{"id":20136103,"url":"https://github.com/zkfmapf123/codepipeline-architecture","last_synced_at":"2026-03-19T14:04:21.687Z","repository":{"id":231982798,"uuid":"780983080","full_name":"zkfmapf123/codepipeline-architecture","owner":"zkfmapf123","description":"codepipeline best practice architecture","archived":false,"fork":false,"pushed_at":"2024-04-07T10:39:51.000Z","size":1243,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-06T04:09:25.710Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zkfmapf123.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-02T14:29:42.000Z","updated_at":"2024-04-07T06:16:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"e5a2b7ae-8a87-4666-ba47-1f8b8547ff6c","html_url":"https://github.com/zkfmapf123/codepipeline-architecture","commit_stats":null,"previous_names":["zkfmapf123/codepipeline-architecture"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zkfmapf123/codepipeline-architecture","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Fcodepipeline-architecture","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Fcodepipeline-architecture/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Fcodepipeline-architecture/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Fcodepipeline-architecture/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zkfmapf123","download_url":"https://codeload.github.com/zkfmapf123/codepipeline-architecture/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Fcodepipeline-architecture/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28806348,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T06:25:51.065Z","status":"ssl_error","status_checked_at":"2026-01-27T06:25:50.640Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T21:17:42.640Z","updated_at":"2026-01-27T06:32:40.252Z","avatar_url":"https://github.com/zkfmapf123.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CodePipeline Architecture\n\n![1](./public/1.png)\n\n## Folder Architecture\n\n```sh\n\n |- infra ## infra use Terraform \n |- server ## server side application (express)\n |- deploy ## deploy files (task-definition.json, appspec.yml)\n```\n\n## CodePipeline 구축 Terraform \n\n```sh\n ## 일부러 state는 설정안함 \n cd infra \n terraform init \u0026\u0026 terraform apply\n```\n\n## 1. VPC 구축 및 ECS 설정\n\n### VPC \n\n```sh\n ## Reference Terraform files\n infra/vpc.tf\n```\n\n- \u003ca href=\"https://registry.terraform.io/modules/zkfmapf123/vpc3tier/lee/latest\"\u003e 모듈참조 \u003c/a\u003e\n\n### ECS Fargate \n\n```sh\n ## server \n server/index.js\n\n ## Referenec Terraform files\n infra/ecs-alb.tf\n infra/ecs-iam.tf ## ecs-execution-role, ecs-code-deploy-role\n infra/ecs-fargate.tf\n infra/ecs-code-deploy.tf\n```\n\n- ECR (Register)\n- ECS Cluster\n- ECS Service\n- ECS Task Definition\n- Application Load Balancer\n- Target Group\n- Lister Rule\n\n- 참고사항\n\n - ECS Taks Definition의 경우 \u003ca href=\"https://hub.docker.com/repository/docker/zkfmapf123/healthcheck/general\"\u003e zkfmapf123/healthcheck\u003c/a\u003e Image를 사용합니다.\n - 이미지의 자세한 내용은 docker inspect 를 활용합니다\n - 처음 Provisioning 에만 사용됩니다.\n - 추후 배포는 CodePipeline + TaskDefinition 으로 구성합니다.\n - CodeDeploy를 사용하기 위해선 2가지 조건이 필요합니다. (Target Group : Blue/Green), (ECSService : BlueGreen Option)\n - 기존 ECS (Rolling) 배포옵션을 사용하고 있었다면, ECS Service를 재생성해야 합니다.\n - ECS CodeDeploy를 활용하기 위해선 2가지 파일이 필요합니다. (task-definition.json, appspec.yml)\n - CodeDeploy 배포옵션은 aws_codedeploy_deployment_group.*.deployment_config_name 옵션에서 수정합니다.\n\n| 배포옵션 | 설명 |\n|------------------------------------|------------------------------------------------------------------------------------------------|\n| CodeDeployDefault.ECSAllAtOnce | 모든 새 버전을 동시에 배포하고 이전 버전과 교체합니다. |\n| CodeDeployDefault.ECSCanary10Percent10Minutes | 새 버전을 Canary 배포로 배포하고, 각 배포 단계마다 최대 10%의 용량을 사용하여 교체합니다. |\n| CodeDeployDefault.ECSCanary10Percent5Minutes | Canary 배포로 새 버전을 배포하고, 각 배포 단계마다 최대 10%의 용량을 사용하여 교체합니다. |\n| CodeDeployDefault.ECSCanary10Percent3Minutes | Canary 배포로 새 버전을 배포하고, 각 배포 단계마다 최대 10%의 용량을 사용하여 교체합니다. |\n| CodeDeployDefault.ECSTrafficShift | 이전 버전과 새 버전 간의 트래픽을 제어하여 점진적으로 새 버전으로 전환합니다. |\n\n## 2. CodePipeline 구성\n\n```sh\n\n ## Reference Terraform files\n infra/code-pipeline.tf\n infra/ecs-iam.tf\n\n ## buildspec 업데이트\n make spec-update\n```\n\n![2](./public/2.png)\n![3](./public/3.png)\n![4](./public/4.png)\n\n- 참고사항\n - GitHub Connect은 연결하여야 한다\n - CodePipelin.Build 테라폼 빡세다\n - deploy 폴더안에 task_definition.json, AppSpec.yml 을 위치해야 Build Artifacts를 통해서 CodeDeploy가 배포됨\n - \u003cb\u003eBuildArtifacts에 구성파일만 존재하면 CodeDeploy는 쉽게 진행됨\u003c/b\u003e\n - CodeDeploy가 아닌 ECS (Blue/Green) 으로 구성해야 함 (in CodePipeline)\n - 폴더지정 제대로 하자 에러 많이 남\n\n ```yml\n ...\n post_build:\n commands:\n - cd ..\n - ls -lah ./deploy\n\n artifacts:\n files:\n - \"deploy/*\"\n ```\n\n## 3. 주의사항\n\n- appspec.yml, taskdef.json 파일의 세부 Parameter를 꼼꼼하게 작성해야 함 (에러남)\n- appspec.yml의 taskArn의 경우 현재 Family Revision + 1로 작성해야 에러가 안난다\n- Policy 정리를 잘해야 한다 (현재는 최대한 열어놓은 상태임)\n\n## 귀찮아서 안한거..\n\n- Terraform은 Resource / Service 별로 폴더별로 관리해야 함\n- Terraform Cloud를 붙힌다면 더더욱 좋을듯 함\n- IAM Policy의 Resource는 개별로 지정하는 것이 좋음\n- Task Definition, AppSpec 내의 Docker versioning은 추후에 진행해보자...\n- Terrform이 다 구성되고, task_definition, AppSpec 을 자동으로 만들어주게끔 중간에 CLI를 만들어보는것도 좋을듯\n- \u003cb\u003eCodeGuru Service가 Seoul Region에 들어오면 Security Scanning, Reviewer 구성해볼 예정\u003c/b\u003e\n- 운동해야되서 AWS Chatbot은 못붙힘 (쉬움)\n\n## 이슈모음\n\n### CodeDeployToECS (Revision Number Issue)\n\n```sh\nDeployment d-X1IRUVC7H외부 링크 failed. Error code: ECS_UPDATE_ERROR; Error message: The ECS service cannot be updated due to an unexpected error: Invalid revision number. Number: latest (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: 380efecf-408c-43bb-9aaf-908912e8059a; Proxy: null). Check your ECS service status\n```\n\n- ECS Service 업데이트 시, Image가 잘못되어있었음\n- ECR Registry 의 주소를 제대로 적어주자\n- 그리고 latest가 아닌 VERSION을 명시해야 함\n\n### CodeDeployToECS (Folder Path Issue)\n\n```sh\nAn AppSpec file is required, but could not be found in the revision\n```\n- taskdef.json, appspec.yml 파일의 Path가 틀렸음\n- buildoutputs 의 Path를 수정해줘야 함\n\n### CodeDeployToECS (Task Definition)\n\n```\nThe ECS service cannot be updated due to an unexpected error: TaskDefinition is inactive\n```\n\n- Service가 실행하는 Task와 CodeDeploy가 실행하는 Task의 값이 달라서 발생하는 문제\n- AppSpec.yml 파일에 TaskDefinition을 올바르게 수정하자\n- TaskDefinition의 Revision을 가공해서 sed 명령어로 수정\n- 그 과정에서 \"ecs:DescribeTaskDefinition\" Policy가 추가됨\n- \u003cb\u003eTaskDefinition.json에 ExecutionRole도 추가해야함 (위치중요) \u003c/b\u003e\n\n```yml\npost_build:\n commands:\n - cd ..\n - REVISON=$(aws ecs describe-task-definition --task-definition arn:aws:ecs:ap-northeast-2:182024812696:task-definition/test-service-container-family | jq -r '.taskDefinition.revision')\n - REVISON=$((REVISON + 1)) ## 개정을 하나 올려줌...\n - echo \"REVISION \u003e\u003e $REVISON\"\n - sed -i 's/${REVISON}/'\"$REVISON\"'/g' deploy/appspec.yml\n - cat ./deploy/appspec.yml\n - ls -lah ./deploy\n```\n\n### CodeDeployToECS (TaskExecutionRole)\n\n- taskexecutionRole의 정책이 부족함\n- 몇가지 더 채워넣음\n\n```\nresource \"aws_iam_policy\" \"ecs_task_policy\" {\n name = \"ecs-execution-list\"\n\n policy = jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = [\n \"ecs:Describe*\",\n \"ecs:List*\",\n \"ecs:RunTask\",\n \"ecs:StopTask\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:CreateLogGroup\", ## Log Group...\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n ]\n Effect = \"Allow\"\n Resource = [\n \"*\"\n ]\n },\n {\n \"Effect\" : \"Allow\",\n \"Resource\" : \"*\",\n \"Action\" : [\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketAcl\",\n \"s3:GetBucketLocation\"\n ]\n }\n ]\n })\n}\n```\n\n\n## Reference\n\n- \u003ca href=\"https://repost.aws/questions/QU6quBySm3Tmqv1UixHTVRZw/listener-requirements-for-codedeploy-blue-green-deployments\"\u003e Blue/Green Target Group Issue \u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzkfmapf123%2Fcodepipeline-architecture","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzkfmapf123%2Fcodepipeline-architecture","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzkfmapf123%2Fcodepipeline-architecture/lists"}