
          {
            "name": "REDIS_PORT",
            "value": "6379"
          },
          {
            "name": "AWS_BUCKET",
            "value": "match-project.dev.uploads"
          },
          {
            "name": "MAIL_DRIVER",
            "value": "ses"
          },
          {
            "name": "MAIL_FROM_ADDRESS",
            "value": "tmp"
          },
          {
            "name": "MAIL_FROM_NAME",
            "value": "dev"
          },
          {
            "name": "SES_REGION",
            "value": "us-east-1"
          },
          {
            "name": "ADMIN_HTTPS",
            "value": "true"
          }
        ]
      }
    ]
  }

• タスクをecsクラスターに登録する。

aws ecs register-task-definition --family match-project-dev-seed --cli-input-json file://seed-task-definition.json --region ap-northeast-1

• あとは以下を状況に合わせて変更して、実行

SUBNETS=$(aws ecs describe-services --cluster match-project-dev --service app --region ap-northeast-1 --query "services[0].networkConfiguration.awsvpcConfiguration.subnets" --output text | awk '{printf "%s,%s",$1,$2}')
SECURITY_GROUPS=$(aws ecs describe-services --cluster match-project-dev --service app --region ap-northeast-1 --query "services[0].networkConfiguration.awsvpcConfiguration.securityGroups" --output text)

aws ecs run-task --launch-type FARGATE --cluster match-project-dev --task-definition match-project-dev-migrate --region ap-northeast-1 --count 1 --network-configuration "awsvpcConfiguration={subnets=[$SUBNETS],securityGroups=[$SECURITY_GROUPS],assignPublicIp=ENABLED}" --query "tasks[0].taskArn" --output text