def get_task_definition(self, security_group):
task_definition = FargateTaskDefinition(self._stack,
self._name,
memory_limit_mib=512,
cpu=256)
task_definition.add_volume(
name=DATA_VOLUME,
efs_volume_configuration=self.get_volume(security_group))
image = ContainerImage.from_asset(directory=self._config.docker_dir)
container = ContainerDefinition(
self._stack,
'obm_container',
task_definition=task_definition,
image=image,
environment=self.get_environment(),
logging=AwsLogDriver(stream_prefix=self._config.service_name),
)
container.add_mount_points(self.get_mount_point())
container.add_port_mappings(
PortMapping(container_port=HTTP_PORT, host_port=HTTP_PORT),
PortMapping(container_port=HTTPS_PORT, host_port=HTTPS_PORT),
PortMapping(container_port=SSH_PORT, host_port=SSH_PORT),
)
self._tag_it(container)
self._tag_it(task_definition)
return task_definition
def __init__(self,
scope: core.Construct,
id: str,
vpc: ec2.Vpc,
repository: ecr.Repository,
shared_context: Dict[str, Any],
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.vpc = vpc
self.model_bucket = s3.Bucket.from_bucket_name(scope=self,
id=f'{id}-model-bucket',
bucket_name=shared_context['model_bucket_name'])
self.ecs_cluster = ecs.Cluster(self,
id=f'{id}-ecs',
cluster_name='serving-ecs',
vpc=self.vpc,
container_insights=True)
self.task_definition = ecs.FargateTaskDefinition(self,
id=f'{id}-ecs-task-definition',
memory_limit_mib=shared_context['fargate_memory_limit_mb'],
cpu=shared_context['fargate_cpu_units'])
self.task_definition.add_to_task_role_policy(iam.PolicyStatement(
actions=['s3:getObject'],
effect=iam.Effect.ALLOW,
resources=[self.model_bucket.bucket_arn, self.model_bucket.bucket_arn + '/*']
))
image = ecs.ContainerImage.from_ecr_repository(repository, 'latest')
log_driver = ecs.AwsLogDriver(
stream_prefix=id,
log_retention=logs.RetentionDays.FIVE_DAYS
)
environment = {
'MODEL_BUCKET_NAME': shared_context['model_bucket_name']
}
app_container = self.task_definition.add_container(id=f'{id}-container',
image=image,
logging=log_driver,
environment=environment)
app_container.add_port_mappings(PortMapping(container_port=shared_context['port'],
host_port=shared_context['port']))
self.service = ecs_patterns.ApplicationLoadBalancedFargateService(self,
id=f'{id}-fargate-service',
assign_public_ip=True,
cluster=self.ecs_cluster,
desired_count=1,
task_definition=self.task_definition,
open_listener=True,
listener_port=shared_context['port'],
target_protocol=ApplicationProtocol.HTTP)
def __init__(
self,
scope: Construct,
id: str,
cluster: _Cluster,
shared_airflow_env: dict,
vpc: _Vpc,
**kwargs,
) -> None:
super().__init__(scope, id, **kwargs)
task_definition = FargateTaskDefinition(
self, "task-def", cpu=512, memory_limit_mib=1024
)
container = task_definition.add_container(
"container",
image=ContainerImage.from_registry("apache/airflow:1.10.12-python3.8"),
command=["webserver"],
logging=LogDriver.aws_logs(stream_prefix="webserver"),
environment=shared_airflow_env,
)
port_mapping = PortMapping(container_port=8080, host_port=8080)
container.add_port_mappings(port_mapping)
service = FargateService(
self,
"service",
cluster=cluster,
task_definition=task_definition,
)
lb = ApplicationLoadBalancer(self, "lb", vpc=vpc, internet_facing=True)
listener = lb.add_listener("public_listener", port=80, open=True)
health_check = HealthCheck(
interval=Duration.seconds(60),
path="/health",
timeout=Duration.seconds(5),
)
listener.add_targets(
"webserver",
port=8080,
targets=[service],
health_check=health_check,
)
CfnOutput(self, "LoadBalancerDNS", value=lb.load_balancer_dns_name)
def add_udp_port(self, port: int):
self.container.add_port_mappings(
PortMapping(
container_port=port,
protocol=Protocol.UDP,
))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
vpc = Vpc(self, "MyVpc", max_azs=2)
ecs_cluster = Cluster(self, 'FagateCluster', vpc=vpc)
alb = ApplicationLoadBalancer(self,
'EcsLb',
vpc=vpc,
internet_facing=True)
listener = alb.add_listener('EcsListener', port=80)
listener.add_fixed_response('Default-Fix', status_code='404')
listener.node.default_child.default_action = [{
"type": "fixed-response",
"fixedResponseConfig": {
"statusCode": "404"
}
}]
website_bucket = Bucket(self,
'PetclinicWebsite',
website_index_document='index.html',
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY)
deployment = BucketDeployment(
self,
'PetclinicDeployWebsite',
sources=[Source.asset('./spring-petclinic-static')],
destination_bucket=website_bucket,
retain_on_delete=False
#destination_key_prefix='web/static'
)
# Modify the config.js with CF custome resource
modify_policy = [
PolicyStatement(actions=[
"s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl",
"s3:GetObject"
],
effect=Effect.ALLOW,
resources=[website_bucket.bucket_arn + "/*"]),
PolicyStatement(actions=["s3:ListBucket"],
effect=Effect.ALLOW,
resources=[website_bucket.bucket_arn]),
PolicyStatement(actions=["dynamodb:*"],
effect=Effect.ALLOW,
resources=[
"arn:aws:dynamodb:" + self.region + ":" +
self.account + ":*"
])
]
with open("custom-resource-code/init.py", encoding="utf-8") as fp:
code_body = fp.read()
dynamodb_tables = []
for s in ['customers', 'vets', 'visits']:
table = Table(
self,
s.capitalize() + 'Table',
partition_key={
'name': 'id',
'type': AttributeType.STRING
},
removal_policy=core.RemovalPolicy.DESTROY,
read_capacity=5,
write_capacity=5,
)
dynamodb_tables.append(table.table_name)
asset = DockerImageAsset(
self,
'spring-petclinic-' + s,
repository_name=self.stack_name + '-' + s,
directory='./spring-petclinic-serverless/spring-petclinic-' +
s + '-serverless',
build_args={
'JAR_FILE':
'spring-petclinic-' + s + '-serverless-2.0.7.jar'
})
ecs_task = FargateTaskDefinition(self,
'TaskDef-Fargate-' + s,
memory_limit_mib=512,
cpu=256)
ecs_task.add_to_task_role_policy(
PolicyStatement(actions=["dynamodb:*"],
effect=Effect.ALLOW,
resources=[table.table_arn]))
ecs_task.add_to_task_role_policy(
PolicyStatement(actions=['xray:*'],
effect=Effect.ALLOW,
resources=['*']))
env = {
'DYNAMODB_TABLE_NAME': table.table_name,
'SERVER_SERVLET_CONTEXT_PATH': '/api/' + s.rstrip('s')
}
ecs_container = ecs_task.add_container(
'Container-' + s,
image=ContainerImage.from_docker_image_asset(asset),
logging=LogDriver.aws_logs(stream_prefix=s),
environment=env)
ecs_container.add_port_mappings(PortMapping(container_port=8080))
# Sidecare Container for X-Ray
ecs_sidecar_container = ecs_task.add_container(
'Sidecar-Xray-' + s,
image=ContainerImage.from_registry('amazon/aws-xray-daemon'))
ecs_sidecar_container.add_port_mappings(
PortMapping(container_port=2000, protocol=Protocol.UDP))
ecs_service = FargateService(self,
'FargateService-' + s,
cluster=ecs_cluster,
service_name='spring-petclinic-' + s,
desired_count=2,
task_definition=ecs_task)
parttern = '/api/' + s.rstrip('s') + '/*'
priority = randint(1, 10) * len(s)
check = HealthCheck(
path='/api/' + s.rstrip('s') + '/manage',
healthy_threshold_count=2,
unhealthy_threshold_count=3,
)
target = listener.add_targets('ECS-' + s,
path_pattern=parttern,
priority=priority,
port=80,
targets=[ecs_service],
health_check=check)
resource = CustomResource(
self,
"S3ModifyCustomResource",
provider=CustomResourceProvider.lambda_(
SingletonFunction(self,
"CustomResourceSingleton",
uuid="f7d4f730-4ee1-11e8-9c2d-fa7ae01bbebc",
code=InlineCode(code_body),
handler="index.handler",
timeout=core.Duration.seconds(300),
runtime=Runtime.PYTHON_3_7,
initial_policy=modify_policy)),
properties={
"Bucket": website_bucket.bucket_name,
"InvokeUrl": 'http://' + alb.load_balancer_dns_name + '/',
"DynamoDBTables": dynamodb_tables
})
core.CfnOutput(self,
"FagateALBUrl",
export_name="FagateALBUrl",
value=alb.load_balancer_dns_name)
core.CfnOutput(self,
"FagatePetclinicWebsiteUrl",
export_name="FagatePetclinicWebsiteUrl",
value=website_bucket.bucket_website_url)
def __init__(self, scope: core.Construct, construct_id: str,
database: timestream.CfnDatabase, table: timestream.CfnTable,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
vpc = ec2.Vpc(self, "GrafanaVpc", max_azs=2)
vpc.add_interface_endpoint(
'EFSEndpoint',
service=ec2.InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM)
vpc.add_interface_endpoint(
'SMEndpoint',
service=ec2.InterfaceVpcEndpointAwsService.SECRETS_MANAGER)
cluster = ecs.Cluster(self, "MyCluster", vpc=vpc)
file_system = efs.FileSystem(
self,
"EfsFileSystem",
vpc=vpc,
encrypted=True,
lifecycle_policy=efs.LifecyclePolicy.AFTER_14_DAYS,
performance_mode=efs.PerformanceMode.GENERAL_PURPOSE,
throughput_mode=efs.ThroughputMode.BURSTING)
access_point = efs.AccessPoint(self,
"EfsAccessPoint",
file_system=file_system,
path="/var/lib/grafana",
posix_user=PosixUser(gid="1000",
uid="1000"),
create_acl=Acl(owner_gid="1000",
owner_uid="1000",
permissions="755"))
log_group = logs.LogGroup(self,
"taskLogGroup",
retention=logs.RetentionDays.ONE_MONTH)
container_log_driver = ecs.LogDrivers.aws_logs(
stream_prefix="fargate-grafana", log_group=log_group)
task_role = iam.Role(
self,
"taskRole",
assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"))
task_role.add_to_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms", "cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData", "ec2:DescribeTags",
"ec2:DescribeInstances", "ec2:DescribeRegions",
"tag:GetResources"
],
resources=["*"]))
self.grant_timestream_read(task_role, database, table)
execution_role = iam.Role(
self,
"executionRole",
assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"))
log_group.grant_write(execution_role)
volume_name = "efsGrafanaVolume"
volume_config = ecs.Volume(
name=volume_name,
efs_volume_configuration=EfsVolumeConfiguration(
file_system_id=file_system.file_system_id,
transit_encryption="ENABLED",
authorization_config=AuthorizationConfig(
access_point_id=access_point.access_point_id)))
task_definition = ecs.FargateTaskDefinition(
self,
"TaskDef",
task_role=task_role,
execution_role=execution_role,
volumes=[volume_config])
grafana_admin_password = secretsmanager.Secret(self,
"grafanaAdminPassword")
grafana_admin_password.grant_read(task_role)
container_web = task_definition.add_container(
"grafana",
image=ecs.ContainerImage.from_registry("grafana/grafana"),
logging=container_log_driver,
environment={
"GF_INSTALL_PLUGINS": "grafana-timestream-datasource",
"GF_AWS_default_REGION": core.Aws.REGION
},
secrets={
"GF_SECURITY_ADMIN_PASSWORD":
ecs.Secret.from_secrets_manager(grafana_admin_password)
})
container_web.add_port_mappings(PortMapping(container_port=3000))
container_web.add_mount_points(
MountPoint(container_path="/var/lib/grafana",
read_only=False,
source_volume=volume_config.name))
fargate_service = ecs_patterns.ApplicationLoadBalancedFargateService(
self,
"MyFargateService",
cluster=cluster,
cpu=1024,
desired_count=1,
task_definition=task_definition,
memory_limit_mib=2048,
platform_version=ecs.FargatePlatformVersion.LATEST)
fargate_service.target_group.configure_health_check(path="/api/health")
file_system.connections.allow_default_port_from(
fargate_service.service.connections)
core.CfnOutput(self,
"GrafanaAdminSecret",
value=grafana_admin_password.secret_name,
export_name="GrafanaAdminSecret")