def create_alb_cert(stack, name, certificate_arn, listener_arn, condition_field=""): """Add Alb Certificate Resource.""" return stack.stack.add_resource(alb.ListenerCertificate('{0}ListenerCert'.format(name), Condition=condition_field, Certificates=[alb.Certificate('{0}Cert'.format(name), CertificateArn=certificate_arn)], ListenerArn=listener_arn))
def add_listener(self, template): # Choose proper certificate source ?-> always acm? acm_cert = Join("", [ "arn:aws:acm:", Ref("AWS::Region"), ":", Ref("AWS::AccountId"), ":certificate/", Ref("ALBCertName") ]) # We probably don't need this code for an IAM Cert iam_cert = Join("", [ "arn:aws:iam::", Ref("AWS::AccountId"), ":server-certificate/", Ref("ALBCertName") ]) cert_id = If("UseIAMCert", iam_cert, acm_cert) alb_name = ALB_NAME with_ssl = alb.Listener( ALB_LISTENER % self.name, Port="443", Protocol="HTTPS", LoadBalancerArn=Ref(alb_name), DefaultActions=[ alb.Action(Type="forward", TargetGroupArn=Ref(TARGET_GROUP_DEFAULT)) ], Certificates=[alb.Certificate(CertificateArn=cert_id)]) template.add_resource(with_ssl) template.add_output(Output("IAlbListener", Value=with_ssl.Ref()))
def elbv2_listener(self, name, lb_arn, protocol, port, default_actions, ssl_policy="", cert_arns=[]): """ Creates an ELBv2 listener :param name: Name of the listener :param lb_arn: ARN of the LB :param protocol: protocol to use - ALB -> (HTTP, HTTPS), NLB -> (TLS, TCP) :param port: Port to listen on :param default_actions: Actions array :param ssl_policy: SSL Policy :param cert_arns: ARN of SSL certs, if applicable :return: ELB Listener CFN object """ certificates = [] for arn in cert_arns: certificates.append(elbv2.Certificate(CertificateArn=arn)) listener = elbv2.Listener(name, LoadBalancerArn=lb_arn, Port=port, Protocol=protocol, Certificates=certificates, SslPolicy=ssl_policy, DefaultActions=default_actions) self.template.add_resource(listener) return listener
def add_resources(self): """Add resources to template.""" template = self.template variables = self.get_variables() template.add_condition( 'ProtoIsHttps', Equals(variables['ListeningProtocol'].ref, 'HTTPS')) listener = template.add_resource( elasticloadbalancingv2.Listener( 'AlbListener', Certificates=If('ProtoIsHttps', [ elasticloadbalancingv2.Certificate( CertificateArn=variables['AcmCertArn'].ref) ], Ref('AWS::NoValue')), DefaultActions=[ elasticloadbalancingv2.Action( TargetGroupArn=variables['DefaultTargetGroupArn'].ref, Type='forward') ], LoadBalancerArn=variables['AlbArn'].ref, Port=variables['ListeningPort'].ref, Protocol=variables['ListeningProtocol'].ref, SslPolicy=If('ProtoIsHttps', variables['SslPolicy'].ref, Ref('AWS::NoValue')))) template.add_output( Output("{}Arn".format(listener.title), Description="ARN of the Listener", Value=Ref(listener), Export=Export( Sub('${AWS::StackName}-%sArn' % listener.title))))
def create_alb_listener(stack, name, alb_arn, target_group, port=443, protocol='HTTPS', certificates=[], condition_field=''): """Add ALB Listener Resource.""" certificate_arns = [ alb.Certificate('{0}Cert'.format(name), CertificateArn=certificate_arn) for certificate_arn in certificates ] return stack.stack.add_resource( alb.Listener('{0}Listener'.format(name), Condition=condition_field, Port=port, Protocol=protocol, Certificates=certificate_arns, LoadBalancerArn=alb_arn, DefaultActions=[ alb.Action(Type='forward', TargetGroupArn=target_group) ]))
def create_loadbalancer(): return [ elb.LoadBalancer( 'tlsFrontend', SecurityGroups=[Ref('secgrpLoadBalancer')], Subnets=[Ref('subnetA'), Ref('subnetB')], Tags=_tags(), ), elb.Listener( 'tlsFrontendListener', Certificates=[ elb.Certificate(CertificateArn=Ref('certificateArn')), ], DefaultActions=[ elb.Action(TargetGroupArn=Ref('tlsFrontendApplication'), Type='forward'), ], LoadBalancerArn=Ref('tlsFrontend'), Port=443, Protocol='HTTPS', ), elb.ListenerRule( 'tlsFrontendJenkinsRule', Actions=[ elb.Action(TargetGroupArn=Ref('tlsFrontendJenkins'), Type='forward'), ], Conditions=[ elb.Condition(Field='host-header', Values=[_subdomain_for_jenkins()]), ], ListenerArn=Ref('tlsFrontendListener'), Priority=1, ), elb.TargetGroup( 'tlsFrontendApplication', HealthCheckIntervalSeconds=300, HealthCheckPath='/health', Port=80, Protocol='HTTP', Tags=_tags(), Targets=[ elb.TargetDescription(Id=Ref('devserver'), Port=80), ], VpcId=Ref('vpc'), ), elb.TargetGroup( 'tlsFrontendJenkins', HealthCheckIntervalSeconds=300, HealthCheckPath='/robots.txt', Port=8080, Protocol='HTTP', Tags=_tags(), Targets=[ elb.TargetDescription(Id=Ref('devserver'), Port=8080), ], VpcId=Ref('vpc'), ), ]
def add_alb(self, template, provision_refs, instances): alb = template.add_resource( elb.LoadBalancer( 'ALB', LoadBalancerAttributes=[ elb.LoadBalancerAttributes( Key='idle_timeout.timeout_seconds', Value='3600') ], Subnets=provision_refs.subnets, Type='application', Scheme='internet-facing', IpAddressType='ipv4', SecurityGroups=[provision_refs.security_group_alb])) default_target_group = template.add_resource( elb.TargetGroup( 'DefaultTargetGroup', Port=46658, Protocol='HTTP', Targets=[ elb.TargetDescription(Id=Ref(instance)) for instance in instances ], HealthCheckProtocol='HTTP', HealthCheckPath='/rpc', TargetGroupAttributes=[ elb.TargetGroupAttribute(Key='stickiness.enabled', Value='true'), elb.TargetGroupAttribute(Key='stickiness.type', Value='lb_cookie'), elb.TargetGroupAttribute( Key='stickiness.lb_cookie.duration_seconds', Value='86400'), ], VpcId=provision_refs.vpc)) template.add_resource( elb.Listener( 'ALBListener', DefaultActions=[ elb.Action('DefaultAction', Type='forward', TargetGroupArn=Ref(default_target_group)) ], LoadBalancerArn=Ref(alb), Port=46658, Protocol='HTTPS', SslPolicy='ELBSecurityPolicy-TLS-1-2-2017-01', Certificates=[ elb.Certificate( CertificateArn= 'arn:aws:acm:us-east-1:489745816517:certificate/' 'fbb68210-264e-4340-9c5c-a7687f993579') ])) provision_refs.alb = alb
def __init__(self, title, **kwargs): super().__init__(title, **kwargs) self.Certificates = [ elbv2.Certificate( CertificateArn=If('LoadBalancerSslCertificateAdHoc', Ref('CertificateLoadBalancerAdHocExternal'), get_endvalue('RegionalCertificateArn'))) ] self.Port = get_endvalue('ListenerLoadBalancerHttpsPort') self.Protocol = 'HTTPS' self.SslPolicy = get_endvalue('ListenerLoadBalancerSslPolicy')
def create_load_balancer_listener_resource(template, load_balancer_resource, api_tarcreate_group_resource, certificate_arn_parameter): return template.add_resource( elb.Listener( 'LoadBalancerListener', LoadBalancerArn=Ref(load_balancer_resource), Port=443, Protocol='HTTPS', DefaultActions=[ elb.Action(Type='forward', TargetGroupArn=Ref(api_tarcreate_group_resource)) ], Certificates=[ elb.Certificate(CertificateArn=Ref(certificate_arn_parameter)) ]))
def create_listener(self): t = self.template listener = t.add_resource( elb.Listener( "Listener", Port=self.vars['ListenerPort'], Protocol=self.protocol, LoadBalancerArn=self.vars['LoadBalancerArn'], DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref(self.target_group)) ], Certificates=[ elb.Certificate(CertificateArn=cert_arn) for cert_arn in self.vars['Certificates'] ], )) return listener
], )) application_load_balancer = template.add_resource(LoadBalancer( 'ApplicationLoadBalancer', Subnets=[ loadbalancer_a_subnet, loadbalancer_b_subnet, ], SecurityGroups=[Ref(load_balancer_security_group)], )) application_listener = template.add_resource(Listener( 'ApplicationListener', Certificates=[elasticloadbalancingv2.Certificate( CertificateArn=acm_cluster_certificate_arn, )], LoadBalancerArn=Ref(application_load_balancer), Protocol='HTTPS', Port=443, DefaultActions=[Action( TargetGroupArn=Ref(application_target_group), Type='forward', )] )) # ECS cluster cluster = template.add_resource(Cluster( "Cluster", ))
) ) load_balancer_listener = template.add_resource( elb.Listener( 'LoadBalancerListener', LoadBalancerArn=Ref(load_balancer), Port=443, Protocol='HTTPS', DefaultActions=[elb.Action( Type='forward', TargetGroupArn=Ref(api_target_group) )], Certificates=[ elb.Certificate( CertificateArn=Ref(certificate_arn) ) ] ) ) # Create the ECS services. ecs_service_role = template.add_resource( iam.Role( 'ECSServiceRole', AssumeRolePolicyDocument={ 'Version': '2012-10-17', 'Statement': [ { 'Action': 'sts:AssumeRole', 'Effect': 'Allow',
LoadBalancerArn=Ref(load_balancer), Port='80', Protocol='HTTP', )) https_listener = t.add_resource( elbv2.Listener('HttpsListener', DefaultActions=[ elbv2.Action(TargetGroupArn=Ref(targetgroup), Type='forward') ], LoadBalancerArn=Ref(load_balancer), Port='443', Protocol='HTTPS', Certificates=[ elbv2.Certificate(CertificateArn=Ref(param_certificate)) ])) # # Output # t.add_output([ Output( 'LoadBalancerName', Description='The name of the Application load balancer', Value=GetAtt(load_balancer, 'LoadBalancerName'), ), Output( 'LoadBalancerFullName', Description='The full name of the Application load balancer', Value=GetAtt(load_balancer, 'LoadBalancerFullName'),
def add_ec2(self, ami_name, instance_type, asg_size, cidr, hosted_zone): """ Helper method creates ingress given a source cidr range and a set of ports @param ami_name [string] Name of the AMI for launching the app @param instance_type [string] Instance for the application @param asg_size [int] Sets the size of the asg @param cidr [string] Range of addresses for this vpc @param hosted_zone [string] Name of the hosted zone the elb will be mapped to """ print "Creating EC2" self.internal_security_group = self.add_sg_with_cidr_port_list( "ASGSG", "Security Group for EC2", 'vpcId', cidr, [{"443": "443"}, {"80": "80"}] ) self.public_lb_security_group = self.add_sg_with_cidr_port_list( "ELBSG", "Security Group for accessing EC2 publicly", 'vpcId', '0.0.0.0/0', [{"443": "443"}] ) name = self.env_name.replace('-', '') public_subnet_count = len(self._subnets.get('public').get('public')) public_subnets = [{'Ref': x} for x in ["publicAZ%d" % n for n in range(0, public_subnet_count)]] public_alb = self.add_resource(alb.LoadBalancer( "PublicALB", Scheme='internet-facing', Subnets=public_subnets, SecurityGroups=[Ref(sg) for sg in [self.public_lb_security_group]] )) target_group = self.add_resource(alb.TargetGroup( "AppTargetGroup80", Port=80, Protocol="HTTP", VpcId=self.vpc_id )) certificate = 'arn:aws:acm:us-east-1:422548007577:certificate/d9b8fbd2-13bb-4d6e-aba4-53061b1580f9' alb_ssl_listener = self.add_resource(alb.Listener( "ALBListner", Port=443, Certificates=[alb.Certificate(CertificateArn=certificate)], Protocol="HTTPS", DefaultActions=[alb.Action( Type="forward", TargetGroupArn=Ref(target_group))], LoadBalancerArn=Ref(public_alb) )) self.add_elb_dns_alias(public_alb, '', hosted_zone) policies = ['cloudwatchlogs'] policies_for_profile = [self.get_policy(policy, 'EC2') for policy in policies] asg = self.add_asg( "EC2", min_size=asg_size, max_size=6, ami_name=ami_name, # load_balancer=public_elb, instance_profile=self.add_instance_profile(name, policies_for_profile, name), instance_type=instance_type, security_groups=['commonSecurityGroup', Ref(self.internal_security_group)], subnet_layer='private', update_policy=UpdatePolicy( AutoScalingRollingUpdate=AutoScalingRollingUpdate( PauseTime='PT5M', MinInstancesInService=1, # The maximum number of instances that are terminated at a given time, left at 1 to ease into updates. # Can be increased at a later time MaxBatchSize='1' ) ), user_data=Base64(Join('', [ '#!/bin/bash\n', 'echo Good to go' ]))) asg.resource['Properties']['TargetGroupARNs'] = [Ref(target_group)] # Cluster Memory Scaling policies asg_scale_up_policy = self.add_resource( autoscaling.ScalingPolicy( name + 'ScaleUpPolicy', AdjustmentType='ChangeInCapacity', AutoScalingGroupName=Ref(asg), Cooldown=300, ScalingAdjustment=1 ) ) # ELB latency above a threshold self.add_resource( cloudwatch.Alarm( name + 'LatencyHigh', MetricName='Latency', ComparisonOperator='GreaterThanThreshold', Period=300, EvaluationPeriods=1, Statistic='Average', Namespace='AWS/ELB', AlarmDescription=name + 'LatencyHigh', Dimensions=[cloudwatch.MetricDimension(Name='LoadBalancerName', Value=Ref(public_alb))], Threshold='6', AlarmActions=[ Ref(asg_scale_up_policy), 'arn:aws:sns:us-east-1:422548007577:notify-pat' ] ) )
])), )) t.add_resource( elb.Listener( "HTTPSListener", Port="443", Protocol="HTTPS", LoadBalancerArn=Ref("LoadBalancer"), DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref("TargetGroup")) ], # SSL certificate for https. Certificates=[ elb.Certificate( CertificateArn= "arn:aws:acm:ap-northeast-2:540379673889:certificate/3202b1b0-7446-420e-99d2-4b175ecd6310" ) ])) t.add_resource( elb.Listener("HTTPListener", Port="80", Protocol="HTTP", LoadBalancerArn=Ref("LoadBalancer"), DefaultActions=[ elb.Action(Type="redirect", RedirectConfig=elb.RedirectConfig( Protocol='HTTPS', StatusCode='HTTP_301', Port='443', ))
"cluster-vpc-id"] ) ), )) t.add_resource(elb.Listener( "HTTPSListener", Port="443", Protocol="HTTPS", LoadBalancerArn=Ref("LoadBalancer"), DefaultActions=[elb.Action( Type="forward", TargetGroupArn=Ref("TargetGroup") )], # SSL certificate for https. Certificates=[elb.Certificate( CertificateArn="arn:aws:acm:ap-northeast-2:772278550552:certificate/8115428d-f80c-428b-a36e-5a1997f435cf")] )) t.add_resource(elb.Listener( "HTTPListener", Port="80", Protocol="HTTP", LoadBalancerArn=Ref("LoadBalancer"), DefaultActions=[elb.Action( Type="redirect", RedirectConfig=elb.RedirectConfig( Protocol='HTTPS', StatusCode='HTTP_301', Port='443', ) )]
def generate_app_load_balancer(self, lb_name, typ, port, cert_arn, log_bucket): lb_name = self.cfn_name(lb_name) if len(lb_name) >= 32: alb_name = lb_name[0:31] else: alb_name = lb_name if len(lb_name + 'TG') >= 32: tg_name = '{}TG'.format(lb_name[0:29]) else: tg_name = '{}TG'.format(lb_name) if typ not in ['internal', 'internet-facing']: raise NameError("Load balancer type must be of type internal, internet-facing") # Use the system security groups (automatic) if internal, else use the limited external security group sg = self.security_groups if typ == 'internal' else [Ref(self.elb_external_security_group)] _alb = elasticloadbalancingv2.LoadBalancer( alb_name, Name=alb_name, IpAddressType='ipv4', LoadBalancerAttributes=[ elasticloadbalancingv2.LoadBalancerAttributes( Key='access_logs.s3.enabled', Value='true' ), elasticloadbalancingv2.LoadBalancerAttributes( Key='access_logs.s3.bucket', Value=log_bucket ), elasticloadbalancingv2.LoadBalancerAttributes( Key='access_logs.s3.prefix', Value="ELB/{}/{}".format(self.env, lb_name) ), elasticloadbalancingv2.LoadBalancerAttributes( Key='deletion_protection.enabled', Value='false' ), elasticloadbalancingv2.LoadBalancerAttributes( Key='idle_timeout.timeout_seconds', Value='60' ), elasticloadbalancingv2.LoadBalancerAttributes( Key='routing.http.drop_invalid_header_fields.enabled', Value='false' ), elasticloadbalancingv2.LoadBalancerAttributes( Key='routing.http2.enabled', Value='true' ) ], Scheme=typ, SecurityGroups=sg, Subnets=[s['SubnetId'] for s in self.get_subnets('private' if typ == 'internal' else 'public')], Type='application', Tags=self.get_tags( service_override="InternalALB" if typ == 'internal' else "ExternalALB", role_override=lb_name ) + [ec2.Tag('Name', lb_name)] ) _target_group = elasticloadbalancingv2.TargetGroup( tg_name, Name=tg_name, HealthCheckIntervalSeconds=30, HealthCheckPath='/ping', HealthCheckPort=port, HealthCheckProtocol='HTTP', HealthCheckTimeoutSeconds=5, HealthyThresholdCount=5, UnhealthyThresholdCount=2, Matcher=elasticloadbalancingv2.Matcher( HttpCode='200' ), Port=port, Protocol='HTTP', TargetGroupAttributes=[ elasticloadbalancingv2.TargetGroupAttribute( Key='deregistration_delay.timeout_seconds', Value='300' ), elasticloadbalancingv2.TargetGroupAttribute( Key='stickiness.enabled', Value='false' ), elasticloadbalancingv2.TargetGroupAttribute( Key='stickiness.type', Value='lb_cookie' ), elasticloadbalancingv2.TargetGroupAttribute( Key='load_balancing.algorithm.type', Value='least_outstanding_requests' ) ], TargetType='instance', VpcId=self.vpc_id, Tags=self.get_tags( service_override="InternalALB" if typ == 'internal' else "ExternalALB", role_override=lb_name ) + [ec2.Tag('Name', '{}TG'.format(lb_name))] ) _listener_80 = self.add_resource(elasticloadbalancingv2.Listener( '{}80Listener'.format(lb_name), Port='80', Protocol='HTTP', LoadBalancerArn=Ref(_alb), DefaultActions=[ elasticloadbalancingv2.Action( Type='redirect', RedirectConfig=elasticloadbalancingv2.RedirectConfig( Host='#{host}', Path='/#{path}', Port='443', Protocol='HTTPS', Query='#{query}', StatusCode='HTTP_301' ) ) ], )) _listener_443 = self.add_resource(elasticloadbalancingv2.Listener( '{}443Listener'.format(lb_name), Port='443', Protocol='HTTPS', LoadBalancerArn=Ref(_alb), SslPolicy='ELBSecurityPolicy-2016-08', Certificates=[ elasticloadbalancingv2.Certificate( CertificateArn=cert_arn ) ], DefaultActions=[ elasticloadbalancingv2.Action( Type='forward', TargetGroupArn=Ref(_target_group) ) ], )) return _alb, _target_group
def main(): template = Template() template.add_version("2010-09-09") template.set_description("AWS CloudFormation ECS Service") # Add the Parameters Application = template.add_parameter( Parameter( "Application", Type="String", )) DockerImage = template.add_parameter( Parameter( "DockerImage", Type="String", )) USERNAME = template.add_parameter(Parameter( "USERNAME", Type="String", )) ClusterName = template.add_parameter( Parameter( "ClusterName", Type="String", )) ContainerPort = template.add_parameter( Parameter( "ContainerPort", Type="String", )) HostPort = template.add_parameter(Parameter( "HostPort", Type="String", )) HostedZoneName = template.add_parameter( Parameter( "HostedZoneName", Type="String", )) CertArn = template.add_parameter(Parameter( "CertArn", Type="String", )) ExecutionRoleArn = template.add_parameter( Parameter("ExecutionRoleArn", Type="String", Description="Execution Role to get creadentials from ssm")) HealthCheckPath = template.add_parameter( Parameter( "HealthCheckPath", Type="String", )) HealthCheckIntervalSeconds = template.add_parameter( Parameter( "HealthCheckIntervalSeconds", Type="String", )) HealthyThresholdCount = template.add_parameter( Parameter( "HealthyThresholdCount", Type="String", )) HealthCheckTimeoutSeconds = template.add_parameter( Parameter( "HealthCheckTimeoutSeconds", Type="String", )) UnhealthyThresholdCount = template.add_parameter( Parameter( "UnhealthyThresholdCount", Type="String", )) VpcId = template.add_parameter(Parameter( "VpcId", Type="String", )) Subnets = template.add_parameter( Parameter( "Subnets", Type="List<AWS::EC2::Subnet::Id>", )) # Add the application ELB NetworkLB = template.add_resource( elb.LoadBalancer("NetworkLB", Name=Join("", [Ref(Application), "-nlb"]), Scheme="internet-facing", Subnets=Ref(Subnets), Type='network')) NlbTargetGroup = template.add_resource( elb.TargetGroup( "NlbTargetGroup", Name='ecs-service-targetgroup', HealthCheckIntervalSeconds=Ref(HealthCheckIntervalSeconds), HealthCheckProtocol="TCP", HealthyThresholdCount=Ref(HealthyThresholdCount), Port=80, Protocol="TCP", UnhealthyThresholdCount=Ref(UnhealthyThresholdCount), VpcId=Ref(VpcId))) NlbListener = template.add_resource( elb.Listener( "Listener", DependsOn=["NlbTargetGroup", "NetworkLB"], Certificates=[elb.Certificate(CertificateArn=Ref(CertArn))], Port="443", Protocol="TLS", LoadBalancerArn=Ref(NetworkLB), DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref(NlbTargetGroup)) ])) Task_Definition = template.add_resource( TaskDefinition( 'TaskDefinition', Memory='500', ExecutionRoleArn=Ref(ExecutionRoleArn), ContainerDefinitions=[ ContainerDefinition( Name=Join("", [Ref(Application)]), Image=Ref(DockerImage), Essential=True, Secrets=[Secret(Name='USERNAME', ValueFrom=Ref(USERNAME))], Environment=[ Environment(Name="DOCKER_LABELS", Value="true") ], DockerLabels={ 'aws-account': Ref("AWS::AccountId"), 'region': Ref("AWS::Region"), 'stack': Ref("AWS::StackName") }, PortMappings=[ PortMapping(ContainerPort=Ref(ContainerPort), HostPort=Ref(HostPort)) ]) ])) app_service = template.add_resource( Service("AppService", DependsOn=["Listener", "TaskDefinition"], Cluster=Ref(ClusterName), DesiredCount=1, TaskDefinition=Ref(Task_Definition), ServiceName=Join("", [Ref(Application), "-ecs-service"]), LoadBalancers=[ ecs.LoadBalancer(ContainerName=Join( "", [Ref(Application)]), ContainerPort=Ref(ContainerPort), TargetGroupArn=Ref(NlbTargetGroup)) ])) AppDNSRecord = template.add_resource( RecordSetType( "AppDNSRecord", DependsOn=["AppService"], HostedZoneName=Join("", [Ref(HostedZoneName), "."]), Name=Join("", [Ref(Application), ".", Ref(HostedZoneName), "."]), Type="CNAME", TTL="900", ResourceRecords=[GetAtt(NetworkLB, "DNSName")])) template.add_output( Output("URL", Description="DomainName", Value=Join("", ["https://", Ref(AppDNSRecord)]))) with open("ecs-ec2-service-cf.yaml", "w") as yamlout: yamlout.write(template.to_yaml())
load_balancer_https_listener_resource = template.add_resource( elb.Listener( 'LoadBalancerListener', LoadBalancerArn=Ref(load_balancer_resource), Port=443, Protocol='HTTPS', DefaultActions=[ elb.Action( Type='forward', TargetGroupArn=Ref(api_target_group_resource) ) ], Certificates=[ elb.Certificate( CertificateArn=Ref(certificate_arn_parameter) ) ] ) ) ecs_service_role_resource = template.add_resource( iam.Role( 'ECSServiceRole', AssumeRolePolicyDocument={ 'Version': '2012-10-17', 'Statement': [ { 'Action': 'sts:AssumeRole', 'Effect': 'Allow', 'Principal': {
def define_load_balancer(template, sg): alb_target_group_80 = elb.TargetGroup( stack_name_strict + "TG80", Tags=Tags(Name=stack_name, Custo=app_name), HealthCheckPath=Ref(alb_health_check_path), HealthCheckIntervalSeconds="30", HealthCheckProtocol="HTTP", HealthCheckTimeoutSeconds="10", HealthyThresholdCount="3", Matcher=elb.Matcher(HttpCode="301"), Port=80, Protocol="HTTP", UnhealthyThresholdCount="2", VpcId=Ref(vpc_id)) template.add_resource(alb_target_group_80) alb_target_group_9090 = elb.TargetGroup( stack_name_strict + "TG9090", Tags=Tags(Name=stack_name, Custo=app_name), HealthCheckPath=Ref(alb_health_check_path), HealthCheckIntervalSeconds="30", HealthCheckProtocol="HTTP", HealthCheckTimeoutSeconds="10", HealthyThresholdCount="3", Matcher=elb.Matcher(HttpCode="200"), Port=9090, Protocol="HTTP", UnhealthyThresholdCount="2", VpcId=Ref(vpc_id)) template.add_resource(alb_target_group_9090) alb = elb.LoadBalancer(stack_name_strict + "ALB", Tags=Tags(Name=stack_name, Custo=app_name), Scheme="internet-facing", Subnets=[Ref(subnet_id1), Ref(subnet_id2)], SecurityGroups=[Ref(sg)]) template.add_resource(alb) alb_listener_80 = elb.Listener( stack_name_strict + "ListenerALB80", Port=80, Protocol="HTTP", LoadBalancerArn=Ref(alb), DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref(alb_target_group_80)) ]) template.add_resource(alb_listener_80) alb_listener_443 = elb.Listener( stack_name_strict + "ListenerALB443", Port=443, Protocol="HTTPS", Certificates=[ elb.Certificate(CertificateArn=Ref(ssl_certificate_arn)) ], LoadBalancerArn=Ref(alb), DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref(alb_target_group_9090)) ]) template.add_resource(alb_listener_443) return { "loadbalancer": alb, "alb_target_group_80": alb_target_group_80, "alb_target_group_9090": alb_target_group_9090, "alb_listener_80": alb_listener_80, "alb_listener_9090": alb_listener_443 }