andrewodri/Dockerfile

## docker-entrypoint.sh
#!/bin/bash

INSTANCE_NAME=acme-development
AWS_REGION="$(aws configure get region)"

################################################################################
# The section below obtains an activation code and ID from SSM, and then uses it
# to register the current agent. _This should only be done on the basis of
# tightly controlled roles granted to ECS._ Note that it is registered with two
# tags:
#
#     Name:    While the name is set via --default-instance-name, the name will
#              only show up when queries are performed in the CLI. The "Name"
#              tag is required for the name to be visible in the AWS console.
#     Type:    This acts a flag, so that only offline Fargate instances get
#              cleaned up.
#
# The SSM agent is then started. Output is redirected to STDOUT and the process
# is sent to the background. Both of these actions are require to prevent the
# agent from blocking the script.
################################################################################
read -r ACTIVATION_CODE ACTIVATION_ID <<< $(aws ssm create-activation --default-instance-name "${INSTANCE_NAME}" --iam-role "SSMServiceRole" --registration-limit 1 --tags "Key=Name,Value=${INSTANCE_NAME}" "Key=Type,Value=fargate" --query "join(' ', [ActivationCode, ActivationId])" --output text)
amazon-ssm-agent -register -code "${ACTIVATION_CODE}" -id "${ACTIVATION_ID}" -region "${AWS_REGION}" -clear -y
amazon-ssm-agent >&1 &

# Manage the logs by redirecting output to CloudWatch log groups...

## Dockerfile
FROM debian:10-slim

RUN apt-get update -y && \
  apt-get install -y awscli curl gnupg && \
  apt-key adv --fetch-keys "https://nginx.org/keys/nginx_signing.key" && \
  echo "deb http://nginx.org/packages/debian buster nginx" > /etc/apt/sources.list.d/nginx.list

RUN curl --silent --show-error --location --output /tmp/amazon-ssm-agent.deb "https://s3.us-east-1.amazonaws.com/amazon-ssm-us-east-1/latest/debian_amd64/amazon-ssm-agent.deb" && \
  dpkg -i /tmp/amazon-ssm-agent.deb

COPY docker-entrypoint.sh /

EXPOSE 80
ENTRYPOINT [ "/docker-entrypoint.sh" ]
CMD [ "nginx" ]

## index.js
const { SSM } = require('aws-sdk');
const ssm = new SSM();

exports.handler = async (event, context, callback) => {
    const { InstanceInformationList } = await ssm.describeInstanceInformation({
        Filters: [
            { Key: 'tag:Type', Values: [ 'fargate' ] },
        ]
    }).promise();

    const offlineInstanceIds = InstanceInformationList.reduce(( accumulator, { InstanceId, PingStatus } ) => {
        if(PingStatus != 'Online') accumulator.push(InstanceId);

        return accumulator;
    }, []);

    const totalOfflineInstances = offlineInstanceIds.length;
    const deregisteredOfflineInstances = 0;

    for (var offlineInstanceId of offlineInstanceIds) {
        try {
            await ssm.deregisterManagedInstance({ InstanceId: offlineInstanceId }).promise()
            deregisteredOfflineInstances++;
        } catch (e) {}
    }

    console.log(`Deregistered ${ deregisteredOfflineInstances } of ${ totalOfflineInstances } offline Fargate instances`);
    callback(null);
};
	#!/bin/bash

	INSTANCE_NAME=acme-development
	AWS_REGION="$(aws configure get region)"

	################################################################################
	# The section below obtains an activation code and ID from SSM, and then uses it
	# to register the current agent. _This should only be done on the basis of
	# tightly controlled roles granted to ECS._ Note that it is registered with two
	# tags:
	#
	# Name: While the name is set via --default-instance-name, the name will
	# only show up when queries are performed in the CLI. The "Name"
	# tag is required for the name to be visible in the AWS console.
	# Type: This acts a flag, so that only offline Fargate instances get
	# cleaned up.
	#
	# The SSM agent is then started. Output is redirected to STDOUT and the process
	# is sent to the background. Both of these actions are require to prevent the
	# agent from blocking the script.
	################################################################################
	read -r ACTIVATION_CODE ACTIVATION_ID <<< $(aws ssm create-activation --default-instance-name "${INSTANCE_NAME}" --iam-role "SSMServiceRole" --registration-limit 1 --tags "Key=Name,Value=${INSTANCE_NAME}" "Key=Type,Value=fargate" --query "join(' ', [ActivationCode, ActivationId])" --output text)
	amazon-ssm-agent -register -code "${ACTIVATION_CODE}" -id "${ACTIVATION_ID}" -region "${AWS_REGION}" -clear -y
	amazon-ssm-agent >&1 &

	# Manage the logs by redirecting output to CloudWatch log groups...
	FROM debian:10-slim

	RUN apt-get update -y && \
	apt-get install -y awscli curl gnupg && \
	apt-key adv --fetch-keys "https://nginx.org/keys/nginx_signing.key" && \
	echo "deb http://nginx.org/packages/debian buster nginx" > /etc/apt/sources.list.d/nginx.list

	RUN curl --silent --show-error --location --output /tmp/amazon-ssm-agent.deb "https://s3.us-east-1.amazonaws.com/amazon-ssm-us-east-1/latest/debian_amd64/amazon-ssm-agent.deb" && \
	dpkg -i /tmp/amazon-ssm-agent.deb

	COPY docker-entrypoint.sh /

	EXPOSE 80
	ENTRYPOINT [ "/docker-entrypoint.sh" ]
	CMD [ "nginx" ]
	const { SSM } = require('aws-sdk');
	const ssm = new SSM();

	exports.handler = async (event, context, callback) => {
	const { InstanceInformationList } = await ssm.describeInstanceInformation({
	Filters: [
	{ Key: 'tag:Type', Values: [ 'fargate' ] },
	]
	}).promise();

	const offlineInstanceIds = InstanceInformationList.reduce(( accumulator, { InstanceId, PingStatus } ) => {
	if(PingStatus != 'Online') accumulator.push(InstanceId);

	return accumulator;
	}, []);

	const totalOfflineInstances = offlineInstanceIds.length;
	const deregisteredOfflineInstances = 0;

	for (var offlineInstanceId of offlineInstanceIds) {
	try {
	await ssm.deregisterManagedInstance({ InstanceId: offlineInstanceId }).promise()
	deregisteredOfflineInstances++;
	} catch (e) {}
	}

	console.log(`Deregistered ${ deregisteredOfflineInstances } of ${ totalOfflineInstances } offline Fargate instances`);
	callback(null);
	};