takat0-h0rikosh1/Dockerfile

## Dockerfile
FROM amazonlinux:2

WORKDIR /app
COPY entrypoint.sh /app
RUN chmod -R +x /app

RUN rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 \
    && yum install -y \
        sudo \
        unzip \
        mysql-community-client \
        mysql-community-server \
        https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm \
    && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
    && unzip awscliv2.zip \
    && ./aws/install \
    && rm -rf ./aws ./awscliv2.zip

ENTRYPOINT ["/bin/bash", "/app/entrypoint.sh"]

## entrypoint.sh
#!/bin/bash

set -e

# 古いインスタンスをセッションマネージャーの登録から外す
INSTANCE_IDS=$(aws ssm describe-instance-information --query "InstanceInformationList[?Name=='my-bastion'].InstanceId" --output text)
for id in $INSTANCE_IDS; do
  echo "Deregister managed instance $id..."
  aws ssm deregister-managed-instance --instance-id $id
done

# 期限切れのアクティベーションを削除する
ACTIVATION_IDS=$(aws ssm describe-activations --filters FilterKey=DefaultInstanceName,FilterValues=my-bastion --query "ActivationList[*].ActivationId" --output text)
for id in $ACTIVATION_IDS; do
  echo "Deleting expired activation $id..."
  aws ssm delete-activation --activation-id $id
done

# 新設するインスタンス用のアクティベーション作成
ACTIVATE_PARAMETERS=$(aws ssm create-activation \
  --default-instance-name "my-bastion" \
  --description "my-bastion" \
  --iam-role "ssm-service-role" \
  --region "ap-northeast-1")

export ACTIVATE_CODE=$(echo $ACTIVATE_PARAMETERS | jq -r .ActivationCode)
export ACTIVATE_ID=$(echo $ACTIVATE_PARAMETERS | jq -r .ActivationId)

# SSM Agent の立ち上げ
amazon-ssm-agent -register -code "${ACTIVATE_CODE}" -id "${ACTIVATE_ID}" -region "ap-northeast-1" -y
amazon-ssm-agent

## task-definition.json
{
  "family": "serverless-bastion",
  "taskRoleArn": "arn:aws:iam::1234567890123:role/serverless-bastion-ecs-task",
  "executionRoleArn": "arn:aws:iam::1234567890123:role/serverless-bastion-task-execution",
  "containerDefinitions": [
    {
      "name": "serverless-bastion",
      "image": "1234567890123.dkr.ecr.ap-northeast-1.amazonaws.com/serverless-bastion:latest",
      "cpu": 0,
      "portMappings": [],
      "essential": true,
      "environment": [],
      "mountPoints": [],
      "volumesFrom": [],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-create-group": "true",
          "awslogs-group": "/aws/ecs/serverless-bastion",
          "awslogs-region": "ap-northeast-1",
          "awslogs-stream-prefix": "ecs"
        }
      }
    }
  ],
  "networkMode": "awsvpc",
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "cpu": "512",
  "memory": "1024",
  "runtimePlatform": {
    "cpuArchitecture": "X86_64",
    "operatingSystemFamily": "LINUX"
  }
}

## task-role-policy.json
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"ssm:CreateActivation",
				"iam:PassRole",
				"ssm:DeleteActivation",
				"ssm:DescribeInstanceInformation",
				"ssm:DescribeActivations",
				"ssm:DeregisterManagedInstance"
			],
			"Effect": "Allow",
			"Resource": "*"
		}
	]
}
	FROM amazonlinux:2

	WORKDIR /app
	COPY entrypoint.sh /app
	RUN chmod -R +x /app

	RUN rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 \
	&& yum install -y \
	sudo \
	unzip \
	mysql-community-client \
	mysql-community-server \
	https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm \
	&& curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
	&& unzip awscliv2.zip \
	&& ./aws/install \
	&& rm -rf ./aws ./awscliv2.zip

	ENTRYPOINT ["/bin/bash", "/app/entrypoint.sh"]
	#!/bin/bash

	set -e

	# 古いインスタンスをセッションマネージャーの登録から外す
	INSTANCE_IDS=$(aws ssm describe-instance-information --query "InstanceInformationList[?Name=='my-bastion'].InstanceId" --output text)
	for id in $INSTANCE_IDS; do
	echo "Deregister managed instance $id..."
	aws ssm deregister-managed-instance --instance-id $id
	done

	# 期限切れのアクティベーションを削除する
	ACTIVATION_IDS=$(aws ssm describe-activations --filters FilterKey=DefaultInstanceName,FilterValues=my-bastion --query "ActivationList[*].ActivationId" --output text)
	for id in $ACTIVATION_IDS; do
	echo "Deleting expired activation $id..."
	aws ssm delete-activation --activation-id $id
	done

	# 新設するインスタンス用のアクティベーション作成
	ACTIVATE_PARAMETERS=$(aws ssm create-activation \
	--default-instance-name "my-bastion" \
	--description "my-bastion" \
	--iam-role "ssm-service-role" \
	--region "ap-northeast-1")

	export ACTIVATE_CODE=$(echo $ACTIVATE_PARAMETERS \| jq -r .ActivationCode)
	export ACTIVATE_ID=$(echo $ACTIVATE_PARAMETERS \| jq -r .ActivationId)

	# SSM Agent の立ち上げ
	amazon-ssm-agent -register -code "${ACTIVATE_CODE}" -id "${ACTIVATE_ID}" -region "ap-northeast-1" -y
	amazon-ssm-agent
	{
	"family": "serverless-bastion",
	"taskRoleArn": "arn:aws:iam::1234567890123:role/serverless-bastion-ecs-task",
	"executionRoleArn": "arn:aws:iam::1234567890123:role/serverless-bastion-task-execution",
	"containerDefinitions": [
	{
	"name": "serverless-bastion",
	"image": "1234567890123.dkr.ecr.ap-northeast-1.amazonaws.com/serverless-bastion:latest",
	"cpu": 0,
	"portMappings": [],
	"essential": true,
	"environment": [],
	"mountPoints": [],
	"volumesFrom": [],
	"logConfiguration": {
	"logDriver": "awslogs",
	"options": {
	"awslogs-create-group": "true",
	"awslogs-group": "/aws/ecs/serverless-bastion",
	"awslogs-region": "ap-northeast-1",
	"awslogs-stream-prefix": "ecs"
	}
	}
	}
	],
	"networkMode": "awsvpc",
	"requiresCompatibilities": [
	"FARGATE"
	],
	"cpu": "512",
	"memory": "1024",
	"runtimePlatform": {
	"cpuArchitecture": "X86_64",
	"operatingSystemFamily": "LINUX"
	}
	}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": [
	"ssm:CreateActivation",
	"iam:PassRole",
	"ssm:DeleteActivation",
	"ssm:DescribeInstanceInformation",
	"ssm:DescribeActivations",
	"ssm:DeregisterManagedInstance"
	],
	"Effect": "Allow",
	"Resource": "*"
	}
	]
	}