Last active
December 20, 2022 21:03
-
-
Save jldeen/37e24b0a2a62abeca528da498ef60fec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: > | |
| This template provisions the infrastructure and deploys the Fargate services for use with the YELB sample application and Service Connect migration blog post. | |
| Parameters: | |
| StackName: | |
| Type: String | |
| Default: yelb-serviceconnect | |
| Description: The name of the parent Fargate networking stack you created. Necessary to locate and reference resources created by said stack. | |
| EnvironmentName: | |
| Type: String | |
| Description: An environment name that will be prefixed to resource names | |
| YelbUiServiceDiscoveryName: | |
| Type: String | |
| Default: "yelb-ui" | |
| Description: Service Discovery name for the YELB UI service | |
| YelbRedisServiceDiscoveryName: | |
| Type: String | |
| Default: "yelb-redis" | |
| Description: Discovery name for the YELB Redis service | |
| YelbAppServerServiceDiscoveryName: | |
| Type: String | |
| Default: "yelb-appserver" | |
| Description: Discovery name for the YELB App Server Service | |
| YelbDbServiceDiscoveryName: | |
| Type: String | |
| Default: "yelb-db" | |
| Description: Discovery name for the YELB DB Service | |
| InternalLBNamespace: | |
| Type: String | |
| Description: Internal Load Balancer Namespace | |
| Default: "yelb.lb.internal" | |
| YelbCloudMapDomain: | |
| Type: String | |
| Default: "yelb.cloudmap.internal" | |
| Description: An arbitrary internal domain name for the Yelb Ui application. It must be unique across multiple deployments. | |
| EC2Ami: | |
| Type: String | |
| Description: EC2 AMI ID | |
| Default: ami-08e2d37b6a0129927 | |
| AutoHibernateTimeout: | |
| Type: Number | |
| Description: How many minutes idle before shutting down the IDE. Options, 30min, 1hr, 4hr, 1day, 1week, Never (0) | |
| Default: 240 | |
| AllowedValues: | |
| - 30 | |
| - 60 | |
| - 240 | |
| - 1440 | |
| - 10080 | |
| - 0 | |
| Mappings: | |
| # Hard values for the subnet masks. These masks define | |
| # the range of internal IP addresses that can be assigned. | |
| # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 | |
| # There are four subnets which cover the ranges: | |
| # | |
| # 10.0.0.0 - 10.0.0.255 | |
| # 10.0.1.0 - 10.0.1.255 | |
| # 10.0.2.0 - 10.0.2.255 | |
| # 10.0.3.0 - 10.0.3.255 | |
| # | |
| # If you need more IP addresses (perhaps you have so many | |
| # instances that you run out) then you can customize these | |
| # ranges to add more | |
| SubnetConfig: | |
| VPC: | |
| CIDR: "10.0.0.0/16" | |
| PublicOne: | |
| CIDR: "10.0.0.0/19" | |
| PublicTwo: | |
| CIDR: "10.0.32.0/19" | |
| PrivateOne: | |
| CIDR: "10.0.64.0/19" | |
| PrivateTwo: | |
| CIDR: "10.0.96.0/19" | |
| Resources: | |
| # VPC in which containers will be networked. | |
| # It has two public subnets, and two private subnets. | |
| # We distribute the subnets across the first two available subnets | |
| # for the region, for high availability. | |
| VPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: !FindInMap ["SubnetConfig", "VPC", "CIDR"] | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| Tags: | |
| - Key: Name | |
| Value: !Ref EnvironmentName | |
| # Two public subnets, where containers can have public IP addresses | |
| PublicSubnetOne: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 0 | |
| - Fn::GetAZs: { Ref: "AWS::Region" } | |
| VpcId: !Ref "VPC" | |
| CidrBlock: !FindInMap ["SubnetConfig", "PublicOne", "CIDR"] | |
| MapPublicIpOnLaunch: true | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Public Subnet (AZ1) | |
| PublicSubnetTwo: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 1 | |
| - Fn::GetAZs: { Ref: "AWS::Region" } | |
| VpcId: !Ref "VPC" | |
| CidrBlock: !FindInMap ["SubnetConfig", "PublicTwo", "CIDR"] | |
| MapPublicIpOnLaunch: true | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Public Subnet (AZ2) | |
| # Two private subnets where containers will only have private | |
| # IP addresses, and will only be reachable by other members of theVPC | |
| PrivateSubnetOne: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 0 | |
| - Fn::GetAZs: { Ref: "AWS::Region" } | |
| VpcId: !Ref "VPC" | |
| CidrBlock: !FindInMap ["SubnetConfig", "PrivateOne", "CIDR"] | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Subnet (AZ1) | |
| PrivateSubnetTwo: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 1 | |
| - Fn::GetAZs: { Ref: "AWS::Region" } | |
| VpcId: !Ref "VPC" | |
| CidrBlock: !FindInMap ["SubnetConfig", "PrivateTwo", "CIDR"] | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Subnet (AZ2) | |
| # Setup networking resources for the public subnets. Containers | |
| # in the public subnets have public IP addresses and the routing table sends network traffic via the internet gateway. | |
| InternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Ref EnvironmentName | |
| InternetGatewayAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref VPC | |
| PublicRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Public Routes | |
| DefaultPublicRoute: | |
| Type: AWS::EC2::Route | |
| DependsOn: InternetGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref InternetGateway | |
| PublicSubnetOneRouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnetOne | |
| PublicSubnetTwoRouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnetTwo | |
| # Setup networking resources for the private subnets. Containers | |
| # in these subnets have only private IP addresses, and must use a NAT gateway to talk to the internet. We launch two NAT gateways, one for each public subnet. | |
| NatGatewayOneEIP: | |
| Type: AWS::EC2::EIP | |
| DependsOn: InternetGatewayAttachment | |
| Properties: | |
| Domain: vpc | |
| NatGatewayTwoEIP: | |
| Type: AWS::EC2::EIP | |
| DependsOn: InternetGatewayAttachment | |
| Properties: | |
| Domain: vpc | |
| NatGatewayOne: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt NatGatewayOneEIP.AllocationId | |
| SubnetId: !Ref PublicSubnetOne | |
| NatGatewayTwo: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt NatGatewayTwoEIP.AllocationId | |
| SubnetId: !Ref PublicSubnetTwo | |
| PrivateRouteTableOne: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Routes (AZ1) | |
| DefaultPrivateRouteOne: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTableOne | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref NatGatewayOne | |
| PrivateSubnetOneRouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTableOne | |
| SubnetId: !Ref PrivateSubnetOne | |
| PrivateRouteTableTwo: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Routes (AZ2) | |
| DefaultPrivateRouteTwo: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTableTwo | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref NatGatewayTwo | |
| PrivateSubnet2RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTableTwo | |
| SubnetId: !Ref PrivateSubnetTwo | |
| # ECS Resources | |
| ECSCluster: | |
| Type: AWS::ECS::Cluster | |
| # Security Groups | |
| YelbDbSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: yelb-db security group | |
| GroupName: yelb-db-sg | |
| SecurityGroupIngress: | |
| - SourceSecurityGroupId: !Ref YelbAppServerSecurityGroup | |
| IpProtocol: tcp | |
| ToPort: 5432 | |
| FromPort: 5432 | |
| VpcId: !Ref VPC | |
| YelbRedisSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: yelb-redis security group | |
| GroupName: yelb-redis-sg | |
| SecurityGroupIngress: | |
| - SourceSecurityGroupId: !Ref YelbAppServerSecurityGroup | |
| IpProtocol: tcp | |
| ToPort: 6379 | |
| FromPort: 6379 | |
| VpcId: !Ref VPC | |
| YelbAppServerSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: yelb-appserver security group | |
| GroupName: yelb-appserver-sg | |
| VpcId: !Ref VPC | |
| SecurityGroupIngress: | |
| - SourceSecurityGroupId: !Ref YelbUiSecurityGroup | |
| IpProtocol: tcp | |
| ToPort: 4567 | |
| FromPort: 4567 | |
| YelbAppServerSecurityGroupIngress: | |
| Type: AWS::EC2::SecurityGroupIngress | |
| DependsOn: YelbAppServerSecurityGroup | |
| Properties: | |
| GroupId: !Ref YelbAppServerSecurityGroup | |
| IpProtocol: tcp | |
| FromPort: 4567 | |
| ToPort: 4567 | |
| SourceSecurityGroupId: !Ref YelbAppServerSecurityGroup | |
| YelbUiSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: yelb-ui security group | |
| GroupName: yelb-ui-sg | |
| SecurityGroupIngress: | |
| - SourceSecurityGroupId: !Ref YelbLBSecurityGroup | |
| IpProtocol: tcp | |
| ToPort: 80 | |
| FromPort: 80 | |
| VpcId: !Ref VPC | |
| YelbLBSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: yelb load balancer security group | |
| GroupName: yelb-lb-sg | |
| SecurityGroupIngress: | |
| - CidrIp: "0.0.0.0/0" | |
| IpProtocol: tcp | |
| ToPort: 80 | |
| FromPort: 80 | |
| VpcId: !Ref VPC | |
| # Service Discovery | |
| YelbServiceDiscoveryNameSpace: | |
| Type: AWS::ServiceDiscovery::PrivateDnsNamespace | |
| Properties: | |
| Description: "Service Discovery Namespace for Yelb Application" | |
| Vpc: !Ref VPC | |
| Name: !Ref "YelbCloudMapDomain" | |
| YelbDbServiceDiscoveryEntry: | |
| Type: AWS::ServiceDiscovery::Service | |
| Properties: | |
| Name: !Ref YelbDbServiceDiscoveryName | |
| DnsConfig: | |
| DnsRecords: | |
| - Type: A | |
| TTL: "10" | |
| NamespaceId: !Ref "YelbServiceDiscoveryNameSpace" | |
| HealthCheckCustomConfig: | |
| FailureThreshold: "1" | |
| YelbRedisServiceDiscoveryEntry: | |
| Type: AWS::ServiceDiscovery::Service | |
| Properties: | |
| Name: !Ref YelbRedisServiceDiscoveryName | |
| DnsConfig: | |
| DnsRecords: | |
| - Type: A | |
| TTL: "10" | |
| NamespaceId: !Ref "YelbServiceDiscoveryNameSpace" | |
| HealthCheckCustomConfig: | |
| FailureThreshold: "1" | |
| # External ELB and Target Groups | |
| ecsloadbalancer: | |
| Type: AWS::ElasticLoadBalancingV2::LoadBalancer | |
| Properties: | |
| IpAddressType: ipv4 | |
| Name: yelb-serviceconnect | |
| Scheme: internet-facing | |
| SecurityGroups: | |
| - !Ref YelbLBSecurityGroup | |
| Subnets: | |
| - !Ref PublicSubnetOne | |
| - !Ref PublicSubnetTwo | |
| Type: application | |
| EcsLbTargetGroup: | |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup | |
| Properties: | |
| Name: yelb-serviceconnect | |
| VpcId: !Ref VPC | |
| Protocol: HTTP | |
| Port: 80 | |
| TargetType: ip | |
| IpAddressType: ipv4 | |
| EcsLbListener: | |
| Type: "AWS::ElasticLoadBalancingV2::Listener" | |
| Properties: | |
| DefaultActions: | |
| - Type: forward | |
| TargetGroupArn: !Ref EcsLbTargetGroup | |
| LoadBalancerArn: !Ref ecsloadbalancer | |
| Port: 80 | |
| Protocol: HTTP | |
| # Internal ELB and Target Groups | |
| EcsInternalLoadBalancer: | |
| Type: AWS::ElasticLoadBalancingV2::LoadBalancer | |
| Properties: | |
| IpAddressType: ipv4 | |
| Name: serviceconnect-appserver | |
| Scheme: internal | |
| SecurityGroups: | |
| - !Ref YelbAppServerSecurityGroup | |
| Subnets: | |
| - !Ref PrivateSubnetOne | |
| - !Ref PrivateSubnetTwo | |
| Type: application | |
| EcsInternalTargetGroup: | |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup | |
| Properties: | |
| Name: serviceconnect-appserver | |
| VpcId: !Ref VPC | |
| Protocol: HTTP | |
| Port: 4567 | |
| TargetType: ip | |
| IpAddressType: ipv4 | |
| HealthCheckPath: "/api/getvotes" | |
| EcsInternalListener: | |
| Type: "AWS::ElasticLoadBalancingV2::Listener" | |
| Properties: | |
| DefaultActions: | |
| - Type: forward | |
| TargetGroupArn: !Ref EcsInternalTargetGroup | |
| LoadBalancerArn: !Ref EcsInternalLoadBalancer | |
| Port: 4567 | |
| Protocol: HTTP | |
| # Route53 | |
| PrivateHostedZone: | |
| Type: "AWS::Route53::HostedZone" | |
| Properties: | |
| Name: !Ref "InternalLBNamespace" | |
| VPCs: | |
| - VPCId: !Ref VPC | |
| VPCRegion: !Sub "${AWS::Region}" | |
| RecordSetLB: | |
| Type: AWS::Route53::RecordSet | |
| Properties: | |
| AliasTarget: | |
| DNSName: !GetAtt EcsInternalLoadBalancer.DNSName | |
| HostedZoneId: !GetAtt EcsInternalLoadBalancer.CanonicalHostedZoneID | |
| HostedZoneId: !Ref PrivateHostedZone | |
| Name: !Join | |
| - "" | |
| - - "yelb-appserver." | |
| - !Ref "InternalLBNamespace" | |
| Type: A | |
| Region: !Sub "${AWS::Region}" | |
| SetIdentifier: !Join | |
| - "" | |
| - - "yelb-appserver." | |
| - !Ref "InternalLBNamespace" | |
| # IAM Rules | |
| ECSSCTaskPolicy: | |
| Type: "AWS::IAM::ManagedPolicy" | |
| Properties: | |
| Description: Managed policy for the ECS Task roles | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| # Allow the ECS Tasks to download images from ECR | |
| - "ecr:GetAuthorizationToken" | |
| - "ecr:BatchCheckLayerAvailability" | |
| - "ecr:GetDownloadUrlForLayer" | |
| - "ecr:BatchGetImage" | |
| # Allow the ECS tasks to upload logs to CloudWatch | |
| - "logs:CreateLogStream" | |
| - "logs:PutLogEvents" | |
| Resource: "*" | |
| YelbECSTaskRole: | |
| Type: "AWS::IAM::Role" | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - Effect: "Allow" | |
| Principal: | |
| Service: | |
| - "ecs.amazonaws.com" | |
| - "ecs-tasks.amazonaws.com" | |
| Action: | |
| - "sts:AssumeRole" | |
| - Effect: "Allow" | |
| Principal: | |
| AWS: | |
| - !Sub "arn:aws:iam::${AWS::AccountId}:root" | |
| Action: | |
| - "sts:AssumeRole" | |
| Path: "/" | |
| ManagedPolicyArns: | |
| - !Ref ECSSCTaskPolicy | |
| - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole" | |
| - "arn:aws:iam::aws:policy/CloudWatchFullAccess" | |
| - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" | |
| YelbECSTaskExecutionRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: [ecs-tasks.amazonaws.com] | |
| Action: ["sts:AssumeRole"] | |
| Path: / | |
| Policies: | |
| - PolicyName: AmazonECSTaskExecutionRolePolicy | |
| PolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| # Allow the ECS Tasks to download images from ECR | |
| - "ecr:GetAuthorizationToken" | |
| - "ecr:BatchCheckLayerAvailability" | |
| - "ecr:GetDownloadUrlForLayer" | |
| - "ecr:BatchGetImage" | |
| # Allow the ECS tasks to upload logs to CloudWatch | |
| - "logs:CreateLogStream" | |
| - "logs:PutLogEvents" | |
| # Allow the ECS tasks to register into the target group | |
| - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer" | |
| - "elasticloadbalancing:Describe*" | |
| - "elasticloadbalancing:RegisterInstancesWithLoadBalancer" | |
| - "elasticloadbalancing:DeregisterTargets" | |
| - "elasticloadbalancing:DescribeTargetGroups" | |
| - "elasticloadbalancing:DescribeTargetHealth" | |
| - "elasticloadbalancing:RegisterTargets" | |
| Resource: "*" | |
| # Yelb DB Service and Task Definition | |
| ServiceYelbDb: | |
| Type: AWS::ECS::Service | |
| Properties: | |
| LaunchType: FARGATE | |
| Cluster: !Ref ECSCluster | |
| PlatformVersion: LATEST | |
| PropagateTags: SERVICE | |
| DeploymentConfiguration: | |
| MaximumPercent: 200 | |
| MinimumHealthyPercent: 0 | |
| EnableECSManagedTags: true | |
| EnableExecuteCommand: true | |
| DesiredCount: 1 | |
| TaskDefinition: !Ref "TaskDefinitionYelbDb" | |
| NetworkConfiguration: | |
| AwsvpcConfiguration: | |
| AssignPublicIp: ENABLED | |
| Subnets: [!Ref "PublicSubnetOne", !Ref "PublicSubnetTwo"] | |
| SecurityGroups: [!Ref "YelbDbSecurityGroup"] | |
| ServiceRegistries: | |
| - RegistryArn: !GetAtt YelbDbServiceDiscoveryEntry.Arn | |
| TaskDefinitionYelbDb: | |
| Type: AWS::ECS::TaskDefinition | |
| Properties: | |
| Family: yelb-db | |
| NetworkMode: awsvpc | |
| Cpu: "256" | |
| Memory: "512" | |
| RequiresCompatibilities: | |
| - FARGATE | |
| TaskRoleArn: !Ref "YelbECSTaskRole" | |
| ExecutionRoleArn: !Ref "YelbECSTaskExecutionRole" | |
| ContainerDefinitions: | |
| - Name: yelb-db | |
| Image: mreferre/yelb-db:0.5 | |
| Cpu: 100 | |
| Essential: true | |
| PortMappings: | |
| - Name: yelb-db | |
| ContainerPort: 5432 | |
| Protocol: tcp | |
| LogConfiguration: | |
| LogDriver: awslogs | |
| Options: | |
| awslogs-group: ecs/serviceconnectdemo | |
| awslogs-region: !Ref AWS::Region | |
| awslogs-stream-prefix: "yelb" | |
| # Yelb Redis Service and Task Definition | |
| ServiceRedisServer: | |
| Type: AWS::ECS::Service | |
| Properties: | |
| LaunchType: FARGATE | |
| Cluster: !Ref ECSCluster | |
| PlatformVersion: LATEST | |
| PropagateTags: SERVICE | |
| DeploymentConfiguration: | |
| MaximumPercent: 200 | |
| MinimumHealthyPercent: 0 | |
| EnableECSManagedTags: true | |
| EnableExecuteCommand: true | |
| DesiredCount: 1 | |
| TaskDefinition: !Ref "TaskDefinitionRedisServer" | |
| NetworkConfiguration: | |
| AwsvpcConfiguration: | |
| AssignPublicIp: ENABLED | |
| Subnets: [!Ref "PublicSubnetOne", !Ref "PublicSubnetTwo"] | |
| SecurityGroups: [!Ref "YelbRedisSecurityGroup"] | |
| ServiceRegistries: | |
| - RegistryArn: !GetAtt YelbRedisServiceDiscoveryEntry.Arn | |
| TaskDefinitionRedisServer: | |
| Type: AWS::ECS::TaskDefinition | |
| Properties: | |
| Family: redis-server | |
| NetworkMode: awsvpc | |
| Cpu: "256" | |
| Memory: "512" | |
| RequiresCompatibilities: | |
| - FARGATE | |
| TaskRoleArn: !Ref "YelbECSTaskRole" | |
| ExecutionRoleArn: !Ref "YelbECSTaskExecutionRole" | |
| ContainerDefinitions: | |
| - Name: redis-server | |
| Image: redis:4.0.2 | |
| Cpu: 100 | |
| Essential: true | |
| PortMappings: | |
| - Name: yelb-redis | |
| ContainerPort: 6379 | |
| Protocol: tcp | |
| LogConfiguration: | |
| LogDriver: awslogs | |
| Options: | |
| awslogs-group: ecs/serviceconnectdemo | |
| awslogs-region: !Ref AWS::Region | |
| awslogs-stream-prefix: "yelb" | |
| # Yelb App Server Service and Task Definition | |
| ServiceYelbAppserver: | |
| Type: AWS::ECS::Service | |
| DependsOn: EcsInternalListener | |
| Properties: | |
| LaunchType: FARGATE | |
| Cluster: !Ref ECSCluster | |
| PlatformVersion: LATEST | |
| PropagateTags: SERVICE | |
| DeploymentConfiguration: | |
| MaximumPercent: 200 | |
| MinimumHealthyPercent: 50 | |
| EnableECSManagedTags: true | |
| EnableExecuteCommand: true | |
| DesiredCount: 3 | |
| TaskDefinition: !Ref "TaskDefinitionYelbAppserver" | |
| NetworkConfiguration: | |
| AwsvpcConfiguration: | |
| AssignPublicIp: ENABLED | |
| Subnets: [!Ref "PublicSubnetOne", !Ref "PublicSubnetTwo"] | |
| SecurityGroups: [!Ref "YelbAppServerSecurityGroup"] | |
| LoadBalancers: | |
| - TargetGroupArn: !Ref EcsInternalTargetGroup | |
| ContainerName: yelb-appserver | |
| ContainerPort: 4567 | |
| TaskDefinitionYelbAppserver: | |
| Type: AWS::ECS::TaskDefinition | |
| Properties: | |
| Family: yelb-appserver | |
| NetworkMode: awsvpc | |
| Cpu: "256" | |
| Memory: "512" | |
| RequiresCompatibilities: | |
| - FARGATE | |
| TaskRoleArn: !Ref "YelbECSTaskRole" | |
| ExecutionRoleArn: !Ref "YelbECSTaskExecutionRole" | |
| ContainerDefinitions: | |
| - Name: yelb-appserver | |
| Image: hemanthavs/yelb-appserver:latest | |
| Cpu: 100 | |
| Essential: true | |
| PortMappings: | |
| - Name: yelb-appserver | |
| ContainerPort: 4567 | |
| Protocol: tcp | |
| AppProtocol: http | |
| Environment: | |
| - Name: APP_PORT | |
| Value: "4567" | |
| - Name: YELB_DB_SERVER | |
| Value: yelb-db.yelb.cloudmap.internal | |
| - Name: YELB_DB_SERVER_PORT | |
| Value: "5432" | |
| - Name: YELB_REDIS_SERVER | |
| Value: yelb-redis.yelb.cloudmap.internal | |
| - Name: YELB_REDIS_SERVER_PORT | |
| Value: "6379" | |
| LogConfiguration: | |
| LogDriver: awslogs | |
| Options: | |
| awslogs-group: ecs/serviceconnectdemo | |
| awslogs-region: !Ref AWS::Region | |
| awslogs-stream-prefix: "yelb" | |
| # Yelb UI Service and Task Definition | |
| ServiceYelbUi: | |
| Type: AWS::ECS::Service | |
| DependsOn: EcsLbListener | |
| Properties: | |
| LaunchType: FARGATE | |
| Cluster: !Ref ECSCluster | |
| PlatformVersion: LATEST | |
| PropagateTags: SERVICE | |
| DeploymentConfiguration: | |
| MaximumPercent: 200 | |
| MinimumHealthyPercent: 50 | |
| EnableECSManagedTags: true | |
| EnableExecuteCommand: true | |
| DesiredCount: 3 | |
| TaskDefinition: !Ref "TaskDefinitionYelbUi" | |
| NetworkConfiguration: | |
| AwsvpcConfiguration: | |
| AssignPublicIp: ENABLED | |
| Subnets: [!Ref "PublicSubnetOne", !Ref "PublicSubnetTwo"] | |
| SecurityGroups: [!Ref "YelbUiSecurityGroup"] | |
| LoadBalancers: | |
| - ContainerName: "yelb-ui" | |
| ContainerPort: 80 | |
| TargetGroupArn: !Ref EcsLbTargetGroup | |
| ServiceConnectConfiguration: | |
| Enabled: false | |
| TaskDefinitionYelbUi: | |
| Type: AWS::ECS::TaskDefinition | |
| Properties: | |
| Family: yelb-ui | |
| NetworkMode: awsvpc | |
| Cpu: "256" | |
| Memory: "512" | |
| RequiresCompatibilities: | |
| - FARGATE | |
| TaskRoleArn: !Ref "YelbECSTaskRole" | |
| ExecutionRoleArn: !Ref "YelbECSTaskExecutionRole" | |
| ContainerDefinitions: | |
| - Name: yelb-ui | |
| Image: hemanthavs/yelb-ui:latest | |
| Cpu: 100 | |
| Essential: true | |
| PortMappings: | |
| - Name: yelb-ui | |
| ContainerPort: 80 | |
| Protocol: tcp | |
| AppProtocol: http | |
| Environment: | |
| - Name: APP_SERVER | |
| Value: yelb-appserver.yelb.lb.internal | |
| - Name: APP_SERVER_PORT | |
| Value: "4567" | |
| LogConfiguration: | |
| LogDriver: awslogs | |
| Options: | |
| awslogs-group: ecs/serviceconnectdemo | |
| awslogs-region: !Ref AWS::Region | |
| awslogs-stream-prefix: "yelb" | |
| # Cloudwatch Logs | |
| CloudWatchLogGroup: | |
| Type: AWS::Logs::LogGroup | |
| Properties: | |
| LogGroupName: "ecs/serviceconnectdemo" | |
| RetentionInDays: 90 | |
| Outputs: | |
| VPC: | |
| Description: A reference to the created VPC | |
| Value: !Ref VPC | |
| Export: | |
| Name: vpcId | |
| AccountId: | |
| Description: Outputs the Account ID the stack resources are deployed to | |
| Value: !Sub "${AWS::AccountId}" | |
| Export: | |
| Name: awsAccountId | |
| StackName: | |
| Description: Outputs the stack name | |
| Value: !Sub "${AWS::StackName}" | |
| Export: | |
| Name: awsStackName | |
| Region: | |
| Description: Outputs the region the stack resources are deployed to | |
| Value: !Sub "${AWS::Region}" | |
| Export: | |
| Name: awsRegion | |
| PublicSubnetOne: | |
| Description: A reference to the public subnet in the 1st Availability Zone | |
| Value: !Ref PublicSubnetOne | |
| Export: | |
| Name: publicSubnetOne | |
| PublicSubnetTwo: | |
| Description: A reference to the public subnet in the 2nd Availability Zone | |
| Value: !Ref PublicSubnetTwo | |
| Export: | |
| Name: publicSubnetTwo | |
| PrivateSubnetOne: | |
| Description: A reference to the private subnet in the 1st Availability Zone | |
| Value: !Ref PrivateSubnetOne | |
| Export: | |
| Name: privateSubnetOne | |
| PrivateSubnetTwo: | |
| Description: A reference to the private subnet in the 2nd Availability Zone | |
| Value: !Ref PrivateSubnetTwo | |
| Export: | |
| Name: privateSubnetTwo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment