vroad/template.yaml Secret

## template.yaml
AWSTemplateFormatVersion: 2010-09-09
Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: 'AWS::EC2::KeyPair::KeyName'
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  DBRootPassword:
    NoEcho: 'true'
    Description: Root password for MySQL
    Type: String
    MinLength: '1'
    MaxLength: '41'
    AllowedPattern: '[a-zA-Z0-9]*'
    ConstraintDescription: must contain only alphanumeric characters.
  InstanceType:
    Description: WebServer EC2 instance type
    Type: String
    Default: t2.micro
    AllowedValues:
      - t2.micro
    ConstraintDescription: must be a valid EC2 instance type.
  SSHLocation:
    Description: ' The IP address range that can be used to SSH to the EC2 instances'
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Mappings:
  AWSInstanceType2Arch:
    t2.micro:
      Arch: HVM64
  AWSRegionArch2AMI:
    ap-northeast-1:
      PV64: NOT_SUPPORTED
      HVM64: ami-5add893c
      HVMG2: NOT_SUPPORTED
Resources:
  ECSRole:
    Type: AWS::IAM::Role
    Properties:
      Path: /
      #RoleName: !Sub ecs-${AWS::StackName}
      AssumeRolePolicyDocument: |
        {
            "Statement": [{
                "Effect": "Allow",
                "Principal": { "Service": [ "ec2.amazonaws.com" ]},
                "Action": [ "sts:AssumeRole" ]
            }]
        }
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
  InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - !Ref ECSRole
  WebServerInstance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !FindInMap
        - AWSRegionArch2AMI
        - !Ref 'AWS::Region'
        - !FindInMap
          - AWSInstanceType2Arch
          - !Ref InstanceType
          - Arch
      InstanceType: !Ref InstanceType
      IamInstanceProfile: !Ref InstanceProfile
      SecurityGroups:
        - !Ref WebServerSecurityGroup
      KeyName: !Ref KeyName
      UserData: !Base64
        "Fn::Base64": !Sub |
          #!/bin/bash
          yum install -y aws-cfn-bootstrap
          echo ECS_CLUSTER=${Cluster} > /etc/ecs/ecs.config
          /opt/aws/bin/cfn-signal -e $? --region ${AWS::Region} --stack ${AWS::StackName} --resource WebServerInstance
    CreationPolicy:
      ResourceSignal:
        Timeout: PT5M
  WebServerSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Enable HTTP access via port 80
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: !Ref SSHLocation
  Cluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: !Ref AWS::StackName
  Service:
    Type: AWS::ECS::Service
    Properties:
      Cluster: !Ref Cluster
      DesiredCount: 1
      TaskDefinition: !Ref TaskDefinition
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      ContainerDefinitions:
        - Name: mysql
          Image: percona/percona-server:5.7
          Essential: true
          Memory: 512
          MountPoints:
            - SourceVolume: mysql-data
              ContainerPath: /var/lib/mysql
              ReadOnly: false
          Environment:
            - Name: MYSQL_ROOT_PASSWORD
              Value: !Ref DBRootPassword
          LogConfiguration:
            LogDriver: awslogs
            Options:
              'awslogs-group': !Ref AWS::StackName
              'awslogs-region': !Ref AWS::Region
              'awslogs-stream-prefix': mysql
          PortMappings:
            - ContainerPort: 3306
        - Name: adminer
          Image: adminer:latest
          Essential: false
          Memory: 128
          Links:
            - mysql:mysql
          PortMappings:
            - ContainerPort: 8080
              HostPort: 80
          LogConfiguration:
            LogDriver: awslogs
            Options:
              'awslogs-group': !Ref AWS::StackName
              'awslogs-region': !Ref AWS::Region
              'awslogs-stream-prefix': adminer
      Volumes:
        - Name: mysql-data
Outputs:
  ClusterName:
      Value: !Ref Cluster
	AWSTemplateFormatVersion: 2010-09-09
	Parameters:
	KeyName:
	Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
	Type: 'AWS::EC2::KeyPair::KeyName'
	ConstraintDescription: must be the name of an existing EC2 KeyPair.
	DBRootPassword:
	NoEcho: 'true'
	Description: Root password for MySQL
	Type: String
	MinLength: '1'
	MaxLength: '41'
	AllowedPattern: '[a-zA-Z0-9]*'
	ConstraintDescription: must contain only alphanumeric characters.
	InstanceType:
	Description: WebServer EC2 instance type
	Type: String
	Default: t2.micro
	AllowedValues:
	- t2.micro
	ConstraintDescription: must be a valid EC2 instance type.
	SSHLocation:
	Description: ' The IP address range that can be used to SSH to the EC2 instances'
	Type: String
	MinLength: '9'
	MaxLength: '18'
	Default: 0.0.0.0/0
	AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
	ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
	Mappings:
	AWSInstanceType2Arch:
	t2.micro:
	Arch: HVM64
	AWSRegionArch2AMI:
	ap-northeast-1:
	PV64: NOT_SUPPORTED
	HVM64: ami-5add893c
	HVMG2: NOT_SUPPORTED
	Resources:
	ECSRole:
	Type: AWS::IAM::Role
	Properties:
	Path: /
	#RoleName: !Sub ecs-${AWS::StackName}
	AssumeRolePolicyDocument: \|
	{
	"Statement": [{
	"Effect": "Allow",
	"Principal": { "Service": [ "ec2.amazonaws.com" ]},
	"Action": [ "sts:AssumeRole" ]
	}]
	}
	ManagedPolicyArns:
	- arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
	InstanceProfile:
	Type: AWS::IAM::InstanceProfile
	Properties:
	Path: /
	Roles:
	- !Ref ECSRole
	WebServerInstance:
	Type: 'AWS::EC2::Instance'
	Properties:
	ImageId: !FindInMap
	- AWSRegionArch2AMI
	- !Ref 'AWS::Region'
	- !FindInMap
	- AWSInstanceType2Arch
	- !Ref InstanceType
	- Arch
	InstanceType: !Ref InstanceType
	IamInstanceProfile: !Ref InstanceProfile
	SecurityGroups:
	- !Ref WebServerSecurityGroup
	KeyName: !Ref KeyName
	UserData: !Base64
	"Fn::Base64": !Sub \|
	#!/bin/bash
	yum install -y aws-cfn-bootstrap
	echo ECS_CLUSTER=${Cluster} > /etc/ecs/ecs.config
	/opt/aws/bin/cfn-signal -e $? --region ${AWS::Region} --stack ${AWS::StackName} --resource WebServerInstance
	CreationPolicy:
	ResourceSignal:
	Timeout: PT5M
	WebServerSecurityGroup:
	Type: 'AWS::EC2::SecurityGroup'
	Properties:
	GroupDescription: Enable HTTP access via port 80
	SecurityGroupIngress:
	- IpProtocol: tcp
	FromPort: '80'
	ToPort: '80'
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: '22'
	ToPort: '22'
	CidrIp: !Ref SSHLocation
	Cluster:
	Type: AWS::ECS::Cluster
	Properties:
	ClusterName: !Ref AWS::StackName
	Service:
	Type: AWS::ECS::Service
	Properties:
	Cluster: !Ref Cluster
	DesiredCount: 1
	TaskDefinition: !Ref TaskDefinition
	TaskDefinition:
	Type: AWS::ECS::TaskDefinition
	Properties:
	ContainerDefinitions:
	- Name: mysql
	Image: percona/percona-server:5.7
	Essential: true
	Memory: 512
	MountPoints:
	- SourceVolume: mysql-data
	ContainerPath: /var/lib/mysql
	ReadOnly: false
	Environment:
	- Name: MYSQL_ROOT_PASSWORD
	Value: !Ref DBRootPassword
	LogConfiguration:
	LogDriver: awslogs
	Options:
	'awslogs-group': !Ref AWS::StackName
	'awslogs-region': !Ref AWS::Region
	'awslogs-stream-prefix': mysql
	PortMappings:
	- ContainerPort: 3306
	- Name: adminer
	Image: adminer:latest
	Essential: false
	Memory: 128
	Links:
	- mysql:mysql
	PortMappings:
	- ContainerPort: 8080
	HostPort: 80
	LogConfiguration:
	LogDriver: awslogs
	Options:
	'awslogs-group': !Ref AWS::StackName
	'awslogs-region': !Ref AWS::Region
	'awslogs-stream-prefix': adminer
	Volumes:
	- Name: mysql-data
	Outputs:
	ClusterName:
	Value: !Ref Cluster