def create_ecs_service(self):
t = self.template
t.add_resource(
ecs.Service(
'FargateService',
DependsOn=self.listener.title,
Cluster=self.vars['ClusterName'],
DesiredCount=self.vars['DesiredCount'],
TaskDefinition=Ref(self.task_definition),
LaunchType='FARGATE',
NetworkConfiguration=ecs.NetworkConfiguration(
AwsvpcConfiguration=ecs.AwsvpcConfiguration(
Subnets=[
s.strip() for s in self.vars['Subnets'].split(',')
],
SecurityGroups=[self.vars['SecurityGroup']],
)),
LoadBalancers=[
ecs.LoadBalancer(
ContainerName=self.vars['ContainerName'],
ContainerPort=self.vars['ContainerPort'],
TargetGroupArn=Ref(self.target_group),
),
],
))
return
def configure_alb(self, t, service):
service_target_group = t.add_resource(elasticloadbalancingv2.TargetGroup(
self.resource_name_format % ('ServiceTargetGroup'),
Port=80,
Protocol="HTTP",
HealthCheckPath=self.healthcheck_path,
HealthCheckIntervalSeconds=self.healthcheck_interval,
HealthCheckTimeoutSeconds=self.healthcheck_interval - 1,
HealthyThresholdCount=2,
UnhealthyThresholdCount=5,
VpcId=ImportValue(Sub(self.imports_format % ('VpcId'))),
TargetGroupAttributes=[
elasticloadbalancingv2.TargetGroupAttribute(Key=key, Value=value)
for (key, value) in sorted(self.target_group_attributes().items())
]
))
listener_rule = t.add_resource(elasticloadbalancingv2.ListenerRule(
self.resource_name_format % ('SecureListenerRule'),
ListenerArn=ImportValue(Sub(self.imports_format % ('PublicListener' if self.public else 'InternalListener'))),
Priority=self.priority,
Actions=[elasticloadbalancingv2.Action(Type="forward", TargetGroupArn=Ref(service_target_group))],
Conditions=[elasticloadbalancingv2.Condition(Field="host-header", Values=self.domains)]
))
service.DependsOn.append(listener_rule.title)
service.LoadBalancers = [
ecs.LoadBalancer(
ContainerName=self.container_name,
ContainerPort=self.port,
TargetGroupArn=Ref(service_target_group)
)
]
def generate_load_balancers(self):
load_balancers = []
for arn in self.load_balancer_target_group_arns:
load_balancers.append(
ecs.LoadBalancer(
ContainerName=self.container_name,
ContainerPort=self.container_port,
TargetGroupArn=arn,
))
return load_balancers or NoValue
def gen_service(self):
load_balancer = ecs.LoadBalancer(
ContainerName=self.service_name,
ContainerPort=80,
TargetGroupArn=Ref(self.target_group),
)
# We put this service in public subnets because for demo purposes,
# we only created public subnets. In a real application, you would
# almost certainly put this in a private subnet.
network_configuration = ecs.NetworkConfiguration(
AwsvpcConfiguration=ecs.AwsvpcConfiguration(
AssignPublicIp="ENABLED",
Subnets=[
self.import_value("vpc", "PublicSubnet0"),
self.import_value("vpc", "PublicSubnet1"),
],
SecurityGroups=[
self.import_value("load-balancer",
"WebAppMembershipSecurityGroup"),
self.import_value("load-balancer", "WebAppSecurityGroup"),
],
))
self.service = ecs.Service(
"Service",
ServiceName=self.service_name,
Cluster=Ref(self.cluster),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MinimumHealthyPercent=100, MaximumPercent=200),
DesiredCount=1,
LaunchType="FARGATE",
LoadBalancers=[load_balancer],
NetworkConfiguration=network_configuration,
SchedulingStrategy="REPLICA",
TaskDefinition=Ref(self.task_definition),
)
self.template.add_resource(self.service)
def create_api_service_resource(template, ecs_cluster_resource, api_task_definition_resource, api_task_count_parameter,
api_tarcreate_group_resource, ecs_service_role_resource, load_balancer_listener_resource):
return template.add_resource(
ecs.Service(
'ApiService',
ServiceName='api',
Cluster=Ref(ecs_cluster_resource),
TaskDefinition=Ref(api_task_definition_resource),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MinimumHealthyPercent=100,
MaximumPercent=200
),
DesiredCount=Ref(api_task_count_parameter),
LaunchType='EC2',
LoadBalancers=[ecs.LoadBalancer(
ContainerName='api',
ContainerPort=80,
TargetGroupArn=Ref(api_tarcreate_group_resource)
)],
Role=Ref(ecs_service_role_resource),
DependsOn=[load_balancer_listener_resource]
)
)
def add_service(self, **kwargs):
port = kwargs['Port'] or None
if port:
ecs_service = ecs.Service(
kwargs['Name'] + 'service',
Cluster=Ref(kwargs['Cluster']),
TaskDefinition=Ref(kwargs['Task']),
Role=Ref(kwargs['Role']),
DesiredCount=1,
LoadBalancers=[
ecs.LoadBalancer(ContainerName=kwargs['Name'],
ContainerPort=port,
LoadBalancerName=Ref(kwargs['ELB']))
])
self.add_elb_dns_alias(kwargs['ELB'], kwargs['Name'],
kwargs['Zone'])
return (self.add_resource(ecs_service))
else:
ecs_service = ecs.Service(kwargs['Name'] + 'service',
Cluster=Ref(kwargs['Cluster']),
TaskDefinition=Ref(kwargs['Task']),
DesiredCount=1)
return (self.add_resource(ecs_service))
def main():
template = Template()
template.add_resource(
ecs.Cluster("ECSCluster", ClusterName="WorldCheckCluster"))
template.add_resource(
iam.Role("ECSTaskRole",
AssumeRolePolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ecs-tasks.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]
}))
template.add_resource(
iam.Role(
"ECSServiceSchedulerRole",
AssumeRolePolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ecs.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]
},
Policies=[
iam.Policy(PolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect":
"Allow",
"Action": [
"ec2:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets"
],
"Resource":
"*"
}]
},
PolicyName="ecs-service")
]))
template.add_resource(
iam.Role("EC2InstanceRole",
AssumeRolePolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ec2.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]
},
Policies=[
iam.Policy(PolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect":
"Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint", "ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecr:GetAuthorizationToken",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer", "ecs:Submit*",
"logs:CreateLogStream", "logs:PutLogEvents",
"ec2:DescribeTags", "cloudwatch:PutMetricData"
],
"Resource":
"*"
}]
},
PolicyName="ecs-service")
]))
template.add_resource(
iam.InstanceProfile("EC2InstanceProfile",
Roles=[Ref("EC2InstanceRole")]))
with open("user-data.sh", "r") as f:
user_data_content = f.readlines()
template.add_resource(
ec2.Instance(
"EC2Instance",
ImageId="ami-13f7226a",
InstanceType="t2.micro",
SecurityGroups=["default"],
UserData=Base64(Join('', [Sub(x) for x in user_data_content])),
IamInstanceProfile=Ref("EC2InstanceProfile"),
))
template.add_resource(
ecs.TaskDefinition(
"ECSTaskDefinition",
TaskRoleArn=Ref("ECSTaskRole"),
ContainerDefinitions=[
ecs.ContainerDefinition(
Name="SimpleServer",
Memory="128",
Image="abbas123456/simple-server:latest",
PortMappings=[ecs.PortMapping(ContainerPort=8000)],
)
]))
template.add_resource(
elb.TargetGroup(
"ECSTargetGroup",
VpcId="vpc-925497f6",
Port=8000,
Protocol="HTTP",
))
template.add_resource(
elb.LoadBalancer(
"LoadBalancer",
Subnets=["subnet-a321c8fb", "subnet-68fa271e", "subnet-689d350c"],
SecurityGroups=["sg-0202bd65"]))
template.add_resource(
elb.Listener(
"LoadBalancerListener",
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref("ECSTargetGroup"))
],
LoadBalancerArn=Ref("LoadBalancer"),
Port=80,
Protocol="HTTP",
))
template.add_resource(
ecs.Service("ECSService",
Cluster=Ref("ECSCluster"),
DesiredCount=1,
LoadBalancers=[
ecs.LoadBalancer(ContainerPort=8000,
ContainerName="SimpleServer",
TargetGroupArn=Ref("ECSTargetGroup"))
],
Role=Ref("ECSServiceSchedulerRole"),
TaskDefinition=Ref("ECSTaskDefinition"),
DependsOn="LoadBalancerListener"))
return template.to_json()
t.add_resource(
Role(
"ServiceRole",
AssumeRolePolicyDocument=Policy(Statement=[
Statement(Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service", ["ecs.amazonaws.com"]))
]),
Path="/",
ManagedPolicyArns=[
'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole'
]))
t.add_resource(
ecs.Service(
"service",
Cluster="staging-cluster2-ECSCluster-1QOGTB2P6NH1P",
DesiredCount=1,
TaskDefinition=Ref("task"),
LoadBalancers=[
ecs.LoadBalancer(
ContainerName="helloworld",
ContainerPort=3000,
TargetGroupArn=
"arn:aws:elasticloadbalancing:us-east-1:713832673520:targetgroup/stagi-Targe-TG2C4W6OI4TH/de6ec52d6c086628",
)
],
Role=Ref("ServiceRole")))
print(t.to_json())
api_service = template.add_resource(
ecs.Service(
'ApiService',
ServiceName='api',
Cluster=Ref(ecs_cluster),
TaskDefinition=Ref(api_task_definition),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MinimumHealthyPercent=100,
MaximumPercent=200
),
DesiredCount=Ref(api_task_count),
LaunchType='EC2',
LoadBalancers=[ecs.LoadBalancer(
ContainerName='api',
ContainerPort=80,
TargetGroupArn=Ref(api_target_group)
)],
Role=Ref(ecs_service_role),
DependsOn=[load_balancer_listener]
)
)
queue_worker_service = template.add_resource(
ecs.Service(
'QueueWorkerService',
ServiceName='queue-worker',
Cluster=Ref(ecs_cluster),
TaskDefinition=Ref(queue_worker_task_definition),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MinimumHealthyPercent=0,
)
)
]
))
Service = t.add_resource(ecs.Service(
"Service",
DependsOn=ALBListener,
Cluster=Ref(ECSCluster),
DesiredCount=1,
TaskDefinition=Ref(TaskDefinition),
LaunchType="FARGATE",
LoadBalancers=[
ecs.LoadBalancer(
ContainerName="nginx-container",
ContainerPort=80,
TargetGroupArn=Ref(ALBTargetGroup)
)
],
NetworkConfiguration=ecs.NetworkConfiguration(
AwsvpcConfiguration=ecs.AwsvpcConfiguration(
AssignPublicIp="ENABLED",
Subnets=[Ref(PubSubnetAz1), Ref(PubSubnetAz2)],
SecurityGroups=[Ref(TaskSecurityGroup)],
)
)
))
# Output the ALB/Service URL
t.add_output(Output(
"ALBURL",
NetworkConfiguration=ecs.
NetworkConfiguration(AwsvpcConfiguration=ecs.AwsvpcConfiguration(
AssignPublicIp='ENABLED',
SecurityGroups=[Ref(EC2SecurityGroup3)],
Subnets=['subnet-0c86eeb5d3ab2e031', 'subnet-08d3101feec0e17da'])),
SchedulingStrategy='REPLICA'))
ECSService3 = template.add_resource(
ecs.Service(
'ECSService3',
ServiceName='ws-currency-exchange-service-h2-lb',
Cluster=GetAtt(ECSCluster, 'Arn'),
LoadBalancers=[
ecs.LoadBalancer(
TargetGroupArn=
'arn:aws:elasticloadbalancing:us-east-2:445114057331:targetgroup/currencyexchangeservicetg/1d71df4075d5ad16',
ContainerName='aws-currency-exchange-service-h2-xray',
ContainerPort=8000)
],
ServiceRegistries=[
ecs.ServiceRegistry(
RegistryArn=
'arn:aws:servicediscovery:us-east-2:445114057331:service/srv-yv4x7pmjmrx6kehz'
)
],
DesiredCount=1,
LaunchType='FARGATE',
PlatformVersion='LATEST',
TaskDefinition=
'arn:aws:ecs:us-east-2:445114057331:task-definition/aws-currency-exchange-service-h2-xray:3',
DeploymentConfiguration=ecs.DeploymentConfiguration(
def main():
template = Template()
template.add_version("2010-09-09")
template.set_description("AWS CloudFormation ECS Service")
# Add the Parameters
Application = template.add_parameter(
Parameter(
"Application",
Type="String",
))
DockerImage = template.add_parameter(
Parameter(
"DockerImage",
Type="String",
))
USERNAME = template.add_parameter(Parameter(
"USERNAME",
Type="String",
))
ClusterName = template.add_parameter(
Parameter(
"ClusterName",
Type="String",
))
ContainerPort = template.add_parameter(
Parameter(
"ContainerPort",
Type="String",
))
HostPort = template.add_parameter(Parameter(
"HostPort",
Type="String",
))
HostedZoneName = template.add_parameter(
Parameter(
"HostedZoneName",
Type="String",
))
CertArn = template.add_parameter(Parameter(
"CertArn",
Type="String",
))
ExecutionRoleArn = template.add_parameter(
Parameter("ExecutionRoleArn",
Type="String",
Description="Execution Role to get creadentials from ssm"))
HealthCheckPath = template.add_parameter(
Parameter(
"HealthCheckPath",
Type="String",
))
HealthCheckIntervalSeconds = template.add_parameter(
Parameter(
"HealthCheckIntervalSeconds",
Type="String",
))
HealthyThresholdCount = template.add_parameter(
Parameter(
"HealthyThresholdCount",
Type="String",
))
HealthCheckTimeoutSeconds = template.add_parameter(
Parameter(
"HealthCheckTimeoutSeconds",
Type="String",
))
UnhealthyThresholdCount = template.add_parameter(
Parameter(
"UnhealthyThresholdCount",
Type="String",
))
VpcId = template.add_parameter(Parameter(
"VpcId",
Type="String",
))
Subnets = template.add_parameter(
Parameter(
"Subnets",
Type="List<AWS::EC2::Subnet::Id>",
))
# Add the application ELB
NetworkLB = template.add_resource(
elb.LoadBalancer("NetworkLB",
Name=Join("", [Ref(Application), "-nlb"]),
Scheme="internet-facing",
Subnets=Ref(Subnets),
Type='network'))
NlbTargetGroup = template.add_resource(
elb.TargetGroup(
"NlbTargetGroup",
Name='ecs-service-targetgroup',
HealthCheckIntervalSeconds=Ref(HealthCheckIntervalSeconds),
HealthCheckProtocol="TCP",
HealthyThresholdCount=Ref(HealthyThresholdCount),
Port=80,
Protocol="TCP",
UnhealthyThresholdCount=Ref(UnhealthyThresholdCount),
VpcId=Ref(VpcId)))
NlbListener = template.add_resource(
elb.Listener(
"Listener",
DependsOn=["NlbTargetGroup", "NetworkLB"],
Certificates=[elb.Certificate(CertificateArn=Ref(CertArn))],
Port="443",
Protocol="TLS",
LoadBalancerArn=Ref(NetworkLB),
DefaultActions=[
elb.Action(Type="forward", TargetGroupArn=Ref(NlbTargetGroup))
]))
Task_Definition = template.add_resource(
TaskDefinition(
'TaskDefinition',
Memory='500',
ExecutionRoleArn=Ref(ExecutionRoleArn),
ContainerDefinitions=[
ContainerDefinition(
Name=Join("", [Ref(Application)]),
Image=Ref(DockerImage),
Essential=True,
Secrets=[Secret(Name='USERNAME', ValueFrom=Ref(USERNAME))],
Environment=[
Environment(Name="DOCKER_LABELS", Value="true")
],
DockerLabels={
'aws-account': Ref("AWS::AccountId"),
'region': Ref("AWS::Region"),
'stack': Ref("AWS::StackName")
},
PortMappings=[
PortMapping(ContainerPort=Ref(ContainerPort),
HostPort=Ref(HostPort))
])
]))
app_service = template.add_resource(
Service("AppService",
DependsOn=["Listener", "TaskDefinition"],
Cluster=Ref(ClusterName),
DesiredCount=1,
TaskDefinition=Ref(Task_Definition),
ServiceName=Join("", [Ref(Application), "-ecs-service"]),
LoadBalancers=[
ecs.LoadBalancer(ContainerName=Join(
"", [Ref(Application)]),
ContainerPort=Ref(ContainerPort),
TargetGroupArn=Ref(NlbTargetGroup))
]))
AppDNSRecord = template.add_resource(
RecordSetType(
"AppDNSRecord",
DependsOn=["AppService"],
HostedZoneName=Join("", [Ref(HostedZoneName), "."]),
Name=Join("", [Ref(Application), ".",
Ref(HostedZoneName), "."]),
Type="CNAME",
TTL="900",
ResourceRecords=[GetAtt(NetworkLB, "DNSName")]))
template.add_output(
Output("URL",
Description="DomainName",
Value=Join("", ["https://", Ref(AppDNSRecord)])))
with open("ecs-ec2-service-cf.yaml", "w") as yamlout:
yamlout.write(template.to_yaml())
ecsservice = t.add_resource(
ecs.Service(
"service",
Cluster=ImportValue(
Join(
"-",
[Select(0, Split("-", Ref("AWS::StackName"))), "cluster-id"])),
DesiredCount=DesiredTaskCapacity,
TaskDefinition=Ref("task"),
LoadBalancers=[
ecs.LoadBalancer(
ContainerName=Select(1, Split("-", Ref("AWS::StackName"))),
ContainerPort=3000,
TargetGroupArn=ImportValue(
Join("-", [
Select(0, Split("-", Ref("AWS::StackName"))),
Select(1, Split("-", Ref("AWS::StackName"))), "tg"
]), ),
)
],
Role=Ref("ServiceRole")))
# Configure application scaling
## Start with application autoscaling role
appscalingrole = t.add_resource(
Role("ApplicationScalingRole",
AssumeRolePolicyDocument=Policy(Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
def add_resources(self):
"""Add resources to template."""
class EcsServiceWithHealthCheckGracePeriodSeconds(ecs.Service):
"""ECS Service class with HealthCheckGracePeriodSeconds added."""
props = ecs.Service.props
props['HealthCheckGracePeriodSeconds'] = (positive_integer, False)
pkg_version = pkg_resources.get_distribution('troposphere').version
if LooseVersion(pkg_version) < LooseVersion('2.1.3'):
ecs_service = EcsServiceWithHealthCheckGracePeriodSeconds
else:
ecs_service = ecs.Service
template = self.template
variables = self.get_variables()
ecstaskrole = template.add_resource(
iam.Role('EcsTaskRole',
AssumeRolePolicyDocument=get_ecs_task_assumerole_policy(),
RoleName=variables['EcsTaskRoleName'].ref))
loggroup = template.add_resource(
logs.LogGroup(
'CloudWatchLogGroup',
LogGroupName=Join('', [
'/ecs/', variables['ContainerName'].ref, '-',
variables['EnvironmentName'].ref
]),
RetentionInDays=variables['EcsCloudWatchLogRetention'].ref))
ecscontainerdef = ecs.ContainerDefinition(
Image=Join('', [
Ref('AWS::AccountId'), '.dkr.ecr.',
Ref('AWS::Region'), '.amazonaws.com/',
variables['ContainerName'].ref, '-',
variables['EnvironmentName'].ref
]),
LogConfiguration=ecs.LogConfiguration(LogDriver='awslogs',
Options={
'awslogs-group':
Ref(loggroup),
'awslogs-region':
Ref('AWS::Region'),
'awslogs-stream-prefix':
'ecs'
}),
Name=Join('-', [
variables['ContainerName'].ref,
variables['EnvironmentName'].ref
]),
PortMappings=[
ecs.PortMapping(ContainerPort=variables['ContainerPort'].ref)
])
ecstaskdef = template.add_resource(
ecs.TaskDefinition(
'EcsTaskDef',
ContainerDefinitions=[ecscontainerdef],
Cpu=variables['TaskCpu'].ref,
Memory=variables['TaskMem'].ref,
ExecutionRoleArn=variables['EcsTaskExecIamRoleArn'].ref,
TaskRoleArn=Ref(ecstaskrole),
Family=Join('-', [
variables['ContainerName'].ref,
variables['EnvironmentName'].ref
]),
NetworkMode='awsvpc',
RequiresCompatibilities=['FARGATE']))
ecscluster = template.add_resource(
ecs.Cluster('EcsCluster',
ClusterName=Join('-', [
variables['ContainerName'].ref,
variables['EnvironmentName'].ref
])))
ecsservice = template.add_resource(
ecs_service(
'EcsService',
Cluster=Join('-', [
variables['ContainerName'].ref,
variables['EnvironmentName'].ref
]),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MinimumHealthyPercent=variables['MinHealthyPercent'].ref,
MaximumPercent=variables['MaxPercent'].ref),
DesiredCount=variables['NumberOfTasks'].ref,
HealthCheckGracePeriodSeconds=variables[
'HealthCheckGracePeriod'].ref,
LaunchType='FARGATE',
LoadBalancers=[
ecs.LoadBalancer(
ContainerName=Join('-', [
variables['ContainerName'].ref,
variables['EnvironmentName'].ref
]),
ContainerPort=variables['ContainerPort'].ref,
TargetGroupArn=variables['TargetGroupArn'].ref)
],
NetworkConfiguration=ecs.NetworkConfiguration(
AwsvpcConfiguration=ecs.AwsvpcConfiguration(
SecurityGroups=variables['SgIdList'].ref,
Subnets=variables['Subnets'].ref)),
ServiceName=Join('-', [
variables['ContainerName'].ref,
variables['EnvironmentName'].ref
]),
TaskDefinition=Ref(ecstaskdef)))
template.add_output(
Output("{}Arn".format(ecstaskrole.title),
Description="ECS Task Role ARN",
Value=GetAtt(ecstaskrole, "Arn"),
Export=Export(
Sub('${AWS::StackName}-%sArn' % ecstaskrole.title))))
template.add_output(
Output("{}Name".format(ecstaskrole.title),
Description="ECS Task Role Name",
Value=Ref(ecstaskrole)))
template.add_output(
Output("{}Arn".format(ecsservice.title),
Description="ARN of the ECS Service",
Value=Ref(ecsservice),
Export=Export(
Sub('${AWS::StackName}-%sArn' % ecsservice.title))))
template.add_output(
Output("{}Name".format(ecsservice.title),
Description="Name of the ECS Service",
Value=GetAtt(ecsservice, "Name"),
Export=Export(
Sub('${AWS::StackName}-%sName' % ecsservice.title))))
template.add_output(
Output("{}Arn".format(ecscluster.title),
Description="ECS Cluster ARN",
Value=GetAtt(ecscluster, "Arn"),
Export=Export(
Sub('${AWS::StackName}-%sArn' % ecscluster.title))))
template.add_output(
Output("{}Arn".format(ecstaskdef.title),
Description="ARN of the Task Definition",
Value=Ref(ecstaskdef),
Export=Export(
Sub('${AWS::StackName}-%sArn' % ecstaskdef.title))))
def add_resources(self):
"""Add resources to template."""
class EcsServiceWithHealthCheckGracePeriodSeconds(ecs.Service):
"""ECS Service class with HealthCheckGracePeriodSeconds added."""
props = ecs.Service.props
props['HealthCheckGracePeriodSeconds'] = (positive_integer, False)
pkg_version = pkg_resources.get_distribution('troposphere').version
if LooseVersion(pkg_version) < LooseVersion('2.1.3'):
ecs_service = EcsServiceWithHealthCheckGracePeriodSeconds
else:
ecs_service = ecs.Service
template = self.template
variables = self.get_variables()
ecsservice = template.add_resource(
ecs_service(
'EcsService',
ServiceName=Join('-', [
variables['ContainerName'].ref,
variables['EnvironmentName'].ref
]),
Cluster=variables['ClusterArn'].ref,
DeploymentConfiguration=ecs.DeploymentConfiguration(
MinimumHealthyPercent=variables['MinHealthyPercent'].ref,
MaximumPercent=variables['MaxPercent'].ref),
DesiredCount=variables['NumberOfTasks'].ref,
HealthCheckGracePeriodSeconds=variables[
'HealthCheckGracePeriod'].ref,
LaunchType=variables['LaunchType'].ref,
# TODO: put an IF function or conditional here
LoadBalancers=[
ecs.LoadBalancer(
#ContainerName=Join('-', [
# variables['ContainerName'].ref,
# variables['EnvironmentName'].ref
#]),
ContainerName=variables['ContainerName'].ref,
ContainerPort=variables['ContainerPort'].ref,
TargetGroupArn=variables['TargetGroupArn'].ref)
],
# NetworkConfiguration needed for 'awsvpc' network mode
# TODO: add an 'IF' CF function or Conditional
#NetworkConfiguration=ecs.NetworkConfiguration(
# AwsvpcConfiguration=ecs.AwsvpcConfiguration(
# SecurityGroups=variables['SgIdList'].ref,
# Subnets=variables['Subnets'].ref
# )
#),
TaskDefinition=variables['TaskDefinitionArn'].ref,
))
template.add_output(
Output("{}Arn".format(ecsservice.title),
Description="ARN of the ECS Service",
Value=Ref(ecsservice),
Export=Export(
Sub('${AWS::StackName}-%sArn' % ecsservice.title))))
template.add_output(
Output("{}Name".format(ecsservice.title),
Description="Name of the ECS Service",
Value=GetAtt(ecsservice, "Name"),
Export=Export(
Sub('${AWS::StackName}-%sName' % ecsservice.title))))
ToPort=443,
GroupId=ImportValue(Sub("${AlbStack}-SgAlbPublicGroupId"))))
"""
Service definition
- Spread to several AZs for HA
- Binpack to minimize number of required hosts per AZ
"""
service = t.add_resource(
ecs.Service(
"Service",
Cluster=ImportValue(Sub("${EcsStack}-Cluster")),
DependsOn=service_role,
DesiredCount=Ref(autoscaling_min),
LoadBalancers=[
ecs.LoadBalancer(ContainerName=Ref(container_name),
ContainerPort=Ref(container_port),
TargetGroupArn=Ref(target_group)),
],
PlacementStrategies=[
ecs.PlacementStrategy(Type="spread",
Field="attribute:ecs.availability-zone"),
ecs.PlacementStrategy(Type="binpack", Field="memory"),
],
Role=Ref(service_role),
TaskDefinition=Ref(task_definition),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MaximumPercent="100", MinimumHealthyPercent="50"),
PlacementConstraints=[
ecs.PlacementConstraint(Type="distinctInstance")
],
))
def create_ecs_resources(self):
t = self.template
# Give the instances access that the Empire daemon needs.
t.add_resource(
PolicyType(
"AccessPolicy",
PolicyName="empire",
PolicyDocument=empire_policy({
"Environment":
Ref("Environment"),
"CustomResourcesTopic":
Ref("CustomResourcesTopic"),
"CustomResourcesQueue": (GetAtt("CustomResourcesQueue",
"Arn")),
"TemplateBucket":
(Join("", ["arn:aws:s3:::",
Ref("TemplateBucket"), "/*"]))
}),
Roles=[Ref("InstanceRole")]))
t.add_resource(
sns.Topic(
EVENTS_TOPIC,
DisplayName="Empire events",
Condition="CreateSNSTopic",
))
t.add_output(
Output("EventsSNSTopic",
Value=Ref(EVENTS_TOPIC),
Condition="CreateSNSTopic"))
# Add SNS Events policy if Events are enabled
t.add_resource(
PolicyType("SNSEventsPolicy",
PolicyName="EmpireSNSEventsPolicy",
Condition="EnableSNSEvents",
PolicyDocument=sns_events_policy(
If("CreateSNSTopic", Ref(EVENTS_TOPIC),
Ref("EventsSNSTopicName"))),
Roles=[Ref("InstanceRole")]))
# Add run logs policy if run logs are enabled
t.add_resource(
PolicyType("RunLogsPolicy",
PolicyName="EmpireRunLogsPolicy",
Condition="EnableCloudwatchLogs",
PolicyDocument=runlogs_policy(
If("CreateRunLogsGroup", Ref(RUN_LOGS),
Ref("RunLogsCloudwatchGroup"))),
Roles=[Ref("InstanceRole")]))
# Allow the controller to write empire events to kinesis if kinesis is
# enabled.
t.add_resource(
PolicyType("AppEventStreamPolicy",
PolicyName="EmpireAppEventStreamPolicy",
Condition="EnableAppEventStream",
PolicyDocument=logstream_policy(),
Roles=[Ref("InstanceRole")]))
t.add_resource(
ecs.TaskDefinition(
"TaskDefinition",
Volumes=[
ecs.Volume(
Name="dockerSocket",
Host=ecs.Host(SourcePath="/var/run/docker.sock")),
ecs.Volume(Name="dockerCfg",
Host=ecs.Host(SourcePath="/root/.dockercfg"))
],
ContainerDefinitions=[
ecs.ContainerDefinition(
Command=["server", "-automigrate=true"],
Name="empire",
Environment=self.get_empire_environment(),
Essential=True,
Image=Ref("DockerImage"),
MountPoints=[
ecs.MountPoint(
SourceVolume="dockerSocket",
ContainerPath="/var/run/docker.sock",
ReadOnly=False),
ecs.MountPoint(SourceVolume="dockerCfg",
ContainerPath="/root/.dockercfg",
ReadOnly=False)
],
PortMappings=[
ecs.PortMapping(HostPort=8081, ContainerPort=8081)
],
Cpu=Ref("TaskCPU"),
Memory=Ref("TaskMemory"))
]))
t.add_resource(
Role("ServiceRole",
AssumeRolePolicyDocument=get_ecs_assumerole_policy(),
Path="/",
Policies=[
Policy(PolicyName="ecs-service-role",
PolicyDocument=service_role_policy())
]))
t.add_resource(
ecs.Service(
"Service",
Cluster=Ref("ControllerCluster"),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MaximumPercent=Ref("ServiceMaximumPercent"),
MinimumHealthyPercent=Ref("ServiceMinimumHealthyPercent"),
),
DesiredCount=Ref("DesiredCount"),
LoadBalancers=[
ecs.LoadBalancer(ContainerName="empire",
ContainerPort=8081,
LoadBalancerName=Ref("LoadBalancer"))
],
Role=Ref("ServiceRole"),
TaskDefinition=Ref("TaskDefinition")))
Cluster=ImportValue(
Join("-", [
Select(0, Split("-", Ref("AWS::StackName"))),
Select(1, Split("-", Ref("AWS::StackName"))),
Select(2, Split("-", Ref("AWS::StackName"))),
Select(3, Split("-", Ref("AWS::StackName"))), "cluster-id"
])),
DesiredCount=1,
TaskDefinition=Ref("task"),
LoadBalancers=[
ecs.LoadBalancer(
ContainerName=Join("-", [
Select(0, Split("-", Ref("AWS::StackName"))),
Select(1, Split("-", Ref("AWS::StackName"))),
Select(2, Split("-", Ref("AWS::StackName")))
]),
ContainerPort=80,
TargetGroupArn=ImportValue(
Join("-", [
Select(0, Split("-", Ref("AWS::StackName"))),
Select(1, Split("-", Ref("AWS::StackName"))),
Select(2, Split("-", Ref("AWS::StackName"))),
Select(3, Split("-", Ref("AWS::StackName"))),
"alb-target-group"
]), ),
)
],
Role=Ref("ServiceRole")))
print(t.to_json())
Principal=Principal("Service", ["ecs.amazonaws.com"]))
]),
Path="/",
ManagedPolicyArns=[
'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole'
]))
t.add_resource(
ecs.Service(
"service",
Cluster=ImportValue(
Join(
"-",
[Select(0, Split("-", Ref("AWS::StackName"))), "cluster-id"])),
DesiredCount=1,
TaskDefinition=Ref("task"),
LoadBalancers=[
ecs.LoadBalancer(
ContainerName="helloworld",
ContainerPort=3000,
TargetGroupArn=ImportValue(
Join("-", [
Select(0, Split("-", Ref("AWS::StackName"))),
"alb-target-group"
]), ),
)
],
Role=Ref("ServiceRole")))
print(t.to_json())
'ToPort':
8080,
'SourceSecurityGroupId':
ImportValue(Sub('${CoreStack}-LoadBalancer-SG-ID')),
}],
))
keycloakService = t.add_resource(
ecs.Service('KeycloakService',
Cluster=ImportValue(Sub('${CoreStack}-ECS-Cluster')),
TaskDefinition=keycloakTask.Ref(),
DesiredCount=1,
LoadBalancers=[
ecs.LoadBalancer(
ContainerName='keycloak',
ContainerPort=8080,
TargetGroupArn=keycloakTargetGroup.Ref(),
)
],
NetworkConfiguration=ecs.NetworkConfiguration(
AwsvpcConfiguration=ecs.AwsvpcConfiguration(
SecurityGroups=[
ImportValue(Sub('${CoreStack}-RDS-Access-SG-ID')),
keycloakServiceSG.GetAtt('GroupId'),
],
Subnets=[ImportValue(Sub('${CoreStack}-SubnetID'))],
), )))
# Save File
with open('template.yml', 'w') as f:
