![Am I Lazy? を使って遅延読み込みできているか確認してみた](https://devio2023-media.developers.io/wp-content/uploads/2023/08/aws-fargate.png)
Am I Lazy? を使って遅延読み込みできているか確認してみた
こんにちは! AWS 事業本部コンサルティング部のたかくに(@takakuni_)です。
みなさん、 SOCI を使ったコンテナイメージの遅延読み込みしていますでしょうか?
今日は、遅延読み込みされているかを監視する Am I Lazy?
コンテナを試してみたいと思います。
SOCI とは
Seekable OCI (以後、 SOCI ) は、コンテナイメージの遅延読み込みで利用される技術です。遅延読み込みではコンテナ起動時にイメージ全体をダウンロードせず、必要なデータのみをダウンロードしてコンテナを起動します。残りのデータはバックグラウンドでダウンロードされます。この技術を利用することで、コンテナの起動時間を早める効果があります。
遅延読み込みできているかどうか
タスクの各コンテナが、遅延読み込みされているかどうかは、タスクメタデータエンドポイントから確認できます。 ECS Exec にログイン後、以下のコマンドを実行することで確認できます。
curl -s $ECS_CONTAINER_METADATA_URI_V4/task | jq '.Containers[] | {Name, Snapshotter}'
Verifying that a task used lazy loading
以下のような実行結果が返され、 Snapshotter が soci
であれば遅延読み込みされている、 overlayfs
であれば遅延読み込みされてないとわかります。
root@ip-10-0-3-86:/# curl -s $ECS_CONTAINER_METADATA_URI_V4/task | jq '.Containers[] | {Name, Snapshotter}' { "Name": "firelensContainer", "Snapshotter": "overlayfs" } { "Name": "amilazyContainer", "Snapshotter": "overlayfs" } { "Name": "nginxContainer", "Snapshotter": "soci" } root@ip-10-0-3-86:/#
Am I Lazy? とは
上記の方法で、各コンテナで遅延読み込みされているかどうかが確認できました。ただし、常に遅延読み込みされたかを確認したい場合、毎度この手順をするのは億劫です。 ECS Exec が常に実行可能であるのも、あまり好ましい状況とは言えないでしょう。
そんなときに役立つのが、 Am I Lazy? です。 Am I Lazy? はサイドカーコンテナとして起動し、同一タスク定義に含まれる各コンテナの遅延読み込み状況をロギングします。
ログが取得でき次第、既存タスクのパフォーマンスに影響しないよう Am I Lazy? コンテナは終了し役目を終えます。送信されたログを利用して CloudWatch Logs Insights または Athena で分析できます。
やってみる
今回は以前ブログで書いた 「[アップデート] AWS Fargate の ECS タスク内で遅延読み込みするコンテナを指定可能になりました」 を参考に Nginx, FireLens, Am I Lazy? コンテナを立ち上げてみようと思います。
デプロイで利用するコードは以下に格納されています。
AWS SOCI Index Builder の作成まで完了しているものとします。まだ作成完了していない場合は、こちらをご覧ください。
アプリケーションの作成
「Am I lazy? を有効にする場合はコメントを外す」 の部分をコメント外して、 CDK アプリケーションのデプロイを行います。
※ CloudShell の場合、ディスク容量がパンパンになるので、 Cloud9 で実行しました。
// Am I lazy? を有効にする場合はコメントを外す - // const amilazyRepo = new ecr.Repository(this, 'amilazyRepo', { - // repositoryName: 'amilazy-repo', - // imageScanOnPush: true, - // emptyOnDelete: true, - // removalPolicy: cdk.RemovalPolicy.DESTROY, - // }); - - // const amilazyAsset = new DockerImageAsset(this, 'amilazyDockerImage', { - // directory: path.join(__dirname, "..", "app/am-i-lazy"), - // platform: Platform.LINUX_ARM64 - // }); - - // new ecrdeploy.ECRDeployment(this, "amilazyDeployment", { - // src: new ecrdeploy.DockerImageName(amilazyAsset.imageUri), - // dest: new ecrdeploy.DockerImageName(`${amilazyRepo.repositoryUri}:latest`), - // }); - - // const amilazyLogGroup = new logs.LogGroup(this, 'amilazyLogGroup', { - // logGroupName: 'soci-update-amilazy-log-group', - // retention: logs.RetentionDays.ONE_MONTH, - // removalPolicy: cdk.RemovalPolicy.DESTROY - // } ); - - // taskDefinition.addContainer('amilazyContainer', { - // essential: false, - // image: ecs.ContainerImage.fromEcrRepository(amilazyRepo), - // containerName: 'amilazyContainer', - // logging: ecs.LogDrivers.awsLogs({ - // streamPrefix: 'amilazy', - // logGroup: amilazyLogGroup, - // }), - // // logging: ecs.LogDrivers.firelens({}), - // linuxParameters: new ecs.LinuxParameters(this, 'amilazyLinuxParameters', { - // initProcessEnabled: true, - // }), - // }); + const amilazyRepo = new ecr.Repository(this, 'amilazyRepo', { + repositoryName: 'amilazy-repo', + imageScanOnPush: true, + emptyOnDelete: true, + removalPolicy: cdk.RemovalPolicy.DESTROY, + }); + + const amilazyAsset = new DockerImageAsset(this, 'amilazyDockerImage', { + directory: path.join(__dirname, "..", "app/am-i-lazy"), + platform: Platform.LINUX_ARM64 + }); + + new ecrdeploy.ECRDeployment(this, "amilazyDeployment", { + src: new ecrdeploy.DockerImageName(amilazyAsset.imageUri), + dest: new ecrdeploy.DockerImageName(`${amilazyRepo.repositoryUri}:latest`), + }); + + const amilazyLogGroup = new logs.LogGroup(this, 'amilazyLogGroup', { + logGroupName: 'soci-update-amilazy-log-group', + retention: logs.RetentionDays.ONE_MONTH, + removalPolicy: cdk.RemovalPolicy.DESTROY + } ); + + taskDefinition.addContainer('amilazyContainer', { + essential: false, + image: ecs.ContainerImage.fromEcrRepository(amilazyRepo), + containerName: 'amilazyContainer', + logging: ecs.LogDrivers.awsLogs({ + streamPrefix: 'amilazy', + logGroup: amilazyLogGroup, + }), + // logging: ecs.LogDrivers.firelens({}), + linuxParameters: new ecs.LinuxParameters(this, 'amilazyLinuxParameters', { + initProcessEnabled: true, + }), + });
以下のコマンドを入力し、y
と Enter キーを押してデプロイを行います。
npm install . npx cdk deploy
実行結果(クリックで表示できます)
cm-takakuni:~/environment/blog-ecs-tasks-selectively-leverage-soci (main) $ npx cdk deploy ✨ Synthesis time: 23.07s BlogEcsTasksSelectivelyLeverageSociStack: start: Building 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: success: Built 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: start: Building 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: success: Published 125056c9b23ff2f2e8b89e411b65ee1cf78a8564a0a280998369c41be09cd89b:current_account-current_region #0 building with "default" instance using docker driver #1 [internal] load .dockerignore #1 transferring context: 2B done #1 DONE 0.1s #2 [internal] load build definition from Dockerfile #2 transferring dockerfile: 237B 0.0s done #2 DONE 0.1s #3 [internal] load metadata for public.ecr.aws/nginx/nginx:latest #3 DONE 1.5s #4 [internal] load build context #4 transferring context: 424B done #4 DONE 0.0s #5 [1/3] FROM public.ecr.aws/nginx/nginx:latest@sha256:a2b1c73e647b13eb8d17011a08fed1b3fcac171373efdac872336964983ada9d #5 resolve public.ecr.aws/nginx/nginx:latest@sha256:a2b1c73e647b13eb8d17011a08fed1b3fcac171373efdac872336964983ada9d 0.0s done #5 sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 7.34MB / 29.13MB 0.2s #5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 0B / 41.37MB 0.2s #5 sha256:8fb6e3475860941cb041f542431fec94a226e347a75ff9f8dc56e0cdf6c69353 0B / 626B 0.2s #5 sha256:a2b1c73e647b13eb8d17011a08fed1b3fcac171373efdac872336964983ada9d 772B / 772B done #5 sha256:08262e7a01055bd33920b3f59e2249f438eea5d25cc67b8d8c7f5854437786d2 1.78kB / 1.78kB done #5 sha256:2a36393edaf1bcdb9d44bf9ed187b6ff6945b94eb369155d98e02d000609be05 8.14kB / 8.14kB done #5 sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 18.87MB / 29.13MB 0.3s #5 sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 29.13MB / 29.13MB 0.4s done #5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 30.41MB / 41.37MB 0.5s #5 sha256:8fb6e3475860941cb041f542431fec94a226e347a75ff9f8dc56e0cdf6c69353 626B / 626B 0.5s done #5 sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e 0B / 370B 0.5s #5 sha256:7bfc9d79c67234188f59ad831b9f5d3af0b2df44ceeb982b7d45f3f7d6c53b06 0B / 959B 0.5s #5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 38.80MB / 41.37MB 0.6s #5 extracting sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 #5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 41.37MB / 41.37MB 0.7s #5 sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e 370B / 370B 0.7s #5 sha256:7bfc9d79c67234188f59ad831b9f5d3af0b2df44ceeb982b7d45f3f7d6c53b06 959B / 959B 0.6s done #5 sha256:e5fab51fcab06e89729090806515923de57daf08b6f30c43f5ae48f3980fb8ca 0B / 1.22kB 0.7s #5 sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 41.37MB / 41.37MB 0.7s done #5 sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e 370B / 370B 0.7s done #5 sha256:e5fab51fcab06e89729090806515923de57daf08b6f30c43f5ae48f3980fb8ca 1.22kB / 1.22kB 0.7s done #5 sha256:04dda7b4828c5bd35c61b28ac319c52208cac8253c843181e28b394162b38b9d 0B / 1.40kB 0.8s #5 sha256:04dda7b4828c5bd35c61b28ac319c52208cac8253c843181e28b394162b38b9d 1.40kB / 1.40kB 0.8s done #5 extracting sha256:af107e978371b6cd6339127a05502c5eacd1e6b0e9eb7b2f4aa7b6fc87e2dd81 2.0s done #5 extracting sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 #5 extracting sha256:1581bea9f1d2c412b385218eac8c604398a5f4aaa4d0e4eab01579966948b731 1.8s done #5 extracting sha256:8fb6e3475860941cb041f542431fec94a226e347a75ff9f8dc56e0cdf6c69353 done #5 extracting sha256:7bfc9d79c67234188f59ad831b9f5d3af0b2df44ceeb982b7d45f3f7d6c53b06 done #5 extracting sha256:3ebd268aebca4f61b2efa7cdfef1dd6584df6dd8f63ea9358a8b255b33452e3e done #5 extracting sha256:e5fab51fcab06e89729090806515923de57daf08b6f30c43f5ae48f3980fb8ca done #5 extracting sha256:04dda7b4828c5bd35c61b28ac319c52208cac8253c843181e28b394162b38b9d done #5 DONE 4.7s #6 [2/3] COPY ./index.html /var/www/index.html #6 DONE 0.2s #7 [3/3] COPY ./default.conf /etc/nginx/conf.d/default.conf #7 DONE 0.0s #8 exporting to image #8 exporting layers 0.0s done #8 writing image sha256:538120ec0edaffd06f06133ee484bb08e0fe7db360cb2ba4e083f82692df7e9f done #8 naming to docker.io/library/cdkasset-96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a done #8 DONE 0.0s BlogEcsTasksSelectivelyLeverageSociStack: success: Built 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: start: Building 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region The push refers to repository [XXXXXXXXXXXX.dkr.ecr.ap-northeast-1.amazonaws.com/cdk-hnb659fds-container-assets-XXXXXXXXXXXX-ap-northeast-1] 1e654d8175cb: Preparing 6dffa332a067: Preparing 20cefd501c0f: Preparing 670112bd033f: Preparing 1a0acbc1f382: Preparing f615f9ee3f9b: Preparing 78095cec2434: Preparing e4ce76805190: Preparing 7292cf786aa8: Preparing f615f9ee3f9b: Waiting 78095cec2434: Waiting e4ce76805190: Waiting 7292cf786aa8: Waiting 20cefd501c0f: Layer already exists 1a0acbc1f382: Layer already exists 670112bd033f: Layer already exists f615f9ee3f9b: Layer already exists e4ce76805190: Layer already exists 78095cec2434: Layer already exists 7292cf786aa8: Layer already exists #0 building with "default" instance using docker driver #1 [internal] load build definition from Dockerfile #1 transferring dockerfile: 205B done #1 DONE 0.0s #2 [internal] load .dockerignore #2 transferring context: 2B done #2 DONE 0.0s #3 [internal] load metadata for public.ecr.aws/aws-observability/aws-for-fluent-bit:latest 1e654d8175cb: Pushed 6dffa332a067: Pushed 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a: digest: sha256:c494772179558d6c123749c10a65349491203f7bd57be92cc405d0a60876ff3c size: 2192 BlogEcsTasksSelectivelyLeverageSociStack: success: Published 96d6bdd8cc6050b08b8040d640f13b45cdc6113dc345b80fa0cf5c1f1e1e287a:current_account-current_region #3 DONE 1.2s #4 [internal] load build context #4 transferring context: 955B done #4 DONE 0.0s #5 [1/2] FROM public.ecr.aws/aws-observability/aws-for-fluent-bit:latest@sha256:d1a33dac635f5c1bdaee04a54922bfc38138e3394c0b8d70c6fb73ce669f03aa #5 resolve public.ecr.aws/aws-observability/aws-for-fluent-bit:latest@sha256:d1a33dac635f5c1bdaee04a54922bfc38138e3394c0b8d70c6fb73ce669f03aa 0.0s done #5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 0B / 36.84MB 0.2s #5 sha256:e723b61511510c35725f6fd23e4bbf9a7278329c0ab3356b5f327ab11905c16c 4.07kB / 4.07kB done #5 sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976 5.24MB / 9.00MB 0.2s #5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 3.15MB / 62.66MB 0.2s #5 sha256:d1a33dac635f5c1bdaee04a54922bfc38138e3394c0b8d70c6fb73ce669f03aa 772B / 772B done #5 sha256:3952d36a5e5c6961b7dd1545e615c9a12a4f90fcb4b06bb418d60feb3f18c8de 5.95kB / 5.95kB done #5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 7.34MB / 36.84MB 0.3s #5 sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976 9.00MB / 9.00MB 0.3s done #5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 9.72MB / 62.66MB 0.3s #5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 17.83MB / 36.84MB 0.4s #5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 18.87MB / 62.66MB 0.4s #5 sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 0B / 9.30MB 0.4s #5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 28.31MB / 36.84MB 0.6s #5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 31.46MB / 62.66MB 0.6s #5 sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 8.39MB / 9.30MB 0.6s #5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 36.70MB / 36.84MB 0.7s #5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 41.94MB / 62.66MB 0.7s #5 sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 9.30MB / 9.30MB 0.7s done #5 sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248 0B / 6.79MB 0.7s #5 sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 36.84MB / 36.84MB 0.8s done #5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 62.66MB / 62.66MB 0.9s #5 sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248 6.79MB / 6.79MB 0.9s done #5 sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 0B / 6.88MB 0.9s #5 sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 2.10MB / 6.88MB 1.0s #5 sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 62.66MB / 62.66MB 1.0s done #5 sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 6.88MB / 6.88MB 1.1s done #5 extracting sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c #5 sha256:644db8469f31d2e625af327fdd745b5287f3fc6aab8c9b8ddf041a01b42f6db9 0B / 171B 1.1s #5 sha256:c67d510271c86ba54315bbcbde5076d2920f955300d507006382e035bca22c5e 0B / 180B 1.1s #5 sha256:38be36255353c2a4870f98da056b5fcb3b25cdad3905d842de2a0278ace0dce8 0B / 181B 1.1s #5 sha256:644db8469f31d2e625af327fdd745b5287f3fc6aab8c9b8ddf041a01b42f6db9 171B / 171B 1.2s done #5 sha256:c67d510271c86ba54315bbcbde5076d2920f955300d507006382e035bca22c5e 180B / 180B 1.2s done #5 sha256:38be36255353c2a4870f98da056b5fcb3b25cdad3905d842de2a0278ace0dce8 181B / 181B 1.2s done #5 sha256:0cf1731c0014338968c8352f4c43832bfc86c7e083a19d5f13104b61b78e6fc4 0B / 5.23kB 1.3s #5 sha256:ed2ab2e15ac4b2441a4a24baa10b08cf6a844dcf682263abb1e8822a09311a0c 180B / 180B 1.3s done #5 sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd 0B / 7.32kB 1.3s #5 sha256:0cf1731c0014338968c8352f4c43832bfc86c7e083a19d5f13104b61b78e6fc4 5.23kB / 5.23kB 1.3s done #5 sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd 7.32kB / 7.32kB 1.4s done #5 sha256:8e096ddbd3d1be2cead3072a003070f00cea605b73eda54ad2540dfd0ba48594 0B / 7.39kB 1.4s #5 sha256:f7884004348201eb1d8c3abcfed0c5339210ec24781948b9fa312914933eb51d 0B / 138B 1.4s #5 sha256:595148c2f4be5eab80cdbd20dbb5997a6c6776dee31521af73a24f6aabd0de6a 0B / 7.54kB 1.4s #5 sha256:8e096ddbd3d1be2cead3072a003070f00cea605b73eda54ad2540dfd0ba48594 7.39kB / 7.39kB 1.4s done #5 sha256:f7884004348201eb1d8c3abcfed0c5339210ec24781948b9fa312914933eb51d 138B / 138B 1.5s done #5 sha256:595148c2f4be5eab80cdbd20dbb5997a6c6776dee31521af73a24f6aabd0de6a 7.54kB / 7.54kB 1.5s done #5 sha256:e4eb19d44cb94ad14826b826946d63eff6c4b508b596f3ba3a2ced8e8e96f44b 0B / 248B 1.6s #5 sha256:2425bcad59deff02b71f82c236a7186b6e024e2ca9d7202d28514c8cda78390c 1.00kB / 1.00kB 1.6s done #5 sha256:e4eb19d44cb94ad14826b826946d63eff6c4b508b596f3ba3a2ced8e8e96f44b 248B / 248B 1.6s done #5 extracting sha256:1243323cbbce9384c54ac7f8354a552ac222dc3ce5d0ece482a667a33fce339c 4.7s done #5 extracting sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 0.1s #5 extracting sha256:e0e08d8791a1701f472bd7a10d36341ad422abf2fff0acc79efe07c198a97d8b 2.9s done #5 extracting sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976 #5 extracting sha256:84d3be804b299fb484ab9c96dfab399a6b8cd1eaf0b8634d6dbe20bae065d976 0.3s done #5 extracting sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 #5 extracting sha256:08cdc5a2c1ac6b4aa767b550d97130e11e15c79f9844f3909830afd8720dc778 0.3s done #5 extracting sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248 #5 extracting sha256:b1c3a3cf517784530cdea97ed3f8cc4d6b3bfcca94616ace975951f272e32248 0.2s done #5 extracting sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 0.1s #5 extracting sha256:8259ced5d71a22760532483de6fc4386cc38934f48cc2695026e676e82384cfd 0.2s done #5 extracting sha256:644db8469f31d2e625af327fdd745b5287f3fc6aab8c9b8ddf041a01b42f6db9 done #5 extracting sha256:c67d510271c86ba54315bbcbde5076d2920f955300d507006382e035bca22c5e done #5 extracting sha256:38be36255353c2a4870f98da056b5fcb3b25cdad3905d842de2a0278ace0dce8 done #5 extracting sha256:ed2ab2e15ac4b2441a4a24baa10b08cf6a844dcf682263abb1e8822a09311a0c done #5 extracting sha256:0cf1731c0014338968c8352f4c43832bfc86c7e083a19d5f13104b61b78e6fc4 done #5 extracting sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd #5 extracting sha256:af2f4a8d28a56c1f64f8e05a704abf0bcbdf651686b61dfbfdd055404b573dfd done #5 extracting sha256:8e096ddbd3d1be2cead3072a003070f00cea605b73eda54ad2540dfd0ba48594 done #5 extracting sha256:595148c2f4be5eab80cdbd20dbb5997a6c6776dee31521af73a24f6aabd0de6a done #5 extracting sha256:f7884004348201eb1d8c3abcfed0c5339210ec24781948b9fa312914933eb51d done #5 extracting sha256:2425bcad59deff02b71f82c236a7186b6e024e2ca9d7202d28514c8cda78390c done #5 extracting sha256:e4eb19d44cb94ad14826b826946d63eff6c4b508b596f3ba3a2ced8e8e96f44b done #5 DONE 10.8s #6 [2/2] COPY ./extra.conf /fluent-bit/etc/extra.conf #6 DONE 0.1s #7 exporting to image #7 exporting layers 0.0s done #7 writing image sha256:be5766c91415c9fec8b5425fde7e2ab6594000883ccdd593230624676c0661a4 done #7 naming to docker.io/library/cdkasset-44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa done #7 DONE 0.0s BlogEcsTasksSelectivelyLeverageSociStack: success: Built 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: start: Building 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region The push refers to repository [XXXXXXXXXXXX.dkr.ecr.ap-northeast-1.amazonaws.com/cdk-hnb659fds-container-assets-XXXXXXXXXXXX-ap-northeast-1] 2c91fa24e32a: Preparing 3c6431d7ef6a: Preparing 3c6431d7ef6a: Preparing 4bc2f3fe5546: Preparing abe28a302310: Preparing 7aabac815aae: Preparing 350e06a484cb: Preparing db37ee1c7f9d: Preparing b915cc07d011: Preparing f2af444ba114: Preparing e03982181e4b: Preparing d3be3a07e226: Preparing 6a8e3294dff2: Preparing df8f0e5797bb: Preparing 9fb916129d8a: Preparing 58b8e1ca4dc2: Preparing e009aca566e5: Preparing 41685b4b6b36: Preparing d9907b0445f9: Preparing 350e06a484cb: Waiting db37ee1c7f9d: Waiting b915cc07d011: Waiting f2af444ba114: Waiting e03982181e4b: Waiting d3be3a07e226: Waiting 6a8e3294dff2: Waiting df8f0e5797bb: Waiting 9fb916129d8a: Waiting 58b8e1ca4dc2: Waiting e009aca566e5: Waiting 41685b4b6b36: Waiting d9907b0445f9: Waiting 7aabac815aae: Layer already exists abe28a302310: Layer already exists 4bc2f3fe5546: Layer already exists 3c6431d7ef6a: Layer already exists 350e06a484cb: Layer already exists db37ee1c7f9d: Layer already exists b915cc07d011: Layer already exists e03982181e4b: Layer already exists f2af444ba114: Layer already exists d3be3a07e226: Layer already exists 6a8e3294dff2: Layer already exists df8f0e5797bb: Layer already exists 9fb916129d8a: Layer already exists 58b8e1ca4dc2: Layer already exists e009aca566e5: Layer already exists 41685b4b6b36: Layer already exists d9907b0445f9: Layer already exists 2c91fa24e32a: Pushed #0 building with "default" instance using docker driver #1 [internal] load build definition from Dockerfile #1 transferring dockerfile: 505B done #1 DONE 0.0s #2 [internal] load .dockerignore #2 transferring context: 2B done #2 DONE 0.0s #3 resolve image config for docker.io/docker/dockerfile:1.5 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa: digest: sha256:affc6351404f557425ca6fe5ac125ae807d63217e75f6fa114cb8e806d2fae9f size: 4281 BlogEcsTasksSelectivelyLeverageSociStack: success: Published 44cc48de864cb42b4f3543be9656d2b61b56b034de593b0a572bac4e1f48c4aa:current_account-current_region #3 DONE 2.2s #4 docker-image://docker.io/docker/dockerfile:1.5@sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 #4 resolve docker.io/docker/dockerfile:1.5@sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 0.0s done #4 sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 0B / 11.55MB 0.2s #4 sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 8.40kB / 8.40kB done #4 sha256:966d40f9ba8366e74c2fa353fc0bc7bbc167d2a0f3ad2420db8b9e633049462d 482B / 482B done #4 sha256:dbdd11720762ad504260c66161c964e59eba06b95a7aa64a68634b598a830a91 2.90kB / 2.90kB done #4 sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 8.39MB / 11.55MB 0.3s #4 sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 11.55MB / 11.55MB 0.3s done #4 extracting sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd #4 extracting sha256:a47ff7046597eea0123ea02817165350e3680f75000dc5d69c9a310258e1bedd 0.2s done #4 DONE 0.7s #5 [internal] load metadata for public.ecr.aws/docker/library/golang:1.20-alpine #5 ... #6 [internal] load metadata for public.ecr.aws/docker/library/alpine:3.18 #6 DONE 1.2s #5 [internal] load metadata for public.ecr.aws/docker/library/golang:1.20-alpine #5 DONE 1.3s #7 [internal] load build context #7 transferring context: 9.70kB done #7 DONE 0.0s #8 [build 1/7] FROM public.ecr.aws/docker/library/golang:1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f #8 resolve public.ecr.aws/docker/library/golang:1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f 0.0s done #8 sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f 1.65kB / 1.65kB done #8 sha256:008f5b5d4645836f4074cbd9f44c513ba7eb00bc3859f08bbfdba24fd4dae65d 1.36kB / 1.36kB done #8 sha256:71719a2da3d19db6340a72b90f937507cbcfcbcaf1fb12835a214d6e8c16a650 1.98kB / 1.98kB done #8 sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 0B / 3.41MB 0.1s #8 sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1 0B / 284.20kB 0.1s #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 0B / 101.16MB 0.1s #8 sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 2.10MB / 3.41MB 0.2s #8 sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1 284.20kB / 284.20kB 0.2s done #8 sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 3.41MB / 3.41MB 0.2s done #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 9.44MB / 101.16MB 0.3s #8 extracting sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 #8 sha256:027e8f7f47157b8e955bc20d9874e68eb427280f2b614af061d1f8011434f751 0B / 175B 0.3s #8 sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 0B / 32B 0.3s #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 16.06MB / 101.16MB 0.4s #8 sha256:027e8f7f47157b8e955bc20d9874e68eb427280f2b614af061d1f8011434f751 175B / 175B 0.4s done #8 sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 32B / 32B 0.4s done #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 26.21MB / 101.16MB 0.5s #8 extracting sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 0.2s done #8 extracting sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1 #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 34.60MB / 101.16MB 0.6s #8 extracting sha256:e8e7baba97f57fa5df2e96f78c627013fec3c450d844769a62de7f40cc5bbed1 0.1s done #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 49.28MB / 101.16MB 0.8s #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 58.72MB / 101.16MB 0.9s #8 ... #9 [stage-1 1/3] FROM public.ecr.aws/docker/library/alpine:3.18@sha256:11e21d7b981a59554b3f822c49f6e9f57b6068bb74f49c4cd5cc4c663c7e5160 #9 resolve public.ecr.aws/docker/library/alpine:3.18@sha256:11e21d7b981a59554b3f822c49f6e9f57b6068bb74f49c4cd5cc4c663c7e5160 0.0s done #9 sha256:11e21d7b981a59554b3f822c49f6e9f57b6068bb74f49c4cd5cc4c663c7e5160 1.64kB / 1.64kB done #9 sha256:695ae78b4957fef4e53adc51febd07f5401eb36fcd80fff3e5107a2b4aa42ace 528B / 528B done #9 sha256:d3782b16ccc94322a5c5a7d004192b5daa2a1ecd61c143074e36dba844408e1c 1.47kB / 1.47kB done #9 sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8 3.40MB / 3.40MB 0.6s done #9 extracting sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8 0.3s done #9 DONE 1.1s #8 [build 1/7] FROM public.ecr.aws/docker/library/golang:1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 65.01MB / 101.16MB 1.0s #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 100.75MB / 101.16MB 1.3s #8 sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 101.16MB / 101.16MB 1.5s done #8 extracting sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce #8 extracting sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 5.2s #8 extracting sha256:3bc7f8f202272c1476692180b407ca56cc50f79b8b1859dcd5d579586b5cebce 6.8s done #8 extracting sha256:027e8f7f47157b8e955bc20d9874e68eb427280f2b614af061d1f8011434f751 done #8 extracting sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 #8 extracting sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 done #8 DONE 8.9s #10 [build 2/7] WORKDIR /app #10 DONE 0.3s #11 [build 3/7] COPY app/go.mod ./ #11 DONE 0.0s #12 [build 4/7] COPY app/go.sum ./ #12 DONE 0.0s #13 [build 5/7] RUN apk add git && go mod download #13 0.651 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz #13 0.865 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz #13 1.666 (1/9) Installing brotli-libs (1.1.0-r1) #13 1.691 (2/9) Installing c-ares (1.24.0-r1) #13 1.704 (3/9) Installing libunistring (1.1-r2) #13 1.735 (4/9) Installing libidn2 (2.3.4-r4) #13 1.744 (5/9) Installing nghttp2-libs (1.58.0-r0) #13 1.748 (6/9) Installing libcurl (8.5.0-r0) #13 1.759 (7/9) Installing libexpat (2.5.0-r2) #13 1.764 (8/9) Installing pcre2 (10.42-r2) #13 1.773 (9/9) Installing git (2.43.0-r0) #13 1.879 Executing busybox-1.36.1-r15.trigger #13 1.888 OK: 18 MiB in 25 packages #13 DONE 115.7s #14 [build 6/7] COPY app/*.go ./ #14 DONE 0.0s #15 [build 7/7] RUN go build -o /amilazy #15 DONE 38.8s #16 [stage-1 2/3] COPY --from=build /amilazy /amilazy #16 DONE 0.0s #17 exporting to image #17 exporting layers #17 exporting layers 0.1s done #17 writing image sha256:cd18389e599f92a56091173338bd7c31b6b0950296d7afaf4e36ab52a663f8f0 done #17 naming to docker.io/library/cdkasset-0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe done #17 DONE 0.1s BlogEcsTasksSelectivelyLeverageSociStack: success: Built 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region BlogEcsTasksSelectivelyLeverageSociStack: start: Publishing 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region The push refers to repository [XXXXXXXXXXXX.dkr.ecr.ap-northeast-1.amazonaws.com/cdk-hnb659fds-container-assets-XXXXXXXXXXXX-ap-northeast-1] ab4b70dcc6a2: Preparing aedc3bda2944: Preparing aedc3bda2944: Pushed ab4b70dcc6a2: Pushed 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe: digest: sha256:64b5248f442686ba447706b44f409ae45342675f48ef5f005531de14bcbe8b04 size: 739 BlogEcsTasksSelectivelyLeverageSociStack: success: Published 0237009abd68e640aaa2b0c272b28478402577914aa5aaf9d03de48e11bfadbe:current_account-current_region This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening). Please confirm you intend to make the following modifications: IAM Statement Changes ┌───┬──────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────────────────────────────────────────────────────────────────────────┬────────────────────────────────────────────────────────────────────────────────────┬───────────┐ │ │ Resource │ Effect │ Action │ Principal │ Condition │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ ${Custom::CDKECRDeploymentbd07c930edb94112a20f03f096f53666512MiB/ServiceRole.Arn │ Allow │ sts:AssumeRole │ Service:lambda.amazonaws.com │ │ │ │ } │ │ │ │ │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ ${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role.Arn} │ Allow │ sts:AssumeRole │ Service:lambda.amazonaws.com │ │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ ${amilazyLogGroup.Arn} │ Allow │ logs:CreateLogStream │ AWS:${executionRole} │ │ │ │ ${firelensLogGroup.Arn} │ │ logs:PutLogEvents │ │ │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ ${amilazyRepo.Arn} │ Allow │ ecr:BatchCheckLayerAvailability │ AWS:${executionRole} │ │ │ │ ${firelensRepo.Arn} │ │ ecr:BatchGetImage │ │ │ │ │ ${nginxRepo.Arn} │ │ ecr:GetDownloadUrlForLayer │ │ │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ ${executionRole.Arn} │ Allow │ sts:AssumeRole │ Service:ecs-tasks.amazonaws.com │ │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ ${taskRole.Arn} │ Allow │ sts:AssumeRole │ Service:ecs-tasks.amazonaws.com │ │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ * │ Allow │ ecr:BatchCheckLayerAvailability │ AWS:${Custom::CDKECRDeploymentbd07c930edb94112a20f03f096f53666512MiB/ServiceRole} │ │ │ │ │ │ ecr:BatchGetImage │ │ │ │ │ │ │ ecr:CompleteLayerUpload │ │ │ │ │ │ │ ecr:DescribeImageScanFindings │ │ │ │ │ │ │ ecr:DescribeImages │ │ │ │ │ │ │ ecr:DescribeRepositories │ │ │ │ │ │ │ ecr:GetAuthorizationToken │ │ │ │ │ │ │ ecr:GetDownloadUrlForLayer │ │ │ │ │ │ │ ecr:GetRepositoryPolicy │ │ │ │ │ │ │ ecr:InitiateLayerUpload │ │ │ │ │ │ │ ecr:ListImages │ │ │ │ │ │ │ ecr:ListTagsForResource │ │ │ │ │ │ │ ecr:PutImage │ │ │ │ │ │ │ ecr:UploadLayerPart │ │ │ │ │ │ │ s3:GetObject │ │ │ │ + │ * │ Allow │ logs:CreateLogStream │ AWS:${taskRole} │ │ │ │ │ │ logs:DescribeLogGroups │ │ │ │ │ │ │ logs:DescribeLogStreams │ │ │ │ │ │ │ logs:PutLogEvents │ │ │ │ │ │ │ ssmmessages:CreateControlChannel │ │ │ │ │ │ │ ssmmessages:CreateDataChannel │ │ │ │ │ │ │ ssmmessages:OpenControlChannel │ │ │ │ │ │ │ ssmmessages:OpenDataChannel │ │ │ │ + │ * │ Allow │ ecr:GetAuthorizationToken │ AWS:${executionRole} │ │ ├───┼──────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┼───────────┤ │ + │ arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:security-group/${vpcA │ Allow │ ec2:AuthorizeSecurityGroupEgress │ AWS:${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role} │ │ │ │ 2121C38.DefaultSecurityGroup} │ │ ec2:AuthorizeSecurityGroupIngress │ │ │ │ │ │ │ ec2:RevokeSecurityGroupEgress │ │ │ │ │ │ │ ec2:RevokeSecurityGroupIngress │ │ │ └───┴──────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────────────────────────────────────────────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────────┴───────────┘ IAM Policy Changes ┌───┬───────────────────────────────────────────────────────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────┐ │ │ Resource │ Managed Policy ARN │ ├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤ │ + │ ${Custom::CDKECRDeploymentbd07c930edb94112a20f03f096f53666512MiB/ServiceRole} │ arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole │ ├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤ │ + │ ${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role} │ {"Fn::Sub":"arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"} │ ├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤ │ + │ ${executionRole} │ arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy │ ├───┼───────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤ │ + │ ${taskRole} │ ${taskPolicy} │ └───┴───────────────────────────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────┘ Security Group Changes ┌───┬──────────────────┬─────┬────────────┬──────────────────┐ │ │ Group │ Dir │ Protocol │ Peer │ ├───┼──────────────────┼─────┼────────────┼──────────────────┤ │ + │ ${albSg.GroupId} │ In │ TCP 80 │ Everyone (IPv4) │ │ + │ ${albSg.GroupId} │ Out │ Everything │ Everyone (IPv4) │ ├───┼──────────────────┼─────┼────────────┼──────────────────┤ │ + │ ${ecsSg.GroupId} │ In │ TCP 80 │ ${albSg.GroupId} │ │ + │ ${ecsSg.GroupId} │ Out │ Everything │ Everyone (IPv4) │ └───┴──────────────────┴─────┴────────────┴──────────────────┘ (NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299) Do you wish to deploy these changes (y/n)? y BlogEcsTasksSelectivelyLeverageSociStack: deploying... [1/1] BlogEcsTasksSelectivelyLeverageSociStack: creating CloudFormation changeset... ✅ BlogEcsTasksSelectivelyLeverageSociStack ✨ Deployment time: 214.17s Stack ARN: arn:aws:cloudformation:ap-northeast-1:XXXXXXXXXXXX:stack/BlogEcsTasksSelectivelyLeverageSociStack/7739f3f0-c5a0-11ee-9aa3-0a5f7651c76f ✨ Total time: 237.23s cm-takakuni:~/environment/blog-ecs-tasks-selectively-leverage-soci (main) $
動作確認
今回、 Am I Lazy? コンテナは awslogs
ログドライバーを利用して、 CloudWatch Logs に送信しています。
ログを確認すると次のようなログが送信されていることがわかります。各コンテナの Snapshotter に加え、 ImagePullTime (イメージプルにかかった時間の合計タイム)が記載されていますね。
{ "Cluster": "arn:aws:ecs:ap-northeast-1:XXXXXXXXXXXX:cluster/soci-update-cluster", "TaskARN": "arn:aws:ecs:ap-northeast-1:XXXXXXXXXXXX:task/soci-update-cluster/694ab754fcb44799914bea23d27fb83c", "Family": "soci-update-task-definition", "Revision": "13", "TaskCpu": 256, "TaskMemory": 512, "ImagePullTime": 9.030674998, "Containers": [ { "Name": "firelensContainer", "Snapshotter": "overlayfs" }, { "Name": "amilazyContainer", "Snapshotter": "overlayfs" }, { "Name": "nginxContainer", "Snapshotter": "soci" } ] }
CloudWatch Logs Insights で確認
出力されたログに対して CloudWatch Logs Insights で確認してみます。サンプルクエリを元に以下のクエリでログを簡単に分析してみます。
fields @timestamp, @message | sort @timestamp desc | stats count(*) by Family,Revision,ImagePullTime, Containers.0.Name as Container_1, Containers.0.Snapshotter as Container_1_Snapshotter, Containers.1.Name as Container_2, Containers.1.Snapshotter as Container_2_Snapshotter, Containers.2.Name as Container_3, Containers.2.Snapshotter as Container_3_Snapshotter | limit 20
各コンテナの Snapshotter が名前別で表示されました。 nginxContainer
だけ、遅延読み込みされていることがわかります。
まとめ
以上、「Am I Lazy? を使って遅延読み込みできているか確認してみた」でした。
「遅延読み込みされているケースをいつも監視したい」のは、なかなかレアだと思いますが、テスト時にどれくらい遅延読み込みが発揮できているか、確認したい場合には、とても使えそうな気がします。
このブログがどなたかの参考になれば幸いです。
AWS 事業本部コンサルティング部のたかくに(@takakuni_)でした!