def add_container(self, **kwargs): container = {} container['Name'] = kwargs['Name'] container['Image'] = kwargs['Image'] container['Memory'] = kwargs['Memory'] container['Priviledge'] = kwargs['Privileged'] or False port_mapping = kwargs['PortMappings'] or None mountpoint_count_dict = kwargs['MountPoints'] or None environment_vars = kwargs['Environment'] or None volume_count_dict = kwargs['Volumes'] or None ecs_container_def = self.add_container_def(container) if environment_vars: ecs_container_def.properties['Environment'] = environment_vars if port_mapping: ecs_container_def.properties['PortMappings'] = port_mapping if mountpoint_count_dict: ecs_container_def.properties['MountPoints'] = [ mountpoint_count_dict[0] ] ecs_task = ecs.TaskDefinition(container['Name'] + 'Task', ContainerDefinitions=[ecs_container_def]) if volume_count_dict: ecs_task.properties['Volumes'] = [volume_count_dict[0]] return (self.add_resource(ecs_task))
def gen_task_definition(self): log_configuration = ecs.LogConfiguration( LogDriver="awslogs", Options={ "awslogs-group": self.log_group_name, "awslogs-region": Ref("AWS::Region"), "awslogs-stream-prefix": self.service_name, }, ) container_definition = ecs.ContainerDefinition( Name=self.service_name, Image=self.get_service_image(), PortMappings=[ecs.PortMapping(ContainerPort=80, Protocol="tcp")], LogConfiguration=log_configuration, Essential=True, ) self.task_definition = ecs.TaskDefinition( "TasDefinition", Family="conducto-demo-family", ExecutionRoleArn=Ref(self.execution_role), TaskRoleArn=Ref(self.task_role), NetworkMode="awsvpc", RequiresCompatibilities=["FARGATE"], Cpu=f"0.25 vCPU", Memory="0.5 GB", ContainerDefinitions=[container_definition], ) self.template.add_resource(self.task_definition)
def test_fargate_launch_type(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, PlacementStrategies=[ecs.PlacementStrategy(Type="random", )], LaunchType='FARGATE', NetworkConfiguration=ecs.NetworkConfiguration( AwsVpcConfiguration=ecs.AwsVpcConfiguration( AssignPublicIp='DISABLED', SecurityGroups=['sg-1234'], Subnets=['subnet-1234'])), PlacementConstraints=[ ecs.PlacementConstraint(Type="distinctInstance", ) ], TaskDefinition=Ref(task_definition), ) ecs_service.to_dict()
def test_allow_placement_strategy_constraint(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, PlacementStrategies=[ ecs.PlacementStrategy( Type="random", ) ], PlacementConstraints=[ ecs.PlacementConstraint( Type="distinctInstance", ) ], TaskDefinition=Ref(task_definition), ) ecs_service.to_dict()
def create_task_definition(self): t = self.template self.task_definition = t.add_resource( ecs.TaskDefinition("TaskDefinition", **self.generate_task_definition_kwargs())) self.add_output("TaskDefinitionArn", self.task_definition.Ref())
def test_valid_data(self): t = Template() cd = ecs.ContainerDefinition.from_dict("mycontainer", self.d) self.assertEquals(cd.Links[0], "containerA") td = ecs.TaskDefinition("taskdef", ContainerDefinitions=[cd], Volumes=[ecs.Volume(Name="myvol")], TaskRoleArn=Ref(iam.Role("myecsrole"))) t.add_resource(td) t.to_json()
def ECS_TaskDefinition(key): for n, v in getattr(cfg, key).items(): if not v.get("IBOX_ENABLED", True): continue mapname = f"{key}{n}" # Resources R_TaskDefinition = ecs.TaskDefinition(mapname) auto_get_props(R_TaskDefinition) R_TaskDefinition.ContainerDefinitions = ECS_ContainerDefinition() add_obj([R_TaskDefinition])
def test_allow_string_task_role_arn(self): task_definition = ecs.TaskDefinition("mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], TaskRoleArn="myiamrole") task_definition.JSONrepr()
def test_allow_ref_task_role_arn(self): task_definition = ecs.TaskDefinition("mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], TaskRoleArn=Ref( iam.Role("myRole"))) task_definition.to_dict()
def test_task_role_arn_is_optional(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], ) task_definition.JSONrepr()
def create_queue_worker_task_definition_resource(template, queue_worker_task_definition_family_variable, docker_repository_resource, queue_worker_log_group_resource, default_queue_name_variable, notifications_queue_name_variable, search_queue_name_variable): return template.add_resource( ecs.TaskDefinition( 'QueueWorkerTaskDefinition', Family=queue_worker_task_definition_family_variable, NetworkMode='bridge', RequiresCompatibilities=['EC2'], ContainerDefinitions=[ecs.ContainerDefinition( Name='api', Image=Join('.', [ Ref('AWS::AccountId'), 'dkr.ecr', Ref('AWS::Region'), Join('/', [ 'amazonaws.com', Ref(docker_repository_resource) ]) ]), MemoryReservation='256', Essential=True, LogConfiguration=ecs.LogConfiguration( LogDriver='awslogs', Options={ 'awslogs-group': Ref(queue_worker_log_group_resource), 'awslogs-region': Ref('AWS::Region'), 'awslogs-stream-prefix': 'ecs' } ), Command=[ 'php', 'artisan', 'queue:work', '--tries=1', '--queue=default,notifications,search' ], WorkingDirectory='/var/www/html', HealthCheck=ecs.HealthCheck( Command=[ 'CMD-SHELL', 'php -v || exit 1' ], Interval=30, Retries=3, Timeout=5 ) )] ) )
def create_task_definition(self): t = self.template self.task_definition = t.add_resource( ecs.TaskDefinition( "TaskDefinition", Cpu=str(self.cpu), Family=self.service_name, Memory=str(self.memory), TaskRoleArn=self.role.GetAtt("Arn"), ContainerDefinitions=[self.generate_container_definition()] ) ) self.add_output("TaskDefinitionArn", self.task_definition.Ref())
def create_task_definition(self, t): return t.add_resource(ecs.TaskDefinition( self.resource_name_format % ('TaskDefinition'), Family=Sub('${AWS::StackName}-app'), ContainerDefinitions=[ecs.ContainerDefinition( Name=self.container_name, Image=self.docker_image, Memory=self.memory, PortMappings=[ecs.PortMapping(ContainerPort=self.port)], Environment=[ ecs.Environment(Name=key, Value=value) for (key, value) in sorted(self.get_envs(t).items()) ] )] ))
def add_ecs(self, name, image, cpu, memory, container_port, alb_port, envvars, cidr, hosted_zone): """ Helper method creates ingress given a source cidr range and a set of ports @param name [string] Name of the service @param image [string] Docker image name @param memory [int] Sets the memory size of the service @param envvars [list] List of envvars @param cidr [string] Range of addresses for this vpc @param hosted_zone [string] Name of the hosted zone the elb will be mapped to """ print "Creating ECS" self.internal_security_group = self.add_sg_with_cidr_port_list( "ASGSG", "Security Group for ECS", 'vpcId', cidr, [{ "80": "80" }]) self.public_lb_security_group = self.add_sg_with_cidr_port_list( "ELBSG", "Security Group for accessing ECS publicly", 'vpcId', '0.0.0.0/0', [{ "443": "443" }]) container_def = ecs.ContainerDefinition( name + 'containerdef', Name=name, Image=image, Cpu=cpu, Memory=memory, PortMappings=[ecs.PortMapping(ContainerPort=container_port)]) task_def = self.add_resource( ecs.TaskDefinition(name + 'taskdef', Cpu=cpu, Memory=memory, RequiresCompatibilities=['FARGATE'], NetworkMode='awsvpc', ContainerDefinitions=[container_def])) self.add_resource( ecs.Service(name + 'service', Cluster=Ref(cluster), LaunchType='FARGATE', TaskDefinition=Ref(task_def), DesiredCount=1))
def create_task_definition(self): t = self.template self.task_definition = t.add_resource( ecs.TaskDefinition( "TaskDefinition", Cpu=str(self.cpu), ExecutionRoleArn=self.task_execution_role.GetAtt("Arn"), Family=self.service_name, Memory=str(self.memory), NetworkMode="awsvpc", TaskRoleArn=self.task_role_arn, ContainerDefinitions=[self.generate_container_definition()])) t.add_output( Output("TaskDefinitionArn", Value=self.task_definition.Ref()))
def test_allow_scheduling_strategy(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, TaskDefinition=Ref(task_definition), SchedulingStrategy=ecs.SCHEDULING_STRATEGY_DAEMON) ecs_service.to_dict()
def resources(self, stack: Stack) -> list[AWSObject]: """Construct and return Fargate TaskDefinition resources.""" kwargs = { key: val for key, val in { "ContainerDefinitions": self.container_definitions, "Cpu": self.cpu, "Memory": self.memory, "Family": self.family, "NetworkMode": "awsvpc", "RequiresCompatibilities": ["FARGATE"], "ExecutionRoleArn": Ref(name_to_id("ECSTaskExecutionRole")), "TaskRoleArn": self.task_role_arn, "Tags": Tags({ "Name": self.name, **self.tags }), "Volumes": self.volumes, }.items() if val is not None } return [ecs.TaskDefinition(name_to_id(self.name), **kwargs)]
def test_allow_string_cluster(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, TaskDefinition=Ref(task_definition), ) ecs_service.JSONrepr()
def test_docker_volume_configuration(self): docker_volume_configuration = ecs.DockerVolumeConfiguration( Autoprovision=True, Scope="task", Labels=dict(label="ok"), DriverOpts=dict(option="ok")) task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume( Name="my-vol", DockerVolumeConfiguration=docker_volume_configuration), ], ) task_definition.to_dict()
def create_ecs_task(self): t = self.template if not self.vars['TaskRoleArn']: self.vars['TaskRoleArn'] = NoValue task_definition = t.add_resource( ecs.TaskDefinition( 'TaskDefinition', RequiresCompatibilities=['FARGATE'], Family=self.vars['Family'], Cpu=str(self.vars['Cpu']), Memory=str(self.vars['Memory']), NetworkMode='awsvpc', ExecutionRoleArn=Join( '', ['arn:aws:iam::', AccountId, ':role/ecsTaskExecutionRole' ]), TaskRoleArn=self.vars['TaskRoleArn'], ContainerDefinitions=[ ecs.ContainerDefinition( **self.munge_container_attributes()) ], )) return task_definition
def build_template(self): t = self._init_template() task_role = ensure_param(t, self.task_role.output_role_arn()) exe_role = ensure_param(t, self.execution_role.output_role_arn()) task = t.add_resource( ecs.TaskDefinition('{}TaskDef'.format(self.stack_name), TaskRoleArn=Ref(task_role), Family=self.stack_name, ExecutionRoleArn=Ref(exe_role), RequiresCompatibilities=[self.mode], NetworkMode=self.network_mode, Cpu=self.cpu, Memory=self.memory, ContainerDefinitions=[])) for c in self.containers: task.ContainerDefinitions.append(c.build(t)) t.add_output([Output('TaskArn', Value=Ref(task))]) return t
def test_allow_ref_cluster(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) cluster = ecs.Cluster("mycluster") ecs_service = ecs.Service( 'Service', Cluster=Ref(cluster), DesiredCount=2, TaskDefinition=Ref(task_definition), ) ecs_service.to_dict()
def create_api_task_definition_resource(template, api_task_definition_family_variable, docker_repository_resource, api_log_group_resource): return template.add_resource( ecs.TaskDefinition( 'ApiTaskDefinition', Family=api_task_definition_family_variable, NetworkMode='bridge', RequiresCompatibilities=['EC2'], ContainerDefinitions=[ecs.ContainerDefinition( Name='api', Image=Join('.', [ Ref('AWS::AccountId'), 'dkr.ecr', Ref('AWS::Region'), Join('/', [ 'amazonaws.com', Ref(docker_repository_resource) ]) ]), MemoryReservation='256', PortMappings=[ecs.PortMapping( HostPort='0', ContainerPort='80', Protocol='tcp' )], Essential=True, LogConfiguration=ecs.LogConfiguration( LogDriver='awslogs', Options={ 'awslogs-group': Ref(api_log_group_resource), 'awslogs-region': Ref('AWS::Region'), 'awslogs-stream-prefix': 'ecs' } ) )] ) )
def test_exclusive(self): d = { "Cpu": 1, "Environment": [{ "Name": "REGISTRY_STORAGE", "Value": "s3" }, { "Name": "REGISTRY_STORAGE_S3_REGION", "Value": "eu-west-1" }], "Essential": True, "Image": "registry:2", "Memory": 500, "Name": "registry", "PortMappings": [{ "ContainerPort": 5000, "HostPort": 5000 }, { "ContainerPort": 5001, "HostPort": 5001 }] } t = Template() cd = ecs.ContainerDefinition.from_dict("mycontainer", d) td = ecs.TaskDefinition("taskdef", ContainerDefinitions=[cd], Volumes=[ecs.Volume(Name="myvol")], TaskRoleArn=Ref(iam.Role("myecsrole"))) t.add_resource(td) t.to_json()
TargetGroupArn=Ref(ALBTargetGroup) )] )) TaskDefinition = t.add_resource(ecs.TaskDefinition( "TaskDefinition", DependsOn=TaskExecutionPolicy, RequiresCompatibilities=["FARGATE"], Cpu="512", Memory="1GB", NetworkMode="awsvpc", ExecutionRoleArn=GetAtt(TaskExecutionRole, "Arn"), ContainerDefinitions=[ ecs.ContainerDefinition( Name="nginx-container", Image=Ref(NginxImage), Essential=True, PortMappings=[ecs.PortMapping(ContainerPort=80)], LogConfiguration=ecs.LogConfiguration( LogDriver="awslogs", Options={"awslogs-group": Ref(CWLogGroup), "awslogs-region": Ref("AWS::Region"), "awslogs-stream-prefix": "nginx-container"} ) ) ] )) Service = t.add_resource(ecs.Service( "Service", DependsOn=ALBListener,
def create_ecs_resources(self): t = self.template # Give the instances access that the Empire daemon needs. t.add_resource( PolicyType( "AccessPolicy", PolicyName="empire", PolicyDocument=empire_policy({ "Environment": Ref("Environment"), "CustomResourcesTopic": Ref("CustomResourcesTopic"), "CustomResourcesQueue": (GetAtt("CustomResourcesQueue", "Arn")), "TemplateBucket": (Join("", ["arn:aws:s3:::", Ref("TemplateBucket"), "/*"])) }), Roles=[Ref("InstanceRole")])) t.add_resource( sns.Topic( EVENTS_TOPIC, DisplayName="Empire events", Condition="CreateSNSTopic", )) t.add_output( Output("EventsSNSTopic", Value=Ref(EVENTS_TOPIC), Condition="CreateSNSTopic")) # Add SNS Events policy if Events are enabled t.add_resource( PolicyType("SNSEventsPolicy", PolicyName="EmpireSNSEventsPolicy", Condition="EnableSNSEvents", PolicyDocument=sns_events_policy( If("CreateSNSTopic", Ref(EVENTS_TOPIC), Ref("EventsSNSTopicName"))), Roles=[Ref("InstanceRole")])) # Add run logs policy if run logs are enabled t.add_resource( PolicyType("RunLogsPolicy", PolicyName="EmpireRunLogsPolicy", Condition="EnableCloudwatchLogs", PolicyDocument=runlogs_policy( If("CreateRunLogsGroup", Ref(RUN_LOGS), Ref("RunLogsCloudwatchGroup"))), Roles=[Ref("InstanceRole")])) # Allow the controller to write empire events to kinesis if kinesis is # enabled. t.add_resource( PolicyType("AppEventStreamPolicy", PolicyName="EmpireAppEventStreamPolicy", Condition="EnableAppEventStream", PolicyDocument=logstream_policy(), Roles=[Ref("InstanceRole")])) t.add_resource( ecs.TaskDefinition( "TaskDefinition", Volumes=[ ecs.Volume( Name="dockerSocket", Host=ecs.Host(SourcePath="/var/run/docker.sock")), ecs.Volume(Name="dockerCfg", Host=ecs.Host(SourcePath="/root/.dockercfg")) ], ContainerDefinitions=[ ecs.ContainerDefinition( Command=["server", "-automigrate=true"], Name="empire", Environment=self.get_empire_environment(), Essential=True, Image=Ref("DockerImage"), MountPoints=[ ecs.MountPoint( SourceVolume="dockerSocket", ContainerPath="/var/run/docker.sock", ReadOnly=False), ecs.MountPoint(SourceVolume="dockerCfg", ContainerPath="/root/.dockercfg", ReadOnly=False) ], PortMappings=[ ecs.PortMapping(HostPort=8081, ContainerPort=8081) ], Cpu=Ref("TaskCPU"), Memory=Ref("TaskMemory")) ])) t.add_resource( Role("ServiceRole", AssumeRolePolicyDocument=get_ecs_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="ecs-service-role", PolicyDocument=service_role_policy()) ])) t.add_resource( ecs.Service( "Service", Cluster=Ref("ControllerCluster"), DeploymentConfiguration=ecs.DeploymentConfiguration( MaximumPercent=Ref("ServiceMaximumPercent"), MinimumHealthyPercent=Ref("ServiceMinimumHealthyPercent"), ), DesiredCount=Ref("DesiredCount"), LoadBalancers=[ ecs.LoadBalancer(ContainerName="empire", ContainerPort=8081, LoadBalancerName=Ref("LoadBalancer")) ], Role=Ref("ServiceRole"), TaskDefinition=Ref("TaskDefinition")))
def GenerateSerializerLayer(): t = Template() t.add_description("""\ Serializer Layer """) serializername_param = t.add_parameter( Parameter( "SerializerName", Description="Serializer Name (default: SampleSerializer)", Type="String", Default="SampleSerializer", )) stackname_param = t.add_parameter( Parameter( "StackName", Description="Environment Name (default: hackathon)", Type="String", Default="hackathon", )) clusterid_param = t.add_parameter( Parameter( "ClusterId", Type="String", Description="ClusterId to run the serializer on", )) docker_id_param = t.add_parameter( Parameter("DockerId", Description="DockerId (default: centos:latest)", Type="String", Default="centos:latest")) execution_role_param = t.add_parameter( Parameter( "ExecutionRole", Description="Lambda Execution Role", Type="String", )) hashkeyname_param = t.add_parameter( Parameter( "HaskKeyElementName", Description="HashType PrimaryKey Name (default: id)", Type="String", AllowedPattern="[a-zA-Z0-9]*", MinLength="1", MaxLength="2048", ConstraintDescription="must contain only alphanumberic characters", Default="id")) dirtylist_param = t.add_parameter( Parameter("DirtyList", Description="DirtyList Table Name", Type="String")) runlog_param = t.add_parameter( Parameter("RunLog", Description="RunLog Table Name", Type="String")) canonical_prefix_param = t.add_parameter( Parameter("CanonicalPrefix", Description="Canonical Tables Prefix", Type="String", Default="CANON_")) serializer_table = t.add_resource( dynamodb.Table( "sampleSerializerTable", AttributeDefinitions=[ dynamodb.AttributeDefinition(Ref(hashkeyname_param), "S"), ], KeySchema=[dynamodb.Key(Ref(hashkeyname_param), "HASH")], ProvisionedThroughput=dynamodb.ProvisionedThroughput(1, 1))) task_definition = t.add_resource( ecs.TaskDefinition( 'TaskDefinition', ContainerDefinitions=[ ecs.ContainerDefinition( Name=Join('', [Ref(stackname_param), "Task"]), Image=Ref(docker_id_param), Environment=[ ecs.Environment(Name="LAYER", Value=Ref(stackname_param)), ecs.Environment(Name="SERIALIZER", Value=Ref(serializername_param)), ecs.Environment(Name="SERIALIZER_TABLE", Value=Ref(serializer_table)), ecs.Environment(Name="CANONICAL_PREFIX", Value=Ref(canonical_prefix_param)), ecs.Environment(Name="DIRTYLIST", Value=Ref(dirtylist_param)), ecs.Environment(Name="RUNLOG", Value=Ref(runlog_param)) ], Memory=512, ) ], Volumes=[], )) t.add_output([ Output( "taskdefinitionid", Description="Task Definition Id", Value=Ref(task_definition), ) ]) return t
jicketjiraproject = "SETME" jicketthreadtemplate = "/etc/jicket/threadtemplate.html" t = Template("Jicket ECS Deployment") # ECS Cluster # ============= cluster = ecs.Cluster("JicketCluster") cluster.ClusterName = "Jicket" t.add_resource(cluster) # ECS Task Definition # ===================== taskdef = ecs.TaskDefinition("JicketTask") contdef = ecs.ContainerDefinition() contdef.Cpu = 0 contdef.Environment = [ ecs.Environment(Name="JICKET_IMAP_HOST", Value=jicketimaphost), ecs.Environment(Name="JICKET_JIRA_USER", Value=jicketjirauser), ecs.Environment(Name="JICKET_TICKET_ADDRESS", Value=jicketticketaddress), ecs.Environment(Name="JICKET_SMTP_HOST", Value=jicketsmtphost), ecs.Environment(Name="JICKET_JIRA_PASS", Value=jicketjirapass), ecs.Environment(Name="JICKET_JIRA_PROJECT", Value=jicketjiraproject), ecs.Environment(Name="JICKET_JIRA_URL", Value=jicketjiraurl), ecs.Environment(Name="JICKET_THREAD_TEMPLATE", Value=jicketthreadtemplate), ecs.Environment(Name="JICKET_IMAP_PASS", Value=jicketimappass), ecs.Environment(Name="JICKET_IMAP_USER", Value=jicketimapuser), ]
def main(): template = Template() template.add_resource( ecs.Cluster("ECSCluster", ClusterName="WorldCheckCluster")) template.add_resource( iam.Role("ECSTaskRole", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ecs-tasks.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] })) template.add_resource( iam.Role( "ECSServiceSchedulerRole", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ecs.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] }, Policies=[ iam.Policy(PolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Resource": "*" }] }, PolicyName="ecs-service") ])) template.add_resource( iam.Role("EC2InstanceRole", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] }, Policies=[ iam.Policy(PolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", "ecs:Poll", "ecs:RegisterContainerInstance", "ecs:StartTelemetrySession", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecs:Submit*", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:DescribeTags", "cloudwatch:PutMetricData" ], "Resource": "*" }] }, PolicyName="ecs-service") ])) template.add_resource( iam.InstanceProfile("EC2InstanceProfile", Roles=[Ref("EC2InstanceRole")])) with open("user-data.sh", "r") as f: user_data_content = f.readlines() template.add_resource( ec2.Instance( "EC2Instance", ImageId="ami-13f7226a", InstanceType="t2.micro", SecurityGroups=["default"], UserData=Base64(Join('', [Sub(x) for x in user_data_content])), IamInstanceProfile=Ref("EC2InstanceProfile"), )) template.add_resource( ecs.TaskDefinition( "ECSTaskDefinition", TaskRoleArn=Ref("ECSTaskRole"), ContainerDefinitions=[ ecs.ContainerDefinition( Name="SimpleServer", Memory="128", Image="abbas123456/simple-server:latest", PortMappings=[ecs.PortMapping(ContainerPort=8000)], ) ])) template.add_resource( elb.TargetGroup( "ECSTargetGroup", VpcId="vpc-925497f6", Port=8000, Protocol="HTTP", )) template.add_resource( elb.LoadBalancer( "LoadBalancer", Subnets=["subnet-a321c8fb", "subnet-68fa271e", "subnet-689d350c"], SecurityGroups=["sg-0202bd65"])) template.add_resource( elb.Listener( "LoadBalancerListener", DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref("ECSTargetGroup")) ], LoadBalancerArn=Ref("LoadBalancer"), Port=80, Protocol="HTTP", )) template.add_resource( ecs.Service("ECSService", Cluster=Ref("ECSCluster"), DesiredCount=1, LoadBalancers=[ ecs.LoadBalancer(ContainerPort=8000, ContainerName="SimpleServer", TargetGroupArn=Ref("ECSTargetGroup")) ], Role=Ref("ECSServiceSchedulerRole"), TaskDefinition=Ref("ECSTaskDefinition"), DependsOn="LoadBalancerListener")) return template.to_json()
ecs.TaskDefinition( 'ApiTaskDefinition', Family=Ref(api_task_definition_name), NetworkMode='bridge', RequiresCompatibilities=['EC2'], ContainerDefinitions=[ecs.ContainerDefinition( Name='api', Image=Join('.', [ Ref('AWS::AccountId'), 'dkr.ecr', Ref('AWS::Region'), Join('/', [ 'amazonaws.com', Ref(docker_repository) ]) ]), MemoryReservation='256', PortMappings=[ecs.PortMapping( HostPort='0', ContainerPort='80', Protocol='tcp' )], Essential=True, LogConfiguration=ecs.LogConfiguration( LogDriver='awslogs', Options={ 'awslogs-group': Ref(api_log_group), 'awslogs-region': Ref('AWS::Region'), 'awslogs-stream-prefix': 'ecs' } ) )] )