Created
October 28, 2020 13:31
-
-
Save PrzemekMalak/1efb0413c787b09dc170ee4eb41da2cc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: 2010-09-09 | |
Parameters: | |
Prefix: | |
Type: String | |
VPCCIDR: | |
Type: String | |
Default: 10.0.0.0/16 | |
AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' | |
PublicSubnet1CIDR: | |
Type: String | |
Default: 10.0.1.0/24 | |
AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' | |
PublicSubnet2CIDR: | |
Type: String | |
Default: 10.0.2.0/24 | |
AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' | |
Resources: | |
################################################################### | |
# NETWORK | |
################################################################### | |
VPC: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: !Ref VPCCIDR | |
EnableDnsHostnames: true | |
EnableDnsSupport: true | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-VPC" | |
PublicSubnet1: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
CidrBlock: !Ref PublicSubnet1CIDR | |
AvailabilityZone: | |
Fn::Select: | |
- 0 | |
- Fn::GetAZs: !Ref AWS::Region | |
MapPublicIpOnLaunch: true | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-Public-Subnet-1" | |
PublicSubnet2: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
CidrBlock: !Ref PublicSubnet2CIDR | |
AvailabilityZone: | |
Fn::Select: | |
- 1 | |
- Fn::GetAZs: !Ref AWS::Region | |
MapPublicIpOnLaunch: true | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-Public-Subnet-2" | |
InternetGateway: | |
Type: AWS::EC2::InternetGateway | |
Properties: | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-IGW" | |
GatewayAttachement: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Properties: | |
VpcId: !Ref VPC | |
InternetGatewayId: !Ref InternetGateway | |
PublicRouteTable: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-Public-RT" | |
PublicRoute: | |
Type: AWS::EC2::Route | |
DependsOn: GatewayAttachement | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: !Ref InternetGateway | |
PublicRouteTable1Association: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
SubnetId: !Ref PublicSubnet1 | |
PublicRouteTable2Association: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
SubnetId: !Ref PublicSubnet2 | |
LoadBalancerSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
GroupDescription: Load balancer security group | |
GroupName: !Sub "${Prefix}-Load-Balancer-SG" | |
VpcId: !Ref VPC | |
SecurityGroupIngress: | |
- CidrIp: 0.0.0.0/0 | |
IpProtocol: -1 | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-Load-Balancer-SG" | |
################################################################### | |
# LOAD BALANCER | |
################################################################### | |
LoadBalancer: | |
Type: AWS::ElasticLoadBalancingV2::LoadBalancer | |
Properties: | |
Name: !Sub "${Prefix}-Load-Balancer" | |
Scheme: internet-facing | |
LoadBalancerAttributes: | |
- Key: idle_timeout.timeout_seconds | |
Value: "30" | |
Subnets: | |
- !Ref PublicSubnet1 | |
- !Ref PublicSubnet2 | |
SecurityGroups: | |
- !Ref LoadBalancerSecurityGroup | |
LoadBalancerListener: | |
Type: AWS::ElasticLoadBalancingV2::Listener | |
Properties: | |
LoadBalancerArn: !Ref LoadBalancer | |
Port: 80 | |
Protocol: HTTP | |
DefaultActions: | |
- TargetGroupArn: !Ref LoadBalancerTargetGroup | |
Type: forward | |
LoadBalancerTargetGroup: | |
Type: AWS::ElasticLoadBalancingV2::TargetGroup | |
Properties: | |
Name: !Sub "${Prefix}-Target-Group" | |
HealthCheckIntervalSeconds: 7 | |
HealthCheckPath: "/health" | |
HealthCheckProtocol: HTTP | |
HealthCheckTimeoutSeconds: 6 | |
HealthyThresholdCount: 2 | |
TargetType: ip | |
Port: 8080 | |
Protocol: HTTP | |
UnhealthyThresholdCount: 2 | |
VpcId: !Ref VPC | |
################################################################### | |
# ECS | |
################################################################### | |
ECSCluster: | |
Type: AWS::ECS::Cluster | |
Properties: | |
ClusterName: !Sub "${Prefix}-ECS-Cluster" | |
CapacityProviders: | |
- FARGATE | |
- FARGATE_SPOT | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-ECS-Cluster" | |
ECSTaskSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
GroupDescription: ECS task security group | |
GroupName: !Sub "${Prefix}-ECS-Task-SG" | |
VpcId: !Ref VPC | |
SecurityGroupIngress: | |
- SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup | |
IpProtocol: -1 | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-ECS-Task-SG" | |
ECSTaskExecutionRole: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Sub "${Prefix}-ECS-Task-Execution-Role" | |
AssumeRolePolicyDocument: | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: [ecs-tasks.amazonaws.com] | |
Action: ["sts:AssumeRole"] | |
Policies: | |
- PolicyName: !Sub "${Prefix}-ECS-Task-Execution-Role-Policy" | |
PolicyDocument: | |
Statement: | |
- Effect: Allow | |
Action: | |
- "ecr:GetAuthorizationToken" | |
- "ecr:BatchCheckLayerAvailability" | |
- "ecr:GetDownloadUrlForLayer" | |
- "ecr:BatchGetImage" | |
- "logs:CreateLogStream" | |
- "logs:PutLogEvents" | |
- "secretsmanager:GetSecretValue" | |
Resource: "*" | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-ECS-Task-Execution-Role" | |
ECSTaskRole: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Sub "${Prefix}-ECS-Task-Role" | |
AssumeRolePolicyDocument: | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: [ecs-tasks.amazonaws.com] | |
Action: ["sts:AssumeRole"] | |
Tags: | |
- Key: Name | |
Value: !Sub "${Prefix}-ECS-Task-Role" | |
LogGroup: | |
Type: AWS::Logs::LogGroup | |
Properties: | |
LogGroupName: !Sub "${Prefix}" | |
RetentionInDays: 14 | |
Service: | |
Type: AWS::ECS::Service | |
DependsOn: LoadBalancerListener | |
Properties: | |
Cluster: !Ref ECSCluster | |
ServiceName: !Sub "${Prefix}" | |
HealthCheckGracePeriodSeconds: 60 | |
TaskDefinition: !Ref TaskDefinition | |
DesiredCount: 5 | |
CapacityProviderStrategy: | |
- CapacityProvider: FARGATE | |
Weight: 1 | |
- CapacityProvider: FARGATE_SPOT | |
Weight: 4 | |
NetworkConfiguration: | |
AwsvpcConfiguration: | |
AssignPublicIp: ENABLED | |
Subnets: | |
- !Ref PublicSubnet1 | |
- !Ref PublicSubnet2 | |
SecurityGroups: | |
- !Ref ECSTaskSecurityGroup | |
LoadBalancers: | |
- ContainerName: api | |
ContainerPort: 8080 | |
TargetGroupArn: !Ref LoadBalancerTargetGroup | |
TaskDefinition: | |
Type: AWS::ECS::TaskDefinition | |
Properties: | |
ExecutionRoleArn: !Ref ECSTaskExecutionRole | |
TaskRoleArn: !Ref ECSTaskRole | |
Family: !Sub "${Prefix}" | |
Cpu: "256" | |
Memory: "512" | |
NetworkMode: awsvpc | |
RequiresCompatibilities: | |
- FARGATE | |
ContainerDefinitions: | |
- Name: api | |
Image: "przemekmalak/multitool" | |
PortMappings: | |
- ContainerPort: 8080 | |
LogConfiguration: | |
LogDriver: awslogs | |
Options: | |
awslogs-region: !Ref AWS::Region | |
awslogs-group: !Ref LogGroup | |
awslogs-stream-prefix: api | |
Outputs: | |
LoadBalancerDNS: | |
Description: Load balancer DNS | |
Value: !GetAtt LoadBalancer.DNSName |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment