def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, *kwargs) # Create a cluster vpc = ec2.Vpc(self, "MicFinVpc", max_azs=2) cluster = ecs.Cluster(self, 'EcsCluster', vpc=vpc) cluster.add_capacity( "DefaultAutoScalingGroup", instance_type=ec2.InstanceType("t2.micro"), machine_image=ecs.EcsOptimizedAmi(), update_type=autoscaling.UpdateType.REPLACING_UPDATE, desired_capacity=1) # Create Task Definition task_definition = ecs.Ec2TaskDefinition(self, "TaskDef") container = task_definition.add_container( "web", image=ecs.ContainerImage.from_registry( "210525354699.dkr.ecr.ap-southeast-1.amazonaws.com/micfin-repo" ), memory_limit_mib=512, logging=ecs.LogDrivers.awslogs({streamPrefix: 'EventDemo'})) port_mapping = ecs.PortMapping(container_port=80, host_port=8080, protocol=ecs.Protocol.TCP) container.add_port_mappings(port_mapping) # Create Service service = ecs.Ec2Service(self, "Service", cluster=cluster, task_definition=task_definition)
def create_ghost_ecs_service(self, cluster, website_url): # TODO: Set up persistent storage with EFS once CDK supports this # https://github.com/aws/aws-cdk/issues/6918 task_definition = ecs.Ec2TaskDefinition( self, 'GhostTaskDef', ) environment_variables = {'url': website_url} if website_url else None container = task_definition.add_container( 'GhostContainer', # Change this container version to update Ghost version image=ecs.ContainerImage.from_registry('ghost:3.16'), memory_limit_mib=256, environment=environment_variables, ) port_mapping = ecs.PortMapping( container_port=2368, # the Ghost container uses port 2368 host_port=80, protocol=ecs.Protocol.TCP, ) container.add_port_mappings(port_mapping) return ecs.Ec2Service( self, 'GhostService', cluster=cluster, task_definition=task_definition, )
def __init__(self, scope: core.Construct, id: str, ecs: aws_ecs.Cluster, registry: aws_ecr.Repository, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.task_definition = aws_ecs.Ec2TaskDefinition(self, "TaskDef") self.task_definition.add_container( "hello-docker", image=aws_ecs.ContainerImage.from_ecr_repository(registry), memory_limit_mib=128) self.tweet_ingest_service = aws_ecs.Ec2Service( self, "Service", cluster=ecs, task_definition=self.task_definition)
def ELB_SVC(self, ZachECSNodeName, TaskName, ZachTaskDef, cluster, vpc): ecs_service = ecs.Ec2Service( self, id=ZachECSNodeName + TaskName, task_definition=ZachTaskDef, cluster=cluster, desired_count=2, security_group=self.VPC_SG(TaskName, vpc), assign_public_ip=True, # health_check_grace_period=core.Duration.seconds(30), # Health check grace period is only valid for services configured to use load balancers service_name=ZachECSNodeName + TaskName) # Create ALB lb = elb.ApplicationLoadBalancer(self, ZachECSNodeName + TaskName + "-LB", vpc=vpc, internet_facing=True) listener = lb.add_listener(ZachECSNodeName + TaskName + "PublicListener", port=80, open=True) health_check = elb.HealthCheck(interval=core.Duration.seconds(60), path="/health", timeout=core.Duration.seconds(5)) # Attach ALB to ECS Service listener.add_targets( ZachECSNodeName + TaskName + "-ECS", port=80, targets=[ecs_service], health_check=health_check, ) core.CfnOutput(self, ZachECSNodeName + TaskName + "-LoadBalancerDNS", value=lb.load_balancer_dns_name) core.CfnOutput(self, id=ZachECSNodeName + TaskName + "-ServiceName", value=ecs_service.service.service_name) core.CfnOutput(self, id=ZachECSNodeName + TaskName + "-ServiceARN", value=ecs_service.service.service_arn) return ecs_service
def CreateSVC(self,ZachTaskList,ZachECSNodeName,cluster,vpc,AppendHostFile,ENV_VARS): for TaskName, TaskValue in ZachTaskList.items(): ZachTaskDef = ecs.TaskDefinition(self, id=ZachECSNodeName + "-" + TaskName,compatibility=ecs.Compatibility.EC2,network_mode=ecs.NetworkMode.AWS_VPC) core.CfnOutput(self, id=TaskName + "ARN", value=ZachTaskDef.task_definition_arn) for num in range(TaskValue.get("num", 1)): container = ZachTaskDef.add_container(id=ZachECSNodeName + "-" + TaskName + str(num), cpu=1, memory_limit_mib=512, memory_reservation_mib=256, readonly_root_filesystem=True, working_directory="/data/web", user='******', health_check=ecs.HealthCheck(command=["ping 127.0.0.1"], interval=core.Duration.seconds(30), retries=5, start_period=core.Duration.minutes(1), timeout=core.Duration.seconds(10)), hostname=ZachECSNodeName + "-" + TaskName, extra_hosts=AppendHostFile, environment=ENV_VARS, docker_labels=ENV_VARS, image=ecs.ContainerImage.from_registry(TaskValue.get("image", "nginx:latest")), logging=ecs.LogDrivers.fluentd()) port_mapping = ecs.PortMapping( container_port=TaskValue.get("port", 80), host_port=TaskValue.get("port", 80), protocol=ecs.Protocol.TCP ) container.add_port_mappings(port_mapping) core.CfnOutput(self, id=container.container_name + "ContainPort", value=str(container.container_port)) core.CfnOutput(self, id=container.container_name + "MemLimit", value=str(container.memory_limit_specified)) core.CfnOutput(self, id=container.container_name + "HostPort", value=str(port_mapping.host_port)) svc = ecs.Ec2Service(self, id=ZachECSNodeName+TaskName, task_definition=ZachTaskDef, cluster=cluster, desired_count=2, security_group=self.VPC_SG(TaskName,vpc), assign_public_ip=True, # health_check_grace_period=core.Duration.seconds(30), # Health check grace period is only valid for services configured to use load balancers service_name=ZachECSNodeName+TaskName) svc.add_placement_strategies(ecs.PlacementStrategy.spread_across(ecs.BuiltInAttributes.INSTANCE_ID), ecs.PlacementStrategy.packed_by(ecs.BinPackResource.MEMORY)) core.CfnOutput(self, id=ZachECSNodeName+TaskName + "ServiceName", value=svc.service_name) core.CfnOutput(self, id=ZachECSNodeName+TaskName + "ServiceARN", value=svc.service_arn) core.CfnOutput(self, id=ZachECSNodeName+TaskName + "ARN", value=cluster.cluster_arn) core.CfnOutput(self, id=ZachECSNodeName+TaskName + "VPCID", value=str(cluster.vpc.vpc_id)) core.CfnOutput(self, id=ZachECSNodeName+TaskName + "VPCZone", value=str(cluster.vpc.availability_zones))
def __init__(self, scope: core.Construct, id: str, infra: RtspBaseResourcesConstruct, home_base: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) core.Tags.of(self).add('home_base', home_base) definition = ecs.TaskDefinition(self, 'DefaultTask', compatibility=ecs.Compatibility.EC2, cpu='128', memory_mib='128', task_role=infra.task_role, execution_role=infra.execution_role, network_mode=ecs.NetworkMode.AWS_VPC) definition.add_container( 'DefaultContainer', memory_reservation_mib=128, image=infra.container, logging=ecs.AwsLogDriver( stream_prefix='rtsp-connector/{}'.format(home_base), log_group=infra.log_group), environment={ 'BUCKET': infra.bucket.bucket_name, 'FRAME_ANALYZED_TOPIC': infra.frameAnalyzed.topic_arn, 'REK_COLLECT_ID': 'homenet-hybrid-collection', 'REGION': core.Stack.of(self).region, }) ecs.Ec2Service(self, 'RtspConnectorService', service_name='{}-rtsp-connector-{}'.format( infra.landing_zone.zone_name, home_base), task_definition=definition, assign_public_ip=False, cluster=infra.cluster, deployment_controller=ecs.DeploymentController( type=ecs.DeploymentControllerType.ECS), security_group=infra.security_group, vpc_subnets=ec2.SubnetSelection( subnet_group_name=infra.subnet_group_name), desired_count=desired_count)
# Create a security group that allows HTTP traffic on port 80 for our # containers without modifying the security group on the instance security_group = ec2.SecurityGroup(stack, "west-onetest-sg", vpc=vpc, allow_all_outbound=False) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80)) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8080)) # Create the service service = ecs.Ec2Service( stack, "west-onetest-ecs-service", cluster=cluster, task_definition=task_definition, #security_group=security_group ) # Create ALB lb = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True) listener_voncweb = lb.add_listener("voncweblistener", port=443, open=True, protocol=elbv2.ApplicationProtocol.HTTP) listener_dispatcher = lb.add_listener("dispatcherlistener", port=5000, open=True, protocol=elbv2.ApplicationProtocol.HTTP) listener_vista = lb.add_listener("vistalistener",
def __init__( self, scope: core.Construct, id: str, **kwargs, ) -> None: super().__init__( scope, id, **kwargs, ) # add ingress rule on port 22 for SSH ec2.SecurityGroup.from_security_group_id( self, "DefaultSecurityGroupForIngress", scope.vpc.vpc_default_security_group, ).add_ingress_rule( ec2.Peer.any_ipv4(), ec2.Port.tcp(22), ) self.asg = autoscaling.AutoScalingGroup( self, "AutoScalingGroup", instance_type=ec2.InstanceType("t2.micro"), machine_image=ecs.EcsOptimizedAmi(), security_group=ec2.SecurityGroup.from_security_group_id( self, "DefaultSecurityGroupId", scope.vpc.vpc_default_security_group, ), associate_public_ip_address=True, update_type=autoscaling.UpdateType.REPLACING_UPDATE, desired_capacity=1, vpc=scope.vpc, key_name=os.environ.get("KEY_NAME"), vpc_subnets={'subnet_type': ec2.SubnetType.PUBLIC}, ) self.cluster = scope.cluster self.cluster.add_auto_scaling_group(self.asg) self.bastion_host_task = ecs.Ec2TaskDefinition(self, "BastionHostTask") self.bastion_host_task.add_container( "BastionHostContainer", image=scope.image, command=["/start_prod.sh"], environment=scope.variables.regular_variables, memory_reservation_mib=128 # secrets=scope.variables.secret_variables, ) self.bastion_host_service = ecs.Ec2Service( self, "BastionHostService", task_definition=self.bastion_host_task, cluster=self.cluster, )
# Create a security group that allows HTTP traffic on port 80 for our # containers without modifying the security group on the instance security_group = ec2.SecurityGroup(stack, "west-onetest-sg", vpc=vpc, allow_all_outbound=False) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80)) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8080)) # Create the service service_voncweb = ecs.Ec2Service(stack, "west-onetest-ecs-service-voncweb", cluster=cluster, task_definition=task_definition_voncweb, deployment_controller=deployment_mode #security_group=security_group ) service_dispatcher = ecs.Ec2Service(stack, "west-onetest-ecs-service-dispatcher", cluster=cluster, task_definition=task_definition_dispatcher, deployment_controller=deployment_mode #security_group=security_group ) service_vistaweb = ecs.Ec2Service(stack, "west-onetest-ecs-service-vistaweb", cluster=cluster,
container = task_definition.add_container( "nginx-container", image=ecs.ContainerImage.from_docker_image_asset(docker_image_asset), memory_limit_mib=512) port_mapping = ecs.PortMapping(container_port=80) container.add_port_mappings(port_mapping) security_group = ec2.SecurityGroup(stack, "nginx--web", vpc=vpc, allow_all_outbound=False) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80)) # Instantiate an Amazon ECS Service ecs_service = ecs.Ec2Service(stack, "Service", cluster=cluster, task_definition=task_definition, security_group=security_group, desired_count=3) lb = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True) listener = lb.add_listener("Listener", port=80) target_group1 = listener.add_targets("ecs-targets", port=80, targets=[ecs_service]) app.synth()
def __init__(self, scope: core.Construct, construct_id: str, *, secrets: List[Secret]): super().__init__(scope, construct_id) vpc = aws_ec2.Vpc( self, "Vpc", enable_dns_support=True, enable_dns_hostnames=True, max_azs=3, nat_gateways=0, subnet_configuration=[ aws_ec2.SubnetConfiguration( name="Public", subnet_type=aws_ec2.SubnetType.PUBLIC) ], ) postgres_volume_name = "duckbot_dbdata" file_system = aws_efs.FileSystem( self, "PostgresFileSystem", vpc=vpc, encrypted=True, file_system_name=postgres_volume_name, removal_policy=core.RemovalPolicy.DESTROY) file_system.node.default_child.override_logical_id( "FileSystem" ) # rename for compatibility with legacy cloudformation template task_definition = aws_ecs.TaskDefinition( self, "TaskDefinition", compatibility=aws_ecs.Compatibility.EC2, family="duckbot", memory_mib="960", network_mode=aws_ecs.NetworkMode.BRIDGE) postgres_data_path = "/data/postgres" postgres = task_definition.add_container( "postgres", container_name="postgres", image=aws_ecs.ContainerImage.from_registry("postgres:13.2"), essential=False, environment={ "POSTGRES_USER": "******", "POSTGRES_PASSWORD": "******", "PGDATA": postgres_data_path, }, health_check=aws_ecs.HealthCheck( command=["CMD", "pg_isready", "-U", "duckbot"], interval=core.Duration.seconds(30), timeout=core.Duration.seconds(5), retries=3, start_period=core.Duration.seconds(30), ), logging=aws_ecs.LogDriver.aws_logs( stream_prefix="ecs", log_retention=aws_logs.RetentionDays.ONE_MONTH), memory_reservation_mib=128, ) task_definition.add_volume( name=postgres_volume_name, efs_volume_configuration=aws_ecs.EfsVolumeConfiguration( file_system_id=file_system.file_system_id, root_directory="/")) postgres.add_mount_points( aws_ecs.MountPoint(source_volume=postgres_volume_name, container_path=postgres_data_path, read_only=False)) secrets_as_parameters = { # note, parameter version is required by cdk, but does not make it into the template; specify version 1 for simplicity x.environment_name: aws_ssm.StringParameter.from_secure_string_parameter_attributes( self, x.environment_name, parameter_name=x.parameter_name, version=1) for x in secrets } duckbot = task_definition.add_container( "duckbot", container_name="duckbot", essential=True, image=aws_ecs.ContainerImage.from_registry( self.node.try_get_context("duckbot_image")), environment={"STAGE": "prod"}, secrets={ k: aws_ecs.Secret.from_ssm_parameter(v) for k, v in secrets_as_parameters.items() }, health_check=aws_ecs.HealthCheck( command=["CMD", "python", "-m", "duckbot.health"], interval=core.Duration.seconds(30), timeout=core.Duration.seconds(10), retries=3, start_period=core.Duration.seconds(30), ), logging=aws_ecs.LogDriver.aws_logs( stream_prefix="ecs", log_retention=aws_logs.RetentionDays.ONE_MONTH), memory_reservation_mib=128, ) duckbot.add_link(postgres) asg = aws_autoscaling.AutoScalingGroup( self, "AutoScalingGroup", min_capacity=0, max_capacity=1, desired_capacity=1, machine_image=aws_ecs.EcsOptimizedImage.amazon_linux2(), instance_type=aws_ec2.InstanceType("t2.micro"), key_name="duckbot", # needs to be created manually instance_monitoring=aws_autoscaling.Monitoring.BASIC, vpc=vpc, ) asg.connections.allow_to_default_port(file_system) asg.connections.allow_from(aws_ec2.Peer.any_ipv4(), aws_ec2.Port.tcp(22)) asg.connections.allow_from(aws_ec2.Peer.any_ipv4(), aws_ec2.Port.tcp(80)) asg.connections.allow_from(aws_ec2.Peer.any_ipv4(), aws_ec2.Port.tcp(443)) cluster = aws_ecs.Cluster(self, "Cluster", cluster_name="duckbot", vpc=vpc) cluster.add_asg_capacity_provider( aws_ecs.AsgCapacityProvider(cluster, "AsgCapacityProvider", auto_scaling_group=asg), can_containers_access_instance_role=True) aws_ecs.Ec2Service( self, "Service", service_name="duckbot", cluster=cluster, task_definition=task_definition, desired_count=1, min_healthy_percent=0, max_healthy_percent=100, )
}, logging=ecs.LogDriver.aws_logs(stream_prefix="VONC_VISTA_vista_logs"), privileged=True, #stop_timeout=core.Duration.hours(8) ) port_mapping = ecs.PortMapping( container_port=80, #host_port=8080, protocol=ecs.Protocol.TCP) vistaweb_container.add_port_mappings(port_mapping) service_vistaweb = ecs.Ec2Service(stack, "VONC_VISTA-ecs-service-vistaweb", cluster=cluster, task_definition=task_definition_vistaweb, deployment_controller=deployment_mode, desired_count=1, security_group=security_group, service_name='VONC_VISTA-Vista') #health_check_grace_period=core.Duration.minutes(15) lb_vista = elbv2.ApplicationLoadBalancer(stack, "VONC_VISTA_lb_vista", load_balancer_name='Vista-temp-ELB', vpc=vpc, internet_facing=True) listener_vista = lb_vista.add_listener( "vistalistener", port=443, open=True,
# Create a security group that allows HTTP traffic on port 80 for our # containers without modifying the security group on the instance # Create the service service_voncweb = ecs.Ec2Service( stack, "west-onetest-ecs-service-voncweb", cluster=cluster, task_definition=task_definition_voncweb, deployment_controller=deployment_mode, desired_count=1, security_group=security_group ) service_dispatcher = ecs.Ec2Service( stack, "west-onetest-ecs-service-dispatcher", cluster=cluster, task_definition=task_definition_dispatcher, deployment_controller=deployment_mode, desired_count=1, security_group=security_group ) service_vistaweb = ecs.Ec2Service(
# Create a security group that allows HTTP traffic on port 80 for our # containers without modifying the security group on the instance security_group = ec2.SecurityGroup(stack, "west-onetest-sg", vpc=vpc, allow_all_outbound=False) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80)) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8080)) # Create the service service_voncweb = ecs.Ec2Service( stack, "west-onetest-ecs-service-voncweb", cluster=cluster, task_definition=task_definition_voncweb, #security_group=security_group ) service_dispatcher = ecs.Ec2Service( stack, "west-onetest-ecs-service-dispatcher", cluster=cluster, task_definition=task_definition_dispatcher, #security_group=security_group ) service_vistaweb = ecs.Ec2Service( stack, "west-onetest-ecs-service-vistaweb",
def __init__(self, scope: core.Stack, id: str, cluster, vpc, worker, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.cluster = cluster self.vpc = vpc self.worker = worker # Building a custom image for jenkins master. self.container_image = ecr.DockerImageAsset( self, "JenkinsMasterDockerImage", directory='./docker/master/') if config['DEFAULT']['fargate_enabled'] == "yes" or not config[ 'DEFAULT']['ec2_enabled'] == "yes": # Task definition details to define the Jenkins master container self.jenkins_task = ecs_patterns.ApplicationLoadBalancedTaskImageOptions( # image=ecs.ContainerImage.from_ecr_repository(self.container_image.repository), image=ecs.ContainerImage.from_docker_image_asset( self.container_image), container_port=8080, enable_logging=True, environment={ # https://github.com/jenkinsci/docker/blob/master/README.md#passing-jvm-parameters 'JAVA_OPTS': '-Djenkins.install.runSetupWizard=false', # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/README.md#getting-started 'CASC_JENKINS_CONFIG': '/config-as-code.yaml', 'network_stack': self.vpc.stack_name, 'cluster_stack': self.cluster.stack_name, 'worker_stack': self.worker.stack_name, 'cluster_arn': self.cluster.cluster.cluster_arn, 'aws_region': config['DEFAULT']['region'], 'jenkins_url': config['DEFAULT']['jenkins_url'], 'subnet_ids': ",".join( [x.subnet_id for x in self.vpc.vpc.private_subnets]), 'security_group_ids': self.worker.worker_security_group.security_group_id, 'execution_role_arn': self.worker.worker_execution_role.role_arn, 'task_role_arn': self.worker.worker_task_role.role_arn, 'worker_log_group': self.worker.worker_logs_group.log_group_name, 'worker_log_stream_prefix': self.worker.worker_log_stream.log_stream_name }, ) # Create the Jenkins master service self.jenkins_master_service_main = ecs_patterns.ApplicationLoadBalancedFargateService( self, "JenkinsMasterService", cpu=int(config['DEFAULT']['fargate_cpu']), memory_limit_mib=int( config['DEFAULT']['fargate_memory_limit_mib']), cluster=self.cluster.cluster, desired_count=1, enable_ecs_managed_tags=True, task_image_options=self.jenkins_task, cloud_map_options=ecs.CloudMapOptions( name="master", dns_record_type=sd.DnsRecordType('A'))) self.jenkins_master_service = self.jenkins_master_service_main.service self.jenkins_master_task = self.jenkins_master_service.task_definition if config['DEFAULT']['ec2_enabled'] == "yes": self.jenkins_load_balancer = elb.ApplicationLoadBalancer( self, "JenkinsMasterELB", vpc=self.vpc.vpc, internet_facing=True, ) self.listener = self.jenkins_load_balancer.add_listener("Listener", port=80) self.jenkins_master_task = ecs.Ec2TaskDefinition( self, "JenkinsMasterTaskDef", network_mode=ecs.NetworkMode.AWS_VPC, volumes=[ ecs.Volume(name="efs_mount", host=ecs.Host(source_path='/mnt/efs')) ], ) self.jenkins_master_task.add_container( "JenkinsMasterContainer", image=ecs.ContainerImage.from_ecr_repository( self.container_image.repository), cpu=int(config['DEFAULT']['ec2_cpu']), memory_limit_mib=int( config['DEFAULT']['ec2_memory_limit_mib']), environment={ # https://github.com/jenkinsci/docker/blob/master/README.md#passing-jvm-parameters 'JAVA_OPTS': '-Djenkins.install.runSetupWizard=false', 'CASC_JENKINS_CONFIG': '/config-as-code.yaml', 'network_stack': self.vpc.stack_name, 'cluster_stack': self.cluster.stack_name, 'worker_stack': self.worker.stack_name, 'cluster_arn': self.cluster.cluster.cluster_arn, 'aws_region': config['DEFAULT']['region'], 'jenkins_url': config['DEFAULT']['jenkins_url'], 'subnet_ids': ",".join( [x.subnet_id for x in self.vpc.vpc.private_subnets]), 'security_group_ids': self.worker.worker_security_group.security_group_id, 'execution_role_arn': self.worker.worker_execution_role.role_arn, 'task_role_arn': self.worker.worker_task_role.role_arn, 'worker_log_group': self.worker.worker_logs_group.log_group_name, 'worker_log_stream_prefix': self.worker.worker_log_stream.log_stream_name }, logging=ecs.LogDriver.aws_logs( stream_prefix="JenkinsMaster", log_retention=logs.RetentionDays.ONE_WEEK), ) self.jenkins_master_task.default_container.add_mount_points( ecs.MountPoint(container_path='/var/jenkins_home', source_volume="efs_mount", read_only=False)) self.jenkins_master_task.default_container.add_port_mappings( ecs.PortMapping(container_port=8080, host_port=8080)) self.jenkins_master_service = ecs.Ec2Service( self, "EC2MasterService", task_definition=self.jenkins_master_task, cloud_map_options=ecs.CloudMapOptions( name="master", dns_record_type=sd.DnsRecordType('A')), desired_count=1, min_healthy_percent=0, max_healthy_percent=100, enable_ecs_managed_tags=True, cluster=self.cluster.cluster, ) self.target_group = self.listener.add_targets( "JenkinsMasterTarget", port=80, targets=[ self.jenkins_master_service.load_balancer_target( container_name=self.jenkins_master_task. default_container.container_name, container_port=8080, ) ], deregistration_delay=core.Duration.seconds(10)) # Opening port 5000 for master <--> worker communications self.jenkins_master_service.task_definition.default_container.add_port_mappings( ecs.PortMapping(container_port=50000, host_port=50000)) # Enable connection between Master and Worker self.jenkins_master_service.connections.allow_from( other=self.worker.worker_security_group, port_range=ec2.Port(protocol=ec2.Protocol.TCP, string_representation='Master to Worker 50000', from_port=50000, to_port=50000)) # Enable connection between Master and Worker on 8080 self.jenkins_master_service.connections.allow_from( other=self.worker.worker_security_group, port_range=ec2.Port(protocol=ec2.Protocol.TCP, string_representation='Master to Worker 8080', from_port=8080, to_port=8080)) # IAM Statements to allow jenkins ecs plugin to talk to ECS as well as the Jenkins cluster # self.jenkins_master_task.add_to_task_role_policy( iam.PolicyStatement( actions=[ "ecs:RegisterTaskDefinition", "ecs:DeregisterTaskDefinition", "ecs:ListClusters", "ecs:DescribeContainerInstances", "ecs:ListTaskDefinitions", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks" ], resources=["*"], )) self.jenkins_master_task.add_to_task_role_policy( iam.PolicyStatement(actions=["ecs:ListContainerInstances"], resources=[self.cluster.cluster.cluster_arn])) self.jenkins_master_task.add_to_task_role_policy( iam.PolicyStatement( actions=["ecs:RunTask"], resources=[ "arn:aws:ecs:{0}:{1}:task-definition/fargate-workers*". format( self.region, self.account, ) ])) self.jenkins_master_task.add_to_task_role_policy( iam.PolicyStatement(actions=["ecs:StopTask"], resources=[ "arn:aws:ecs:{0}:{1}:task/*".format( self.region, self.account) ], conditions={ "ForAnyValue:ArnEquals": { "ecs:cluster": self.cluster.cluster.cluster_arn } })) self.jenkins_master_task.add_to_task_role_policy( iam.PolicyStatement(actions=["iam:PassRole"], resources=[ self.worker.worker_task_role.role_arn, self.worker.worker_execution_role.role_arn ])) # END OF JENKINS ECS PLUGIN IAM POLICIES # self.jenkins_master_task.add_to_task_role_policy( iam.PolicyStatement( actions=["*"], resources=[self.worker.worker_logs_group.log_group_arn]))
def __init__(self, scope: core.Construct, id: str, vpc: ec2.Vpc, cluster: ecs.Cluster, **kwargs) -> None: super().__init__(scope, id, **kwargs) elastic_cluster_task_def = ecs.Ec2TaskDefinition( scope=self, id="ES-TASK-DEF", network_mode=ecs.NetworkMode.BRIDGE, ) elastic = ecs.ContainerDefinition( scope=self, id=constants.ES_CONTAINER_NAME, start_timeout=core.Duration.seconds(amount=30), task_definition=elastic_cluster_task_def, memory_limit_mib=4024, essential=True, image=ecs.ContainerImage.from_registry( name="docker.elastic.co/elasticsearch/elasticsearch:6.8.6"), environment={ "cluster.name": constants.ES_CLUSTER_NAME, "bootstrap.memory_lock": "true", # "discovery.zen.ping.unicast.hosts": "elasticsearch", "node.name": constants.ES_CONTAINER_NAME, "node.master": "true", "node.data": "true", "ES_JAVA_OPTS": "-Xms2g -Xmx2g", }, logging=ecs.AwsLogDriver( stream_prefix="ES", log_retention=logs.RetentionDays.ONE_DAY, ), ) elastic.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.NOFILE, hard_limit=65535, soft_limit=65535)) elastic.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1)) elastic.add_port_mappings(ecs.PortMapping(container_port=9200)) elastic.add_port_mappings(ecs.PortMapping(container_port=9300)) ##################################################### node = ecs.ContainerDefinition( scope=self, id=constants.ES_NODE_CONTAINER_NAME, start_timeout=core.Duration.seconds(amount=40), task_definition=elastic_cluster_task_def, memory_limit_mib=4024, essential=True, image=ecs.ContainerImage.from_registry( name="docker.elastic.co/elasticsearch/elasticsearch:6.8.6"), environment={ "cluster.name": constants.ES_CLUSTER_NAME, "bootstrap.memory_lock": "true", "discovery.zen.ping.unicast.hosts": constants.ES_CONTAINER_NAME, "node.name": constants.ES_NODE_CONTAINER_NAME, "node.master": "false", "node.data": "true", "ES_JAVA_OPTS": "-Xms2g -Xmx2g", }, logging=ecs.LogDrivers.aws_logs( stream_prefix="NODE", log_retention=logs.RetentionDays.ONE_DAY, )) node.add_port_mappings(ecs.PortMapping(container_port=9200)) node.add_port_mappings(ecs.PortMapping(container_port=9300)) node.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.NOFILE, hard_limit=65536, soft_limit=65536)) node.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1)) node.add_link(container=elastic, alias=constants.ES_CONTAINER_NAME) ##################################################### ecs_service = ecs.Ec2Service( scope=self, id="ES-SERVICE", cluster=cluster, task_definition=elastic_cluster_task_def, desired_count=1, service_name=constants.ECS_ES_SERVICE, ) lb = elbv2.ApplicationLoadBalancer( scope=self, id="ELB", vpc=vpc, internet_facing=True, ) listener = lb.add_listener( id="LISTENER", port=80, ) ecs_service.register_load_balancer_targets( ecs.EcsTarget( new_target_group_id="TARGET-GRP", container_name=elastic.container_name, # container_port=9200, listener=ecs.ListenerConfig.application_listener( listener=listener, protocol=elbv2.ApplicationProtocol.HTTP), )) core.CfnOutput( scope=self, id="DNS-NAME", value=lb.load_balancer_dns_name, )
def __init__(self, scope: core.Construct, id: str, vpc, ecs_cluster, role, target_url: str, number_of_tasks=1, **kwargs) -> None: super().__init__(scope, id, **kwargs) name = id task_def = ecs.Ec2TaskDefinition(self, name, network_mode=ecs.NetworkMode.AWS_VPC) container_env = {} container_env["TARGET_URL"] = target_url if role == "worker": container_env["LOCUST_MASTER_NODE_HOST"] = "master.loadgen" container_env["LOCUST_MODE_WORKER"] = "True" elif role == "master": container_env["LOCUST_MODE_MASTER"] = "True" locust_container = task_def.add_container( name + "container", # Create an image we using the dockerfile in ./locust image=ecs.ContainerImage.from_asset("locust"), memory_reservation_mib=512, essential=True, logging=ecs.LogDrivers.aws_logs(stream_prefix=name), environment=container_env) locust_container.add_ulimits( ecs.Ulimit(name=ecs.UlimitName.NOFILE, soft_limit=65536, hard_limit=65536)) web_port_mapping = ecs.PortMapping(container_port=8089) if role != "standalone": worker1_port_mapping = ecs.PortMapping(container_port=5557) worker2_port_mapping = ecs.PortMapping(container_port=5558) locust_container.add_port_mappings(web_port_mapping, worker1_port_mapping, worker2_port_mapping) else: locust_container.add_port_mappings(web_port_mapping) security_group = ec2.SecurityGroup(self, "Locust", vpc=vpc, allow_all_outbound=True) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8089)) if role != "standalone": security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(5557)) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(5558)) # Create the ecs service locust_service = ecs.Ec2Service(self, name + "service", cluster=ecs_cluster, task_definition=task_def, security_group=security_group, desired_count=number_of_tasks) locust_service.enable_cloud_map(name=role) # Create the ALB to present the Locust UI if role != "worker": self.lb = elbv2.ApplicationLoadBalancer(self, "LoustLB", vpc=vpc, internet_facing=True) # Forward port 80 to port 8089 listener = self.lb.add_listener("Listener", port=80) listener.add_targets("ECS1", port=8089, protocol=elbv2.ApplicationProtocol.HTTP, targets=[locust_service]) core.CfnOutput(self, "lburl", description="URL for ALB fronting locust master", value="http://{}".format( self.lb.load_balancer_dns_name))
# Create a security group that allows HTTP traffic on port 80 for our # containers without modifying the security group on the instance # Create the service service_voncweb = ecs.Ec2Service( stack, "VONC_VISTA-ecs-service-voncweb", cluster=cluster, task_definition=task_definition_voncweb, deployment_controller=deployment_mode, desired_count=1, security_group=security_group, service_name='VONC_VISTA-Vonc' ) service_dispatcher = ecs.Ec2Service( stack, "VONC_VISTA-ecs-service-dispatcher", cluster=cluster, task_definition=task_definition_dispatcher, deployment_controller=deployment_mode, desired_count=1, security_group=security_group, service_name='VONC_VISTA-Dispatcher' )
def __init__(self, scope: core.Construct, id: str, vpc, ecs_cluster, role, target_url: str, number_of_tasks = 1, **kwargs) -> None: super().__init__(scope, id, **kwargs) name = id task_def = ecs.Ec2TaskDefinition(self, name, network_mode=ecs.NetworkMode.AWS_VPC ) if role == "slave": container_env={"TARGET_URL": target_url, "LOCUST_MODE": role, #Need to update to pull the name from Cloudmap "LOCUST_MASTER_HOST": "master.loadgen" } else: container_env={"TARGET_URL": target_url, "LOCUST_MODE": role } locust_container = task_def.add_container( name + "container", # Use Locust image from DockerHub # Or not. we'll use an image we create using the dockerfile in ./locust image=ecs.ContainerImage.from_asset("locust"), memory_reservation_mib=512, essential=True, logging=ecs.LogDrivers.aws_logs(stream_prefix=name), environment=container_env ) web_port_mapping = ecs.PortMapping(container_port=8089) if role != "standalone": slave1_port_mapping = ecs.PortMapping(container_port=5557) slave2_port_mapping = ecs.PortMapping(container_port=5558) locust_container.add_port_mappings(web_port_mapping,slave1_port_mapping,slave2_port_mapping) else: locust_container.add_port_mappings(web_port_mapping) security_group = ec2.SecurityGroup( self, "Locust", vpc=vpc, allow_all_outbound=True ) security_group.add_ingress_rule( ec2.Peer.any_ipv4(), ec2.Port.tcp(8089) ) if role != "standalone": security_group.add_ingress_rule( ec2.Peer.any_ipv4(), ec2.Port.tcp(5557) ) security_group.add_ingress_rule( ec2.Peer.any_ipv4(), ec2.Port.tcp(5558) ) # Create the ecs service locust_service = ecs.Ec2Service( self, name +"service", cluster = ecs_cluster, task_definition = task_def, security_group = security_group, desired_count = number_of_tasks ) locust_service.enable_cloud_map(name=role) # Create the ALB to present the Locust UI if role != "slave": self.lb = elbv2.ApplicationLoadBalancer(self, "LoustLB", vpc=vpc, internet_facing=True) listener = self.lb.add_listener("Listener", port=80) listener.add_targets("ECS1", port=80, targets=[locust_service] ) core.CfnOutput( self, "lburl", description = "URL for ALB fronting locust master", value = self.lb.load_balancer_dns_name )
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None: super().__init__(scope, id, **kwargs) cluster = ecs.Cluster( self, 'EKSGraviton2', vpc=vpc, container_insights=True ) task_definition = ecs.Ec2TaskDefinition( self, "TaskDef") container_uri = ssm.StringParameter.value_for_string_parameter(self ,"graviton_lab_container_uri") ecs_ami = ecs.EcsOptimizedAmi(generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2, hardware_type=ecs.AmiHardwareType.ARM) asg_ecs = cluster.add_capacity("G2AutoScalingGroup", instance_type=ec2.InstanceType("m6g.2xlarge"), machine_image=ecs_ami ) container = task_definition.add_container( "web", image=ecs.ContainerImage.from_registry(container_uri), memory_limit_mib=512, logging=ecs.LogDrivers.firelens( options={ "Name": "cloudwatch", "log_key": "log", "region": "us-east-1", "delivery_stream": "my-stream", "log_group_name": "firelens-fluent-bit", "auto_create_group": "true", "log_stream_prefix": "from-fluent-bit"} ) ) port_mapping = ecs.PortMapping( container_port=3000, host_port=8080, protocol=ecs.Protocol.TCP ) container.add_port_mappings(port_mapping) # Create Service service = ecs.Ec2Service( self, "Service", cluster=cluster, task_definition=task_definition ) # Create ALB lb = elbv2.ApplicationLoadBalancer( self, "LB", vpc=vpc, internet_facing=True ) listener = lb.add_listener( "PublicListener", port=80, open=True ) # Attach ALB to ECS Service listener.add_targets( "ECS", port=80, targets=[service] ) core.CfnOutput( self, "LoadBalancerDNS", value=lb.load_balancer_dns_name )
cluster = ecs.Cluster(stack, 'EcsCluster', vpc=vpc) cluster.add_capacity("DefaultAutoScalingGroup", instance_type=ec2.InstanceType("t2.micro")) # Create Task Definition task_definition = ecs.Ec2TaskDefinition(stack, "TaskDef") container = task_definition.add_container( "web", image=ecs.ContainerImage.from_registry("nginx:latest"), memory_limit_mib=256) port_mapping = ecs.PortMapping(container_port=80, host_port=8080, protocol=ecs.Protocol.TCP) container.add_port_mappings(port_mapping) # Create Service service = ecs.Ec2Service(stack, "Service", cluster=cluster, task_definition=task_definition) # Create ALB lb = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True) listener = lb.add_listener("PublicListener", port=80, open=True) health_check = elbv2.HealthCheck(interval=core.Duration.seconds(60), path="/health", timeout=core.Duration.seconds(5)) # Attach ALB to ECS Service listener.add_targets( "ECS", port=80, targets=[service], health_check=health_check, ) core.CfnOutput(stack, "LoadBalancerDNS", value=lb.load_balancer_dns_name)
def createResources(self, ns): # Security Group Updates albsg = self.bentoALB.connections.security_groups[0] self.ecssg = self.bentoECS_ASG.connections.security_groups[0] botoec2 = boto3.client('ec2') group_name = 'bento-bastion-sg' response = botoec2.describe_security_groups( Filters=[dict(Name='group-name', Values=[group_name])]) bastion_group_id = response['SecurityGroups'][0]['GroupId'] self.bastionsg = ec2.SecurityGroup.from_security_group_id( self, 'bastion-security-group', security_group_id=bastion_group_id) self.ecssg.add_ingress_rule( albsg, ec2.Port.tcp(int(self.config[ns]['backend_container_port']))) self.ecssg.add_ingress_rule( albsg, ec2.Port.tcp(int(self.config[ns]['frontend_container_port']))) self.ecssg.add_ingress_rule(self.bastionsg, ec2.Port.tcp(22)) # Backend Task Definition backendECSTask = ecs.Ec2TaskDefinition( self, "bento-ecs-backend", network_mode=ecs.NetworkMode.AWS_VPC) backendECSContainer = backendECSTask.add_container( 'api', image=ecs.ContainerImage.from_registry( "cbiitssrepo/bento-backend:latest"), memory_reservation_mib=1024, cpu=512) backend_port_mapping = ecs.PortMapping( container_port=int(self.config[ns]['backend_container_port']), host_port=int(self.config[ns]['backend_container_port']), protocol=ecs.Protocol.TCP) backendECSContainer.add_port_mappings(backend_port_mapping) # Backend Service self.backendService = ecs.Ec2Service( self, "{}-backend".format(ns), service_name="{}-backend".format(ns), task_definition=backendECSTask, cluster=self.bentoECS) # Frontend Task Definition frontendECSTask = ecs.Ec2TaskDefinition( self, "bento-ecs-frontend", network_mode=ecs.NetworkMode.AWS_VPC) frontendECSContainer = frontendECSTask.add_container( 'ui', image=ecs.ContainerImage.from_registry( "cbiitssrepo/bento-frontend:latest"), memory_reservation_mib=1024, cpu=512) frontend_port_mapping = ecs.PortMapping( container_port=int(self.config[ns]['frontend_container_port']), host_port=int(self.config[ns]['frontend_container_port']), protocol=ecs.Protocol.TCP) frontendECSContainer.add_port_mappings(frontend_port_mapping) # Frontend Service self.frontendService = ecs.Ec2Service( self, "{}-frontend".format(ns), service_name="{}-frontend".format(ns), task_definition=frontendECSTask, cluster=self.bentoECS)
def __init__(self, scope: core.Construct, id: str, vpc: ec2.Vpc, cluster: ecs.Cluster, repository: ecr.Repository, **kwargs) -> None: super().__init__(scope, id, **kwargs) namespace = servicediscovery.PrivateDnsNamespace( scope=self, id="PRIVATE-DNS", vpc=vpc, name="private", description="a private dns" ) sg = ec2.SecurityGroup( scope=self, id="SG", vpc=vpc, allow_all_outbound=True, description="open 9200 and 9300 ports", security_group_name="es-group" ) sg.add_ingress_rule( peer=ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(port=9200), ) sg.add_ingress_rule( peer=ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(port=9300), ) ##################################################### elastic_task_def = ecs.Ec2TaskDefinition( scope=self, id="ES-TASK-DEF", network_mode=ecs.NetworkMode.AWS_VPC, volumes=[ecs.Volume( name="esdata", host=ecs.Host(source_path="/usr/share/elasticsearch/data"), )], ) elastic = ecs.ContainerDefinition( scope=self, id=constants.ES_CONTAINER_NAME, start_timeout=core.Duration.seconds(amount=30), task_definition=elastic_task_def, memory_limit_mib=4500, essential=True, image=ecs.ContainerImage.from_ecr_repository( repository=repository, tag='latest'), environment={ "cluster.name": constants.ES_CLUSTER_NAME, "bootstrap.memory_lock": "true", # "discovery.zen.ping.unicast.hosts": "elasticsearch", "node.name": constants.ES_CONTAINER_NAME, "node.master": "true", "node.data": "true", "ES_JAVA_OPTS": "-Xms4g -Xmx4g", }, logging=ecs.AwsLogDriver( stream_prefix="ES", log_retention=logs.RetentionDays.ONE_DAY, ), ) elastic.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.NOFILE, hard_limit=65535, soft_limit=65535)) elastic.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1)) elastic.add_port_mappings(ecs.PortMapping(container_port=9200)) elastic.add_port_mappings(ecs.PortMapping(container_port=9300)) elastic.add_mount_points(ecs.MountPoint( container_path="/usr/share/elasticsearch/data", source_volume="esdata", read_only=False, )) # elastic.add_volumes_from(ecs.VolumeFrom( # source_container="esdata", # read_only=False, # )) es_service = ecs.Ec2Service( scope=self, id="ES-SERVICE", cluster=cluster, task_definition=elastic_task_def, desired_count=1, service_name="ES", security_group=sg, ) es_lb = elbv2.ApplicationLoadBalancer( scope=self, id="ES-ELB", vpc=vpc, internet_facing=True, ) es_listener = es_lb.add_listener( id="ES-LISTENER", port=80, ) es_service.register_load_balancer_targets( ecs.EcsTarget( new_target_group_id="ES-GRP", container_name=elastic.container_name, listener=ecs.ListenerConfig.application_listener( listener=es_listener, protocol=elbv2.ApplicationProtocol.HTTP), )) service = es_service.enable_cloud_map( cloud_map_namespace=namespace, dns_record_type=servicediscovery.DnsRecordType.A, # dns_ttl=core.Duration.seconds(amount=30), failure_threshold=1, name="elastic", ) core.CfnOutput( scope=self, id="DNS-ES", value=es_lb.load_balancer_dns_name, ) ##################################################### node_task_def = ecs.Ec2TaskDefinition( scope=self, id="NODE-TASK-DEF", network_mode=ecs.NetworkMode.AWS_VPC, volumes=[ecs.Volume( name="esdata", host=ecs.Host(source_path="/usr/share/elasticsearch/data"), )], ) node = ecs.ContainerDefinition( scope=self, id=constants.ES_NODE_CONTAINER_NAME, start_timeout=core.Duration.seconds(amount=40), task_definition=node_task_def, memory_limit_mib=4500, essential=True, image=ecs.ContainerImage.from_ecr_repository( repository=repository, tag='latest'), environment={ "cluster.name": constants.ES_CLUSTER_NAME, "bootstrap.memory_lock": "true", "discovery.zen.ping.unicast.hosts": "elastic.private", "node.name": constants.ES_NODE_CONTAINER_NAME, "node.master": "false", "node.data": "true", "ES_JAVA_OPTS": "-Xms4g -Xmx4g", }, logging=ecs.LogDrivers.aws_logs( stream_prefix="NODE", log_retention=logs.RetentionDays.ONE_DAY, )) node.add_port_mappings(ecs.PortMapping(container_port=9200)) node.add_port_mappings(ecs.PortMapping(container_port=9300)) node.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.NOFILE, hard_limit=65536, soft_limit=65536)) node.add_ulimits(ecs.Ulimit( name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1)) node.add_mount_points(ecs.MountPoint( container_path="/usr/share/elasticsearch/data", source_volume="esdata", read_only=False, )) node_service = ecs.Ec2Service( scope=self, id="ES-NODE-SERVICE", cluster=cluster, task_definition=node_task_def, desired_count=1, service_name="NODE", security_group=sg, ) node_lb = elbv2.ApplicationLoadBalancer( scope=self, id="NODE-ELB", vpc=vpc, internet_facing=True, ) node_listener = node_lb.add_listener( id="NODE-LISTENER", port=80, ) node_service.register_load_balancer_targets( ecs.EcsTarget( new_target_group_id="NODE-GRP", container_name=node.container_name, listener=ecs.ListenerConfig.application_listener( listener=node_listener, protocol=elbv2.ApplicationProtocol.HTTP), )) core.CfnOutput( scope=self, id="DNS-NODE", value=node_lb.load_balancer_dns_name, )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here #vpc = ec2.Vpc.from_lookup(self, 'VPC', is_default=True) vpc = ec2.Vpc( self, "MyVpc", max_azs=2 ) rdsInst = rds.DatabaseInstance(self, 'SpringPetclinicDB', engine=rds.DatabaseInstanceEngine.MYSQL, engine_version='5.7.31', instance_class=ec2.InstanceType('t2.medium'), master_username = '******', database_name = 'petclinic', master_user_password = core.SecretValue('Welcome#123456'), vpc = vpc, deletion_protection = False, backup_retention = core.Duration.days(0), removal_policy = core.RemovalPolicy.DESTROY, #vpc_placement = ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC) ) rdsInst.connections.allow_default_port_from_any_ipv4() cluster = ecs.Cluster( self, 'EcsCluster', vpc=vpc ) cluster.add_capacity("DefaultAutoScalingGroup", instance_type=ec2.InstanceType('t2.large'), vpc_subnets = ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), min_capacity = 6) alb = elbv2.ApplicationLoadBalancer(self, 'EcsLb', vpc=vpc, internet_facing=True) listener = alb.add_listener('EcsListener', port=80) listener.add_fixed_response('Default-Fix', status_code= '404') listener.node.default_child.default_action=[{ "type": "fixed-response", "fixedResponseConfig": {"statusCode": "404"} }] for s in ['customers', 'vets', 'visits', 'static']: asset = ecr_assets.DockerImageAsset(self, 'spring-petclinic-' + s, directory='./work/build/spring-petclinic-' + s + '-service', build_args={ 'JAR_FILE': 'spring-petclinic-' + s + '-service-2.1.4.jar' }) ecs_task = ecs.Ec2TaskDefinition(self, 'TaskDef-' + s) env={} if s != 'static': env = { 'SPRING_DATASOURCE_PASSWORD': '******', 'SPRING_DATASOURCE_USERNAME': '******', 'SPRING_PROFILES_ACTIVE': 'mysql', 'SPRING_DATASOURCE_URL': 'jdbc:mysql://' + rdsInst.db_instance_endpoint_address + '/petclinic?useUnicode=true', 'SERVER_SERVLET_CONTEXT_PATH': '/api/' + s.rstrip('s') } ecs_container = ecs_task.add_container( 'Container-' + s, memory_limit_mib=512, image=ecs.ContainerImage.from_docker_image_asset(asset), logging=ecs.LogDriver.aws_logs(stream_prefix=s), environment=env ) ecs_container.add_port_mappings(ecs.PortMapping(container_port=8080)) ecs_service = ecs.Ec2Service( self, 'Ec2Service-' + s, cluster = cluster, service_name = 'spring-petclinic-' + s, desired_count = 2, task_definition = ecs_task ) if s == 'static': parttern = '/*' priority = 1100 check={'path': '/'} else: parttern = '/api/' + s.rstrip('s') + '/*' priority = randint(1, 1000) check={'path': '/api/' + s.rstrip('s') + '/manage'} target = listener.add_targets( 'ECS-' + s, path_pattern=parttern, priority = priority, port=80, targets=[ecs_service], health_check=check ) core.CfnOutput(self,"LoadBalancer",export_name="LoadBalancer",value=alb.load_balancer_dns_name)
stack, "nginx-awsvpc", network_mode=ecs.NetworkMode.AWS_VPC, ) web_container = task_definition.add_container( "nginx", image=ecs.ContainerImage.from_registry("nginx:latest"), cpu=100, memory_limit_mib=256, essential=True) port_mapping = ecs.PortMapping(container_port=80, protocol=ecs.Protocol.TCP) web_container.add_port_mappings(port_mapping) # Create a security group that allows HTTP traffic on port 80 for our # containers without modifying the security group on the instance security_group = ec2.SecurityGroup(stack, "nginx--7623", vpc=vpc, allow_all_outbound=False) security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80)) # Create the service service = ecs.Ec2Service(stack, "awsvpc-ecs-demo-service", cluster=cluster, task_definition=task_definition, security_groups=[security_group]) app.synth()
def __init__(self, parent, name, **kwargs): super().__init__(parent, name, **kwargs) vpc = ec2.Vpc(self, 'GreetingVpc', max_azs=2) # create an ECS cluster cluster = ecs.Cluster(self, "Cluster", vpc=vpc) # add capacity to id cluster.add_capacity('greeter-capacity', instance_type=ec2.InstanceType('t2.micro'), min_capacity=3, max_capacity=3 ) # Name service name_task_definition = ecs.Ec2TaskDefinition(self, "name-task-definition") name_container = name_task_definition.add_container( 'name', image=ecs.ContainerImage.from_registry('nathanpeck/name'), memory_limit_mib=128 ) name_container.add_port_mappings(ecs.PortMapping( container_port=3000 )) name_service = ecs.Ec2Service(self, "name-service", cluster=cluster, desired_count=2, task_definition=name_task_definition ) # Greeting service greeting_task_definition = ecs.Ec2TaskDefinition(self, "greeting-task-definition") greeting_container = greeting_task_definition.add_container( 'greeting', image=ecs.ContainerImage.from_registry('nathanpeck/greeting'), memory_limit_mib=128 ) greeting_container.add_port_mappings(ecs.PortMapping( container_port=3000 )) greeting_service = ecs.Ec2Service(self, "greeting-service", cluster=cluster, desired_count=1, task_definition=greeting_task_definition ) internal_lb = elbv2.ApplicationLoadBalancer(self, "internal", vpc=vpc, internet_facing=False ) # Internal load balancer for the backend services internal_listener = internal_lb.add_listener('PublicListener', port=80, open=True ) internal_listener.add_target_groups('default', target_groups=[elbv2.ApplicationTargetGroup( self, 'default', vpc=vpc, protocol=elbv2.ApplicationProtocol.HTTP, port=80 )] ) internal_listener.add_targets('name', port=80, path_pattern='/name*', priority=1, targets=[name_service] ) internal_listener.add_targets('greeting', port=80, path_pattern='/greeting*', priority=2, targets=[greeting_service] ) # Greeter service greeter_task_definition = ecs.Ec2TaskDefinition(self, "greeter-task-definition") greeter_container = greeter_task_definition.add_container( 'greeter', image=ecs.ContainerImage.from_registry('nathanpeck/greeter'), memory_limit_mib=128, environment={ "GREETING_URL": 'http://' + internal_lb.load_balancer_dns_name + '/greeting', "NAME_URL": 'http://' + internal_lb.load_balancer_dns_name + '/name' } ) greeter_container.add_port_mappings(ecs.PortMapping( container_port=3000 )) greeter_service = ecs.Ec2Service(self, "greeter-service", cluster=cluster, desired_count=2, task_definition=greeter_task_definition ) # Internet facing load balancer fo the frontend services external_lb = elbv2.ApplicationLoadBalancer(self, 'external', vpc=vpc, internet_facing=True ) external_listener = external_lb.add_listener('PublicListener', port=80, open=True ) external_listener.add_targets('greeter', port=80, targets=[greeter_service] ) # output dns addresses self.internal_dns = core.CfnOutput(self, 'InternalDNS', export_name='greeter-app-internal', value=internal_lb.load_balancer_dns_name ) self.external_dns = core.CfnOutput(self, 'ExternalDNS', export_name='ExternalDNS', value=external_lb.load_balancer_dns_name )