Skip to content

Instantly share code, notes, and snippets.

@li0nel
Last active January 31, 2019 16:01
Show Gist options
  • Save li0nel/1e63a84ed1583372c85f2c8324c2e615 to your computer and use it in GitHub Desktop.
Save li0nel/1e63a84ed1583372c85f2c8324c2e615 to your computer and use it in GitHub Desktop.
CloudFormation stack for the web service
Service:
Type: AWS::ECS::Service
DependsOn:
- ListenerRuleHTTPS
Properties:
Cluster: !Ref Cluster
Role: !Ref ServiceRole
DesiredCount: !Ref DesiredCount
TaskDefinition: !Ref TaskDefinition
LoadBalancers:
- ContainerName: nginx
ContainerPort: 80
TargetGroupArn: !Ref TargetGroup
ServiceRedirect:
Type: AWS::ECS::Service
DependsOn:
- ListenerRuleHTTP
Properties:
Cluster: !Ref Cluster
Role: !Ref ServiceRole
DesiredCount: 1
TaskDefinition: !Ref TaskDefinitionRedirectHTTPtoHTTPS
LoadBalancers:
- ContainerName: nginx-to-https
ContainerPort: 80
TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP
TaskDefinitionRedirectHTTPtoHTTPS:
Type: AWS::ECS::TaskDefinition
Properties:
Family: nginx-to-https
ContainerDefinitions:
- Name: nginx-to-https
Essential: true
Image: getlionel/nginx-to-https
Memory: 128
PortMappings:
- ContainerPort: 80
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: laravel-nginx
ContainerDefinitions:
- Name: nginx
Essential: true
Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "nginx" ] ] ] ]
Memory: 128
PortMappings:
- ContainerPort: 80
Links:
- app
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref AWS::StackName
awslogs-region: !Ref AWS::Region
- Name: app
Essential: true
Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "laravel" ] ] ] ]
Memory: 256
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref AWS::StackName
awslogs-region: !Ref AWS::Region
Environment:
- Name: APP_NAME
Value: Laravel
- Name: APP_ENV
Value: production
- Name: APP_DEBUG
Value: false
- Name: APP_LOG_LEVEL
Value: error
- Name: APP_KEY
Value: base64:h2ASblVGbCXbC1buJ8KToZkKIEY69GSiutkAeGo77B0=
- Name: APP_URL
Value: !Ref APPURL
- Name: DB_CONNECTION
Value: !Ref DBCONNECTION
- Name: DB_HOST
Value: !Ref DBHOST
- Name: DB_PORT
Value: !Ref DBPORT
- Name: DB_DATABASE
Value: !Ref DBDATABASE
- Name: DB_USERNAME
Value: !Ref DBUSERNAME
- Name: DB_PASSWORD
Value: !Ref DBPASSWORD
- Name: CACHE_DRIVER
Value: file
- Name: SESSION_DRIVER
Value: database
- Name: MAIL_DRIVER
Value: !Ref MAILDRIVER
- Name: MAIL_HOST
Value: !Ref MAILHOST
- Name: MAIL_PORT
Value: !Ref MAILPORT
- Name: MAIL_USERNAME
Value: !Ref MAILUSERNAME
- Name: MAIL_PASSWORD
Value: !Ref MAILPASSWORD
- Name: MAIL_FROM_ADDRESS
Value: !Ref MAILFROMADDRESS
- Name: MAIL_FROM_NAME
Value: !Ref MAILFROMNAME
# - Name: ELASTICSEARCH_HOST
# Value: !Ref ELASTICSEARCHHOST
# - Name: ELASTICSEARCH_PORT
# Value: !Ref ELASTICSEARCHPORT
- Name: FILESYSTEM_DRIVER
Value: !Ref FILESYSTEMDRIVER
- Name: AWS_REGION
Value: !Sub ${AWS::Region}
- Name: AWS_BUCKET
Value: !Ref AWSBUCKET
CloudWatchLogsGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Ref AWS::StackName
RetentionInDays: 365
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !Ref VPC
Port: 80
Protocol: HTTP
Matcher:
HttpCode: 200-301
HealthCheckIntervalSeconds: 10
HealthCheckPath: /
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
TargetGroupRedirectHTTPSToHTTP:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !Ref VPC
Port: 80
Protocol: HTTP
Matcher:
HttpCode: 200-301
HealthCheckIntervalSeconds: 10
HealthCheckPath: /
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
ListenerRuleHTTP:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
ListenerArn: !Ref ListenerHTTP
Priority: 1
Conditions:
- Field: path-pattern
Values:
- !Ref Path
Actions:
- TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP
Type: forward
ListenerRuleHTTPS:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
ListenerArn: !Ref ListenerHTTPS
Priority: 1
Conditions:
- Field: path-pattern
Values:
- !Ref Path
Actions:
- TargetGroupArn: !Ref TargetGroup
Type: forward
# This IAM Role grants the service access to register/unregister with the
# Application Load Balancer (ALB). It is based on the default documented here:
# http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_IAM_role.html
ServiceRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ecs-service-${AWS::StackName}
Path: /
AssumeRolePolicyDocument: |
{
"Statement": [{
"Effect": "Allow",
"Principal": { "Service": [ "ecs.amazonaws.com" ]},
"Action": [ "sts:AssumeRole" ]
}]
}
Policies:
- PolicyName: !Sub ecs-service-${AWS::StackName}
PolicyDocument:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets"
],
"Resource": "*"
}]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment