li0nel/service.yaml

## service.yaml
Service:
    Type: AWS::ECS::Service
    DependsOn:
      - ListenerRuleHTTPS
    Properties:
        Cluster: !Ref Cluster
        Role: !Ref ServiceRole
        DesiredCount: !Ref DesiredCount
        TaskDefinition: !Ref TaskDefinition
        LoadBalancers:
            - ContainerName: nginx
              ContainerPort: 80
              TargetGroupArn: !Ref TargetGroup

ServiceRedirect:
    Type: AWS::ECS::Service
    DependsOn:
      - ListenerRuleHTTP
    Properties:
        Cluster: !Ref Cluster
        Role: !Ref ServiceRole
        DesiredCount: 1
        TaskDefinition: !Ref TaskDefinitionRedirectHTTPtoHTTPS
        LoadBalancers:
            - ContainerName: nginx-to-https
              ContainerPort: 80
              TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP

TaskDefinitionRedirectHTTPtoHTTPS:
    Type: AWS::ECS::TaskDefinition
    Properties:
        Family: nginx-to-https
        ContainerDefinitions:
            - Name: nginx-to-https
              Essential: true
              Image: getlionel/nginx-to-https
              Memory: 128
              PortMappings:
                - ContainerPort: 80

TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
        Family: laravel-nginx
        ContainerDefinitions:
            - Name: nginx
              Essential: true
              Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "nginx" ] ] ] ]
              Memory: 128
              PortMappings:
                - ContainerPort: 80
              Links:
                - app
              LogConfiguration:
                LogDriver: awslogs
                Options:
                    awslogs-group: !Ref AWS::StackName
                    awslogs-region: !Ref AWS::Region
            - Name: app
              Essential: true
              Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "laravel" ] ] ] ]
              Memory: 256
              LogConfiguration:
                LogDriver: awslogs
                Options:
                    awslogs-group: !Ref AWS::StackName
                    awslogs-region: !Ref AWS::Region
              Environment:
                - Name: APP_NAME
                  Value: Laravel
                - Name: APP_ENV
                  Value: production
                - Name: APP_DEBUG
                  Value: false
                - Name: APP_LOG_LEVEL
                  Value: error
                - Name: APP_KEY
                  Value: base64:h2ASblVGbCXbC1buJ8KToZkKIEY69GSiutkAeGo77B0=
                - Name: APP_URL
                  Value: !Ref APPURL
                - Name: DB_CONNECTION
                  Value: !Ref DBCONNECTION
                - Name: DB_HOST
                  Value: !Ref DBHOST
                - Name: DB_PORT
                  Value: !Ref DBPORT
                - Name: DB_DATABASE
                  Value: !Ref DBDATABASE
                - Name: DB_USERNAME
                  Value: !Ref DBUSERNAME
                - Name: DB_PASSWORD
                  Value: !Ref DBPASSWORD
                - Name: CACHE_DRIVER
                  Value: file
                - Name: SESSION_DRIVER
                  Value: database
                - Name: MAIL_DRIVER
                  Value: !Ref MAILDRIVER
                - Name: MAIL_HOST
                  Value: !Ref MAILHOST
                - Name: MAIL_PORT
                  Value: !Ref MAILPORT
                - Name: MAIL_USERNAME
                  Value: !Ref MAILUSERNAME
                - Name: MAIL_PASSWORD
                  Value: !Ref MAILPASSWORD
                - Name: MAIL_FROM_ADDRESS
                  Value: !Ref MAILFROMADDRESS
                - Name: MAIL_FROM_NAME
                  Value: !Ref MAILFROMNAME
#                    - Name: ELASTICSEARCH_HOST
#                      Value: !Ref ELASTICSEARCHHOST
#                    - Name: ELASTICSEARCH_PORT
#                      Value: !Ref ELASTICSEARCHPORT
                - Name: FILESYSTEM_DRIVER
                  Value: !Ref FILESYSTEMDRIVER
                - Name: AWS_REGION
                  Value: !Sub ${AWS::Region}
                - Name: AWS_BUCKET
                  Value: !Ref AWSBUCKET

CloudWatchLogsGroup:
    Type: AWS::Logs::LogGroup
    Properties:
        LogGroupName: !Ref AWS::StackName
        RetentionInDays: 365

TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
        VpcId: !Ref VPC
        Port: 80
        Protocol: HTTP
        Matcher:
            HttpCode: 200-301
        HealthCheckIntervalSeconds: 10
        HealthCheckPath: /
        HealthCheckProtocol: HTTP
        HealthCheckTimeoutSeconds: 5
        HealthyThresholdCount: 2

TargetGroupRedirectHTTPSToHTTP:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
        VpcId: !Ref VPC
        Port: 80
        Protocol: HTTP
        Matcher:
            HttpCode: 200-301
        HealthCheckIntervalSeconds: 10
        HealthCheckPath: /
        HealthCheckProtocol: HTTP
        HealthCheckTimeoutSeconds: 5
        HealthyThresholdCount: 2

ListenerRuleHTTP:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
        ListenerArn: !Ref ListenerHTTP
        Priority: 1
        Conditions:
            - Field: path-pattern
              Values:
                - !Ref Path
        Actions:
            - TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP
              Type: forward

ListenerRuleHTTPS:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
        ListenerArn: !Ref ListenerHTTPS
        Priority: 1
        Conditions:
            - Field: path-pattern
              Values:
                - !Ref Path
        Actions:
            - TargetGroupArn: !Ref TargetGroup
              Type: forward

# This IAM Role grants the service access to register/unregister with the
# Application Load Balancer (ALB). It is based on the default documented here:
# http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_IAM_role.html
ServiceRole:
    Type: AWS::IAM::Role
    Properties:
        RoleName: !Sub ecs-service-${AWS::StackName}
        Path: /
        AssumeRolePolicyDocument: |
            {
                "Statement": [{
                    "Effect": "Allow",
                    "Principal": { "Service": [ "ecs.amazonaws.com" ]},
                    "Action": [ "sts:AssumeRole" ]
                }]
            }
        Policies:
            - PolicyName: !Sub ecs-service-${AWS::StackName}
              PolicyDocument:
                {
                    "Version": "2012-10-17",
                    "Statement": [{
                            "Effect": "Allow",
                            "Action": [
                                "ec2:AuthorizeSecurityGroupIngress",
                                "ec2:Describe*",
                                "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                                "elasticloadbalancing:Describe*",
                                "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                                "elasticloadbalancing:DeregisterTargets",
                                "elasticloadbalancing:DescribeTargetGroups",
                                "elasticloadbalancing:DescribeTargetHealth",
                                "elasticloadbalancing:RegisterTargets"
                            ],
                            "Resource": "*"
                    }]
                }
	Service:
	Type: AWS::ECS::Service
	DependsOn:
	- ListenerRuleHTTPS
	Properties:
	Cluster: !Ref Cluster
	Role: !Ref ServiceRole
	DesiredCount: !Ref DesiredCount
	TaskDefinition: !Ref TaskDefinition
	LoadBalancers:
	- ContainerName: nginx
	ContainerPort: 80
	TargetGroupArn: !Ref TargetGroup

	ServiceRedirect:
	Type: AWS::ECS::Service
	DependsOn:
	- ListenerRuleHTTP
	Properties:
	Cluster: !Ref Cluster
	Role: !Ref ServiceRole
	DesiredCount: 1
	TaskDefinition: !Ref TaskDefinitionRedirectHTTPtoHTTPS
	LoadBalancers:
	- ContainerName: nginx-to-https
	ContainerPort: 80
	TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP

	TaskDefinitionRedirectHTTPtoHTTPS:
	Type: AWS::ECS::TaskDefinition
	Properties:
	Family: nginx-to-https
	ContainerDefinitions:
	- Name: nginx-to-https
	Essential: true
	Image: getlionel/nginx-to-https
	Memory: 128
	PortMappings:
	- ContainerPort: 80

	TaskDefinition:
	Type: AWS::ECS::TaskDefinition
	Properties:
	Family: laravel-nginx
	ContainerDefinitions:
	- Name: nginx
	Essential: true
	Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "nginx" ] ] ] ]
	Memory: 128
	PortMappings:
	- ContainerPort: 80
	Links:
	- app
	LogConfiguration:
	LogDriver: awslogs
	Options:
	awslogs-group: !Ref AWS::StackName
	awslogs-region: !Ref AWS::Region
	- Name: app
	Essential: true
	Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "laravel" ] ] ] ]
	Memory: 256
	LogConfiguration:
	LogDriver: awslogs
	Options:
	awslogs-group: !Ref AWS::StackName
	awslogs-region: !Ref AWS::Region
	Environment:
	- Name: APP_NAME
	Value: Laravel
	- Name: APP_ENV
	Value: production
	- Name: APP_DEBUG
	Value: false
	- Name: APP_LOG_LEVEL
	Value: error
	- Name: APP_KEY
	Value: base64:h2ASblVGbCXbC1buJ8KToZkKIEY69GSiutkAeGo77B0=
	- Name: APP_URL
	Value: !Ref APPURL
	- Name: DB_CONNECTION
	Value: !Ref DBCONNECTION
	- Name: DB_HOST
	Value: !Ref DBHOST
	- Name: DB_PORT
	Value: !Ref DBPORT
	- Name: DB_DATABASE
	Value: !Ref DBDATABASE
	- Name: DB_USERNAME
	Value: !Ref DBUSERNAME
	- Name: DB_PASSWORD
	Value: !Ref DBPASSWORD
	- Name: CACHE_DRIVER
	Value: file
	- Name: SESSION_DRIVER
	Value: database
	- Name: MAIL_DRIVER
	Value: !Ref MAILDRIVER
	- Name: MAIL_HOST
	Value: !Ref MAILHOST
	- Name: MAIL_PORT
	Value: !Ref MAILPORT
	- Name: MAIL_USERNAME
	Value: !Ref MAILUSERNAME
	- Name: MAIL_PASSWORD
	Value: !Ref MAILPASSWORD
	- Name: MAIL_FROM_ADDRESS
	Value: !Ref MAILFROMADDRESS
	- Name: MAIL_FROM_NAME
	Value: !Ref MAILFROMNAME
	# - Name: ELASTICSEARCH_HOST
	# Value: !Ref ELASTICSEARCHHOST
	# - Name: ELASTICSEARCH_PORT
	# Value: !Ref ELASTICSEARCHPORT
	- Name: FILESYSTEM_DRIVER
	Value: !Ref FILESYSTEMDRIVER
	- Name: AWS_REGION
	Value: !Sub ${AWS::Region}
	- Name: AWS_BUCKET
	Value: !Ref AWSBUCKET

	CloudWatchLogsGroup:
	Type: AWS::Logs::LogGroup
	Properties:
	LogGroupName: !Ref AWS::StackName
	RetentionInDays: 365

	TargetGroup:
	Type: AWS::ElasticLoadBalancingV2::TargetGroup
	Properties:
	VpcId: !Ref VPC
	Port: 80
	Protocol: HTTP
	Matcher:
	HttpCode: 200-301
	HealthCheckIntervalSeconds: 10
	HealthCheckPath: /
	HealthCheckProtocol: HTTP
	HealthCheckTimeoutSeconds: 5
	HealthyThresholdCount: 2

	TargetGroupRedirectHTTPSToHTTP:
	Type: AWS::ElasticLoadBalancingV2::TargetGroup
	Properties:
	VpcId: !Ref VPC
	Port: 80
	Protocol: HTTP
	Matcher:
	HttpCode: 200-301
	HealthCheckIntervalSeconds: 10
	HealthCheckPath: /
	HealthCheckProtocol: HTTP
	HealthCheckTimeoutSeconds: 5
	HealthyThresholdCount: 2

	ListenerRuleHTTP:
	Type: AWS::ElasticLoadBalancingV2::ListenerRule
	Properties:
	ListenerArn: !Ref ListenerHTTP
	Priority: 1
	Conditions:
	- Field: path-pattern
	Values:
	- !Ref Path
	Actions:
	- TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP
	Type: forward

	ListenerRuleHTTPS:
	Type: AWS::ElasticLoadBalancingV2::ListenerRule
	Properties:
	ListenerArn: !Ref ListenerHTTPS
	Priority: 1
	Conditions:
	- Field: path-pattern
	Values:
	- !Ref Path
	Actions:
	- TargetGroupArn: !Ref TargetGroup
	Type: forward

	# This IAM Role grants the service access to register/unregister with the
	# Application Load Balancer (ALB). It is based on the default documented here:
	# http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_IAM_role.html
	ServiceRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: !Sub ecs-service-${AWS::StackName}
	Path: /
	AssumeRolePolicyDocument: \|
	{
	"Statement": [{
	"Effect": "Allow",
	"Principal": { "Service": [ "ecs.amazonaws.com" ]},
	"Action": [ "sts:AssumeRole" ]
	}]
	}
	Policies:
	- PolicyName: !Sub ecs-service-${AWS::StackName}
	PolicyDocument:
	{
	"Version": "2012-10-17",
	"Statement": [{
	"Effect": "Allow",
	"Action": [
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:Describe*",
	"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
	"elasticloadbalancing:Describe*",
	"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
	"elasticloadbalancing:DeregisterTargets",
	"elasticloadbalancing:DescribeTargetGroups",
	"elasticloadbalancing:DescribeTargetHealth",
	"elasticloadbalancing:RegisterTargets"
	],
	"Resource": "*"
	}]
	}