Skip to content

Instantly share code, notes, and snippets.

@igorlg

igorlg/ecs-autoscaing.json

Created June 12, 2015 21:54
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save igorlg/bc24913ea9417edff49f to your computer and use it in GitHub Desktop.
Save igorlg/bc24913ea9417edff49f to your computer and use it in GitHub Desktop.
Download ZIP
AWS CloudFormation template for ECS AutoScaling Group
Raw
ecs-autoscaing.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Template for a VPC with High Availability NAT for ECS",
"Parameters": {
"ClusterName": {
"Description": "The ECS Cluster Name",
"Type": "String"
},
"InstanceType": {
"Description": "NAT instance type",
"Type": "String",
"Default": "t2.medium",
"AllowedValues": [
"t2.medium",
"m3.medium",
"m3.large",
"c3.large"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"VPC": {
"Description": "The VPC for this cluster",
"Type": "AWS::EC2::VPC::Id"
},
"Subnets": {
"Description": "List of subnets for the ECS Instances",
"Type": "List<AWS::EC2::Subnet::Id>"
},
"DockerHubAuth": {
"Description": "Authentication string for Docker Hub",
"Type": "String",
"NoEcho": "true"
},
"DockerHubEmail": {
"Description": "E-Mail for Docker Hub Account",
"Type": "String",
"NoEcho": "true"
},
"KeyName": {
"Description": "The SSH Key for the cluster nodes",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"InstanceAMI": {
"us-east-1": {
"AMI": "ami-5f59ac34"
},
"us-west-2": {
"AMI": "ami-c188b0f1"
},
"eu-west-1": {
"AMI": "ami-3db4ca4a"
}
},
"CIDRs": {
"VPC": {
"Value": "10.1.0.0/16"
},
"PubNet1": {
"Value": "10.1.10.0/24"
},
"PubNet2": {
"Value": "10.1.11.0/24"
},
"PubNet3": {
"Value": "10.1.12.0/24"
},
"PrivNet1": {
"Value": "10.1.20.0/24"
},
"PrivNet2": {
"Value": "10.1.21.0/24"
},
"PrivNet3": {
"Value": "10.1.22.0/24"
}
}
},
"Conditions": {
"DockerAuth": {
"Fn::Or": [
{
"Fn::Not": {
"Fn::Equals": [
{
"Ref": "DockerHubAuth"
},
""
]
}
},
{
"Fn::Not": {
"Fn::Equals": [
{
"Ref": "DockerHubEmail"
},
""
]
}
}
]
}
},
"Resources": {
"ECSAutoScalingGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": {
"Fn::GetAZs": {
"Ref": "AWS::Region"
}
},
"Cooldown": "30",
"DesiredCapacity": "0",
"MinSize": "0",
"MaxSize": "10",
"HealthCheckGracePeriod": "50",
"HealthCheckType": "EC2",
"LaunchConfigurationName": {
"Ref": "ECSLaunchConfiguration"
},
"MetricsCollection": [
{
"Granularity": "1Minute"
}
],
"VPCZoneIdentifier": {
"Ref": "Subnets"
},
"Tags": [
{
"PropagateAtLaunch": "true",
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "ClusterName"
},
"Node"
]
]
}
},
{
"PropagateAtLaunch": "true",
"Key": "ECS_Cluster",
"Value": {
"Ref": "ClusterName"
}
}
]
}
},
"ECSLaunchConfiguration": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": "false",
"EbsOptimized": "false",
"IamInstanceProfile": {
"Ref": "IAMInstanceProfile"
},
"ImageId": {
"Fn::FindInMap": [
"InstanceAMI",
{
"Ref": "AWS::Region"
},
"AMI"
]
},
"KeyName": {
"Ref": "KeyName"
},
"InstanceMonitoring": "true",
"InstanceType": {
"Ref": "InstanceType"
},
"SecurityGroups": [
{
"Ref": "SecurityGroup"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -v\n",
"yum update -y\n",
"echo 'ECS_CLUSTER=",
{
"Ref": "ClusterName"
},
"' > /etc/ecs/ecs.config\n",
{
"Fn::If": [
"DockerAuth",
"echo 'ECS_ENGINE_AUTH_TYPE=dockercfg' >> /etc/ecs/ecs.config\n",
""
]
},
{
"Fn::If": [
"DockerAuth",
{
"Fn::Join": [
"",
"echo 'ECS_ENGINE_AUTH_DATA={\"https://index.docker.io/v1/\": {\"auth\": \"",
{
"Ref": "DockerHubAuth"
},
"\", \"email\": \"",
{
"Ref": "DockerHubEmail"
},
"\"}}' >> /etc/ecs/ecs.config\n"
]
},
""
]
}
]
]
}
}
}
},
"SecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security Group for the NAT Instance",
"VpcId": {
"Ref": "VPC"
},
"SecurityGroupIngress": [
{
"CidrIp": {
"Fn::FindInMap": [
"CIDRs",
"VPC",
"Value"
]
},
"IpProtocol": "-1",
"FromPort": "-1",
"ToPort": "-1"
}
],
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "ClusterName"
},
"Nodes",
"SG"
]
]
}
},
{
"Key": "Role",
"Value": "ECSNode"
}
]
}
},
"IAMRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"ecs",
"nodes",
"role"
]
]
},
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:Submit*",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"ec2:Describe*",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": [
"*"
]
}
]
}
}
]
}
},
"IAMInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "IAMRole"
}
]
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment