def munge_container_attributes(self):
image = ':'.join([
self.vars['ContainerImage'],
str(self.vars['ContainerImageVersion']),
])
# munge ECR image path
if self.vars['UseECR']:
image = Join(
'.', [AccountId, 'dkr.ecr', Region, 'amazonaws.com/' + image])
# set required attributes
required = dict(
Name=self.vars['ContainerName'],
Image=image,
PortMappings=[
ecs.PortMapping(
ContainerPort=self.vars['ContainerPort'],
Protocol=self.vars['ContainerProtocol'],
)
],
LogConfiguration=ecs.LogConfiguration(
LogDriver='awslogs',
Options={
'awslogs-group': Ref(self.log_group),
'awslogs-region': Region,
'awslogs-stream-prefix': self.vars['ContainerName'],
},
),
)
# deal with additional attributes
if self.vars['AdditionalContainerAttributes']:
added = self.vars['AdditionalContainerAttributes']
# deal with troposphere AWSProperty objects
if 'Environment' in added:
added['Environment'] = [
ecs.Environment(**m) for m in added['Environment']
]
if 'ExtraHosts' in added:
added['ExtraHosts'] = [
ecs.HostEntry(**m) for m in added['ExtraHosts']
]
if 'LinuxParameters' in added:
added['LinuxParameters'] = [
ecs.LinuxParameters(**m) for m in added['LinuxParameters']
]
if 'MountPoints' in added:
added['MountPoints'] = [
ecs.MountPoint(**m) for m in added['MountPoints']
]
if 'Ulimit' in added:
added['Ulimit'] = [ecs.Ulimit(**m) for m in added['Ulimit']]
if 'VolumesFrom' in added:
added['VolumesFrom'] = [
ecs.VolumesFrom(**m) for m in added['VolumesFrom']
]
# munge memory
if not 'Memory' in added and not 'MemoryReservation' in added:
added['MemoryReservation'] = self.vars['Memory']
attributes = added.copy()
else:
attributes = dict()
# merge in required attributes.
attributes.update(required)
return attributes
def create_ecs_resources(self):
t = self.template
# Give the instances access that the Empire daemon needs.
t.add_resource(
PolicyType(
"AccessPolicy",
PolicyName="empire",
PolicyDocument=empire_policy({
"Environment":
Ref("Environment"),
"CustomResourcesTopic":
Ref("CustomResourcesTopic"),
"CustomResourcesQueue": (GetAtt("CustomResourcesQueue",
"Arn")),
"TemplateBucket":
(Join("", ["arn:aws:s3:::",
Ref("TemplateBucket"), "/*"]))
}),
Roles=[Ref("InstanceRole")]))
t.add_resource(
sns.Topic(
EVENTS_TOPIC,
DisplayName="Empire events",
Condition="CreateSNSTopic",
))
t.add_output(
Output("EventsSNSTopic",
Value=Ref(EVENTS_TOPIC),
Condition="CreateSNSTopic"))
# Add SNS Events policy if Events are enabled
t.add_resource(
PolicyType("SNSEventsPolicy",
PolicyName="EmpireSNSEventsPolicy",
Condition="EnableSNSEvents",
PolicyDocument=sns_events_policy(
If("CreateSNSTopic", Ref(EVENTS_TOPIC),
Ref("EventsSNSTopicName"))),
Roles=[Ref("InstanceRole")]))
# Add run logs policy if run logs are enabled
t.add_resource(
PolicyType("RunLogsPolicy",
PolicyName="EmpireRunLogsPolicy",
Condition="EnableCloudwatchLogs",
PolicyDocument=runlogs_policy(
If("CreateRunLogsGroup", Ref(RUN_LOGS),
Ref("RunLogsCloudwatchGroup"))),
Roles=[Ref("InstanceRole")]))
# Allow the controller to write empire events to kinesis if kinesis is
# enabled.
t.add_resource(
PolicyType("AppEventStreamPolicy",
PolicyName="EmpireAppEventStreamPolicy",
Condition="EnableAppEventStream",
PolicyDocument=logstream_policy(),
Roles=[Ref("InstanceRole")]))
t.add_resource(
ecs.TaskDefinition(
"TaskDefinition",
Volumes=[
ecs.Volume(
Name="dockerSocket",
Host=ecs.Host(SourcePath="/var/run/docker.sock")),
ecs.Volume(Name="dockerCfg",
Host=ecs.Host(SourcePath="/root/.dockercfg"))
],
ContainerDefinitions=[
ecs.ContainerDefinition(
Command=["server", "-automigrate=true"],
Name="empire",
Environment=self.get_empire_environment(),
Essential=True,
Image=Ref("DockerImage"),
MountPoints=[
ecs.MountPoint(
SourceVolume="dockerSocket",
ContainerPath="/var/run/docker.sock",
ReadOnly=False),
ecs.MountPoint(SourceVolume="dockerCfg",
ContainerPath="/root/.dockercfg",
ReadOnly=False)
],
PortMappings=[
ecs.PortMapping(HostPort=8081, ContainerPort=8081)
],
Cpu=Ref("TaskCPU"),
Memory=Ref("TaskMemory"))
]))
t.add_resource(
Role("ServiceRole",
AssumeRolePolicyDocument=get_ecs_assumerole_policy(),
Path="/",
Policies=[
Policy(PolicyName="ecs-service-role",
PolicyDocument=service_role_policy())
]))
t.add_resource(
ecs.Service(
"Service",
Cluster=Ref("ControllerCluster"),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MaximumPercent=Ref("ServiceMaximumPercent"),
MinimumHealthyPercent=Ref("ServiceMinimumHealthyPercent"),
),
DesiredCount=Ref("DesiredCount"),
LoadBalancers=[
ecs.LoadBalancer(ContainerName="empire",
ContainerPort=8081,
LoadBalancerName=Ref("LoadBalancer"))
],
Role=Ref("ServiceRole"),
TaskDefinition=Ref("TaskDefinition")))