def add_container(self, **kwargs):
container = {}
container['Name'] = kwargs['Name']
container['Image'] = kwargs['Image']
container['Memory'] = kwargs['Memory']
container['Priviledge'] = kwargs['Privileged'] or False
port_mapping = kwargs['PortMappings'] or None
mountpoint_count_dict = kwargs['MountPoints'] or None
environment_vars = kwargs['Environment'] or None
volume_count_dict = kwargs['Volumes'] or None
ecs_container_def = self.add_container_def(container)
if environment_vars:
ecs_container_def.properties['Environment'] = environment_vars
if port_mapping:
ecs_container_def.properties['PortMappings'] = port_mapping
if mountpoint_count_dict:
ecs_container_def.properties['MountPoints'] = [
mountpoint_count_dict[0]
]
ecs_task = ecs.TaskDefinition(container['Name'] + 'Task',
ContainerDefinitions=[ecs_container_def])
if volume_count_dict:
ecs_task.properties['Volumes'] = [volume_count_dict[0]]
return (self.add_resource(ecs_task))
def gen_task_definition(self):
log_configuration = ecs.LogConfiguration(
LogDriver="awslogs",
Options={
"awslogs-group": self.log_group_name,
"awslogs-region": Ref("AWS::Region"),
"awslogs-stream-prefix": self.service_name,
},
)
container_definition = ecs.ContainerDefinition(
Name=self.service_name,
Image=self.get_service_image(),
PortMappings=[ecs.PortMapping(ContainerPort=80, Protocol="tcp")],
LogConfiguration=log_configuration,
Essential=True,
)
self.task_definition = ecs.TaskDefinition(
"TasDefinition",
Family="conducto-demo-family",
ExecutionRoleArn=Ref(self.execution_role),
TaskRoleArn=Ref(self.task_role),
NetworkMode="awsvpc",
RequiresCompatibilities=["FARGATE"],
Cpu=f"0.25 vCPU",
Memory="0.5 GB",
ContainerDefinitions=[container_definition],
)
self.template.add_resource(self.task_definition)
def test_fargate_launch_type(self):
task_definition = ecs.TaskDefinition(
"mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
Volumes=[
ecs.Volume(Name="my-vol"),
],
)
ecs_service = ecs.Service(
'Service',
Cluster='cluster',
DesiredCount=2,
PlacementStrategies=[ecs.PlacementStrategy(Type="random", )],
LaunchType='FARGATE',
NetworkConfiguration=ecs.NetworkConfiguration(
AwsVpcConfiguration=ecs.AwsVpcConfiguration(
AssignPublicIp='DISABLED',
SecurityGroups=['sg-1234'],
Subnets=['subnet-1234'])),
PlacementConstraints=[
ecs.PlacementConstraint(Type="distinctInstance", )
],
TaskDefinition=Ref(task_definition),
)
ecs_service.to_dict()
def test_allow_placement_strategy_constraint(self):
task_definition = ecs.TaskDefinition(
"mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
Volumes=[
ecs.Volume(Name="my-vol"),
],
)
ecs_service = ecs.Service(
'Service',
Cluster='cluster',
DesiredCount=2,
PlacementStrategies=[
ecs.PlacementStrategy(
Type="random",
)
],
PlacementConstraints=[
ecs.PlacementConstraint(
Type="distinctInstance",
)
],
TaskDefinition=Ref(task_definition),
)
ecs_service.to_dict()
def create_task_definition(self):
t = self.template
self.task_definition = t.add_resource(
ecs.TaskDefinition("TaskDefinition",
**self.generate_task_definition_kwargs()))
self.add_output("TaskDefinitionArn", self.task_definition.Ref())
def test_valid_data(self):
t = Template()
cd = ecs.ContainerDefinition.from_dict("mycontainer", self.d)
self.assertEquals(cd.Links[0], "containerA")
td = ecs.TaskDefinition("taskdef",
ContainerDefinitions=[cd],
Volumes=[ecs.Volume(Name="myvol")],
TaskRoleArn=Ref(iam.Role("myecsrole")))
t.add_resource(td)
t.to_json()
def ECS_TaskDefinition(key):
for n, v in getattr(cfg, key).items():
if not v.get("IBOX_ENABLED", True):
continue
mapname = f"{key}{n}"
# Resources
R_TaskDefinition = ecs.TaskDefinition(mapname)
auto_get_props(R_TaskDefinition)
R_TaskDefinition.ContainerDefinitions = ECS_ContainerDefinition()
add_obj([R_TaskDefinition])
def test_allow_string_task_role_arn(self):
task_definition = ecs.TaskDefinition("mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
TaskRoleArn="myiamrole")
task_definition.JSONrepr()
def test_allow_ref_task_role_arn(self):
task_definition = ecs.TaskDefinition("mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
TaskRoleArn=Ref(
iam.Role("myRole")))
task_definition.to_dict()
def test_task_role_arn_is_optional(self):
task_definition = ecs.TaskDefinition(
"mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
)
task_definition.JSONrepr()
def create_queue_worker_task_definition_resource(template, queue_worker_task_definition_family_variable,
docker_repository_resource, queue_worker_log_group_resource,
default_queue_name_variable, notifications_queue_name_variable,
search_queue_name_variable):
return template.add_resource(
ecs.TaskDefinition(
'QueueWorkerTaskDefinition',
Family=queue_worker_task_definition_family_variable,
NetworkMode='bridge',
RequiresCompatibilities=['EC2'],
ContainerDefinitions=[ecs.ContainerDefinition(
Name='api',
Image=Join('.', [
Ref('AWS::AccountId'),
'dkr.ecr',
Ref('AWS::Region'),
Join('/', [
'amazonaws.com',
Ref(docker_repository_resource)
])
]),
MemoryReservation='256',
Essential=True,
LogConfiguration=ecs.LogConfiguration(
LogDriver='awslogs',
Options={
'awslogs-group': Ref(queue_worker_log_group_resource),
'awslogs-region': Ref('AWS::Region'),
'awslogs-stream-prefix': 'ecs'
}
),
Command=[
'php',
'artisan',
'queue:work',
'--tries=1',
'--queue=default,notifications,search'
],
WorkingDirectory='/var/www/html',
HealthCheck=ecs.HealthCheck(
Command=[
'CMD-SHELL',
'php -v || exit 1'
],
Interval=30,
Retries=3,
Timeout=5
)
)]
)
)
def create_task_definition(self):
t = self.template
self.task_definition = t.add_resource(
ecs.TaskDefinition(
"TaskDefinition",
Cpu=str(self.cpu),
Family=self.service_name,
Memory=str(self.memory),
TaskRoleArn=self.role.GetAtt("Arn"),
ContainerDefinitions=[self.generate_container_definition()]
)
)
self.add_output("TaskDefinitionArn", self.task_definition.Ref())
def create_task_definition(self, t):
return t.add_resource(ecs.TaskDefinition(
self.resource_name_format % ('TaskDefinition'),
Family=Sub('${AWS::StackName}-app'),
ContainerDefinitions=[ecs.ContainerDefinition(
Name=self.container_name,
Image=self.docker_image,
Memory=self.memory,
PortMappings=[ecs.PortMapping(ContainerPort=self.port)],
Environment=[
ecs.Environment(Name=key, Value=value)
for (key, value) in sorted(self.get_envs(t).items())
]
)]
))
def add_ecs(self, name, image, cpu, memory, container_port, alb_port,
envvars, cidr, hosted_zone):
"""
Helper method creates ingress given a source cidr range and a set of
ports
@param name [string] Name of the service
@param image [string] Docker image name
@param memory [int] Sets the memory size of the service
@param envvars [list] List of envvars
@param cidr [string] Range of addresses for this vpc
@param hosted_zone [string] Name of the hosted zone the elb will be
mapped to
"""
print "Creating ECS"
self.internal_security_group = self.add_sg_with_cidr_port_list(
"ASGSG", "Security Group for ECS", 'vpcId', cidr, [{
"80": "80"
}])
self.public_lb_security_group = self.add_sg_with_cidr_port_list(
"ELBSG", "Security Group for accessing ECS publicly", 'vpcId',
'0.0.0.0/0', [{
"443": "443"
}])
container_def = ecs.ContainerDefinition(
name + 'containerdef',
Name=name,
Image=image,
Cpu=cpu,
Memory=memory,
PortMappings=[ecs.PortMapping(ContainerPort=container_port)])
task_def = self.add_resource(
ecs.TaskDefinition(name + 'taskdef',
Cpu=cpu,
Memory=memory,
RequiresCompatibilities=['FARGATE'],
NetworkMode='awsvpc',
ContainerDefinitions=[container_def]))
self.add_resource(
ecs.Service(name + 'service',
Cluster=Ref(cluster),
LaunchType='FARGATE',
TaskDefinition=Ref(task_def),
DesiredCount=1))
def create_task_definition(self):
t = self.template
self.task_definition = t.add_resource(
ecs.TaskDefinition(
"TaskDefinition",
Cpu=str(self.cpu),
ExecutionRoleArn=self.task_execution_role.GetAtt("Arn"),
Family=self.service_name,
Memory=str(self.memory),
NetworkMode="awsvpc",
TaskRoleArn=self.task_role_arn,
ContainerDefinitions=[self.generate_container_definition()]))
t.add_output(
Output("TaskDefinitionArn", Value=self.task_definition.Ref()))
def test_allow_scheduling_strategy(self):
task_definition = ecs.TaskDefinition(
"mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
Volumes=[
ecs.Volume(Name="my-vol"),
],
)
ecs_service = ecs.Service(
'Service',
Cluster='cluster',
DesiredCount=2,
TaskDefinition=Ref(task_definition),
SchedulingStrategy=ecs.SCHEDULING_STRATEGY_DAEMON)
ecs_service.to_dict()
def resources(self, stack: Stack) -> list[AWSObject]:
"""Construct and return Fargate TaskDefinition resources."""
kwargs = {
key: val
for key, val in {
"ContainerDefinitions": self.container_definitions,
"Cpu": self.cpu,
"Memory": self.memory,
"Family": self.family,
"NetworkMode": "awsvpc",
"RequiresCompatibilities": ["FARGATE"],
"ExecutionRoleArn": Ref(name_to_id("ECSTaskExecutionRole")),
"TaskRoleArn": self.task_role_arn,
"Tags": Tags({
"Name": self.name,
**self.tags
}),
"Volumes": self.volumes,
}.items() if val is not None
}
return [ecs.TaskDefinition(name_to_id(self.name), **kwargs)]
def test_allow_string_cluster(self):
task_definition = ecs.TaskDefinition(
"mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
Volumes=[
ecs.Volume(Name="my-vol"),
],
)
ecs_service = ecs.Service(
'Service',
Cluster='cluster',
DesiredCount=2,
TaskDefinition=Ref(task_definition),
)
ecs_service.JSONrepr()
def test_docker_volume_configuration(self):
docker_volume_configuration = ecs.DockerVolumeConfiguration(
Autoprovision=True,
Scope="task",
Labels=dict(label="ok"),
DriverOpts=dict(option="ok"))
task_definition = ecs.TaskDefinition(
"mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
Volumes=[
ecs.Volume(
Name="my-vol",
DockerVolumeConfiguration=docker_volume_configuration),
],
)
task_definition.to_dict()
def create_ecs_task(self):
t = self.template
if not self.vars['TaskRoleArn']:
self.vars['TaskRoleArn'] = NoValue
task_definition = t.add_resource(
ecs.TaskDefinition(
'TaskDefinition',
RequiresCompatibilities=['FARGATE'],
Family=self.vars['Family'],
Cpu=str(self.vars['Cpu']),
Memory=str(self.vars['Memory']),
NetworkMode='awsvpc',
ExecutionRoleArn=Join(
'',
['arn:aws:iam::', AccountId, ':role/ecsTaskExecutionRole'
]),
TaskRoleArn=self.vars['TaskRoleArn'],
ContainerDefinitions=[
ecs.ContainerDefinition(
**self.munge_container_attributes())
],
))
return task_definition
def build_template(self):
t = self._init_template()
task_role = ensure_param(t, self.task_role.output_role_arn())
exe_role = ensure_param(t, self.execution_role.output_role_arn())
task = t.add_resource(
ecs.TaskDefinition('{}TaskDef'.format(self.stack_name),
TaskRoleArn=Ref(task_role),
Family=self.stack_name,
ExecutionRoleArn=Ref(exe_role),
RequiresCompatibilities=[self.mode],
NetworkMode=self.network_mode,
Cpu=self.cpu,
Memory=self.memory,
ContainerDefinitions=[]))
for c in self.containers:
task.ContainerDefinitions.append(c.build(t))
t.add_output([Output('TaskArn', Value=Ref(task))])
return t
def test_allow_ref_cluster(self):
task_definition = ecs.TaskDefinition(
"mytaskdef",
ContainerDefinitions=[
ecs.ContainerDefinition(
Image="myimage",
Memory="300",
Name="mycontainer",
)
],
Volumes=[
ecs.Volume(Name="my-vol"),
],
)
cluster = ecs.Cluster("mycluster")
ecs_service = ecs.Service(
'Service',
Cluster=Ref(cluster),
DesiredCount=2,
TaskDefinition=Ref(task_definition),
)
ecs_service.to_dict()
def create_api_task_definition_resource(template, api_task_definition_family_variable, docker_repository_resource,
api_log_group_resource):
return template.add_resource(
ecs.TaskDefinition(
'ApiTaskDefinition',
Family=api_task_definition_family_variable,
NetworkMode='bridge',
RequiresCompatibilities=['EC2'],
ContainerDefinitions=[ecs.ContainerDefinition(
Name='api',
Image=Join('.', [
Ref('AWS::AccountId'),
'dkr.ecr',
Ref('AWS::Region'),
Join('/', [
'amazonaws.com',
Ref(docker_repository_resource)
])
]),
MemoryReservation='256',
PortMappings=[ecs.PortMapping(
HostPort='0',
ContainerPort='80',
Protocol='tcp'
)],
Essential=True,
LogConfiguration=ecs.LogConfiguration(
LogDriver='awslogs',
Options={
'awslogs-group': Ref(api_log_group_resource),
'awslogs-region': Ref('AWS::Region'),
'awslogs-stream-prefix': 'ecs'
}
)
)]
)
)
def test_exclusive(self):
d = {
"Cpu":
1,
"Environment": [{
"Name": "REGISTRY_STORAGE",
"Value": "s3"
}, {
"Name": "REGISTRY_STORAGE_S3_REGION",
"Value": "eu-west-1"
}],
"Essential":
True,
"Image":
"registry:2",
"Memory":
500,
"Name":
"registry",
"PortMappings": [{
"ContainerPort": 5000,
"HostPort": 5000
}, {
"ContainerPort": 5001,
"HostPort": 5001
}]
}
t = Template()
cd = ecs.ContainerDefinition.from_dict("mycontainer", d)
td = ecs.TaskDefinition("taskdef",
ContainerDefinitions=[cd],
Volumes=[ecs.Volume(Name="myvol")],
TaskRoleArn=Ref(iam.Role("myecsrole")))
t.add_resource(td)
t.to_json()
TargetGroupArn=Ref(ALBTargetGroup)
)]
))
TaskDefinition = t.add_resource(ecs.TaskDefinition(
"TaskDefinition",
DependsOn=TaskExecutionPolicy,
RequiresCompatibilities=["FARGATE"],
Cpu="512",
Memory="1GB",
NetworkMode="awsvpc",
ExecutionRoleArn=GetAtt(TaskExecutionRole, "Arn"),
ContainerDefinitions=[
ecs.ContainerDefinition(
Name="nginx-container",
Image=Ref(NginxImage),
Essential=True,
PortMappings=[ecs.PortMapping(ContainerPort=80)],
LogConfiguration=ecs.LogConfiguration(
LogDriver="awslogs",
Options={"awslogs-group": Ref(CWLogGroup),
"awslogs-region": Ref("AWS::Region"),
"awslogs-stream-prefix": "nginx-container"}
)
)
]
))
Service = t.add_resource(ecs.Service(
"Service",
DependsOn=ALBListener,
def create_ecs_resources(self):
t = self.template
# Give the instances access that the Empire daemon needs.
t.add_resource(
PolicyType(
"AccessPolicy",
PolicyName="empire",
PolicyDocument=empire_policy({
"Environment":
Ref("Environment"),
"CustomResourcesTopic":
Ref("CustomResourcesTopic"),
"CustomResourcesQueue": (GetAtt("CustomResourcesQueue",
"Arn")),
"TemplateBucket":
(Join("", ["arn:aws:s3:::",
Ref("TemplateBucket"), "/*"]))
}),
Roles=[Ref("InstanceRole")]))
t.add_resource(
sns.Topic(
EVENTS_TOPIC,
DisplayName="Empire events",
Condition="CreateSNSTopic",
))
t.add_output(
Output("EventsSNSTopic",
Value=Ref(EVENTS_TOPIC),
Condition="CreateSNSTopic"))
# Add SNS Events policy if Events are enabled
t.add_resource(
PolicyType("SNSEventsPolicy",
PolicyName="EmpireSNSEventsPolicy",
Condition="EnableSNSEvents",
PolicyDocument=sns_events_policy(
If("CreateSNSTopic", Ref(EVENTS_TOPIC),
Ref("EventsSNSTopicName"))),
Roles=[Ref("InstanceRole")]))
# Add run logs policy if run logs are enabled
t.add_resource(
PolicyType("RunLogsPolicy",
PolicyName="EmpireRunLogsPolicy",
Condition="EnableCloudwatchLogs",
PolicyDocument=runlogs_policy(
If("CreateRunLogsGroup", Ref(RUN_LOGS),
Ref("RunLogsCloudwatchGroup"))),
Roles=[Ref("InstanceRole")]))
# Allow the controller to write empire events to kinesis if kinesis is
# enabled.
t.add_resource(
PolicyType("AppEventStreamPolicy",
PolicyName="EmpireAppEventStreamPolicy",
Condition="EnableAppEventStream",
PolicyDocument=logstream_policy(),
Roles=[Ref("InstanceRole")]))
t.add_resource(
ecs.TaskDefinition(
"TaskDefinition",
Volumes=[
ecs.Volume(
Name="dockerSocket",
Host=ecs.Host(SourcePath="/var/run/docker.sock")),
ecs.Volume(Name="dockerCfg",
Host=ecs.Host(SourcePath="/root/.dockercfg"))
],
ContainerDefinitions=[
ecs.ContainerDefinition(
Command=["server", "-automigrate=true"],
Name="empire",
Environment=self.get_empire_environment(),
Essential=True,
Image=Ref("DockerImage"),
MountPoints=[
ecs.MountPoint(
SourceVolume="dockerSocket",
ContainerPath="/var/run/docker.sock",
ReadOnly=False),
ecs.MountPoint(SourceVolume="dockerCfg",
ContainerPath="/root/.dockercfg",
ReadOnly=False)
],
PortMappings=[
ecs.PortMapping(HostPort=8081, ContainerPort=8081)
],
Cpu=Ref("TaskCPU"),
Memory=Ref("TaskMemory"))
]))
t.add_resource(
Role("ServiceRole",
AssumeRolePolicyDocument=get_ecs_assumerole_policy(),
Path="/",
Policies=[
Policy(PolicyName="ecs-service-role",
PolicyDocument=service_role_policy())
]))
t.add_resource(
ecs.Service(
"Service",
Cluster=Ref("ControllerCluster"),
DeploymentConfiguration=ecs.DeploymentConfiguration(
MaximumPercent=Ref("ServiceMaximumPercent"),
MinimumHealthyPercent=Ref("ServiceMinimumHealthyPercent"),
),
DesiredCount=Ref("DesiredCount"),
LoadBalancers=[
ecs.LoadBalancer(ContainerName="empire",
ContainerPort=8081,
LoadBalancerName=Ref("LoadBalancer"))
],
Role=Ref("ServiceRole"),
TaskDefinition=Ref("TaskDefinition")))
def GenerateSerializerLayer():
t = Template()
t.add_description("""\
Serializer Layer
""")
serializername_param = t.add_parameter(
Parameter(
"SerializerName",
Description="Serializer Name (default: SampleSerializer)",
Type="String",
Default="SampleSerializer",
))
stackname_param = t.add_parameter(
Parameter(
"StackName",
Description="Environment Name (default: hackathon)",
Type="String",
Default="hackathon",
))
clusterid_param = t.add_parameter(
Parameter(
"ClusterId",
Type="String",
Description="ClusterId to run the serializer on",
))
docker_id_param = t.add_parameter(
Parameter("DockerId",
Description="DockerId (default: centos:latest)",
Type="String",
Default="centos:latest"))
execution_role_param = t.add_parameter(
Parameter(
"ExecutionRole",
Description="Lambda Execution Role",
Type="String",
))
hashkeyname_param = t.add_parameter(
Parameter(
"HaskKeyElementName",
Description="HashType PrimaryKey Name (default: id)",
Type="String",
AllowedPattern="[a-zA-Z0-9]*",
MinLength="1",
MaxLength="2048",
ConstraintDescription="must contain only alphanumberic characters",
Default="id"))
dirtylist_param = t.add_parameter(
Parameter("DirtyList",
Description="DirtyList Table Name",
Type="String"))
runlog_param = t.add_parameter(
Parameter("RunLog", Description="RunLog Table Name", Type="String"))
canonical_prefix_param = t.add_parameter(
Parameter("CanonicalPrefix",
Description="Canonical Tables Prefix",
Type="String",
Default="CANON_"))
serializer_table = t.add_resource(
dynamodb.Table(
"sampleSerializerTable",
AttributeDefinitions=[
dynamodb.AttributeDefinition(Ref(hashkeyname_param), "S"),
],
KeySchema=[dynamodb.Key(Ref(hashkeyname_param), "HASH")],
ProvisionedThroughput=dynamodb.ProvisionedThroughput(1, 1)))
task_definition = t.add_resource(
ecs.TaskDefinition(
'TaskDefinition',
ContainerDefinitions=[
ecs.ContainerDefinition(
Name=Join('', [Ref(stackname_param), "Task"]),
Image=Ref(docker_id_param),
Environment=[
ecs.Environment(Name="LAYER",
Value=Ref(stackname_param)),
ecs.Environment(Name="SERIALIZER",
Value=Ref(serializername_param)),
ecs.Environment(Name="SERIALIZER_TABLE",
Value=Ref(serializer_table)),
ecs.Environment(Name="CANONICAL_PREFIX",
Value=Ref(canonical_prefix_param)),
ecs.Environment(Name="DIRTYLIST",
Value=Ref(dirtylist_param)),
ecs.Environment(Name="RUNLOG", Value=Ref(runlog_param))
],
Memory=512,
)
],
Volumes=[],
))
t.add_output([
Output(
"taskdefinitionid",
Description="Task Definition Id",
Value=Ref(task_definition),
)
])
return t
jicketjiraproject = "SETME"
jicketthreadtemplate = "/etc/jicket/threadtemplate.html"
t = Template("Jicket ECS Deployment")
# ECS Cluster
# =============
cluster = ecs.Cluster("JicketCluster")
cluster.ClusterName = "Jicket"
t.add_resource(cluster)
# ECS Task Definition
# =====================
taskdef = ecs.TaskDefinition("JicketTask")
contdef = ecs.ContainerDefinition()
contdef.Cpu = 0
contdef.Environment = [
ecs.Environment(Name="JICKET_IMAP_HOST", Value=jicketimaphost),
ecs.Environment(Name="JICKET_JIRA_USER", Value=jicketjirauser),
ecs.Environment(Name="JICKET_TICKET_ADDRESS", Value=jicketticketaddress),
ecs.Environment(Name="JICKET_SMTP_HOST", Value=jicketsmtphost),
ecs.Environment(Name="JICKET_JIRA_PASS", Value=jicketjirapass),
ecs.Environment(Name="JICKET_JIRA_PROJECT", Value=jicketjiraproject),
ecs.Environment(Name="JICKET_JIRA_URL", Value=jicketjiraurl),
ecs.Environment(Name="JICKET_THREAD_TEMPLATE", Value=jicketthreadtemplate),
ecs.Environment(Name="JICKET_IMAP_PASS", Value=jicketimappass),
ecs.Environment(Name="JICKET_IMAP_USER", Value=jicketimapuser),
]
def main():
template = Template()
template.add_resource(
ecs.Cluster("ECSCluster", ClusterName="WorldCheckCluster"))
template.add_resource(
iam.Role("ECSTaskRole",
AssumeRolePolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ecs-tasks.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]
}))
template.add_resource(
iam.Role(
"ECSServiceSchedulerRole",
AssumeRolePolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ecs.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]
},
Policies=[
iam.Policy(PolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect":
"Allow",
"Action": [
"ec2:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets"
],
"Resource":
"*"
}]
},
PolicyName="ecs-service")
]))
template.add_resource(
iam.Role("EC2InstanceRole",
AssumeRolePolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ec2.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]
},
Policies=[
iam.Policy(PolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Effect":
"Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint", "ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecr:GetAuthorizationToken",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer", "ecs:Submit*",
"logs:CreateLogStream", "logs:PutLogEvents",
"ec2:DescribeTags", "cloudwatch:PutMetricData"
],
"Resource":
"*"
}]
},
PolicyName="ecs-service")
]))
template.add_resource(
iam.InstanceProfile("EC2InstanceProfile",
Roles=[Ref("EC2InstanceRole")]))
with open("user-data.sh", "r") as f:
user_data_content = f.readlines()
template.add_resource(
ec2.Instance(
"EC2Instance",
ImageId="ami-13f7226a",
InstanceType="t2.micro",
SecurityGroups=["default"],
UserData=Base64(Join('', [Sub(x) for x in user_data_content])),
IamInstanceProfile=Ref("EC2InstanceProfile"),
))
template.add_resource(
ecs.TaskDefinition(
"ECSTaskDefinition",
TaskRoleArn=Ref("ECSTaskRole"),
ContainerDefinitions=[
ecs.ContainerDefinition(
Name="SimpleServer",
Memory="128",
Image="abbas123456/simple-server:latest",
PortMappings=[ecs.PortMapping(ContainerPort=8000)],
)
]))
template.add_resource(
elb.TargetGroup(
"ECSTargetGroup",
VpcId="vpc-925497f6",
Port=8000,
Protocol="HTTP",
))
template.add_resource(
elb.LoadBalancer(
"LoadBalancer",
Subnets=["subnet-a321c8fb", "subnet-68fa271e", "subnet-689d350c"],
SecurityGroups=["sg-0202bd65"]))
template.add_resource(
elb.Listener(
"LoadBalancerListener",
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref("ECSTargetGroup"))
],
LoadBalancerArn=Ref("LoadBalancer"),
Port=80,
Protocol="HTTP",
))
template.add_resource(
ecs.Service("ECSService",
Cluster=Ref("ECSCluster"),
DesiredCount=1,
LoadBalancers=[
ecs.LoadBalancer(ContainerPort=8000,
ContainerName="SimpleServer",
TargetGroupArn=Ref("ECSTargetGroup"))
],
Role=Ref("ECSServiceSchedulerRole"),
TaskDefinition=Ref("ECSTaskDefinition"),
DependsOn="LoadBalancerListener"))
return template.to_json()
ecs.TaskDefinition(
'ApiTaskDefinition',
Family=Ref(api_task_definition_name),
NetworkMode='bridge',
RequiresCompatibilities=['EC2'],
ContainerDefinitions=[ecs.ContainerDefinition(
Name='api',
Image=Join('.', [
Ref('AWS::AccountId'),
'dkr.ecr',
Ref('AWS::Region'),
Join('/', [
'amazonaws.com',
Ref(docker_repository)
])
]),
MemoryReservation='256',
PortMappings=[ecs.PortMapping(
HostPort='0',
ContainerPort='80',
Protocol='tcp'
)],
Essential=True,
LogConfiguration=ecs.LogConfiguration(
LogDriver='awslogs',
Options={
'awslogs-group': Ref(api_log_group),
'awslogs-region': Ref('AWS::Region'),
'awslogs-stream-prefix': 'ecs'
}
)
)]
)
