Created
March 22, 2023 07:55
-
-
Save 3sky/5f4420a5ebadfbf62cac7871b1c1f868 to your computer and use it in GitHub Desktop.
Full 3-tier ECS CloudFormation Script in JSON
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "An example CloudFormation template for Fargate.", | |
| "Parameters": { | |
| "EnvironmentName": { | |
| "Description": "An environment name that is prefixed to resource names", | |
| "Type": "String" | |
| }, | |
| "VpcCIDR": { | |
| "Description": "Please enter the IP range (CIDR notation) for this VPC", | |
| "Type": "String", | |
| "Default": "10.192.0.0/16" | |
| }, | |
| "PublicSubnet1CIDR": { | |
| "Description": "Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone", | |
| "Type": "String", | |
| "Default": "10.192.10.0/24" | |
| }, | |
| "PublicSubnet2CIDR": { | |
| "Description": "Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone", | |
| "Type": "String", | |
| "Default": "10.192.20.0/24" | |
| }, | |
| "PrivateSubnet1CIDR": { | |
| "Description": "Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone", | |
| "Type": "String", | |
| "Default": "10.192.11.0/24" | |
| }, | |
| "PrivateSubnet2CIDR": { | |
| "Description": "Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone", | |
| "Type": "String", | |
| "Default": "10.192.21.0/24" | |
| }, | |
| "PrivateSubnet3CIDR": { | |
| "Description": "Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone (DB Layer)", | |
| "Type": "String", | |
| "Default": "10.192.12.0/24" | |
| }, | |
| "PrivateSubnet4CIDR": { | |
| "Description": "Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone (DB Layer)", | |
| "Type": "String", | |
| "Default": "10.192.22.0/24" | |
| }, | |
| "Image": { | |
| "Description": "Enter the name of image used in the task", | |
| "Type": "String", | |
| "Default": "public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest" | |
| }, | |
| "ServiceName": { | |
| "Description": "Name of ECS servcie", | |
| "Type": "String", | |
| "Default": "my-service" | |
| }, | |
| "ContainerPort": { | |
| "Type": "Number", | |
| "Default": "80" | |
| }, | |
| "LoadBalancerPort": { | |
| "Type": "Number", | |
| "Default": "80" | |
| }, | |
| "HealthCheckPath": { | |
| "Type": "String", | |
| "Default": "/" | |
| }, | |
| "MinContainers": { | |
| "Type": "Number", | |
| "Default": "2" | |
| }, | |
| "MaxContainers": { | |
| "Type": "Number", | |
| "Default": 4 | |
| }, | |
| "AutoScalingTargetValue": { | |
| "Type": "Number", | |
| "Default": 50 | |
| } | |
| }, | |
| "Resources": { | |
| "VPC": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Ref": "VpcCIDR" | |
| }, | |
| "EnableDnsSupport": true, | |
| "EnableDnsHostnames": true, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "InternetGateway": { | |
| "Type": "AWS::EC2::InternetGateway", | |
| "Properties": { | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "NATGateway": { | |
| "Type": "AWS::EC2::NatGateway", | |
| "Properties": { | |
| "AllocationId": { | |
| "Fn::GetAtt": [ | |
| "EIP", | |
| "AllocationId" | |
| ] | |
| }, | |
| "SubnetId": { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "stack", | |
| "Value": "production" | |
| } | |
| ] | |
| } | |
| }, | |
| "EIP": { | |
| "DependsOn": [ | |
| "VPC" | |
| ], | |
| "Type": "AWS::EC2::EIP", | |
| "Properties": { | |
| "Domain": "vpc" | |
| } | |
| }, | |
| "InternetGatewayAttachment": { | |
| "Type": "AWS::EC2::VPCGatewayAttachment", | |
| "Properties": { | |
| "InternetGatewayId": "Fn::Ref InternetGateway", | |
| "VpcId": "Fn::Ref VPC" | |
| } | |
| }, | |
| "PublicSubnet1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "AvailabilityZone": { | |
| "Fn::Select": [ | |
| 0, | |
| { | |
| "Fn::GetAZs": "" | |
| } | |
| ] | |
| }, | |
| "CidrBlock": { | |
| "Ref": "PublicSubnet1CIDR" | |
| }, | |
| "MapPublicIpOnLaunch": true, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} Public Subnet (AZ1)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "AvailabilityZone": { | |
| "Fn::Select": [ | |
| 1, | |
| { | |
| "Fn::GetAZs": "" | |
| } | |
| ] | |
| }, | |
| "CidrBlock": { | |
| "Ref": "PublicSubnet2CIDR" | |
| }, | |
| "MapPublicIpOnLaunch": true, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} Public Subnet (AZ2)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "AvailabilityZone": { | |
| "Fn::Select": [ | |
| 0, | |
| { | |
| "Fn::GetAZs": "" | |
| } | |
| ] | |
| }, | |
| "CidrBlock": { | |
| "Ref": "PrivateSubnet1CIDR" | |
| }, | |
| "MapPublicIpOnLaunch": false, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} App Private Subnet (AZ1)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "AvailabilityZone": { | |
| "Fn::Select": [ | |
| 1, | |
| { | |
| "Fn::GetAZs": "" | |
| } | |
| ] | |
| }, | |
| "CidrBlock": { | |
| "Ref": "PrivateSubnet2CIDR" | |
| }, | |
| "MapPublicIpOnLaunch": false, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} App Private Subnet (AZ2)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet3": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "AvailabilityZone": { | |
| "Fn::Select": [ | |
| 0, | |
| { | |
| "Fn::GetAZs": "" | |
| } | |
| ] | |
| }, | |
| "CidrBlock": { | |
| "Ref": "PrivateSubnet3CIDR" | |
| }, | |
| "MapPublicIpOnLaunch": false, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} DB Private Subnet (AZ1)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet4": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "AvailabilityZone": { | |
| "Fn::Select": [ | |
| 1, | |
| { | |
| "Fn::GetAZs": "" | |
| } | |
| ] | |
| }, | |
| "CidrBlock": { | |
| "Ref": "PrivateSubnet4CIDR" | |
| }, | |
| "MapPublicIpOnLaunch": false, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} DB Private Subnet (AZ2)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicRouteTable": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} Public Routes", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "DefaultPublicRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "DependsOn": "InternetGatewayAttachment", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "GatewayId": { | |
| "Ref": "InternetGateway" | |
| } | |
| } | |
| }, | |
| "PublicSubnet1RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| }, | |
| "SubnetId": { | |
| "Ref": "PublicSubnet1" | |
| } | |
| } | |
| }, | |
| "PublicSubnet2RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| }, | |
| "SubnetId": { | |
| "Ref": "PublicSubnet2" | |
| } | |
| } | |
| }, | |
| "PrivateRouteTable1": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} Private Routes (AZ1)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "DefaultPrivateRoute1": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable1" | |
| }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "NatGatewayId": { | |
| "Ref": "NATGateway" | |
| } | |
| } | |
| }, | |
| "PrivateSubnet1RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable1" | |
| }, | |
| "SubnetId": { | |
| "Ref": "PrivateSubnet1" | |
| } | |
| } | |
| }, | |
| "PrivateRouteTable2": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": "Fn::Ref VPC", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} Private Routes (AZ2)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "DefaultPrivateRoute2": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable2" | |
| }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "NatGatewayId": { | |
| "Ref": "NATGateway" | |
| } | |
| } | |
| }, | |
| "PrivateSubnet2RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable2" | |
| }, | |
| "SubnetId": { | |
| "Ref": "PrivateSubnet2" | |
| } | |
| } | |
| }, | |
| "PrivateRouteTable3": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} DB Private Routes (AZ1)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "DefaultPrivateRoute3": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable3" | |
| }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "NatGatewayId": { | |
| "Ref": "NATGateway" | |
| } | |
| } | |
| }, | |
| "PrivateSubnet3RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable3" | |
| }, | |
| "SubnetId": { | |
| "Ref": "PrivateSubnet3" | |
| } | |
| } | |
| }, | |
| "PrivateRouteTable4": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": "Fn::Ref VPC", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${EnvironmentName} DB Private Routes (AZ2)", | |
| { | |
| "EnvironmentName": { | |
| "Ref": "EnvironmentName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "DefaultPrivateRoute4": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable4" | |
| }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "NatGatewayId": { | |
| "Ref": "NATGateway" | |
| } | |
| } | |
| }, | |
| "PrivateSubnet4RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable4" | |
| }, | |
| "SubnetId": { | |
| "Ref": "PrivateSubnet4" | |
| } | |
| } | |
| }, | |
| "Cluster": { | |
| "Type": "AWS::ECS::Cluster", | |
| "Properties": { | |
| "ClusterName": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-Cluster", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| "TaskDefinition": { | |
| "Type": "AWS::ECS::TaskDefinition", | |
| "Properties": { | |
| "Family": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-TaskDefinition", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "NetworkMode": "awsvpc", | |
| "RequiresCompatibilities": [ | |
| "FARGATE" | |
| ], | |
| "Cpu": "256", | |
| "Memory": "0.5GB", | |
| "ExecutionRoleArn": { | |
| "Fn::GetAtt": "ExecutionRole.Arn" | |
| }, | |
| "TaskRoleArn": { | |
| "Ref": "TaskRole" | |
| }, | |
| "ContainerDefinitions": [ | |
| { | |
| "Name": { | |
| "Ref": "ServiceName" | |
| }, | |
| "Image": { | |
| "Ref": "Image" | |
| }, | |
| "PortMappings": [ | |
| { | |
| "ContainerPort": { | |
| "Ref": "ContainerPort" | |
| } | |
| } | |
| ], | |
| "LogConfiguration": { | |
| "LogDriver": "awslogs", | |
| "Options": { | |
| "awslogs-region": { | |
| "Ref": "AWS::Region" | |
| }, | |
| "awslogs-group": { | |
| "Ref": "LogGroup" | |
| }, | |
| "awslogs-stream-prefix": "ecs" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "ExecutionRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "RoleName": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-ExecutionRole", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "AssumeRolePolicyDocument": { | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "ecs-tasks.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| }, | |
| "ManagedPolicyArns": [ | |
| "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" | |
| ] | |
| } | |
| }, | |
| "TaskRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "RoleName": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-TaskRole", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "AssumeRolePolicyDocument": { | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "ecs-tasks.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| }, | |
| "Path": "/", | |
| "Policies": [ | |
| { | |
| "PolicyName": "AuroraIAMAcess", | |
| "PolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": "rds-db:connect", | |
| "Resource": [ | |
| { | |
| "Fn::Sub": [ | |
| "arn:${Partition}:rds:${Region}:${AccountId}:cluster:${AuroraCluster}", | |
| { | |
| "Partition": { | |
| "Ref": "AWS::Partition" | |
| }, | |
| "Region": { | |
| "Ref": "AWS::Region" | |
| }, | |
| "AccountId": { | |
| "Ref": "AWS::AccountId" | |
| }, | |
| "AuroraCluster": { | |
| "Ref": "AuroraCluster" | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "ContainerRegistry": { | |
| "Type": "AWS::ECR::Repository", | |
| "Properties": { | |
| "RepositoryName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| }, | |
| "AutoScalingRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "RoleName": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-AutoScalingRole", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "AssumeRolePolicyDocument": { | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "ecs-tasks.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| }, | |
| "ManagedPolicyArns": [ | |
| "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole" | |
| ] | |
| } | |
| }, | |
| "ContainerSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-ContainerSecurityGroup", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": { | |
| "Ref": "ContainerPort" | |
| }, | |
| "ToPort": { | |
| "Ref": "ContainerPort" | |
| }, | |
| "SourceSecurityGroupId": { | |
| "Ref": "LoadBalancerSecurityGroup" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "LoadBalancerSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-LoadBalancerSecurityGroup", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": { | |
| "Ref": "LoadBalancerPort" | |
| }, | |
| "ToPort": { | |
| "Ref": "LoadBalancerPort" | |
| }, | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ] | |
| } | |
| }, | |
| "AuroraSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-AuroraSecurityGroup", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": 3306, | |
| "ToPort": 3306, | |
| "SourceSecurityGroupId": { | |
| "Ref": "ContainerSecurityGroup" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "Service": { | |
| "DependsOn": [ | |
| "LoadBalancer" | |
| ], | |
| "Type": "AWS::ECS::Service", | |
| "Properties": { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| }, | |
| "Cluster": { | |
| "Ref": "Cluster" | |
| }, | |
| "TaskDefinition": { | |
| "Ref": "TaskDefinition" | |
| }, | |
| "DeploymentConfiguration": { | |
| "MinimumHealthyPercent": 100, | |
| "MaximumPercent": 200 | |
| }, | |
| "DesiredCount": 2, | |
| "HealthCheckGracePeriodSeconds": 30, | |
| "LaunchType": "FARGATE", | |
| "NetworkConfiguration": { | |
| "AwsvpcConfiguration": { | |
| "AssignPublicIp": "DISABLED", | |
| "Subnets": [ | |
| { | |
| "Ref": "PrivateSubnet1" | |
| }, | |
| { | |
| "Ref": "PrivateSubnet2" | |
| } | |
| ], | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "ContainerSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "LoadBalancers": [ | |
| { | |
| "ContainerName": { | |
| "Ref": "ServiceName" | |
| }, | |
| "ContainerPort": { | |
| "Ref": "ContainerPort" | |
| }, | |
| "TargetGroupArn": { | |
| "Ref": "TargetGroup" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "TargetGroup": { | |
| "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", | |
| "Properties": { | |
| "HealthCheckIntervalSeconds": 10, | |
| "HealthCheckPath": { | |
| "Ref": "HealthCheckPath" | |
| }, | |
| "HealthCheckTimeoutSeconds": 5, | |
| "UnhealthyThresholdCount": 2, | |
| "HealthyThresholdCount": 2, | |
| "Name": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-TargetGroup", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "Port": { | |
| "Ref": "ContainerPort" | |
| }, | |
| "Protocol": "HTTP", | |
| "TargetGroupAttributes": [ | |
| { | |
| "Key": "deregistration_delay.timeout_seconds", | |
| "Value": 60 | |
| } | |
| ], | |
| "TargetType": "ip", | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "Listener": { | |
| "Type": "AWS::ElasticLoadBalancingV2::Listener", | |
| "Properties": { | |
| "DefaultActions": [ | |
| { | |
| "TargetGroupArn": { | |
| "Ref": "TargetGroup" | |
| }, | |
| "Type": "forward" | |
| } | |
| ], | |
| "LoadBalancerArn": { | |
| "Ref": "LoadBalancer" | |
| }, | |
| "Port": { | |
| "Ref": "LoadBalancerPort" | |
| }, | |
| "Protocol": "HTTP" | |
| } | |
| }, | |
| "LoadBalancer": { | |
| "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", | |
| "Properties": { | |
| "Type": "application", | |
| "LoadBalancerAttributes": [ | |
| { | |
| "Key": "idle_timeout.timeout_seconds", | |
| "Value": 60 | |
| } | |
| ], | |
| "Name": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-LoadBalancer", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "Scheme": "internet-facing", | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "LoadBalancerSecurityGroup" | |
| } | |
| ], | |
| "Subnets": [ | |
| { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| { | |
| "Ref": "PublicSubnet2" | |
| } | |
| ] | |
| } | |
| }, | |
| "LogGroup": { | |
| "Type": "AWS::Logs::LogGroup", | |
| "Properties": { | |
| "LogGroupName": { | |
| "Fn::Sub": [ | |
| "/ecs/${ServiceName}-TaskDefinition", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| "AutoScalingTarget": { | |
| "Type": "AWS::ApplicationAutoScaling::ScalableTarget", | |
| "Properties": { | |
| "MinCapacity": { | |
| "Ref": "MinContainers" | |
| }, | |
| "MaxCapacity": { | |
| "Ref": "MaxContainers" | |
| }, | |
| "ResourceId": { | |
| "Fn::Join": [ | |
| "/", | |
| [ | |
| "service", | |
| { | |
| "Ref": "Cluster" | |
| }, | |
| { | |
| "Fn::GetAtt": "Service.Name" | |
| } | |
| ] | |
| ] | |
| }, | |
| "ScalableDimension": "ecs:service:DesiredCount", | |
| "ServiceNamespace": "ecs", | |
| "RoleARN": { | |
| "Fn::GetAtt": "AutoScalingRole.Arn" | |
| } | |
| } | |
| }, | |
| "AutoScalingPolicy": { | |
| "Type": "AWS::ApplicationAutoScaling::ScalingPolicy", | |
| "Properties": { | |
| "PolicyName": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-AutoScalingPolicy", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "PolicyType": "TargetTrackingScaling", | |
| "ScalingTargetId": { | |
| "Ref": "AutoScalingTarget" | |
| }, | |
| "TargetTrackingScalingPolicyConfiguration": { | |
| "PredefinedMetricSpecification": { | |
| "PredefinedMetricType": "ECSServiceAverageCPUUtilization" | |
| }, | |
| "ScaleInCooldown": 10, | |
| "ScaleOutCooldown": 10, | |
| "TargetValue": { | |
| "Ref": "AutoScalingTargetValue" | |
| } | |
| } | |
| } | |
| }, | |
| "AuroraSecret": { | |
| "Type": "AWS::SecretsManager::Secret", | |
| "DeletionPolicy": "Delete", | |
| "Properties": { | |
| "Name": "MySecretForAppA", | |
| "Description": "This secret has a dynamically generated secret password.", | |
| "GenerateSecretString": { | |
| "SecretStringTemplate": "{\"username\": \"DBUsername\"}", | |
| "GenerateStringKey": "password", | |
| "PasswordLength": 40, | |
| "ExcludeCharacters": "\"@/\\" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Service", | |
| "Value": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-Aurora-Secret", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "DBSubnetGroup": { | |
| "Type": "AWS::RDS::DBSubnetGroup", | |
| "Properties": { | |
| "DBSubnetGroupDescription": "Aurora Serverless DBSubnet group", | |
| "DBSubnetGroupName": { | |
| "Fn::Sub": [ | |
| "${ServiceName}-DBSubnetGroup", | |
| { | |
| "ServiceName": { | |
| "Ref": "ServiceName" | |
| } | |
| } | |
| ] | |
| }, | |
| "SubnetIds": [ | |
| { | |
| "Ref": "PrivateSubnet3" | |
| }, | |
| { | |
| "Ref": "PrivateSubnet4" | |
| } | |
| ] | |
| } | |
| }, | |
| "AuroraCluster": { | |
| "Type": "AWS::RDS::DBCluster", | |
| "Properties": { | |
| "EnableIAMDatabaseAuthentication": true, | |
| "MasterUsername": { | |
| "Fn::Sub": [ | |
| "{{resolve:secretsmanager:${AuroraSecret}::username}}", | |
| { | |
| "AuroraSecret": { | |
| "Ref": "AuroraSecret" | |
| } | |
| } | |
| ] | |
| }, | |
| "MasterUserPassword": { | |
| "Fn::Sub": [ | |
| "{{resolve:secretsmanager:${AuroraSecret}::password}}", | |
| { | |
| "AuroraSecret": { | |
| "Ref": "AuroraSecret" | |
| } | |
| } | |
| ] | |
| }, | |
| "DatabaseName": "RANDOMNAME", | |
| "Engine": "aurora", | |
| "EngineMode": "serverless", | |
| "ScalingConfiguration": { | |
| "AutoPause": true, | |
| "MaxCapacity": 4, | |
| "MinCapacity": 2, | |
| "SecondsUntilAutoPause": 300 | |
| }, | |
| "DBSubnetGroupName": { | |
| "Ref": "DBSubnetGroup" | |
| } | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "PublicEndpoint": { | |
| "Description": "That is the LB endpoint", | |
| "Value": { | |
| "Fn::GetAtt": "LoadBalancer.DNSName" | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment