46 lines
1.6 KiB
Markdown
46 lines
1.6 KiB
Markdown
---
|
||
title: "ECS Deploy Runner"
|
||
type: entity
|
||
entity_type: product
|
||
tags:
|
||
- Terraform
|
||
- ECS
|
||
- Deployment
|
||
- IaC
|
||
- Docker
|
||
sources:
|
||
- ctp-topic-16-cross-account-terraform-modules.md
|
||
last_updated: 2026-05-15
|
||
---
|
||
|
||
## Overview
|
||
|
||
ECS Deploy Runner(EDR)是运行在 ECS 上的 Docker 容器,负责执行 Terraform plan 和 apply 命令,是跨账号部署流水线中的实际执行单元。
|
||
|
||
## Architecture
|
||
|
||
- **托管位置**:Shared Account 的 ECS 集群
|
||
- **运行环境**:Docker 容器镜像(预装 Terraform CLI)
|
||
- **触发方式**:Jenkins 检测到 `cross-account.json` 标记文件后触发
|
||
- **权限获取**:通过 Assume Role 访问目标账号的 IAM 角色
|
||
|
||
## Key Responsibilities
|
||
|
||
1. **读取 Terraform State**:通过 `TF state bucket accessor` 角色读取目标账号 S3 桶中的状态文件
|
||
2. **执行 Plan**:运行 `terraform plan` 生成变更计划
|
||
3. **执行 Apply**:通过 `cross-account ECS deploy runner role` 在目标账号中创建/更新资源
|
||
4. **本地开发差异**:本地开发时 Terragrunt 自动处理角色切换,无需显式 Assume Role
|
||
|
||
## Relationships
|
||
|
||
- [[Shared-Account]] ← runs_on ← [[ECS-Deploy-Runner]]
|
||
- [[ECS-Deploy-Runner]] ← assumes ← [[Cross-account-ECS-Deploy-Runner-Role]]
|
||
- [[ECS-Deploy-Runner]] ← reads_state_via ← [[TF-State-Bucket-Accessor]]
|
||
- [[Fibos]] ← implemented_by ← [[ECS-Deploy-Runner]]
|
||
|
||
## Related Concepts
|
||
|
||
- [[CI/CD Pipeline]]:EDR 是 CI/CD 流水线中的执行层
|
||
- [[Cross-account-Terraform-Modules]]:EDR 是该方案的核心执行组件
|
||
- [[Assume-Role]]:EDR 通过 Assume Role 获取跨账号权限
|