def create_service(self): t = self.template self.service = t.add_resource( ecs.Service( "Service", Cluster=self.cluster, DesiredCount=self.count, LaunchType="FARGATE", NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( SecurityGroups=[self.security_group], Subnets=self.subnets, ) ), ServiceName=self.service_name, TaskDefinition=self.task_definition.Ref(), ) ) t.add_output( Output( "ServiceArn", Value=self.service.Ref() ) ) t.add_output( Output( "ServiceName", Value=self.service.GetAtt("Name") ) )
def test_fargate_launch_type(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, PlacementStrategies=[ecs.PlacementStrategy(Type="random", )], LaunchType='FARGATE', NetworkConfiguration=ecs.NetworkConfiguration( AwsVpcConfiguration=ecs.AwsVpcConfiguration( AssignPublicIp='DISABLED', SecurityGroups=['sg-1234'], Subnets=['subnet-1234'])), PlacementConstraints=[ ecs.PlacementConstraint(Type="distinctInstance", ) ], TaskDefinition=Ref(task_definition), ) ecs_service.to_dict()
def create_ecs_service(self): t = self.template t.add_resource( ecs.Service( 'FargateService', DependsOn=self.listener.title, Cluster=self.vars['ClusterName'], DesiredCount=self.vars['DesiredCount'], TaskDefinition=Ref(self.task_definition), LaunchType='FARGATE', NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( Subnets=[ s.strip() for s in self.vars['Subnets'].split(',') ], SecurityGroups=[self.vars['SecurityGroup']], )), LoadBalancers=[ ecs.LoadBalancer( ContainerName=self.vars['ContainerName'], ContainerPort=self.vars['ContainerPort'], TargetGroupArn=Ref(self.target_group), ), ], )) return
def gen_service(self): load_balancer = ecs.LoadBalancer( ContainerName=self.service_name, ContainerPort=80, TargetGroupArn=Ref(self.target_group), ) # We put this service in public subnets because for demo purposes, # we only created public subnets. In a real application, you would # almost certainly put this in a private subnet. network_configuration = ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( AssignPublicIp="ENABLED", Subnets=[ self.import_value("vpc", "PublicSubnet0"), self.import_value("vpc", "PublicSubnet1"), ], SecurityGroups=[ self.import_value("load-balancer", "WebAppMembershipSecurityGroup"), self.import_value("load-balancer", "WebAppSecurityGroup"), ], )) self.service = ecs.Service( "Service", ServiceName=self.service_name, Cluster=Ref(self.cluster), DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=100, MaximumPercent=200), DesiredCount=1, LaunchType="FARGATE", LoadBalancers=[load_balancer], NetworkConfiguration=network_configuration, SchedulingStrategy="REPLICA", TaskDefinition=Ref(self.task_definition), ) self.template.add_resource(self.service)
def __init__(self, key): # Resources R_SG = SecurityGroupEcsService('SecurityGroupEcsService') R_Service = ECSService('Service', scheme='') if cfg.LoadBalancerApplicationExternal: R_Service.LoadBalancers.append( ECSLoadBalancer('', scheme='External')) SGRule = SecurityGroupRuleEcsService(scheme='External') R_SG.SecurityGroupIngress.append(SGRule) if cfg.LoadBalancerApplicationInternal: R_Service.LoadBalancers.append( ECSLoadBalancer('', scheme='Internal')) SGRule = SecurityGroupRuleEcsService(scheme='Internal') R_SG.SecurityGroupIngress.append(SGRule) SecurityGroups = SG_SecurityGroupsECS().SecurityGroups NetworkConfiguration = ecs.NetworkConfiguration() NetworkConfiguration.AwsvpcConfiguration = ECSAwsvpcConfiguration() NetworkConfiguration.AwsvpcConfiguration.setup() NetworkConfiguration.AwsvpcConfiguration.SecurityGroups.extend( SecurityGroups) R_Service.NetworkConfiguration = If( 'NetworkModeAwsVpc', NetworkConfiguration, Ref('AWS::NoValue') ) add_obj([ R_Service, R_SG, ])
def network_configuration(self): return ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( SecurityGroups=[self.security_group], Subnets=self.subnets, ))
taskdef.ContainerDefinitions = [contdef] taskdef.Cpu = "256" taskdef.Family = "jicket-task" taskdef.RequiresCompatibilities = ["FARGATE"] taskdef.NetworkMode = "awsvpc" taskdef.Memory = "512" taskdef.ExecutionRoleArn = executionrolearn t.add_resource(taskdef) # ECS Service # ============= service = ecs.Service("JicketService") service.Cluster = Ref(cluster.title) service.DesiredCount = 1 service.LaunchType = "FARGATE" service.ServiceName = "Jicket-Service" service.TaskDefinition = Ref(taskdef.title) vpcconf = ecs.AwsvpcConfiguration() vpcconf.Subnets = [jicketsubnet] vpcconf.AssignPublicIp = "ENABLED" service.NetworkConfiguration = ecs.NetworkConfiguration( AwsvpcConfiguration=vpcconf) t.add_resource(service) t_json = t.to_json() with open("jicket-ecs.json", "w") as f: print(t_json) f.write(t_json)
"Service", DependsOn=ALBListener, Cluster=Ref(ECSCluster), DesiredCount=1, TaskDefinition=Ref(TaskDefinition), LaunchType="FARGATE", LoadBalancers=[ ecs.LoadBalancer( ContainerName="nginx-container", ContainerPort=80, TargetGroupArn=Ref(ALBTargetGroup) ) ], NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( AssignPublicIp="ENABLED", Subnets=[Ref(PubSubnetAz1), Ref(PubSubnetAz2)], SecurityGroups=[Ref(TaskSecurityGroup)], ) ) )) # Output the ALB/Service URL t.add_output(Output( "ALBURL", Description="URL of the ALB", Value=Join("", ["http://", GetAtt(ALB, "DNSName")]), )) print(t.to_json())
def add_resources(self): """Add resources to template.""" class EcsServiceWithHealthCheckGracePeriodSeconds(ecs.Service): """ECS Service class with HealthCheckGracePeriodSeconds added.""" props = ecs.Service.props props['HealthCheckGracePeriodSeconds'] = (positive_integer, False) pkg_version = pkg_resources.get_distribution('troposphere').version if LooseVersion(pkg_version) < LooseVersion('2.1.3'): ecs_service = EcsServiceWithHealthCheckGracePeriodSeconds else: ecs_service = ecs.Service template = self.template variables = self.get_variables() ecstaskrole = template.add_resource( iam.Role('EcsTaskRole', AssumeRolePolicyDocument=get_ecs_task_assumerole_policy(), RoleName=variables['EcsTaskRoleName'].ref)) loggroup = template.add_resource( logs.LogGroup( 'CloudWatchLogGroup', LogGroupName=Join('', [ '/ecs/', variables['ContainerName'].ref, '-', variables['EnvironmentName'].ref ]), RetentionInDays=variables['EcsCloudWatchLogRetention'].ref)) ecscontainerdef = ecs.ContainerDefinition( Image=Join('', [ Ref('AWS::AccountId'), '.dkr.ecr.', Ref('AWS::Region'), '.amazonaws.com/', variables['ContainerName'].ref, '-', variables['EnvironmentName'].ref ]), LogConfiguration=ecs.LogConfiguration(LogDriver='awslogs', Options={ 'awslogs-group': Ref(loggroup), 'awslogs-region': Ref('AWS::Region'), 'awslogs-stream-prefix': 'ecs' }), Name=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), PortMappings=[ ecs.PortMapping(ContainerPort=variables['ContainerPort'].ref) ]) ecstaskdef = template.add_resource( ecs.TaskDefinition( 'EcsTaskDef', ContainerDefinitions=[ecscontainerdef], Cpu=variables['TaskCpu'].ref, Memory=variables['TaskMem'].ref, ExecutionRoleArn=variables['EcsTaskExecIamRoleArn'].ref, TaskRoleArn=Ref(ecstaskrole), Family=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), NetworkMode='awsvpc', RequiresCompatibilities=['FARGATE'])) ecscluster = template.add_resource( ecs.Cluster('EcsCluster', ClusterName=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]))) ecsservice = template.add_resource( ecs_service( 'EcsService', Cluster=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), DeploymentConfiguration=ecs.DeploymentConfiguration( MinimumHealthyPercent=variables['MinHealthyPercent'].ref, MaximumPercent=variables['MaxPercent'].ref), DesiredCount=variables['NumberOfTasks'].ref, HealthCheckGracePeriodSeconds=variables[ 'HealthCheckGracePeriod'].ref, LaunchType='FARGATE', LoadBalancers=[ ecs.LoadBalancer( ContainerName=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), ContainerPort=variables['ContainerPort'].ref, TargetGroupArn=variables['TargetGroupArn'].ref) ], NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( SecurityGroups=variables['SgIdList'].ref, Subnets=variables['Subnets'].ref)), ServiceName=Join('-', [ variables['ContainerName'].ref, variables['EnvironmentName'].ref ]), TaskDefinition=Ref(ecstaskdef))) template.add_output( Output("{}Arn".format(ecstaskrole.title), Description="ECS Task Role ARN", Value=GetAtt(ecstaskrole, "Arn"), Export=Export( Sub('${AWS::StackName}-%sArn' % ecstaskrole.title)))) template.add_output( Output("{}Name".format(ecstaskrole.title), Description="ECS Task Role Name", Value=Ref(ecstaskrole))) template.add_output( Output("{}Arn".format(ecsservice.title), Description="ARN of the ECS Service", Value=Ref(ecsservice), Export=Export( Sub('${AWS::StackName}-%sArn' % ecsservice.title)))) template.add_output( Output("{}Name".format(ecsservice.title), Description="Name of the ECS Service", Value=GetAtt(ecsservice, "Name"), Export=Export( Sub('${AWS::StackName}-%sName' % ecsservice.title)))) template.add_output( Output("{}Arn".format(ecscluster.title), Description="ECS Cluster ARN", Value=GetAtt(ecscluster, "Arn"), Export=Export( Sub('${AWS::StackName}-%sArn' % ecscluster.title)))) template.add_output( Output("{}Arn".format(ecstaskdef.title), Description="ARN of the Task Definition", Value=Ref(ecstaskdef), Export=Export( Sub('${AWS::StackName}-%sArn' % ecstaskdef.title))))
'SourceSecurityGroupId': ImportValue(Sub('${CoreStack}-LoadBalancer-SG-ID')), }], )) keycloakService = t.add_resource( ecs.Service('KeycloakService', Cluster=ImportValue(Sub('${CoreStack}-ECS-Cluster')), TaskDefinition=keycloakTask.Ref(), DesiredCount=1, LoadBalancers=[ ecs.LoadBalancer( ContainerName='keycloak', ContainerPort=8080, TargetGroupArn=keycloakTargetGroup.Ref(), ) ], NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( SecurityGroups=[ ImportValue(Sub('${CoreStack}-RDS-Access-SG-ID')), keycloakServiceSG.GetAtt('GroupId'), ], Subnets=[ImportValue(Sub('${CoreStack}-SubnetID'))], ), ))) # Save File with open('template.yml', 'w') as f: f.write(t.to_yaml())