ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-sync: update nexus workspace

Browse Source
This commit is contained in:
weishen
2026-04-29 15:44:38 +08:00
parent b2aadf771a
commit c961c6a394
114 changed files with 4784 additions and 1334 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
wiki/entities/ECS-Deploy-Runner.md Normal file
View File

@@ -0,0 +1,45 @@
---
title: "ECS Deploy Runner"
type: entity
entity_type: product
tags:
- Terraform
- ECS
- Deployment
- IaC
- Docker
sources:
- ctp-topic-16-cross-account-terraform-modules.md
last_updated: 2026-05-15
---
## Overview
ECS Deploy RunnerEDR是运行在 ECS 上的 Docker 容器,负责执行 Terraform plan 和 apply 命令,是跨账号部署流水线中的实际执行单元。
## Architecture
- **托管位置**Shared Account 的 ECS 集群
- **运行环境**Docker 容器镜像(预装 Terraform CLI
- **触发方式**Jenkins 检测到 `cross-account.json` 标记文件后触发
- **权限获取**:通过 Assume Role 访问目标账号的 IAM 角色
## Key Responsibilities
1. **读取 Terraform State**:通过 `TF state bucket accessor` 角色读取目标账号 S3 桶中的状态文件
2. **执行 Plan**:运行 `terraform plan` 生成变更计划
3. **执行 Apply**:通过 `cross-account ECS deploy runner role` 在目标账号中创建/更新资源
4. **本地开发差异**:本地开发时 Terragrunt 自动处理角色切换,无需显式 Assume Role
## Relationships
- [[Shared-Account]] ← runs_on ← [[ECS-Deploy-Runner]]
- [[ECS-Deploy-Runner]] ← assumes ← [[Cross-account-ECS-Deploy-Runner-Role]]
- [[ECS-Deploy-Runner]] ← reads_state_via ← [[TF-State-Bucket-Accessor]]
- [[Fibos]] ← implemented_by ← [[ECS-Deploy-Runner]]
## Related Concepts
- [[CI/CD Pipeline]]EDR 是 CI/CD 流水线中的执行层
- [[Cross-account-Terraform-Modules]]EDR 是该方案的核心执行组件
- [[Assume-Role]]EDR 通过 Assume Role 获取跨账号权限