Skip to content

Instantly share code, notes, and snippets.

@kixorz

kixorz/cfn_coreos_ecs.json

Forked from kgorskowski/coreos-ecs-agent-cloudformation.template
Last active November 8, 2019 14:38
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kixorz/13f7c42c750a24aa5c01 to your computer and use it in GitHub Desktop.
Save kixorz/13f7c42c750a24aa5c01 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cfn_coreos_ecs.json
{
"Parameters" : {
"KeyName" : {
"Type" : "String",
"Description" : "EC2 KeyPair"
},
"ClusterName" : {
"Type": "String",
"Description" : "ECS Cluster name"
},
"ClusterSize": {
"Type": "Number",
"Default": "1",
"MinValue": "1",
"MaxValue": "12",
"Description": "Number of nodes in cluster"
},
"InstanceType" : {
"Type" : "String",
"Default" : "t2.micro",
"Description" : "EC2 HVM instance type"
},
"DiscoveryURL": {
"Type": "String",
"Description": "An unique etcd cluster discovery URL. Grab a new token from https://discovery.etcd.io/new"
},
"AdvertisedIPAddress": {
"Type": "String",
"Description": "Use 'private' if your etcd cluster is within one region or 'public' if it spans regions or cloud providers",
"Default": "private",
"AllowedValues": [ "private", "public" ]
},
"AllowSSHFrom": {
"Type": "String",
"Description": "The net block (CIDR) that SSH is available to",
"Default": "0.0.0.0/0"
}
},
"Mappings" : {
"RegionMap" : {
"eu-central-1" : { "HVM" : "ami-487d4d55" },
"ap-northeast-1" : { "HVM" : "ami-decfc0df" },
"sa-east-1" : { "HVM" : "ami-cb04b4d6" },
"ap-southeast-2" : { "HVM" : "ami-d1e981eb" },
"ap-southeast-1" : { "HVM" : "ami-83406fd1" },
"us-east-1" : { "HVM" : "ami-705d3d18" },
"us-west-2" : { "HVM" : "ami-4dd4857d" },
"us-west-1" : { "HVM" : "ami-17fae852" },
"eu-west-1" : { "HVM" : "ami-783a840f" }
}
},
"Resources" : {
"RootRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": [ "ec2.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
} ]
},
"Path": "/"
}
},
"RolePolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "ECSPolicy",
"PolicyDocument": {
"Statement": [ {
"Effect": "Allow",
"Action": [
"ecs:CreateCluster",
"ecs:RegisterContainerInstance",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Submit*",
"ecs:Poll"
],
"Resource": [ "*" ]
} ]
},
"Roles": [ { "Ref": "RootRole" } ]
}
},
"RootInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ { "Ref": "RootRole" } ]
}
},
"CoreOSSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "CoreOS SecurityGroup",
"SecurityGroupIngress": [ {
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "AllowSSHFrom"
}
} ]
}
},
"Ingress4001": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupName": { "Ref": "CoreOSSecurityGroup" },
"IpProtocol": "tcp",
"FromPort": "4001",
"ToPort": "4001",
"SourceSecurityGroupId": {
"Fn::GetAtt" : [ "CoreOSSecurityGroup", "GroupId" ]
}
}
},
"Ingress7001": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupName": { "Ref": "CoreOSSecurityGroup" },
"IpProtocol": "tcp",
"FromPort": "7001",
"ToPort": "7001",
"SourceSecurityGroupId": {
"Fn::GetAtt" : [ "CoreOSSecurityGroup", "GroupId" ]
}
}
},
"CoreOSServerAutoScale": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": { "Fn::GetAZs": "" },
"LaunchConfigurationName": { "Ref": "CoreOSLaunchConfig" },
"MinSize": "1",
"MaxSize": "12",
"DesiredCapacity": { "Ref": "ClusterSize" },
"Tags": [ {
"Key": "Name",
"Value": "ecs coreos",
"PropagateAtLaunch": true
} ]
}
},
"CoreOSLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"ImageId": { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "HVM" ] },
"InstanceType": { "Ref": "InstanceType" },
"KeyName": { "Ref": "KeyName" },
"SecurityGroups": [ { "Ref": "CoreOSSecurityGroup" } ],
"IamInstanceProfile": { "Ref": "RootInstanceProfile" },
"UserData": { "Fn::Base64": {
"Fn::Join": [ "", [
"#cloud-config\n\n",
"coreos:\n",
" etcd:\n",
" discovery: ", { "Ref": "DiscoveryURL" }, "\n",
" addr: $", { "Ref": "AdvertisedIPAddress" }, "_ipv4:4001\n",
" peer-addr: $", { "Ref": "AdvertisedIPAddress" }, "_ipv4:7001\n\n",
" units:\n",
" - name: etcd.service\n",
" command: start\n",
" - name: fleet.service\n",
" command: start\n",
" - name: amazon-ecs-agent.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Amazon ECS Agent\n",
" After=docker.service\n",
" Requires=docker.service\n\n",
" [Service]\n",
" Environment=ECS_CLUSTER=", { "Ref": "ClusterName" },"\n",
" Environment=ECS_LOGLEVEL=info\n",
" ExecStartPre=-/usr/bin/docker kill ecs-agent\n",
" ExecStartPre=-/usr/bin/docker rm ecs-agent\n",
" ExecStartPre=/usr/bin/docker pull amazon/amazon-ecs-agent\n",
" ExecStart=/usr/bin/docker run --name ecs-agent --env=ECS_CLUSTER=${ECS_CLUSTER} --env=ECS_LOGLEVEL=${ECS_LOGLEVEL} --publish=127.0.0.1:51678:51678 --volume=/var/log/ecs/:/log --volume=/var/run/docker.sock:/var/run/docker.sock amazon/amazon-ecs-agent:latest\n",
" ExecStop=/usr/bin/docker stop ecs-agent\n"
] ] }
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment