def create_ecs_service(self): t = self.template t.add_resource( ecs.Service( 'FargateService', DependsOn=self.listener.title, Cluster=self.vars['ClusterName'], DesiredCount=self.vars['DesiredCount'], TaskDefinition=Ref(self.task_definition), LaunchType='FARGATE', NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( Subnets=[ s.strip() for s in self.vars['Subnets'].split(',') ], SecurityGroups=[self.vars['SecurityGroup']], )), LoadBalancers=[ ecs.LoadBalancer( ContainerName=self.vars['ContainerName'], ContainerPort=self.vars['ContainerPort'], TargetGroupArn=Ref(self.target_group), ), ], )) return
def configure_alb(self, t, service): service_target_group = t.add_resource(elasticloadbalancingv2.TargetGroup( self.resource_name_format % ('ServiceTargetGroup'), Port=80, Protocol="HTTP", HealthCheckPath=self.healthcheck_path, HealthCheckIntervalSeconds=self.healthcheck_interval, HealthCheckTimeoutSeconds=self.healthcheck_interval - 1, HealthyThresholdCount=2, UnhealthyThresholdCount=5, VpcId=ImportValue(Sub(self.imports_format % ('VpcId'))), TargetGroupAttributes=[ elasticloadbalancingv2.TargetGroupAttribute(Key=key, Value=value) for (key, value) in sorted(self.target_group_attributes().items()) ] )) listener_rule = t.add_resource(elasticloadbalancingv2.ListenerRule( self.resource_name_format % ('SecureListenerRule'), ListenerArn=ImportValue(Sub(self.imports_format % ('PublicListener' if self.public else 'InternalListener'))), Priority=self.priority, Actions=[elasticloadbalancingv2.Action(Type="forward", TargetGroupArn=Ref(service_target_group))], Conditions=[elasticloadbalancingv2.Condition(Field="host-header", Values=self.domains)] )) service.DependsOn.append(listener_rule.title) service.LoadBalancers = [ ecs.LoadBalancer( ContainerName=self.container_name, ContainerPort=self.port, TargetGroupArn=Ref(service_target_group) ) ]
def generate_load_balancers(self): load_balancers = [] for arn in self.load_balancer_target_group_arns: load_balancers.append( ecs.LoadBalancer( ContainerName=self.container_name, ContainerPort=self.container_port, TargetGroupArn=arn, )) return load_balancers or NoValue
def gen_service(self): load_balancer = ecs.LoadBalancer( ContainerName=self.service_name, ContainerPort=80, TargetGroupArn=Ref(self.target_group), ) # We put this service in public subnets because for demo purposes, # we only created public subnets. In a real application, you would # almost certainly put this in a private subnet. network_configuration = ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( AssignPublicIp="ENABLED", Subnets=[ self.import_value("vpc", "PublicSubnet0"), self.import_value("vpc", "PublicSubnet1"), ], SecurityGroups=[ self.import_value("load-balancer", "WebAppMembershipSecurityGroup"), self.import_value("load-balancer", "WebAppSecurityGroup"), ], )) self.service = ecs.Service( "Service", ServiceName=self.service_name, Cluster=Ref(self.cluster), DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=100, MaximumPercent=200), DesiredCount=1, LaunchType="FARGATE", LoadBalancers=[load_balancer], NetworkConfiguration=network_configuration, SchedulingStrategy="REPLICA", TaskDefinition=Ref(self.task_definition), ) self.template.add_resource(self.service)
def create_api_service_resource(template, ecs_cluster_resource, api_task_definition_resource, api_task_count_parameter, api_tarcreate_group_resource, ecs_service_role_resource, load_balancer_listener_resource): return template.add_resource( ecs.Service( 'ApiService', ServiceName='api', Cluster=Ref(ecs_cluster_resource), TaskDefinition=Ref(api_task_definition_resource), DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=100, MaximumPercent=200 ), DesiredCount=Ref(api_task_count_parameter), LaunchType='EC2', LoadBalancers=[ecs.LoadBalancer( ContainerName='api', ContainerPort=80, TargetGroupArn=Ref(api_tarcreate_group_resource) )], Role=Ref(ecs_service_role_resource), DependsOn=[load_balancer_listener_resource] ) )
def add_service(self, **kwargs): port = kwargs['Port'] or None if port: ecs_service = ecs.Service( kwargs['Name'] + 'service', Cluster=Ref(kwargs['Cluster']), TaskDefinition=Ref(kwargs['Task']), Role=Ref(kwargs['Role']), DesiredCount=1, LoadBalancers=[ ecs.LoadBalancer(ContainerName=kwargs['Name'], ContainerPort=port, LoadBalancerName=Ref(kwargs['ELB'])) ]) self.add_elb_dns_alias(kwargs['ELB'], kwargs['Name'], kwargs['Zone']) return (self.add_resource(ecs_service)) else: ecs_service = ecs.Service(kwargs['Name'] + 'service', Cluster=Ref(kwargs['Cluster']), TaskDefinition=Ref(kwargs['Task']), DesiredCount=1) return (self.add_resource(ecs_service))
def main(): template = Template() template.add_resource( ecs.Cluster("ECSCluster", ClusterName="WorldCheckCluster")) template.add_resource( iam.Role("ECSTaskRole", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ecs-tasks.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] })) template.add_resource( iam.Role( "ECSServiceSchedulerRole", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ecs.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] }, Policies=[ iam.Policy(PolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Resource": "*" }] }, PolicyName="ecs-service") ])) template.add_resource( iam.Role("EC2InstanceRole", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] }, Policies=[ iam.Policy(PolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", "ecs:Poll", "ecs:RegisterContainerInstance", "ecs:StartTelemetrySession", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecs:Submit*", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:DescribeTags", "cloudwatch:PutMetricData" ], "Resource": "*" }] }, PolicyName="ecs-service") ])) template.add_resource( iam.InstanceProfile("EC2InstanceProfile", Roles=[Ref("EC2InstanceRole")])) with open("user-data.sh", "r") as f: user_data_content = f.readlines() template.add_resource( ec2.Instance( "EC2Instance", ImageId="ami-13f7226a", InstanceType="t2.micro", SecurityGroups=["default"], UserData=Base64(Join('', [Sub(x) for x in user_data_content])), IamInstanceProfile=Ref("EC2InstanceProfile"), )) template.add_resource( ecs.TaskDefinition( "ECSTaskDefinition", TaskRoleArn=Ref("ECSTaskRole"), ContainerDefinitions=[ ecs.ContainerDefinition( Name="SimpleServer", Memory="128", Image="abbas123456/simple-server:latest", PortMappings=[ecs.PortMapping(ContainerPort=8000)], ) ])) template.add_resource( elb.TargetGroup( "ECSTargetGroup", VpcId="vpc-925497f6", Port=8000, Protocol="HTTP", )) template.add_resource( elb.LoadBalancer( "LoadBalancer", Subnets=["subnet-a321c8fb", "subnet-68fa271e", "subnet-689d350c"], SecurityGroups=["sg-0202bd65"])) template.add_resource( elb.Listener( "LoadBalancerListener", DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref("ECSTargetGroup")) ], LoadBalancerArn=Ref("LoadBalancer"), Port=80, Protocol="HTTP", )) template.add_resource( ecs.Service("ECSService", Cluster=Ref("ECSCluster"), DesiredCount=1, LoadBalancers=[ ecs.LoadBalancer(ContainerPort=8000, ContainerName="SimpleServer", TargetGroupArn=Ref("ECSTargetGroup")) ], Role=Ref("ECSServiceSchedulerRole"), TaskDefinition=Ref("ECSTaskDefinition"), DependsOn="LoadBalancerListener")) return template.to_json()
t.add_resource( Role( "ServiceRole", AssumeRolePolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[AssumeRole], Principal=Principal("Service", ["ecs.amazonaws.com"])) ]), Path="/", ManagedPolicyArns=[ 'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole' ])) t.add_resource( ecs.Service( "service", Cluster="staging-cluster2-ECSCluster-1QOGTB2P6NH1P", DesiredCount=1, TaskDefinition=Ref("task"), LoadBalancers=[ ecs.LoadBalancer( ContainerName="helloworld", ContainerPort=3000, TargetGroupArn= "arn:aws:elasticloadbalancing:us-east-1:713832673520:targetgroup/stagi-Targe-TG2C4W6OI4TH/de6ec52d6c086628", ) ], Role=Ref("ServiceRole"))) print(t.to_json())
api_service = template.add_resource( ecs.Service( 'ApiService', ServiceName='api', Cluster=Ref(ecs_cluster), TaskDefinition=Ref(api_task_definition), DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=100, MaximumPercent=200 ), DesiredCount=Ref(api_task_count), LaunchType='EC2', LoadBalancers=[ecs.LoadBalancer( ContainerName='api', ContainerPort=80, TargetGroupArn=Ref(api_target_group) )], Role=Ref(ecs_service_role), DependsOn=[load_balancer_listener] ) ) queue_worker_service = template.add_resource( ecs.Service( 'QueueWorkerService', ServiceName='queue-worker', Cluster=Ref(ecs_cluster), TaskDefinition=Ref(queue_worker_task_definition), DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=0,
) ) ] )) Service = t.add_resource(ecs.Service( "Service", DependsOn=ALBListener, Cluster=Ref(ECSCluster), DesiredCount=1, TaskDefinition=Ref(TaskDefinition), LaunchType="FARGATE", LoadBalancers=[ ecs.LoadBalancer( ContainerName="nginx-container", ContainerPort=80, TargetGroupArn=Ref(ALBTargetGroup) ) ], NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( AssignPublicIp="ENABLED", Subnets=[Ref(PubSubnetAz1), Ref(PubSubnetAz2)], SecurityGroups=[Ref(TaskSecurityGroup)], ) ) )) # Output the ALB/Service URL t.add_output(Output( "ALBURL",
NetworkConfiguration=ecs. NetworkConfiguration(AwsvpcConfiguration=ecs.AwsvpcConfiguration( AssignPublicIp='ENABLED', SecurityGroups=[Ref(EC2SecurityGroup3)], Subnets=['subnet-0c86eeb5d3ab2e031', 'subnet-08d3101feec0e17da'])), SchedulingStrategy='REPLICA')) ECSService3 = template.add_resource( ecs.Service( 'ECSService3', ServiceName='ws-currency-exchange-service-h2-lb', Cluster=GetAtt(ECSCluster, 'Arn'), LoadBalancers=[ ecs.LoadBalancer( TargetGroupArn= 'arn:aws:elasticloadbalancing:us-east-2:445114057331:targetgroup/currencyexchangeservicetg/1d71df4075d5ad16', ContainerName='aws-currency-exchange-service-h2-xray', ContainerPort=8000) ], ServiceRegistries=[ ecs.ServiceRegistry( RegistryArn= 'arn:aws:servicediscovery:us-east-2:445114057331:service/srv-yv4x7pmjmrx6kehz' ) ], DesiredCount=1, LaunchType='FARGATE', PlatformVersion='LATEST', TaskDefinition= 'arn:aws:ecs:us-east-2:445114057331:task-definition/aws-currency-exchange-service-h2-xray:3', DeploymentConfiguration=ecs.DeploymentConfiguration(
def main(): template = Template() template.add_version("2010-09-09") template.set_description("AWS CloudFormation ECS Service") # Add the Parameters Application = template.add_parameter( Parameter( "Application", Type="String", )) DockerImage = template.add_parameter( Parameter( "DockerImage", Type="String", )) USERNAME = template.add_parameter(Parameter( "USERNAME", Type="String", )) ClusterName = template.add_parameter( Parameter( "ClusterName", Type="String", )) ContainerPort = template.add_parameter( Parameter( "ContainerPort", Type="String", )) HostPort = template.add_parameter(Parameter( "HostPort", Type="String", )) HostedZoneName = template.add_parameter( Parameter( "HostedZoneName", Type="String", )) CertArn = template.add_parameter(Parameter( "CertArn", Type="String", )) ExecutionRoleArn = template.add_parameter( Parameter("ExecutionRoleArn", Type="String", Description="Execution Role to get creadentials from ssm")) HealthCheckPath = template.add_parameter( Parameter( "HealthCheckPath", Type="String", )) HealthCheckIntervalSeconds = template.add_parameter( Parameter( "HealthCheckIntervalSeconds", Type="String", )) HealthyThresholdCount = template.add_parameter( Parameter( "HealthyThresholdCount", Type="String", )) HealthCheckTimeoutSeconds = template.add_parameter( Parameter( "HealthCheckTimeoutSeconds", Type="String", )) UnhealthyThresholdCount = template.add_parameter( Parameter( "UnhealthyThresholdCount", Type="String", )) VpcId = template.add_parameter(Parameter( "VpcId", Type="String", )) Subnets = template.add_parameter( Parameter( "Subnets", Type="List<AWS::EC2::Subnet::Id>", )) # Add the application ELB NetworkLB = template.add_resource( elb.LoadBalancer("NetworkLB", Name=Join("", [Ref(Application), "-nlb"]), Scheme="internet-facing", Subnets=Ref(Subnets), Type='network')) NlbTargetGroup = template.add_resource( elb.TargetGroup( "NlbTargetGroup", Name='ecs-service-targetgroup', HealthCheckIntervalSeconds=Ref(HealthCheckIntervalSeconds), HealthCheckProtocol="TCP", HealthyThresholdCount=Ref(HealthyThresholdCount), Port=80, Protocol="TCP", UnhealthyThresholdCount=Ref(UnhealthyThresholdCount), VpcId=Ref(VpcId))) NlbListener = template.add_resource( elb.Listener( "Listener", DependsOn=["NlbTargetGroup", "NetworkLB"], Certificates=[elb.Certificate(CertificateArn=Ref(CertArn))], Port="443", Protocol="TLS", LoadBalancerArn=Ref(NetworkLB), DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref(NlbTargetGroup)) ])) Task_Definition = template.add_resource( TaskDefinition( 'TaskDefinition', Memory='500', ExecutionRoleArn=Ref(ExecutionRoleArn), ContainerDefinitions=[ ContainerDefinition( Name=Join("", [Ref(Application)]), Image=Ref(DockerImage), Essential=True, Secrets=[Secret(Name='USERNAME', ValueFrom=Ref(USERNAME))], Environment=[ Environment(Name="DOCKER_LABELS", Value="true") ], DockerLabels={ 'aws-account': Ref("AWS::AccountId"), 'region': Ref("AWS::Region"), 'stack': Ref("AWS::StackName") }, PortMappings=[ PortMapping(ContainerPort=Ref(ContainerPort), HostPort=Ref(HostPort)) ]) ])) app_service = template.add_resource( Service("AppService", DependsOn=["Listener", "TaskDefinition"], Cluster=Ref(ClusterName), DesiredCount=1, TaskDefinition=Ref(Task_Definition), ServiceName=Join("", [Ref(Application), "-ecs-service"]), LoadBalancers=[ ecs.LoadBalancer(ContainerName=Join( "", [Ref(Application)]), ContainerPort=Ref(ContainerPort), TargetGroupArn=Ref(NlbTargetGroup)) ])) AppDNSRecord = template.add_resource( RecordSetType( "AppDNSRecord", DependsOn=["AppService"], HostedZoneName=Join("", [Ref(HostedZoneName), "."]), Name=Join("", [Ref(Application), ".", Ref(HostedZoneName), "."]), Type="CNAME", TTL="900", ResourceRecords=[GetAtt(NetworkLB, "DNSName")])) template.add_output( Output("URL", Description="DomainName", Value=Join("", ["https://", Ref(AppDNSRecord)]))) with open("ecs-ec2-service-cf.yaml", "w") as yamlout: yamlout.write(template.to_yaml())
ecsservice = t.add_resource( ecs.Service( "service", Cluster=ImportValue( Join( "-", [Select(0, Split("-", Ref("AWS::StackName"))), "cluster-id"])), DesiredCount=DesiredTaskCapacity, TaskDefinition=Ref("task"), LoadBalancers=[ ecs.LoadBalancer( ContainerName=Select(1, Split("-", Ref("AWS::StackName"))), ContainerPort=3000, TargetGroupArn=ImportValue( Join("-", [ Select(0, Split("-", Ref("AWS::StackName"))), Select(1, Split("-", Ref("AWS::StackName"))), "tg" ]), ), ) ], Role=Ref("ServiceRole"))) # Configure application scaling ## Start with application autoscaling role appscalingrole = t.add_resource( Role("ApplicationScalingRole", AssumeRolePolicyDocument=Policy(Statement=[ Statement( Effect=Allow, Action=[AssumeRole],
def add_resources(self): """Add resources to template.""" class EcsServiceWithHealthCheckGracePeriodSeconds(ecs.Service): """ECS Service class with HealthCheckGracePeriodSeconds added.""" props = ecs.Service.props props['HealthCheckGracePeriodSeconds'] = (positive_integer, False) pkg_version = pkg_resources.get_distribution('troposphere').version if LooseVersion(pkg_version) < LooseVersion('2.1.3'): ecs_service = EcsServiceWithHealthCheckGracePeriodSeconds else: ecs_service = ecs.Service template = self.template variables = self.get_variables() ecstaskrole = template.add_resource( iam.Role('EcsTaskRole', AssumeRolePolicyDocument=get_ecs_task_assumerole_policy(), RoleName=variables['EcsTaskRoleName'].ref)) loggroup = template.add_resource( logs.LogGroup( 'CloudWatchLogGroup', LogGroupName=Join('', [ '/ecs/', variables['ContainerName'].ref, '-', variables['EnvironmentName'].ref ]), RetentionInDays=variables['EcsCloudWatchLogRetention'].ref)) ecscontainerdef = ecs.ContainerDefinition( Image=Join('', [ Ref('AWS::AccountId'), '.dkr.ecr.', Ref('AWS::Region'), '.amazonaws.com/', variables['ContainerName'].ref, '-', variables['EnvironmentName'].ref ]), LogConfiguration=ecs.LogConfiguration(LogDriver='awslogs', Options={ 'awslogs-group': Ref(loggroup), 'awslogs-region': Ref('AWS::Region'), 'awslogs-stream-prefix': 'ecs' }), Name=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), PortMappings=[ ecs.PortMapping(ContainerPort=variables['ContainerPort'].ref) ]) ecstaskdef = template.add_resource( ecs.TaskDefinition( 'EcsTaskDef', ContainerDefinitions=[ecscontainerdef], Cpu=variables['TaskCpu'].ref, Memory=variables['TaskMem'].ref, ExecutionRoleArn=variables['EcsTaskExecIamRoleArn'].ref, TaskRoleArn=Ref(ecstaskrole), Family=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), NetworkMode='awsvpc', RequiresCompatibilities=['FARGATE'])) ecscluster = template.add_resource( ecs.Cluster('EcsCluster', ClusterName=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]))) ecsservice = template.add_resource( ecs_service( 'EcsService', Cluster=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=variables['MinHealthyPercent'].ref, MaximumPercent=variables['MaxPercent'].ref), DesiredCount=variables['NumberOfTasks'].ref, HealthCheckGracePeriodSeconds=variables[ 'HealthCheckGracePeriod'].ref, LaunchType='FARGATE', LoadBalancers=[ ecs.LoadBalancer( ContainerName=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), ContainerPort=variables['ContainerPort'].ref, TargetGroupArn=variables['TargetGroupArn'].ref) ], NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( SecurityGroups=variables['SgIdList'].ref, Subnets=variables['Subnets'].ref)), ServiceName=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), TaskDefinition=Ref(ecstaskdef))) template.add_output( Output("{}Arn".format(ecstaskrole.title), Description="ECS Task Role ARN", Value=GetAtt(ecstaskrole, "Arn"), Export=Export( Sub('${AWS::StackName}-%sArn' % ecstaskrole.title)))) template.add_output( Output("{}Name".format(ecstaskrole.title), Description="ECS Task Role Name", Value=Ref(ecstaskrole))) template.add_output( Output("{}Arn".format(ecsservice.title), Description="ARN of the ECS Service", Value=Ref(ecsservice), Export=Export( Sub('${AWS::StackName}-%sArn' % ecsservice.title)))) template.add_output( Output("{}Name".format(ecsservice.title), Description="Name of the ECS Service", Value=GetAtt(ecsservice, "Name"), Export=Export( Sub('${AWS::StackName}-%sName' % ecsservice.title)))) template.add_output( Output("{}Arn".format(ecscluster.title), Description="ECS Cluster ARN", Value=GetAtt(ecscluster, "Arn"), Export=Export( Sub('${AWS::StackName}-%sArn' % ecscluster.title)))) template.add_output( Output("{}Arn".format(ecstaskdef.title), Description="ARN of the Task Definition", Value=Ref(ecstaskdef), Export=Export( Sub('${AWS::StackName}-%sArn' % ecstaskdef.title))))
def add_resources(self): """Add resources to template.""" class EcsServiceWithHealthCheckGracePeriodSeconds(ecs.Service): """ECS Service class with HealthCheckGracePeriodSeconds added.""" props = ecs.Service.props props['HealthCheckGracePeriodSeconds'] = (positive_integer, False) pkg_version = pkg_resources.get_distribution('troposphere').version if LooseVersion(pkg_version) < LooseVersion('2.1.3'): ecs_service = EcsServiceWithHealthCheckGracePeriodSeconds else: ecs_service = ecs.Service template = self.template variables = self.get_variables() ecsservice = template.add_resource( ecs_service( 'EcsService', ServiceName=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), Cluster=variables['ClusterArn'].ref, DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=variables['MinHealthyPercent'].ref, MaximumPercent=variables['MaxPercent'].ref), DesiredCount=variables['NumberOfTasks'].ref, HealthCheckGracePeriodSeconds=variables[ 'HealthCheckGracePeriod'].ref, LaunchType=variables['LaunchType'].ref, # TODO: put an IF function or conditional here LoadBalancers=[ ecs.LoadBalancer( #ContainerName=Join('-', [ # variables['ContainerName'].ref, # variables['EnvironmentName'].ref #]), ContainerName=variables['ContainerName'].ref, ContainerPort=variables['ContainerPort'].ref, TargetGroupArn=variables['TargetGroupArn'].ref) ], # NetworkConfiguration needed for 'awsvpc' network mode # TODO: add an 'IF' CF function or Conditional #NetworkConfiguration=ecs.NetworkConfiguration( # AwsvpcConfiguration=ecs.AwsvpcConfiguration( # SecurityGroups=variables['SgIdList'].ref, # Subnets=variables['Subnets'].ref # ) #), TaskDefinition=variables['TaskDefinitionArn'].ref, )) template.add_output( Output("{}Arn".format(ecsservice.title), Description="ARN of the ECS Service", Value=Ref(ecsservice), Export=Export( Sub('${AWS::StackName}-%sArn' % ecsservice.title)))) template.add_output( Output("{}Name".format(ecsservice.title), Description="Name of the ECS Service", Value=GetAtt(ecsservice, "Name"), Export=Export( Sub('${AWS::StackName}-%sName' % ecsservice.title))))
ToPort=443, GroupId=ImportValue(Sub("${AlbStack}-SgAlbPublicGroupId")))) """ Service definition - Spread to several AZs for HA - Binpack to minimize number of required hosts per AZ """ service = t.add_resource( ecs.Service( "Service", Cluster=ImportValue(Sub("${EcsStack}-Cluster")), DependsOn=service_role, DesiredCount=Ref(autoscaling_min), LoadBalancers=[ ecs.LoadBalancer(ContainerName=Ref(container_name), ContainerPort=Ref(container_port), TargetGroupArn=Ref(target_group)), ], PlacementStrategies=[ ecs.PlacementStrategy(Type="spread", Field="attribute:ecs.availability-zone"), ecs.PlacementStrategy(Type="binpack", Field="memory"), ], Role=Ref(service_role), TaskDefinition=Ref(task_definition), DeploymentConfiguration=ecs.DeploymentConfiguration( MaximumPercent="100", MinimumHealthyPercent="50"), PlacementConstraints=[ ecs.PlacementConstraint(Type="distinctInstance") ], ))
def create_ecs_resources(self): t = self.template # Give the instances access that the Empire daemon needs. t.add_resource( PolicyType( "AccessPolicy", PolicyName="empire", PolicyDocument=empire_policy({ "Environment": Ref("Environment"), "CustomResourcesTopic": Ref("CustomResourcesTopic"), "CustomResourcesQueue": (GetAtt("CustomResourcesQueue", "Arn")), "TemplateBucket": (Join("", ["arn:aws:s3:::", Ref("TemplateBucket"), "/*"])) }), Roles=[Ref("InstanceRole")])) t.add_resource( sns.Topic( EVENTS_TOPIC, DisplayName="Empire events", Condition="CreateSNSTopic", )) t.add_output( Output("EventsSNSTopic", Value=Ref(EVENTS_TOPIC), Condition="CreateSNSTopic")) # Add SNS Events policy if Events are enabled t.add_resource( PolicyType("SNSEventsPolicy", PolicyName="EmpireSNSEventsPolicy", Condition="EnableSNSEvents", PolicyDocument=sns_events_policy( If("CreateSNSTopic", Ref(EVENTS_TOPIC), Ref("EventsSNSTopicName"))), Roles=[Ref("InstanceRole")])) # Add run logs policy if run logs are enabled t.add_resource( PolicyType("RunLogsPolicy", PolicyName="EmpireRunLogsPolicy", Condition="EnableCloudwatchLogs", PolicyDocument=runlogs_policy( If("CreateRunLogsGroup", Ref(RUN_LOGS), Ref("RunLogsCloudwatchGroup"))), Roles=[Ref("InstanceRole")])) # Allow the controller to write empire events to kinesis if kinesis is # enabled. t.add_resource( PolicyType("AppEventStreamPolicy", PolicyName="EmpireAppEventStreamPolicy", Condition="EnableAppEventStream", PolicyDocument=logstream_policy(), Roles=[Ref("InstanceRole")])) t.add_resource( ecs.TaskDefinition( "TaskDefinition", Volumes=[ ecs.Volume( Name="dockerSocket", Host=ecs.Host(SourcePath="/var/run/docker.sock")), ecs.Volume(Name="dockerCfg", Host=ecs.Host(SourcePath="/root/.dockercfg")) ], ContainerDefinitions=[ ecs.ContainerDefinition( Command=["server", "-automigrate=true"], Name="empire", Environment=self.get_empire_environment(), Essential=True, Image=Ref("DockerImage"), MountPoints=[ ecs.MountPoint( SourceVolume="dockerSocket", ContainerPath="/var/run/docker.sock", ReadOnly=False), ecs.MountPoint(SourceVolume="dockerCfg", ContainerPath="/root/.dockercfg", ReadOnly=False) ], PortMappings=[ ecs.PortMapping(HostPort=8081, ContainerPort=8081) ], Cpu=Ref("TaskCPU"), Memory=Ref("TaskMemory")) ])) t.add_resource( Role("ServiceRole", AssumeRolePolicyDocument=get_ecs_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="ecs-service-role", PolicyDocument=service_role_policy()) ])) t.add_resource( ecs.Service( "Service", Cluster=Ref("ControllerCluster"), DeploymentConfiguration=ecs.DeploymentConfiguration( MaximumPercent=Ref("ServiceMaximumPercent"), MinimumHealthyPercent=Ref("ServiceMinimumHealthyPercent"), ), DesiredCount=Ref("DesiredCount"), LoadBalancers=[ ecs.LoadBalancer(ContainerName="empire", ContainerPort=8081, LoadBalancerName=Ref("LoadBalancer")) ], Role=Ref("ServiceRole"), TaskDefinition=Ref("TaskDefinition")))
Cluster=ImportValue( Join("-", [ Select(0, Split("-", Ref("AWS::StackName"))), Select(1, Split("-", Ref("AWS::StackName"))), Select(2, Split("-", Ref("AWS::StackName"))), Select(3, Split("-", Ref("AWS::StackName"))), "cluster-id" ])), DesiredCount=1, TaskDefinition=Ref("task"), LoadBalancers=[ ecs.LoadBalancer( ContainerName=Join("-", [ Select(0, Split("-", Ref("AWS::StackName"))), Select(1, Split("-", Ref("AWS::StackName"))), Select(2, Split("-", Ref("AWS::StackName"))) ]), ContainerPort=80, TargetGroupArn=ImportValue( Join("-", [ Select(0, Split("-", Ref("AWS::StackName"))), Select(1, Split("-", Ref("AWS::StackName"))), Select(2, Split("-", Ref("AWS::StackName"))), Select(3, Split("-", Ref("AWS::StackName"))), "alb-target-group" ]), ), ) ], Role=Ref("ServiceRole"))) print(t.to_json())
Principal=Principal("Service", ["ecs.amazonaws.com"])) ]), Path="/", ManagedPolicyArns=[ 'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole' ])) t.add_resource( ecs.Service( "service", Cluster=ImportValue( Join( "-", [Select(0, Split("-", Ref("AWS::StackName"))), "cluster-id"])), DesiredCount=1, TaskDefinition=Ref("task"), LoadBalancers=[ ecs.LoadBalancer( ContainerName="helloworld", ContainerPort=3000, TargetGroupArn=ImportValue( Join("-", [ Select(0, Split("-", Ref("AWS::StackName"))), "alb-target-group" ]), ), ) ], Role=Ref("ServiceRole"))) print(t.to_json())
'ToPort': 8080, 'SourceSecurityGroupId': ImportValue(Sub('${CoreStack}-LoadBalancer-SG-ID')), }], )) keycloakService = t.add_resource( ecs.Service('KeycloakService', Cluster=ImportValue(Sub('${CoreStack}-ECS-Cluster')), TaskDefinition=keycloakTask.Ref(), DesiredCount=1, LoadBalancers=[ ecs.LoadBalancer( ContainerName='keycloak', ContainerPort=8080, TargetGroupArn=keycloakTargetGroup.Ref(), ) ], NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( SecurityGroups=[ ImportValue(Sub('${CoreStack}-RDS-Access-SG-ID')), keycloakServiceSG.GetAtt('GroupId'), ], Subnets=[ImportValue(Sub('${CoreStack}-SubnetID'))], ), ))) # Save File with open('template.yml', 'w') as f: