WorkerTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: "anchore-analyzer"
TaskRoleArn: !Ref TaskRole
ContainerDefinitions:
- Name: "analyzer"
Image: !Ref engineImage
Cpu: 256
MemoryReservation: 512
Essential: true
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref LogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: "anchore-engine"
MountPoints:
- SourceVolume: "config"
ContainerPath: "/config/config.yaml"
ReadOnly: true
Environment:
- Name: ANCHORE_ENGINE_SERVICES
Value: anchore-worker
- Name: ANCHORE_CLI_USER
Value: admin
- Name: ANCHORE_CLI_PASS
Value: !Ref adminPassword
- Name: ANCHORE_ADMIN_EMAIL
Value: !Ref adminEmail
- Name: ANCHORE_DB_USER
Value:
Fn::ImportValue: !Sub "${ParentRDSStack}-UserName"
- Name: ANCHORE_DB_PASSWORD
Value:
Fn::ImportValue: !Sub "${ParentRDSStack}-Password"
- Name: ANCHORE_DB_NAME
Value:
Fn::ImportValue: !Sub "${ParentRDSStack}-Name"
- Name: ANCHORE_DB_POSTGRESQL_SERVICE_HOST
Value:
Fn::ImportValue: !Sub "${ParentRDSStack}-EndPoint"
- Name: ANCHORE_DB_POSTGRESQL_SERVICE_PORT
Value:
Fn::ImportValue: !Sub "${ParentRDSStack}-Port"
- Name: ANCHORE_ENGINE_SERVICE_SERVICE_HOST
Value: !If [HasZone, !Ref RecordSet, {'Fn::ImportValue': !Sub '${ParentECSStack}-DNSName'}]
- Name: ANCHORE_ENABLE_SSL
Value: !If [HasLoadBalancerCertificateArn, 'True', 'False']
Volumes:
- Name: "config"
Host:
SourcePath: "/mnt/efs/anchore/config.yaml"
WorkerService:
Type: AWS::ECS::Service
Properties:
Cluster:
Fn::ImportValue: !Sub "${ParentECSStack}-Cluster"
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
DesiredCount: 1
PlacementStrategies:
- Type: spread
Field: instanceId
TaskDefinition: !Ref WorkerTaskDefinition