こんにちは! AWS 事業本部コンサルティング部のたかくに(@takakuni_)です。
みなさん、 SOCI を使ったコンテナイメージの遅延読み込みしていますでしょうか?
今日は、遅延読み込みされているかを監視する Am I Lazy? コンテナを試してみたいと思います。
SOCI とは
Seekable OCI (以後、 SOCI ) は、コンテナイメージの遅延読み込みで利用される技術です。遅延読み込みではコンテナ起動時にイメージ全体をダウンロードせず、必要なデータのみをダウンロードしてコンテナを起動します。残りのデータはバックグラウンドでダウンロードされます。この技術を利用することで、コンテナの起動時間を早める効果があります。
遅延読み込みできているかどうか
タスクの各コンテナが、遅延読み込みされているかどうかは、タスクメタデータエンドポイントから確認できます。 ECS Exec にログイン後、以下のコマンドを実行することで確認できます。
curl -s $ECS_CONTAINER_METADATA_URI_V4/task | jq '.Containers[] | {Name, Snapshotter}'Verifying that a task used lazy loading
以下のような実行結果が返され、 Snapshotter が soci であれば遅延読み込みされている、 overlayfs であれば遅延読み込みされてないとわかります。
実行結果
root@ip-10-0-3-86:/# curl -s $ECS_CONTAINER_METADATA_URI_V4/task | jq '.Containers[] | {Name, Snapshotter}'
{
"Name": "firelensContainer",
"Snapshotter": "overlayfs"
}
{
"Name": "amilazyContainer",
"Snapshotter": "overlayfs"
}
{
"Name": "nginxContainer",
"Snapshotter": "soci"
}
root@ip-10-0-3-86:/#Am I Lazy? とは
上記の方法で、各コンテナで遅延読み込みされているかどうかが確認できました。ただし、常に遅延読み込みされたかを確認したい場合、毎度この手順をするのは億劫です。 ECS Exec が常に実行可能であるのも、あまり好ましい状況とは言えないでしょう。
そんなときに役立つのが、 Am I Lazy? です。 Am I Lazy? はサイドカーコンテナとして起動し、同一タスク定義に含まれる各コンテナの遅延読み込み状況をロギングします。
ログが取得でき次第、既存タスクのパフォーマンスに影響しないよう Am I Lazy? コンテナは終了し役目を終えます。送信されたログを利用して CloudWatch Logs Insights または Athena で分析できます。
やってみる
今回は以前ブログで書いた 「[アップデート] AWS Fargate の ECS タスク内で遅延読み込みするコンテナを指定可能になりました」 を参考に Nginx, FireLens, Am I Lazy? コンテナを立ち上げてみようと思います。
デプロイで利用するコードは以下に格納されています。
AWS SOCI Index Builder の作成まで完了しているものとします。まだ作成完了していない場合は、こちらをご覧ください。
アプリケーションの作成
「Am I lazy? を有効にする場合はコメントを外す」 の部分をコメント外して、 CDK アプリケーションのデプロイを行います。
※ CloudShell の場合、ディスク容量がパンパンになるので、 Cloud9 で実行しました。
// Am I lazy? を有効にする場合はコメントを外す
- // const amilazyRepo = new ecr.Repository(this, 'amilazyRepo', {
- // repositoryName: 'amilazy-repo',
- // imageScanOnPush: true,
- // emptyOnDelete: true,
- // removalPolicy: cdk.RemovalPolicy.DESTROY,
- // });
-
- // const amilazyAsset = new DockerImageAsset(this, 'amilazyDockerImage', {
- // directory: path.join(__dirname, "..", "app/am-i-lazy"),
- // platform: Platform.LINUX_ARM64
- // });
-
- // new ecrdeploy.ECRDeployment(this, "amilazyDeployment", {
- // src: new ecrdeploy.DockerImageName(amilazyAsset.imageUri),
- // dest: new ecrdeploy.DockerImageName(`${amilazyRepo.repositoryUri}:latest`),
- // });
-
- // const amilazyLogGroup = new logs.LogGroup(this, 'amilazyLogGroup', {
- // logGroupName: 'soci-update-amilazy-log-group',
- // retention: logs.RetentionDays.ONE_MONTH,
- // removalPolicy: cdk.RemovalPolicy.DESTROY
- // } );
-
- // taskDefinition.addContainer('amilazyContainer', {
- // essential: false,
- // image: ecs.ContainerImage.fromEcrRepository(amilazyRepo),
- // containerName: 'amilazyContainer',
- // logging: ecs.LogDrivers.awsLogs({
- // streamPrefix: 'amilazy',
- // logGroup: amilazyLogGroup,
- // }),
- // // logging: ecs.LogDrivers.firelens({}),
- // linuxParameters: new ecs.LinuxParameters(this, 'amilazyLinuxParameters', {
- // initProcessEnabled: true,
- // }),
- // });
+ const amilazyRepo = new ecr.Repository(this, 'amilazyRepo', {
+ repositoryName: 'amilazy-repo',
+ imageScanOnPush: true,
+ emptyOnDelete: true,
+ removalPolicy: cdk.RemovalPolicy.DESTROY,
+ });
+
+ const amilazyAsset = new DockerImageAsset(this, 'amilazyDockerImage', {
+ directory: path.join(__dirname, "..", "app/am-i-lazy"),
+ platform: Platform.LINUX_ARM64
+ });
+
+ new ecrdeploy.ECRDeployment(this, "amilazyDeployment", {
+ src: new ecrdeploy.DockerImageName(amilazyAsset.imageUri),
+ dest: new ecrdeploy.DockerImageName(`${amilazyRepo.repositoryUri}:latest`),
+ });
+
+ const amilazyLogGroup = new logs.LogGroup(this, 'amilazyLogGroup', {
+ logGroupName: 'soci-update-amilazy-log-group',
+ retention: logs.RetentionDays.ONE_MONTH,
+ removalPolicy: cdk.RemovalPolicy.DESTROY
+ } );
+
+ taskDefinition.addContainer('amilazyContainer', {
+ essential: false,
+ image: ecs.ContainerImage.fromEcrRepository(amilazyRepo),
+ containerName: 'amilazyContainer',
+ logging: ecs.LogDrivers.awsLogs({
+ streamPrefix: 'amilazy',
+ logGroup: amilazyLogGroup,
+ }),
+ // logging: ecs.LogDrivers.firelens({}),
+ linuxParameters: new ecs.LinuxParameters(this, 'amilazyLinuxParameters', {
+ initProcessEnabled: true,
+ }),
+ });以下のコマンドを入力し、y と Enter キーを押してデプロイを行います。
npm install .
npx cdk deploy実行結果(クリックで表示できます)
cm-takakuni:~/environment/blog-ecs-tasks-selectively-leverage-soci (main) $ npx cdk deploy
✨ Synthesis time: 23.07s
BlogEcsTasksSelectivelyLeverageSociStack: start: Building 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: success: Built 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: start: Building 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: success: Published 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region
#0 building with "default" instance using docker driver
#1 [internal] load .dockerignore
#1 transferring context: 2B done
#1 DONE 0.1s
#2 [internal] load build definition from Dockerfile
#2 transferring dockerfile: 237B 0.0s done
#2 DONE 0.1s
#3 [internal] load metadata for public.ecr.aws/nginx/nginx:latest
#3 DONE 1.5s
#4 [internal] load build context
#4 transferring context: 424B done
#4 DONE 0.0s
#5 [1/3] FROM public.ecr.aws/nginx/nginx:latest@sha256:a2b1c73e647b13eb8d17011a08fed1b3fcac171373efdac872336964983ada9d
#5 resolve public.ecr.aws/nginx/nginx:latest@sha256:a2b1c73e647b13eb8d17011a08fed1b3fcac171373efdac872336964983ada9d 0.0s done
#5 sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 7.34MB / 29.13MB 0.2s
#5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 0B / 41.37MB 0.2s
#5 sha256:8fb6e3475860941cb041f542431fec94a226e347a75ff9f8dc56e0cdf6c69353 0B / 626B 0.2s
#5 sha256:a2b1c73e647b13eb8d17011a08fed1b3fcac171373efdac872336964983ada9d 772B / 772B done
#5 sha256:08262e7a01055bd33920b3f59e2249f438eea5d25cc67b8d8c7f5854437786d2 1.78kB / 1.78kB done
#5 sha256:2a36393edaf1bcdb9d44bf9ed187b6ff6945b94eb369155d98e02d000609be05 8.14kB / 8.14kB done
#5 sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 18.87MB / 29.13MB 0.3s
#5 sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 29.13MB / 29.13MB 0.4s done
#5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 30.41MB / 41.37MB 0.5s
#5 sha256:8fb6e3475860941cb041f542431fec94a226e347a75ff9f8dc56e0cdf6c69353 626B / 626B 0.5s done
#5 sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e 0B / 370B 0.5s
#5 sha256:7bfc9d79c67234188f59ad831b9f5d3af0b2df44ceeb982b7d45f3f7d6c53b06 0B / 959B 0.5s
#5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 38.80MB / 41.37MB 0.6s
#5 extracting sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81
#5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 41.37MB / 41.37MB 0.7s
#5 sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e 370B / 370B 0.7s
#5 sha256:7bfc9d79c67234188f59ad831b9f5d3af0b2df44ceeb982b7d45f3f7d6c53b06 959B / 959B 0.6s done
#5 sha256:e5fab51fcab06e89729090806515923de57daf08b6f30c43f5ae48f3980fb8ca 0B / 1.22kB 0.7s
#5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 41.37MB / 41.37MB 0.7s done
#5 sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e 370B / 370B 0.7s done
#5 sha256:e5fab51fcab06e89729090806515923de57daf08b6f30c43f5ae48f3980fb8ca 1.22kB / 1.22kB 0.7s done
#5 sha256:04dda7b4828c5bd35c61b28ac319c52208cac8253c843181e28b394162b38b9d 0B / 1.40kB 0.8s
#5 sha256:04dda7b4828c5bd35c61b28ac319c52208cac8253c843181e28b394162b38b9d 1.40kB / 1.40kB 0.8s done
#5 extracting sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 2.0s done
#5 extracting sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731
#5 extracting sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 1.8s done
#5 extracting sha256:8fb6e3475860941cb041f542431fec94a226e347a75ff9f8dc56e0cdf6c69353 done
#5 extracting sha256:7bfc9d79c67234188f59ad831b9f5d3af0b2df44ceeb982b7d45f3f7d6c53b06 done
#5 extracting sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e done
#5 extracting sha256:e5fab51fcab06e89729090806515923de57daf08b6f30c43f5ae48f3980fb8ca done
#5 extracting sha256:04dda7b4828c5bd35c61b28ac319c52208cac8253c843181e28b394162b38b9d done
#5 DONE 4.7s
#6 [2/3] COPY ./index.html /var/www/index.html
#6 DONE 0.2s
#7 [3/3] COPY ./default.conf /etc/nginx/conf.d/default.conf
#7 DONE 0.0s
#8 exporting to image
#8 exporting layers 0.0s done
#8 writing image sha256:538120ec0edaffd06f06133ee484bb08e0fe7db360cb2ba4e083f82692df7e9f done
#8 naming to docker.io/library/cdkasset-96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a done
#8 DONE 0.0s
BlogEcsTasksSelectivelyLeverageSociStack: success: Built 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: start: Building 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region
The push refers to repository [XXXXXXXXXXXX.dkr.ecr.ap-northeast-1.amazonaws.com/cdk-hnb659fds-container-assets-XXXXXXXXXXXX-ap-northeast-1]
1e654d8175cb: Preparing
6dffa332a067: Preparing
20cefd501c0f: Preparing
670112bd033f: Preparing
1a0acbc1f382: Preparing
f615f9ee3f9b: Preparing
78095cec2434: Preparing
e4ce76805190: Preparing
7292cf786aa8: Preparing
f615f9ee3f9b: Waiting
78095cec2434: Waiting
e4ce76805190: Waiting
7292cf786aa8: Waiting
20cefd501c0f: Layer already exists
1a0acbc1f382: Layer already exists
670112bd033f: Layer already exists
f615f9ee3f9b: Layer already exists
e4ce76805190: Layer already exists
78095cec2434: Layer already exists
7292cf786aa8: Layer already exists
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 205B done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.0s
#3 [internal] load metadata for public.ecr.aws/aws-observability/aws-for-fluent-bit:latest
1e654d8175cb: Pushed
6dffa332a067: Pushed
96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a: digest: sha256:c494772179558d6c123749c10a65349491203f7bd57be92cc405d0a60876ff3c size: 2192
BlogEcsTasksSelectivelyLeverageSociStack: success: Published 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region
#3 DONE 1.2s
#4 [internal] load build context
#4 transferring context: 955B done
#4 DONE 0.0s
#5 [1/2] FROM public.ecr.aws/aws-observability/aws-for-fluent-bit:latest@sha256:d1a33dac635f5c1bdaee04a54922bfc38138e3394c0b8d70c6fb73ce669f03aa
#5 resolve public.ecr.aws/aws-observability/aws-for-fluent-bit:latest@sha256:d1a33dac635f5c1bdaee04a54922bfc38138e3394c0b8d70c6fb73ce669f03aa 0.0s done
#5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 0B / 36.84MB 0.2s
#5 sha256:e723b61511510c35725f6fd23e4bbf9a7278329c0ab3356b5f327ab11905c16c 4.07kB / 4.07kB done
#5 sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976 5.24MB / 9.00MB 0.2s
#5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 3.15MB / 62.66MB 0.2s
#5 sha256:d1a33dac635f5c1bdaee04a54922bfc38138e3394c0b8d70c6fb73ce669f03aa 772B / 772B done
#5 sha256:3952d36a5e5c6961b7dd1545e615c9a12a4f90fcb4b06bb418d60feb3f18c8de 5.95kB / 5.95kB done
#5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 7.34MB / 36.84MB 0.3s
#5 sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976 9.00MB / 9.00MB 0.3s done
#5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 9.72MB / 62.66MB 0.3s
#5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 17.83MB / 36.84MB 0.4s
#5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 18.87MB / 62.66MB 0.4s
#5 sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 0B / 9.30MB 0.4s
#5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 28.31MB / 36.84MB 0.6s
#5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 31.46MB / 62.66MB 0.6s
#5 sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 8.39MB / 9.30MB 0.6s
#5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 36.70MB / 36.84MB 0.7s
#5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 41.94MB / 62.66MB 0.7s
#5 sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 9.30MB / 9.30MB 0.7s done
#5 sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248 0B / 6.79MB 0.7s
#5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 36.84MB / 36.84MB 0.8s done
#5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 62.66MB / 62.66MB 0.9s
#5 sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248 6.79MB / 6.79MB 0.9s done
#5 sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 0B / 6.88MB 0.9s
#5 sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 2.10MB / 6.88MB 1.0s
#5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 62.66MB / 62.66MB 1.0s done
#5 sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 6.88MB / 6.88MB 1.1s done
#5 extracting sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c
#5 sha256:644db8469f31d2e625af327fdd745b5287f3fc6aab8c9b8ddf041a01b42f6db9 0B / 171B 1.1s
#5 sha256:c67d510271c86ba54315bbcbde5076d2920f955300d507006382e035bca22c5e 0B / 180B 1.1s
#5 sha256:38be36255353c2a4870f98da056b5fcb3b25cdad3905d842de2a0278ace0dce8 0B / 181B 1.1s
#5 sha256:644db8469f31d2e625af327fdd745b5287f3fc6aab8c9b8ddf041a01b42f6db9 171B / 171B 1.2s done
#5 sha256:c67d510271c86ba54315bbcbde5076d2920f955300d507006382e035bca22c5e 180B / 180B 1.2s done
#5 sha256:38be36255353c2a4870f98da056b5fcb3b25cdad3905d842de2a0278ace0dce8 181B / 181B 1.2s done
#5 sha256:0cf1731c0014338968c8352f4c43832bfc86c7e083a19d5f13104b61b78e6fc4 0B / 5.23kB 1.3s
#5 sha256:ed2ab2e15ac4b2441a4a24baa10b08cf6a844dcf682263abb1e8822a09311a0c 180B / 180B 1.3s done
#5 sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd 0B / 7.32kB 1.3s
#5 sha256:0cf1731c0014338968c8352f4c43832bfc86c7e083a19d5f13104b61b78e6fc4 5.23kB / 5.23kB 1.3s done
#5 sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd 7.32kB / 7.32kB 1.4s done
#5 sha256:8e096ddbd3d1be2cead3072a003070f00cea605b73eda54ad2540dfd0ba48594 0B / 7.39kB 1.4s
#5 sha256:f7884004348201eb1d8c3abcfed0c5339210ec24781948b9fa312914933eb51d 0B / 138B 1.4s
#5 sha256:595148c2f4be5eab80cdbd20dbb5997a6c6776dee31521af73a24f6aabd0de6a 0B / 7.54kB 1.4s
#5 sha256:8e096ddbd3d1be2cead3072a003070f00cea605b73eda54ad2540dfd0ba48594 7.39kB / 7.39kB 1.4s done
#5 sha256:f7884004348201eb1d8c3abcfed0c5339210ec24781948b9fa312914933eb51d 138B / 138B 1.5s done
#5 sha256:595148c2f4be5eab80cdbd20dbb5997a6c6776dee31521af73a24f6aabd0de6a 7.54kB / 7.54kB 1.5s done
#5 sha256:e4eb19d44cb94ad14826b826946d63eff6c4b508b596f3ba3a2ced8e8e96f44b 0B / 248B 1.6s
#5 sha256:2425bcad59deff02b71f82c236a7186b6e024e2ca9d7202d28514c8cda78390c 1.00kB / 1.00kB 1.6s done
#5 sha256:e4eb19d44cb94ad14826b826946d63eff6c4b508b596f3ba3a2ced8e8e96f44b 248B / 248B 1.6s done
#5 extracting sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 4.7s done
#5 extracting sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 0.1s
#5 extracting sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 2.9s done
#5 extracting sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976
#5 extracting sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976 0.3s done
#5 extracting sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778
#5 extracting sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 0.3s done
#5 extracting sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248
#5 extracting sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248 0.2s done
#5 extracting sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 0.1s
#5 extracting sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 0.2s done
#5 extracting sha256:644db8469f31d2e625af327fdd745b5287f3fc6aab8c9b8ddf041a01b42f6db9 done
#5 extracting sha256:c67d510271c86ba54315bbcbde5076d2920f955300d507006382e035bca22c5e done
#5 extracting sha256:38be36255353c2a4870f98da056b5fcb3b25cdad3905d842de2a0278ace0dce8 done
#5 extracting sha256:ed2ab2e15ac4b2441a4a24baa10b08cf6a844dcf682263abb1e8822a09311a0c done
#5 extracting sha256:0cf1731c0014338968c8352f4c43832bfc86c7e083a19d5f13104b61b78e6fc4 done
#5 extracting sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd
#5 extracting sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd done
#5 extracting sha256:8e096ddbd3d1be2cead3072a003070f00cea605b73eda54ad2540dfd0ba48594 done
#5 extracting sha256:595148c2f4be5eab80cdbd20dbb5997a6c6776dee31521af73a24f6aabd0de6a done
#5 extracting sha256:f7884004348201eb1d8c3abcfed0c5339210ec24781948b9fa312914933eb51d done
#5 extracting sha256:2425bcad59deff02b71f82c236a7186b6e024e2ca9d7202d28514c8cda78390c done
#5 extracting sha256:e4eb19d44cb94ad14826b826946d63eff6c4b508b596f3ba3a2ced8e8e96f44b done
#5 DONE 10.8s
#6 [2/2] COPY ./extra.conf /fluent-bit/etc/extra.conf
#6 DONE 0.1s
#7 exporting to image
#7 exporting layers 0.0s done
#7 writing image sha256:be5766c91415c9fec8b5425fde7e2ab6594000883ccdd593230624676c0661a4 done
#7 naming to docker.io/library/cdkasset-44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa done
#7 DONE 0.0s
BlogEcsTasksSelectivelyLeverageSociStack: success: Built 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: start: Building 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region
The push refers to repository [XXXXXXXXXXXX.dkr.ecr.ap-northeast-1.amazonaws.com/cdk-hnb659fds-container-assets-XXXXXXXXXXXX-ap-northeast-1]
2c91fa24e32a: Preparing
3c6431d7ef6a: Preparing
3c6431d7ef6a: Preparing
4bc2f3fe5546: Preparing
abe28a302310: Preparing
7aabac815aae: Preparing
350e06a484cb: Preparing
db37ee1c7f9d: Preparing
b915cc07d011: Preparing
f2af444ba114: Preparing
e03982181e4b: Preparing
d3be3a07e226: Preparing
6a8e3294dff2: Preparing
df8f0e5797bb: Preparing
9fb916129d8a: Preparing
58b8e1ca4dc2: Preparing
e009aca566e5: Preparing
41685b4b6b36: Preparing
d9907b0445f9: Preparing
350e06a484cb: Waiting
db37ee1c7f9d: Waiting
b915cc07d011: Waiting
f2af444ba114: Waiting
e03982181e4b: Waiting
d3be3a07e226: Waiting
6a8e3294dff2: Waiting
df8f0e5797bb: Waiting
9fb916129d8a: Waiting
58b8e1ca4dc2: Waiting
e009aca566e5: Waiting
41685b4b6b36: Waiting
d9907b0445f9: Waiting
7aabac815aae: Layer already exists
abe28a302310: Layer already exists
4bc2f3fe5546: Layer already exists
3c6431d7ef6a: Layer already exists
350e06a484cb: Layer already exists
db37ee1c7f9d: Layer already exists
b915cc07d011: Layer already exists
e03982181e4b: Layer already exists
f2af444ba114: Layer already exists
d3be3a07e226: Layer already exists
6a8e3294dff2: Layer already exists
df8f0e5797bb: Layer already exists
9fb916129d8a: Layer already exists
58b8e1ca4dc2: Layer already exists
e009aca566e5: Layer already exists
41685b4b6b36: Layer already exists
d9907b0445f9: Layer already exists
2c91fa24e32a: Pushed
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 505B done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.0s
#3 resolve image config for docker.io/docker/dockerfile:1.5
44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa: digest: sha256:affc6351404f557425ca6fe5ac125ae807d63217e75f6fa114cb8e806d2fae9f size: 4281
BlogEcsTasksSelectivelyLeverageSociStack: success: Published 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region
#3 DONE 2.2s
#4 docker-image://docker.io/docker/dockerfile:1.5@sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14
#4 resolve docker.io/docker/dockerfile:1.5@sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 0.0s done
#4 sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 0B / 11.55MB 0.2s
#4 sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 8.40kB / 8.40kB done
#4 sha256:966d40f9ba8366e74c2fa353fc0bc7bbc167d2a0f3ad2420db8b9e633049462d 482B / 482B done
#4 sha256:dbdd11720762ad504260c66161c964e59eba06b95a7aa64a68634b598a830a91 2.90kB / 2.90kB done
#4 sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 8.39MB / 11.55MB 0.3s
#4 sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 11.55MB / 11.55MB 0.3s done
#4 extracting sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd
#4 extracting sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 0.2s done
#4 DONE 0.7s
#5 [internal] load metadata for public.ecr.aws/docker/library/golang:1.20-alpine
#5 ...
#6 [internal] load metadata for public.ecr.aws/docker/library/alpine:3.18
#6 DONE 1.2s
#5 [internal] load metadata for public.ecr.aws/docker/library/golang:1.20-alpine
#5 DONE 1.3s
#7 [internal] load build context
#7 transferring context: 9.70kB done
#7 DONE 0.0s
#8 [build 1/7] FROM public.ecr.aws/docker/library/golang:1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f
#8 resolve public.ecr.aws/docker/library/golang:1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f 0.0s done
#8 sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f 1.65kB / 1.65kB done
#8 sha256:008f5b5d4645836f4074cbd9f44c513ba7eb00bc3859f08bbfdba24fd4dae65d 1.36kB / 1.36kB done
#8 sha256:71719a2da3d19db6340a72b90f937507cbcfcbcaf1fb12835a214d6e8c16a650 1.98kB / 1.98kB done
#8 sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 0B / 3.41MB 0.1s
#8 sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1 0B / 284.20kB 0.1s
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 0B / 101.16MB 0.1s
#8 sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 2.10MB / 3.41MB 0.2s
#8 sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1 284.20kB / 284.20kB 0.2s done
#8 sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 3.41MB / 3.41MB 0.2s done
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 9.44MB / 101.16MB 0.3s
#8 extracting sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8
#8 sha256:027e8f7f47157b8e955bc20d9874e68eb427280f2b614af061d1f8011434f751 0B / 175B 0.3s
#8 sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 0B / 32B 0.3s
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 16.06MB / 101.16MB 0.4s
#8 sha256:027e8f7f47157b8e955bc20d9874e68eb427280f2b614af061d1f8011434f751 175B / 175B 0.4s done
#8 sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 32B / 32B 0.4s done
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 26.21MB / 101.16MB 0.5s
#8 extracting sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 0.2s done
#8 extracting sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 34.60MB / 101.16MB 0.6s
#8 extracting sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1 0.1s done
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 49.28MB / 101.16MB 0.8s
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 58.72MB / 101.16MB 0.9s
#8 ...
#9 [stage-1 1/3] FROM public.ecr.aws/docker/library/alpine:3.18@sha256:11e21d7b981a59554b3f822c49f6e9f57b6068bb74f49c4cd5cc4c663c7e5160
#9 resolve public.ecr.aws/docker/library/alpine:3.18@sha256:11e21d7b981a59554b3f822c49f6e9f57b6068bb74f49c4cd5cc4c663c7e5160 0.0s done
#9 sha256:11e21d7b981a59554b3f822c49f6e9f57b6068bb74f49c4cd5cc4c663c7e5160 1.64kB / 1.64kB done
#9 sha256:695ae78b4957fef4e53adc51febd07f5401eb36fcd80fff3e5107a2b4aa42ace 528B / 528B done
#9 sha256:d3782b16ccc94322a5c5a7d004192b5daa2a1ecd61c143074e36dba844408e1c 1.47kB / 1.47kB done
#9 sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8 3.40MB / 3.40MB 0.6s done
#9 extracting sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8 0.3s done
#9 DONE 1.1s
#8 [build 1/7] FROM public.ecr.aws/docker/library/golang:1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 65.01MB / 101.16MB 1.0s
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 100.75MB / 101.16MB 1.3s
#8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 101.16MB / 101.16MB 1.5s done
#8 extracting sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce
#8 extracting sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 5.2s
#8 extracting sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 6.8s done
#8 extracting sha256:027e8f7f47157b8e955bc20d9874e68eb427280f2b614af061d1f8011434f751 done
#8 extracting sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1
#8 extracting sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 done
#8 DONE 8.9s
#10 [build 2/7] WORKDIR /app
#10 DONE 0.3s
#11 [build 3/7] COPY app/go.mod ./
#11 DONE 0.0s
#12 [build 4/7] COPY app/go.sum ./
#12 DONE 0.0s
#13 [build 5/7] RUN apk add git && go mod download
#13 0.651 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
#13 0.865 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
#13 1.666 (1/9) Installing brotli-libs (1.1.0-r1)
#13 1.691 (2/9) Installing c-ares (1.24.0-r1)
#13 1.704 (3/9) Installing libunistring (1.1-r2)
#13 1.735 (4/9) Installing libidn2 (2.3.4-r4)
#13 1.744 (5/9) Installing nghttp2-libs (1.58.0-r0)
#13 1.748 (6/9) Installing libcurl (8.5.0-r0)
#13 1.759 (7/9) Installing libexpat (2.5.0-r2)
#13 1.764 (8/9) Installing pcre2 (10.42-r2)
#13 1.773 (9/9) Installing git (2.43.0-r0)
#13 1.879 Executing busybox-1.36.1-r15.trigger
#13 1.888 OK: 18 MiB in 25 packages
#13 DONE 115.7s
#14 [build 6/7] COPY app/*.go ./
#14 DONE 0.0s
#15 [build 7/7] RUN go build -o /amilazy
#15 DONE 38.8s
#16 [stage-1 2/3] COPY --from=build /amilazy /amilazy
#16 DONE 0.0s
#17 exporting to image
#17 exporting layers
#17 exporting layers 0.1s done
#17 writing image sha256:cd18389e599f92a56091173338bd7c31b6b0950296d7afaf4e36ab52a663f8f0 done
#17 naming to docker.io/library/cdkasset-0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe done
#17 DONE 0.1s
BlogEcsTasksSelectivelyLeverageSociStack: success: Built 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region
BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region
The push refers to repository [XXXXXXXXXXXX.dkr.ecr.ap-northeast-1.amazonaws.com/cdk-hnb659fds-container-assets-XXXXXXXXXXXX-ap-northeast-1]
ab4b70dcc6a2: Preparing
aedc3bda2944: Preparing
aedc3bda2944: Pushed
ab4b70dcc6a2: Pushed
0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe: digest: sha256:64b5248f442686ba447706b44f409ae45342675f48ef5f005531de14bcbe8b04 size: 739
BlogEcsTasksSelectivelyLeverageSociStack: success: Published 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
IAM Statement Changes
┌───┬──────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────────────────────────────────────────────────────────────────────────┬────────────────────────────────────────────────────────────────────────────────────┬───────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${Custom::CDKECRDeploymentbd07c930edb94112a20f03f096f53666512MiB/ServiceRole.Arn │ Allow │ sts:AssumeRole │ Service:lambda.amazonaws.com │ │
│ │ } │ │ │ │ │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role.Arn} │ Allow │ sts:AssumeRole │ Service:lambda.amazonaws.com │ │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${amilazyLogGroup.Arn} │ Allow │ logs:CreateLogStream │ AWS:${executionRole} │ │
│ │ ${firelensLogGroup.Arn} │ │ logs:PutLogEvents │ │ │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${amilazyRepo.Arn} │ Allow │ ecr:BatchCheckLayerAvailability │ AWS:${executionRole} │ │
│ │ ${firelensRepo.Arn} │ │ ecr:BatchGetImage │ │ │
│ │ ${nginxRepo.Arn} │ │ ecr:GetDownloadUrlForLayer │ │ │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${executionRole.Arn} │ Allow │ sts:AssumeRole │ Service:ecs-tasks.amazonaws.com │ │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${taskRole.Arn} │ Allow │ sts:AssumeRole │ Service:ecs-tasks.amazonaws.com │ │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ * │ Allow │ ecr:BatchCheckLayerAvailability │ AWS:${Custom::CDKECRDeploymentbd07c930edb94112a20f03f096f53666512MiB/ServiceRole} │ │
│ │ │ │ ecr:BatchGetImage │ │ │
│ │ │ │ ecr:CompleteLayerUpload │ │ │
│ │ │ │ ecr:DescribeImageScanFindings │ │ │
│ │ │ │ ecr:DescribeImages │ │ │
│ │ │ │ ecr:DescribeRepositories │ │ │
│ │ │ │ ecr:GetAuthorizationToken │ │ │
│ │ │ │ ecr:GetDownloadUrlForLayer │ │ │
│ │ │ │ ecr:GetRepositoryPolicy │ │ │
│ │ │ │ ecr:InitiateLayerUpload │ │ │
│ │ │ │ ecr:ListImages │ │ │
│ │ │ │ ecr:ListTagsForResource │ │ │
│ │ │ │ ecr:PutImage │ │ │
│ │ │ │ ecr:UploadLayerPart │ │ │
│ │ │ │ s3:GetObject │ │ │
│ + │ * │ Allow │ logs:CreateLogStream │ AWS:${taskRole} │ │
│ │ │ │ logs:DescribeLogGroups │ │ │
│ │ │ │ logs:DescribeLogStreams │ │ │
│ │ │ │ logs:PutLogEvents │ │ │
│ │ │ │ ssmmessages:CreateControlChannel │ │ │
│ │ │ │ ssmmessages:CreateDataChannel │ │ │
│ │ │ │ ssmmessages:OpenControlChannel │ │ │
│ │ │ │ ssmmessages:OpenDataChannel │ │ │
│ + │ * │ Allow │ ecr:GetAuthorizationToken │ AWS:${executionRole} │ │
├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:security-group/${vpcA │ Allow │ ec2:AuthorizeSecurityGroupEgress │ AWS:${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role} │ │
│ │ 2121C38.DefaultSecurityGroup} │ │ ec2:AuthorizeSecurityGroupIngress │ │ │
│ │ │ │ ec2:RevokeSecurityGroupEgress │ │ │
│ │ │ │ ec2:RevokeSecurityGroupIngress │ │ │
└───┴──────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────────────────────────────────────────────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────────┴───────────┘
IAM Policy Changes
┌───┬───────────────────────────────────────────────────────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Resource │ Managed Policy ARN │
├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${Custom::CDKECRDeploymentbd07c930edb94112a20f03f096f53666512MiB/ServiceRole} │ arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole │
├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role} │ {"Fn::Sub":"arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"} │
├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${executionRole} │ arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy │
├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${taskRole} │ ${taskPolicy} │
└───┴───────────────────────────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────┘
Security Group Changes
┌───┬──────────────────┬─────┬────────────┬──────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼──────────────────┼─────┼────────────┼──────────────────┤
│ + │ ${albSg.GroupId} │ In │ TCP 80 │ Everyone (IPv4) │
│ + │ ${albSg.GroupId} │ Out │ Everything │ Everyone (IPv4) │
├───┼──────────────────┼─────┼────────────┼──────────────────┤
│ + │ ${ecsSg.GroupId} │ In │ TCP 80 │ ${albSg.GroupId} │
│ + │ ${ecsSg.GroupId} │ Out │ Everything │ Everyone (IPv4) │
└───┴──────────────────┴─────┴────────────┴──────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Do you wish to deploy these changes (y/n)? y
BlogEcsTasksSelectivelyLeverageSociStack: deploying... [1/1]
BlogEcsTasksSelectivelyLeverageSociStack: creating CloudFormation changeset...
✅ BlogEcsTasksSelectivelyLeverageSociStack
✨ Deployment time: 214.17s
Stack ARN:
arn:aws:cloudformation:ap-northeast-1:XXXXXXXXXXXX:stack/BlogEcsTasksSelectivelyLeverageSociStack/7739f3f0-c5a0-11ee-9aa3-0a5f7651c76f
✨ Total time: 237.23s
cm-takakuni:~/environment/blog-ecs-tasks-selectively-leverage-soci (main) $動作確認
今回、 Am I Lazy? コンテナは awslogs ログドライバーを利用して、 CloudWatch Logs に送信しています。
ログを確認すると次のようなログが送信されていることがわかります。各コンテナの Snapshotter に加え、 ImagePullTime (イメージプルにかかった時間の合計タイム)が記載されていますね。
{
"Cluster": "arn:aws:ecs:ap-northeast-1:XXXXXXXXXXXX:cluster/soci-update-cluster",
"TaskARN": "arn:aws:ecs:ap-northeast-1:XXXXXXXXXXXX:task/soci-update-cluster/694ab754fcb44799914bea23d27fb83c",
"Family": "soci-update-task-definition",
"Revision": "13",
"TaskCpu": 256,
"TaskMemory": 512,
"ImagePullTime": 9.030674998,
"Containers": [
{
"Name": "firelensContainer",
"Snapshotter": "overlayfs"
},
{
"Name": "amilazyContainer",
"Snapshotter": "overlayfs"
},
{
"Name": "nginxContainer",
"Snapshotter": "soci"
}
]
}CloudWatch Logs Insights で確認
出力されたログに対して CloudWatch Logs Insights で確認してみます。サンプルクエリを元に以下のクエリでログを簡単に分析してみます。
fields @timestamp, @message
| sort @timestamp desc
| stats count(*) by Family,Revision,ImagePullTime,
Containers.0.Name as Container_1, Containers.0.Snapshotter as Container_1_Snapshotter,
Containers.1.Name as Container_2, Containers.1.Snapshotter as Container_2_Snapshotter,
Containers.2.Name as Container_3, Containers.2.Snapshotter as Container_3_Snapshotter
| limit 20各コンテナの Snapshotter が名前別で表示されました。 nginxContainer だけ、遅延読み込みされていることがわかります。
まとめ
以上、「Am I Lazy? を使って遅延読み込みできているか確認してみた」でした。
「遅延読み込みされているケースをいつも監視したい」のは、なかなかレアだと思いますが、テスト時にどれくらい遅延読み込みが発揮できているか、確認したい場合には、とても使えそうな気がします。
このブログがどなたかの参考になれば幸いです。
AWS 事業本部コンサルティング部のたかくに(@takakuni_)でした!
3
