def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, *kwargs)
# Create a cluster
vpc = ec2.Vpc(self, "MicFinVpc", max_azs=2)
cluster = ecs.Cluster(self, 'EcsCluster', vpc=vpc)
cluster.add_capacity(
"DefaultAutoScalingGroup",
instance_type=ec2.InstanceType("t2.micro"),
machine_image=ecs.EcsOptimizedAmi(),
update_type=autoscaling.UpdateType.REPLACING_UPDATE,
desired_capacity=1)
# Create Task Definition
task_definition = ecs.Ec2TaskDefinition(self, "TaskDef")
container = task_definition.add_container(
"web",
image=ecs.ContainerImage.from_registry(
"210525354699.dkr.ecr.ap-southeast-1.amazonaws.com/micfin-repo"
),
memory_limit_mib=512,
logging=ecs.LogDrivers.awslogs({streamPrefix: 'EventDemo'}))
port_mapping = ecs.PortMapping(container_port=80,
host_port=8080,
protocol=ecs.Protocol.TCP)
container.add_port_mappings(port_mapping)
# Create Service
service = ecs.Ec2Service(self,
"Service",
cluster=cluster,
task_definition=task_definition)
def create_ghost_ecs_service(self, cluster, website_url):
# TODO: Set up persistent storage with EFS once CDK supports this
# https://github.com/aws/aws-cdk/issues/6918
task_definition = ecs.Ec2TaskDefinition(
self,
'GhostTaskDef',
)
environment_variables = {'url': website_url} if website_url else None
container = task_definition.add_container(
'GhostContainer',
# Change this container version to update Ghost version
image=ecs.ContainerImage.from_registry('ghost:3.16'),
memory_limit_mib=256,
environment=environment_variables,
)
port_mapping = ecs.PortMapping(
container_port=2368, # the Ghost container uses port 2368
host_port=80,
protocol=ecs.Protocol.TCP,
)
container.add_port_mappings(port_mapping)
return ecs.Ec2Service(
self,
'GhostService',
cluster=cluster,
task_definition=task_definition,
)
def __init__(self, scope: core.Construct, id: str, ecs: aws_ecs.Cluster,
registry: aws_ecr.Repository, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.task_definition = aws_ecs.Ec2TaskDefinition(self, "TaskDef")
self.task_definition.add_container(
"hello-docker",
image=aws_ecs.ContainerImage.from_ecr_repository(registry),
memory_limit_mib=128)
self.tweet_ingest_service = aws_ecs.Ec2Service(
self, "Service", cluster=ecs, task_definition=self.task_definition)
def ELB_SVC(self, ZachECSNodeName, TaskName, ZachTaskDef, cluster, vpc):
ecs_service = ecs.Ec2Service(
self,
id=ZachECSNodeName + TaskName,
task_definition=ZachTaskDef,
cluster=cluster,
desired_count=2,
security_group=self.VPC_SG(TaskName, vpc),
assign_public_ip=True,
# health_check_grace_period=core.Duration.seconds(30), # Health check grace period is only valid for services configured to use load balancers
service_name=ZachECSNodeName + TaskName)
# Create ALB
lb = elb.ApplicationLoadBalancer(self,
ZachECSNodeName + TaskName + "-LB",
vpc=vpc,
internet_facing=True)
listener = lb.add_listener(ZachECSNodeName + TaskName +
"PublicListener",
port=80,
open=True)
health_check = elb.HealthCheck(interval=core.Duration.seconds(60),
path="/health",
timeout=core.Duration.seconds(5))
# Attach ALB to ECS Service
listener.add_targets(
ZachECSNodeName + TaskName + "-ECS",
port=80,
targets=[ecs_service],
health_check=health_check,
)
core.CfnOutput(self,
ZachECSNodeName + TaskName + "-LoadBalancerDNS",
value=lb.load_balancer_dns_name)
core.CfnOutput(self,
id=ZachECSNodeName + TaskName + "-ServiceName",
value=ecs_service.service.service_name)
core.CfnOutput(self,
id=ZachECSNodeName + TaskName + "-ServiceARN",
value=ecs_service.service.service_arn)
return ecs_service
def CreateSVC(self,ZachTaskList,ZachECSNodeName,cluster,vpc,AppendHostFile,ENV_VARS):
for TaskName, TaskValue in ZachTaskList.items():
ZachTaskDef = ecs.TaskDefinition(self, id=ZachECSNodeName + "-" + TaskName,compatibility=ecs.Compatibility.EC2,network_mode=ecs.NetworkMode.AWS_VPC)
core.CfnOutput(self, id=TaskName + "ARN", value=ZachTaskDef.task_definition_arn)
for num in range(TaskValue.get("num", 1)):
container = ZachTaskDef.add_container(id=ZachECSNodeName + "-" + TaskName + str(num), cpu=1, memory_limit_mib=512,
memory_reservation_mib=256, readonly_root_filesystem=True,
working_directory="/data/web", user='******',
health_check=ecs.HealthCheck(command=["ping 127.0.0.1"],
interval=core.Duration.seconds(30), retries=5,
start_period=core.Duration.minutes(1),
timeout=core.Duration.seconds(10)),
hostname=ZachECSNodeName + "-" + TaskName, extra_hosts=AppendHostFile,
environment=ENV_VARS, docker_labels=ENV_VARS,
image=ecs.ContainerImage.from_registry(TaskValue.get("image", "nginx:latest")),
logging=ecs.LogDrivers.fluentd())
port_mapping = ecs.PortMapping(
container_port=TaskValue.get("port", 80),
host_port=TaskValue.get("port", 80),
protocol=ecs.Protocol.TCP
)
container.add_port_mappings(port_mapping)
core.CfnOutput(self, id=container.container_name + "ContainPort", value=str(container.container_port))
core.CfnOutput(self, id=container.container_name + "MemLimit", value=str(container.memory_limit_specified))
core.CfnOutput(self, id=container.container_name + "HostPort", value=str(port_mapping.host_port))
svc = ecs.Ec2Service(self, id=ZachECSNodeName+TaskName,
task_definition=ZachTaskDef,
cluster=cluster,
desired_count=2,
security_group=self.VPC_SG(TaskName,vpc),
assign_public_ip=True,
# health_check_grace_period=core.Duration.seconds(30), # Health check grace period is only valid for services configured to use load balancers
service_name=ZachECSNodeName+TaskName)
svc.add_placement_strategies(ecs.PlacementStrategy.spread_across(ecs.BuiltInAttributes.INSTANCE_ID),
ecs.PlacementStrategy.packed_by(ecs.BinPackResource.MEMORY))
core.CfnOutput(self, id=ZachECSNodeName+TaskName + "ServiceName", value=svc.service_name)
core.CfnOutput(self, id=ZachECSNodeName+TaskName + "ServiceARN", value=svc.service_arn)
core.CfnOutput(self, id=ZachECSNodeName+TaskName + "ARN", value=cluster.cluster_arn)
core.CfnOutput(self, id=ZachECSNodeName+TaskName + "VPCID", value=str(cluster.vpc.vpc_id))
core.CfnOutput(self, id=ZachECSNodeName+TaskName + "VPCZone", value=str(cluster.vpc.availability_zones))
def __init__(self, scope: core.Construct, id: str,
infra: RtspBaseResourcesConstruct, home_base: str,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
core.Tags.of(self).add('home_base', home_base)
definition = ecs.TaskDefinition(self,
'DefaultTask',
compatibility=ecs.Compatibility.EC2,
cpu='128',
memory_mib='128',
task_role=infra.task_role,
execution_role=infra.execution_role,
network_mode=ecs.NetworkMode.AWS_VPC)
definition.add_container(
'DefaultContainer',
memory_reservation_mib=128,
image=infra.container,
logging=ecs.AwsLogDriver(
stream_prefix='rtsp-connector/{}'.format(home_base),
log_group=infra.log_group),
environment={
'BUCKET': infra.bucket.bucket_name,
'FRAME_ANALYZED_TOPIC': infra.frameAnalyzed.topic_arn,
'REK_COLLECT_ID': 'homenet-hybrid-collection',
'REGION': core.Stack.of(self).region,
})
ecs.Ec2Service(self,
'RtspConnectorService',
service_name='{}-rtsp-connector-{}'.format(
infra.landing_zone.zone_name, home_base),
task_definition=definition,
assign_public_ip=False,
cluster=infra.cluster,
deployment_controller=ecs.DeploymentController(
type=ecs.DeploymentControllerType.ECS),
security_group=infra.security_group,
vpc_subnets=ec2.SubnetSelection(
subnet_group_name=infra.subnet_group_name),
desired_count=desired_count)
# Create a security group that allows HTTP traffic on port 80 for our
# containers without modifying the security group on the instance
security_group = ec2.SecurityGroup(stack,
"west-onetest-sg",
vpc=vpc,
allow_all_outbound=False)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80))
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8080))
# Create the service
service = ecs.Ec2Service(
stack,
"west-onetest-ecs-service",
cluster=cluster,
task_definition=task_definition,
#security_group=security_group
)
# Create ALB
lb = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True)
listener_voncweb = lb.add_listener("voncweblistener",
port=443,
open=True,
protocol=elbv2.ApplicationProtocol.HTTP)
listener_dispatcher = lb.add_listener("dispatcherlistener",
port=5000,
open=True,
protocol=elbv2.ApplicationProtocol.HTTP)
listener_vista = lb.add_listener("vistalistener",
def __init__(
self,
scope: core.Construct,
id: str,
**kwargs,
) -> None:
super().__init__(
scope,
id,
**kwargs,
)
# add ingress rule on port 22 for SSH
ec2.SecurityGroup.from_security_group_id(
self,
"DefaultSecurityGroupForIngress",
scope.vpc.vpc_default_security_group,
).add_ingress_rule(
ec2.Peer.any_ipv4(),
ec2.Port.tcp(22),
)
self.asg = autoscaling.AutoScalingGroup(
self,
"AutoScalingGroup",
instance_type=ec2.InstanceType("t2.micro"),
machine_image=ecs.EcsOptimizedAmi(),
security_group=ec2.SecurityGroup.from_security_group_id(
self,
"DefaultSecurityGroupId",
scope.vpc.vpc_default_security_group,
),
associate_public_ip_address=True,
update_type=autoscaling.UpdateType.REPLACING_UPDATE,
desired_capacity=1,
vpc=scope.vpc,
key_name=os.environ.get("KEY_NAME"),
vpc_subnets={'subnet_type': ec2.SubnetType.PUBLIC},
)
self.cluster = scope.cluster
self.cluster.add_auto_scaling_group(self.asg)
self.bastion_host_task = ecs.Ec2TaskDefinition(self, "BastionHostTask")
self.bastion_host_task.add_container(
"BastionHostContainer",
image=scope.image,
command=["/start_prod.sh"],
environment=scope.variables.regular_variables,
memory_reservation_mib=128
# secrets=scope.variables.secret_variables,
)
self.bastion_host_service = ecs.Ec2Service(
self,
"BastionHostService",
task_definition=self.bastion_host_task,
cluster=self.cluster,
)
# Create a security group that allows HTTP traffic on port 80 for our
# containers without modifying the security group on the instance
security_group = ec2.SecurityGroup(stack,
"west-onetest-sg",
vpc=vpc,
allow_all_outbound=False)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80))
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8080))
# Create the service
service_voncweb = ecs.Ec2Service(stack,
"west-onetest-ecs-service-voncweb",
cluster=cluster,
task_definition=task_definition_voncweb,
deployment_controller=deployment_mode
#security_group=security_group
)
service_dispatcher = ecs.Ec2Service(stack,
"west-onetest-ecs-service-dispatcher",
cluster=cluster,
task_definition=task_definition_dispatcher,
deployment_controller=deployment_mode
#security_group=security_group
)
service_vistaweb = ecs.Ec2Service(stack,
"west-onetest-ecs-service-vistaweb",
cluster=cluster,
container = task_definition.add_container(
"nginx-container",
image=ecs.ContainerImage.from_docker_image_asset(docker_image_asset),
memory_limit_mib=512)
port_mapping = ecs.PortMapping(container_port=80)
container.add_port_mappings(port_mapping)
security_group = ec2.SecurityGroup(stack,
"nginx--web",
vpc=vpc,
allow_all_outbound=False)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80))
# Instantiate an Amazon ECS Service
ecs_service = ecs.Ec2Service(stack,
"Service",
cluster=cluster,
task_definition=task_definition,
security_group=security_group,
desired_count=3)
lb = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True)
listener = lb.add_listener("Listener", port=80)
target_group1 = listener.add_targets("ecs-targets",
port=80,
targets=[ecs_service])
app.synth()
def __init__(self, scope: core.Construct, construct_id: str, *,
secrets: List[Secret]):
super().__init__(scope, construct_id)
vpc = aws_ec2.Vpc(
self,
"Vpc",
enable_dns_support=True,
enable_dns_hostnames=True,
max_azs=3,
nat_gateways=0,
subnet_configuration=[
aws_ec2.SubnetConfiguration(
name="Public", subnet_type=aws_ec2.SubnetType.PUBLIC)
],
)
postgres_volume_name = "duckbot_dbdata"
file_system = aws_efs.FileSystem(
self,
"PostgresFileSystem",
vpc=vpc,
encrypted=True,
file_system_name=postgres_volume_name,
removal_policy=core.RemovalPolicy.DESTROY)
file_system.node.default_child.override_logical_id(
"FileSystem"
) # rename for compatibility with legacy cloudformation template
task_definition = aws_ecs.TaskDefinition(
self,
"TaskDefinition",
compatibility=aws_ecs.Compatibility.EC2,
family="duckbot",
memory_mib="960",
network_mode=aws_ecs.NetworkMode.BRIDGE)
postgres_data_path = "/data/postgres"
postgres = task_definition.add_container(
"postgres",
container_name="postgres",
image=aws_ecs.ContainerImage.from_registry("postgres:13.2"),
essential=False,
environment={
"POSTGRES_USER": "******",
"POSTGRES_PASSWORD": "******",
"PGDATA": postgres_data_path,
},
health_check=aws_ecs.HealthCheck(
command=["CMD", "pg_isready", "-U", "duckbot"],
interval=core.Duration.seconds(30),
timeout=core.Duration.seconds(5),
retries=3,
start_period=core.Duration.seconds(30),
),
logging=aws_ecs.LogDriver.aws_logs(
stream_prefix="ecs",
log_retention=aws_logs.RetentionDays.ONE_MONTH),
memory_reservation_mib=128,
)
task_definition.add_volume(
name=postgres_volume_name,
efs_volume_configuration=aws_ecs.EfsVolumeConfiguration(
file_system_id=file_system.file_system_id, root_directory="/"))
postgres.add_mount_points(
aws_ecs.MountPoint(source_volume=postgres_volume_name,
container_path=postgres_data_path,
read_only=False))
secrets_as_parameters = {
# note, parameter version is required by cdk, but does not make it into the template; specify version 1 for simplicity
x.environment_name:
aws_ssm.StringParameter.from_secure_string_parameter_attributes(
self,
x.environment_name,
parameter_name=x.parameter_name,
version=1)
for x in secrets
}
duckbot = task_definition.add_container(
"duckbot",
container_name="duckbot",
essential=True,
image=aws_ecs.ContainerImage.from_registry(
self.node.try_get_context("duckbot_image")),
environment={"STAGE": "prod"},
secrets={
k: aws_ecs.Secret.from_ssm_parameter(v)
for k, v in secrets_as_parameters.items()
},
health_check=aws_ecs.HealthCheck(
command=["CMD", "python", "-m", "duckbot.health"],
interval=core.Duration.seconds(30),
timeout=core.Duration.seconds(10),
retries=3,
start_period=core.Duration.seconds(30),
),
logging=aws_ecs.LogDriver.aws_logs(
stream_prefix="ecs",
log_retention=aws_logs.RetentionDays.ONE_MONTH),
memory_reservation_mib=128,
)
duckbot.add_link(postgres)
asg = aws_autoscaling.AutoScalingGroup(
self,
"AutoScalingGroup",
min_capacity=0,
max_capacity=1,
desired_capacity=1,
machine_image=aws_ecs.EcsOptimizedImage.amazon_linux2(),
instance_type=aws_ec2.InstanceType("t2.micro"),
key_name="duckbot", # needs to be created manually
instance_monitoring=aws_autoscaling.Monitoring.BASIC,
vpc=vpc,
)
asg.connections.allow_to_default_port(file_system)
asg.connections.allow_from(aws_ec2.Peer.any_ipv4(),
aws_ec2.Port.tcp(22))
asg.connections.allow_from(aws_ec2.Peer.any_ipv4(),
aws_ec2.Port.tcp(80))
asg.connections.allow_from(aws_ec2.Peer.any_ipv4(),
aws_ec2.Port.tcp(443))
cluster = aws_ecs.Cluster(self,
"Cluster",
cluster_name="duckbot",
vpc=vpc)
cluster.add_asg_capacity_provider(
aws_ecs.AsgCapacityProvider(cluster,
"AsgCapacityProvider",
auto_scaling_group=asg),
can_containers_access_instance_role=True)
aws_ecs.Ec2Service(
self,
"Service",
service_name="duckbot",
cluster=cluster,
task_definition=task_definition,
desired_count=1,
min_healthy_percent=0,
max_healthy_percent=100,
)
},
logging=ecs.LogDriver.aws_logs(stream_prefix="VONC_VISTA_vista_logs"),
privileged=True,
#stop_timeout=core.Duration.hours(8)
)
port_mapping = ecs.PortMapping(
container_port=80,
#host_port=8080,
protocol=ecs.Protocol.TCP)
vistaweb_container.add_port_mappings(port_mapping)
service_vistaweb = ecs.Ec2Service(stack,
"VONC_VISTA-ecs-service-vistaweb",
cluster=cluster,
task_definition=task_definition_vistaweb,
deployment_controller=deployment_mode,
desired_count=1,
security_group=security_group,
service_name='VONC_VISTA-Vista')
#health_check_grace_period=core.Duration.minutes(15)
lb_vista = elbv2.ApplicationLoadBalancer(stack,
"VONC_VISTA_lb_vista",
load_balancer_name='Vista-temp-ELB',
vpc=vpc,
internet_facing=True)
listener_vista = lb_vista.add_listener(
"vistalistener",
port=443,
open=True,
# Create a security group that allows HTTP traffic on port 80 for our
# containers without modifying the security group on the instance
# Create the service
service_voncweb = ecs.Ec2Service(
stack, "west-onetest-ecs-service-voncweb",
cluster=cluster,
task_definition=task_definition_voncweb,
deployment_controller=deployment_mode,
desired_count=1,
security_group=security_group
)
service_dispatcher = ecs.Ec2Service(
stack, "west-onetest-ecs-service-dispatcher",
cluster=cluster,
task_definition=task_definition_dispatcher,
deployment_controller=deployment_mode,
desired_count=1,
security_group=security_group
)
service_vistaweb = ecs.Ec2Service(
# Create a security group that allows HTTP traffic on port 80 for our
# containers without modifying the security group on the instance
security_group = ec2.SecurityGroup(stack,
"west-onetest-sg",
vpc=vpc,
allow_all_outbound=False)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80))
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(8080))
# Create the service
service_voncweb = ecs.Ec2Service(
stack,
"west-onetest-ecs-service-voncweb",
cluster=cluster,
task_definition=task_definition_voncweb,
#security_group=security_group
)
service_dispatcher = ecs.Ec2Service(
stack,
"west-onetest-ecs-service-dispatcher",
cluster=cluster,
task_definition=task_definition_dispatcher,
#security_group=security_group
)
service_vistaweb = ecs.Ec2Service(
stack,
"west-onetest-ecs-service-vistaweb",
def __init__(self, scope: core.Stack, id: str, cluster, vpc, worker,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.cluster = cluster
self.vpc = vpc
self.worker = worker
# Building a custom image for jenkins master.
self.container_image = ecr.DockerImageAsset(
self, "JenkinsMasterDockerImage", directory='./docker/master/')
if config['DEFAULT']['fargate_enabled'] == "yes" or not config[
'DEFAULT']['ec2_enabled'] == "yes":
# Task definition details to define the Jenkins master container
self.jenkins_task = ecs_patterns.ApplicationLoadBalancedTaskImageOptions(
# image=ecs.ContainerImage.from_ecr_repository(self.container_image.repository),
image=ecs.ContainerImage.from_docker_image_asset(
self.container_image),
container_port=8080,
enable_logging=True,
environment={
# https://github.com/jenkinsci/docker/blob/master/README.md#passing-jvm-parameters
'JAVA_OPTS':
'-Djenkins.install.runSetupWizard=false',
# https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/README.md#getting-started
'CASC_JENKINS_CONFIG':
'/config-as-code.yaml',
'network_stack':
self.vpc.stack_name,
'cluster_stack':
self.cluster.stack_name,
'worker_stack':
self.worker.stack_name,
'cluster_arn':
self.cluster.cluster.cluster_arn,
'aws_region':
config['DEFAULT']['region'],
'jenkins_url':
config['DEFAULT']['jenkins_url'],
'subnet_ids':
",".join(
[x.subnet_id for x in self.vpc.vpc.private_subnets]),
'security_group_ids':
self.worker.worker_security_group.security_group_id,
'execution_role_arn':
self.worker.worker_execution_role.role_arn,
'task_role_arn':
self.worker.worker_task_role.role_arn,
'worker_log_group':
self.worker.worker_logs_group.log_group_name,
'worker_log_stream_prefix':
self.worker.worker_log_stream.log_stream_name
},
)
# Create the Jenkins master service
self.jenkins_master_service_main = ecs_patterns.ApplicationLoadBalancedFargateService(
self,
"JenkinsMasterService",
cpu=int(config['DEFAULT']['fargate_cpu']),
memory_limit_mib=int(
config['DEFAULT']['fargate_memory_limit_mib']),
cluster=self.cluster.cluster,
desired_count=1,
enable_ecs_managed_tags=True,
task_image_options=self.jenkins_task,
cloud_map_options=ecs.CloudMapOptions(
name="master", dns_record_type=sd.DnsRecordType('A')))
self.jenkins_master_service = self.jenkins_master_service_main.service
self.jenkins_master_task = self.jenkins_master_service.task_definition
if config['DEFAULT']['ec2_enabled'] == "yes":
self.jenkins_load_balancer = elb.ApplicationLoadBalancer(
self,
"JenkinsMasterELB",
vpc=self.vpc.vpc,
internet_facing=True,
)
self.listener = self.jenkins_load_balancer.add_listener("Listener",
port=80)
self.jenkins_master_task = ecs.Ec2TaskDefinition(
self,
"JenkinsMasterTaskDef",
network_mode=ecs.NetworkMode.AWS_VPC,
volumes=[
ecs.Volume(name="efs_mount",
host=ecs.Host(source_path='/mnt/efs'))
],
)
self.jenkins_master_task.add_container(
"JenkinsMasterContainer",
image=ecs.ContainerImage.from_ecr_repository(
self.container_image.repository),
cpu=int(config['DEFAULT']['ec2_cpu']),
memory_limit_mib=int(
config['DEFAULT']['ec2_memory_limit_mib']),
environment={
# https://github.com/jenkinsci/docker/blob/master/README.md#passing-jvm-parameters
'JAVA_OPTS':
'-Djenkins.install.runSetupWizard=false',
'CASC_JENKINS_CONFIG':
'/config-as-code.yaml',
'network_stack':
self.vpc.stack_name,
'cluster_stack':
self.cluster.stack_name,
'worker_stack':
self.worker.stack_name,
'cluster_arn':
self.cluster.cluster.cluster_arn,
'aws_region':
config['DEFAULT']['region'],
'jenkins_url':
config['DEFAULT']['jenkins_url'],
'subnet_ids':
",".join(
[x.subnet_id for x in self.vpc.vpc.private_subnets]),
'security_group_ids':
self.worker.worker_security_group.security_group_id,
'execution_role_arn':
self.worker.worker_execution_role.role_arn,
'task_role_arn':
self.worker.worker_task_role.role_arn,
'worker_log_group':
self.worker.worker_logs_group.log_group_name,
'worker_log_stream_prefix':
self.worker.worker_log_stream.log_stream_name
},
logging=ecs.LogDriver.aws_logs(
stream_prefix="JenkinsMaster",
log_retention=logs.RetentionDays.ONE_WEEK),
)
self.jenkins_master_task.default_container.add_mount_points(
ecs.MountPoint(container_path='/var/jenkins_home',
source_volume="efs_mount",
read_only=False))
self.jenkins_master_task.default_container.add_port_mappings(
ecs.PortMapping(container_port=8080, host_port=8080))
self.jenkins_master_service = ecs.Ec2Service(
self,
"EC2MasterService",
task_definition=self.jenkins_master_task,
cloud_map_options=ecs.CloudMapOptions(
name="master", dns_record_type=sd.DnsRecordType('A')),
desired_count=1,
min_healthy_percent=0,
max_healthy_percent=100,
enable_ecs_managed_tags=True,
cluster=self.cluster.cluster,
)
self.target_group = self.listener.add_targets(
"JenkinsMasterTarget",
port=80,
targets=[
self.jenkins_master_service.load_balancer_target(
container_name=self.jenkins_master_task.
default_container.container_name,
container_port=8080,
)
],
deregistration_delay=core.Duration.seconds(10))
# Opening port 5000 for master <--> worker communications
self.jenkins_master_service.task_definition.default_container.add_port_mappings(
ecs.PortMapping(container_port=50000, host_port=50000))
# Enable connection between Master and Worker
self.jenkins_master_service.connections.allow_from(
other=self.worker.worker_security_group,
port_range=ec2.Port(protocol=ec2.Protocol.TCP,
string_representation='Master to Worker 50000',
from_port=50000,
to_port=50000))
# Enable connection between Master and Worker on 8080
self.jenkins_master_service.connections.allow_from(
other=self.worker.worker_security_group,
port_range=ec2.Port(protocol=ec2.Protocol.TCP,
string_representation='Master to Worker 8080',
from_port=8080,
to_port=8080))
# IAM Statements to allow jenkins ecs plugin to talk to ECS as well as the Jenkins cluster #
self.jenkins_master_task.add_to_task_role_policy(
iam.PolicyStatement(
actions=[
"ecs:RegisterTaskDefinition",
"ecs:DeregisterTaskDefinition", "ecs:ListClusters",
"ecs:DescribeContainerInstances",
"ecs:ListTaskDefinitions", "ecs:DescribeTaskDefinition",
"ecs:DescribeTasks"
],
resources=["*"],
))
self.jenkins_master_task.add_to_task_role_policy(
iam.PolicyStatement(actions=["ecs:ListContainerInstances"],
resources=[self.cluster.cluster.cluster_arn]))
self.jenkins_master_task.add_to_task_role_policy(
iam.PolicyStatement(
actions=["ecs:RunTask"],
resources=[
"arn:aws:ecs:{0}:{1}:task-definition/fargate-workers*".
format(
self.region,
self.account,
)
]))
self.jenkins_master_task.add_to_task_role_policy(
iam.PolicyStatement(actions=["ecs:StopTask"],
resources=[
"arn:aws:ecs:{0}:{1}:task/*".format(
self.region, self.account)
],
conditions={
"ForAnyValue:ArnEquals": {
"ecs:cluster":
self.cluster.cluster.cluster_arn
}
}))
self.jenkins_master_task.add_to_task_role_policy(
iam.PolicyStatement(actions=["iam:PassRole"],
resources=[
self.worker.worker_task_role.role_arn,
self.worker.worker_execution_role.role_arn
]))
# END OF JENKINS ECS PLUGIN IAM POLICIES #
self.jenkins_master_task.add_to_task_role_policy(
iam.PolicyStatement(
actions=["*"],
resources=[self.worker.worker_logs_group.log_group_arn]))
def __init__(self, scope: core.Construct, id: str, vpc: ec2.Vpc, cluster: ecs.Cluster, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
elastic_cluster_task_def = ecs.Ec2TaskDefinition(
scope=self,
id="ES-TASK-DEF",
network_mode=ecs.NetworkMode.BRIDGE,
)
elastic = ecs.ContainerDefinition(
scope=self,
id=constants.ES_CONTAINER_NAME,
start_timeout=core.Duration.seconds(amount=30),
task_definition=elastic_cluster_task_def,
memory_limit_mib=4024,
essential=True,
image=ecs.ContainerImage.from_registry(
name="docker.elastic.co/elasticsearch/elasticsearch:6.8.6"),
environment={
"cluster.name": constants.ES_CLUSTER_NAME,
"bootstrap.memory_lock": "true",
# "discovery.zen.ping.unicast.hosts": "elasticsearch",
"node.name": constants.ES_CONTAINER_NAME,
"node.master": "true",
"node.data": "true",
"ES_JAVA_OPTS": "-Xms2g -Xmx2g",
},
logging=ecs.AwsLogDriver(
stream_prefix="ES",
log_retention=logs.RetentionDays.ONE_DAY,
),
)
elastic.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.NOFILE, hard_limit=65535, soft_limit=65535))
elastic.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1))
elastic.add_port_mappings(ecs.PortMapping(container_port=9200))
elastic.add_port_mappings(ecs.PortMapping(container_port=9300))
#####################################################
node = ecs.ContainerDefinition(
scope=self,
id=constants.ES_NODE_CONTAINER_NAME,
start_timeout=core.Duration.seconds(amount=40),
task_definition=elastic_cluster_task_def,
memory_limit_mib=4024,
essential=True,
image=ecs.ContainerImage.from_registry(
name="docker.elastic.co/elasticsearch/elasticsearch:6.8.6"),
environment={
"cluster.name": constants.ES_CLUSTER_NAME,
"bootstrap.memory_lock": "true",
"discovery.zen.ping.unicast.hosts": constants.ES_CONTAINER_NAME,
"node.name": constants.ES_NODE_CONTAINER_NAME,
"node.master": "false",
"node.data": "true",
"ES_JAVA_OPTS": "-Xms2g -Xmx2g",
},
logging=ecs.LogDrivers.aws_logs(
stream_prefix="NODE",
log_retention=logs.RetentionDays.ONE_DAY,
))
node.add_port_mappings(ecs.PortMapping(container_port=9200))
node.add_port_mappings(ecs.PortMapping(container_port=9300))
node.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.NOFILE, hard_limit=65536, soft_limit=65536))
node.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1))
node.add_link(container=elastic, alias=constants.ES_CONTAINER_NAME)
#####################################################
ecs_service = ecs.Ec2Service(
scope=self,
id="ES-SERVICE",
cluster=cluster,
task_definition=elastic_cluster_task_def,
desired_count=1,
service_name=constants.ECS_ES_SERVICE,
)
lb = elbv2.ApplicationLoadBalancer(
scope=self,
id="ELB",
vpc=vpc,
internet_facing=True,
)
listener = lb.add_listener(
id="LISTENER",
port=80,
)
ecs_service.register_load_balancer_targets(
ecs.EcsTarget(
new_target_group_id="TARGET-GRP",
container_name=elastic.container_name,
# container_port=9200,
listener=ecs.ListenerConfig.application_listener(
listener=listener,
protocol=elbv2.ApplicationProtocol.HTTP),
))
core.CfnOutput(
scope=self,
id="DNS-NAME",
value=lb.load_balancer_dns_name,
)
def __init__(self,
scope: core.Construct,
id: str,
vpc,
ecs_cluster,
role,
target_url: str,
number_of_tasks=1,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
name = id
task_def = ecs.Ec2TaskDefinition(self,
name,
network_mode=ecs.NetworkMode.AWS_VPC)
container_env = {}
container_env["TARGET_URL"] = target_url
if role == "worker":
container_env["LOCUST_MASTER_NODE_HOST"] = "master.loadgen"
container_env["LOCUST_MODE_WORKER"] = "True"
elif role == "master":
container_env["LOCUST_MODE_MASTER"] = "True"
locust_container = task_def.add_container(
name + "container",
# Create an image we using the dockerfile in ./locust
image=ecs.ContainerImage.from_asset("locust"),
memory_reservation_mib=512,
essential=True,
logging=ecs.LogDrivers.aws_logs(stream_prefix=name),
environment=container_env)
locust_container.add_ulimits(
ecs.Ulimit(name=ecs.UlimitName.NOFILE,
soft_limit=65536,
hard_limit=65536))
web_port_mapping = ecs.PortMapping(container_port=8089)
if role != "standalone":
worker1_port_mapping = ecs.PortMapping(container_port=5557)
worker2_port_mapping = ecs.PortMapping(container_port=5558)
locust_container.add_port_mappings(web_port_mapping,
worker1_port_mapping,
worker2_port_mapping)
else:
locust_container.add_port_mappings(web_port_mapping)
security_group = ec2.SecurityGroup(self,
"Locust",
vpc=vpc,
allow_all_outbound=True)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(),
ec2.Port.tcp(8089))
if role != "standalone":
security_group.add_ingress_rule(ec2.Peer.any_ipv4(),
ec2.Port.tcp(5557))
security_group.add_ingress_rule(ec2.Peer.any_ipv4(),
ec2.Port.tcp(5558))
# Create the ecs service
locust_service = ecs.Ec2Service(self,
name + "service",
cluster=ecs_cluster,
task_definition=task_def,
security_group=security_group,
desired_count=number_of_tasks)
locust_service.enable_cloud_map(name=role)
# Create the ALB to present the Locust UI
if role != "worker":
self.lb = elbv2.ApplicationLoadBalancer(self,
"LoustLB",
vpc=vpc,
internet_facing=True)
# Forward port 80 to port 8089
listener = self.lb.add_listener("Listener", port=80)
listener.add_targets("ECS1",
port=8089,
protocol=elbv2.ApplicationProtocol.HTTP,
targets=[locust_service])
core.CfnOutput(self,
"lburl",
description="URL for ALB fronting locust master",
value="http://{}".format(
self.lb.load_balancer_dns_name))
# Create a security group that allows HTTP traffic on port 80 for our
# containers without modifying the security group on the instance
# Create the service
service_voncweb = ecs.Ec2Service(
stack, "VONC_VISTA-ecs-service-voncweb",
cluster=cluster,
task_definition=task_definition_voncweb,
deployment_controller=deployment_mode,
desired_count=1,
security_group=security_group,
service_name='VONC_VISTA-Vonc'
)
service_dispatcher = ecs.Ec2Service(
stack, "VONC_VISTA-ecs-service-dispatcher",
cluster=cluster,
task_definition=task_definition_dispatcher,
deployment_controller=deployment_mode,
desired_count=1,
security_group=security_group,
service_name='VONC_VISTA-Dispatcher'
)
def __init__(self, scope: core.Construct, id: str, vpc, ecs_cluster, role, target_url: str, number_of_tasks = 1, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
name = id
task_def = ecs.Ec2TaskDefinition(self, name,
network_mode=ecs.NetworkMode.AWS_VPC
)
if role == "slave":
container_env={"TARGET_URL": target_url,
"LOCUST_MODE": role,
#Need to update to pull the name from Cloudmap
"LOCUST_MASTER_HOST": "master.loadgen"
}
else:
container_env={"TARGET_URL": target_url,
"LOCUST_MODE": role
}
locust_container = task_def.add_container(
name + "container",
# Use Locust image from DockerHub
# Or not. we'll use an image we create using the dockerfile in ./locust
image=ecs.ContainerImage.from_asset("locust"),
memory_reservation_mib=512,
essential=True,
logging=ecs.LogDrivers.aws_logs(stream_prefix=name),
environment=container_env
)
web_port_mapping = ecs.PortMapping(container_port=8089)
if role != "standalone":
slave1_port_mapping = ecs.PortMapping(container_port=5557)
slave2_port_mapping = ecs.PortMapping(container_port=5558)
locust_container.add_port_mappings(web_port_mapping,slave1_port_mapping,slave2_port_mapping)
else:
locust_container.add_port_mappings(web_port_mapping)
security_group = ec2.SecurityGroup(
self, "Locust",
vpc=vpc,
allow_all_outbound=True
)
security_group.add_ingress_rule(
ec2.Peer.any_ipv4(),
ec2.Port.tcp(8089)
)
if role != "standalone":
security_group.add_ingress_rule(
ec2.Peer.any_ipv4(),
ec2.Port.tcp(5557)
)
security_group.add_ingress_rule(
ec2.Peer.any_ipv4(),
ec2.Port.tcp(5558)
)
# Create the ecs service
locust_service = ecs.Ec2Service(
self, name +"service",
cluster = ecs_cluster,
task_definition = task_def,
security_group = security_group,
desired_count = number_of_tasks
)
locust_service.enable_cloud_map(name=role)
# Create the ALB to present the Locust UI
if role != "slave":
self.lb = elbv2.ApplicationLoadBalancer(self, "LoustLB", vpc=vpc, internet_facing=True)
listener = self.lb.add_listener("Listener", port=80)
listener.add_targets("ECS1",
port=80,
targets=[locust_service]
)
core.CfnOutput(
self, "lburl",
description = "URL for ALB fronting locust master",
value = self.lb.load_balancer_dns_name
)
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
cluster = ecs.Cluster(
self, 'EKSGraviton2',
vpc=vpc,
container_insights=True
)
task_definition = ecs.Ec2TaskDefinition(
self, "TaskDef")
container_uri = ssm.StringParameter.value_for_string_parameter(self ,"graviton_lab_container_uri")
ecs_ami = ecs.EcsOptimizedAmi(generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
hardware_type=ecs.AmiHardwareType.ARM)
asg_ecs = cluster.add_capacity("G2AutoScalingGroup",
instance_type=ec2.InstanceType("m6g.2xlarge"),
machine_image=ecs_ami
)
container = task_definition.add_container(
"web",
image=ecs.ContainerImage.from_registry(container_uri),
memory_limit_mib=512,
logging=ecs.LogDrivers.firelens(
options={
"Name": "cloudwatch",
"log_key": "log",
"region": "us-east-1",
"delivery_stream": "my-stream",
"log_group_name": "firelens-fluent-bit",
"auto_create_group": "true",
"log_stream_prefix": "from-fluent-bit"}
)
)
port_mapping = ecs.PortMapping(
container_port=3000,
host_port=8080,
protocol=ecs.Protocol.TCP
)
container.add_port_mappings(port_mapping)
# Create Service
service = ecs.Ec2Service(
self, "Service",
cluster=cluster,
task_definition=task_definition
)
# Create ALB
lb = elbv2.ApplicationLoadBalancer(
self, "LB",
vpc=vpc,
internet_facing=True
)
listener = lb.add_listener(
"PublicListener",
port=80,
open=True
)
# Attach ALB to ECS Service
listener.add_targets(
"ECS",
port=80,
targets=[service]
)
core.CfnOutput(
self, "LoadBalancerDNS",
value=lb.load_balancer_dns_name
)
cluster = ecs.Cluster(stack, 'EcsCluster', vpc=vpc)
cluster.add_capacity("DefaultAutoScalingGroup",
instance_type=ec2.InstanceType("t2.micro"))
# Create Task Definition
task_definition = ecs.Ec2TaskDefinition(stack, "TaskDef")
container = task_definition.add_container(
"web",
image=ecs.ContainerImage.from_registry("nginx:latest"),
memory_limit_mib=256)
port_mapping = ecs.PortMapping(container_port=80,
host_port=8080,
protocol=ecs.Protocol.TCP)
container.add_port_mappings(port_mapping)
# Create Service
service = ecs.Ec2Service(stack,
"Service",
cluster=cluster,
task_definition=task_definition)
# Create ALB
lb = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True)
listener = lb.add_listener("PublicListener", port=80, open=True)
health_check = elbv2.HealthCheck(interval=core.Duration.seconds(60),
path="/health",
timeout=core.Duration.seconds(5))
# Attach ALB to ECS Service
listener.add_targets(
"ECS",
port=80,
targets=[service],
health_check=health_check,
)
core.CfnOutput(stack, "LoadBalancerDNS", value=lb.load_balancer_dns_name)
def createResources(self, ns):
# Security Group Updates
albsg = self.bentoALB.connections.security_groups[0]
self.ecssg = self.bentoECS_ASG.connections.security_groups[0]
botoec2 = boto3.client('ec2')
group_name = 'bento-bastion-sg'
response = botoec2.describe_security_groups(
Filters=[dict(Name='group-name', Values=[group_name])])
bastion_group_id = response['SecurityGroups'][0]['GroupId']
self.bastionsg = ec2.SecurityGroup.from_security_group_id(
self, 'bastion-security-group', security_group_id=bastion_group_id)
self.ecssg.add_ingress_rule(
albsg,
ec2.Port.tcp(int(self.config[ns]['backend_container_port'])))
self.ecssg.add_ingress_rule(
albsg,
ec2.Port.tcp(int(self.config[ns]['frontend_container_port'])))
self.ecssg.add_ingress_rule(self.bastionsg, ec2.Port.tcp(22))
# Backend Task Definition
backendECSTask = ecs.Ec2TaskDefinition(
self, "bento-ecs-backend", network_mode=ecs.NetworkMode.AWS_VPC)
backendECSContainer = backendECSTask.add_container(
'api',
image=ecs.ContainerImage.from_registry(
"cbiitssrepo/bento-backend:latest"),
memory_reservation_mib=1024,
cpu=512)
backend_port_mapping = ecs.PortMapping(
container_port=int(self.config[ns]['backend_container_port']),
host_port=int(self.config[ns]['backend_container_port']),
protocol=ecs.Protocol.TCP)
backendECSContainer.add_port_mappings(backend_port_mapping)
# Backend Service
self.backendService = ecs.Ec2Service(
self,
"{}-backend".format(ns),
service_name="{}-backend".format(ns),
task_definition=backendECSTask,
cluster=self.bentoECS)
# Frontend Task Definition
frontendECSTask = ecs.Ec2TaskDefinition(
self, "bento-ecs-frontend", network_mode=ecs.NetworkMode.AWS_VPC)
frontendECSContainer = frontendECSTask.add_container(
'ui',
image=ecs.ContainerImage.from_registry(
"cbiitssrepo/bento-frontend:latest"),
memory_reservation_mib=1024,
cpu=512)
frontend_port_mapping = ecs.PortMapping(
container_port=int(self.config[ns]['frontend_container_port']),
host_port=int(self.config[ns]['frontend_container_port']),
protocol=ecs.Protocol.TCP)
frontendECSContainer.add_port_mappings(frontend_port_mapping)
# Frontend Service
self.frontendService = ecs.Ec2Service(
self,
"{}-frontend".format(ns),
service_name="{}-frontend".format(ns),
task_definition=frontendECSTask,
cluster=self.bentoECS)
def __init__(self, scope: core.Construct, id: str, vpc: ec2.Vpc, cluster: ecs.Cluster, repository: ecr.Repository, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
namespace = servicediscovery.PrivateDnsNamespace(
scope=self,
id="PRIVATE-DNS",
vpc=vpc,
name="private",
description="a private dns"
)
sg = ec2.SecurityGroup(
scope=self,
id="SG",
vpc=vpc,
allow_all_outbound=True,
description="open 9200 and 9300 ports",
security_group_name="es-group"
)
sg.add_ingress_rule(
peer=ec2.Peer.any_ipv4(),
connection=ec2.Port.tcp(port=9200),
)
sg.add_ingress_rule(
peer=ec2.Peer.any_ipv4(),
connection=ec2.Port.tcp(port=9300),
)
#####################################################
elastic_task_def = ecs.Ec2TaskDefinition(
scope=self,
id="ES-TASK-DEF",
network_mode=ecs.NetworkMode.AWS_VPC,
volumes=[ecs.Volume(
name="esdata",
host=ecs.Host(source_path="/usr/share/elasticsearch/data"),
)],
)
elastic = ecs.ContainerDefinition(
scope=self,
id=constants.ES_CONTAINER_NAME,
start_timeout=core.Duration.seconds(amount=30),
task_definition=elastic_task_def,
memory_limit_mib=4500,
essential=True,
image=ecs.ContainerImage.from_ecr_repository(
repository=repository, tag='latest'),
environment={
"cluster.name": constants.ES_CLUSTER_NAME,
"bootstrap.memory_lock": "true",
# "discovery.zen.ping.unicast.hosts": "elasticsearch",
"node.name": constants.ES_CONTAINER_NAME,
"node.master": "true",
"node.data": "true",
"ES_JAVA_OPTS": "-Xms4g -Xmx4g",
},
logging=ecs.AwsLogDriver(
stream_prefix="ES",
log_retention=logs.RetentionDays.ONE_DAY,
),
)
elastic.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.NOFILE, hard_limit=65535, soft_limit=65535))
elastic.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1))
elastic.add_port_mappings(ecs.PortMapping(container_port=9200))
elastic.add_port_mappings(ecs.PortMapping(container_port=9300))
elastic.add_mount_points(ecs.MountPoint(
container_path="/usr/share/elasticsearch/data",
source_volume="esdata",
read_only=False,
))
# elastic.add_volumes_from(ecs.VolumeFrom(
# source_container="esdata",
# read_only=False,
# ))
es_service = ecs.Ec2Service(
scope=self,
id="ES-SERVICE",
cluster=cluster,
task_definition=elastic_task_def,
desired_count=1,
service_name="ES",
security_group=sg,
)
es_lb = elbv2.ApplicationLoadBalancer(
scope=self,
id="ES-ELB",
vpc=vpc,
internet_facing=True,
)
es_listener = es_lb.add_listener(
id="ES-LISTENER",
port=80,
)
es_service.register_load_balancer_targets(
ecs.EcsTarget(
new_target_group_id="ES-GRP",
container_name=elastic.container_name,
listener=ecs.ListenerConfig.application_listener(
listener=es_listener,
protocol=elbv2.ApplicationProtocol.HTTP),
))
service = es_service.enable_cloud_map(
cloud_map_namespace=namespace,
dns_record_type=servicediscovery.DnsRecordType.A,
# dns_ttl=core.Duration.seconds(amount=30),
failure_threshold=1,
name="elastic",
)
core.CfnOutput(
scope=self,
id="DNS-ES",
value=es_lb.load_balancer_dns_name,
)
#####################################################
node_task_def = ecs.Ec2TaskDefinition(
scope=self,
id="NODE-TASK-DEF",
network_mode=ecs.NetworkMode.AWS_VPC,
volumes=[ecs.Volume(
name="esdata",
host=ecs.Host(source_path="/usr/share/elasticsearch/data"),
)],
)
node = ecs.ContainerDefinition(
scope=self,
id=constants.ES_NODE_CONTAINER_NAME,
start_timeout=core.Duration.seconds(amount=40),
task_definition=node_task_def,
memory_limit_mib=4500,
essential=True,
image=ecs.ContainerImage.from_ecr_repository(
repository=repository, tag='latest'),
environment={
"cluster.name": constants.ES_CLUSTER_NAME,
"bootstrap.memory_lock": "true",
"discovery.zen.ping.unicast.hosts": "elastic.private",
"node.name": constants.ES_NODE_CONTAINER_NAME,
"node.master": "false",
"node.data": "true",
"ES_JAVA_OPTS": "-Xms4g -Xmx4g",
},
logging=ecs.LogDrivers.aws_logs(
stream_prefix="NODE",
log_retention=logs.RetentionDays.ONE_DAY,
))
node.add_port_mappings(ecs.PortMapping(container_port=9200))
node.add_port_mappings(ecs.PortMapping(container_port=9300))
node.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.NOFILE, hard_limit=65536, soft_limit=65536))
node.add_ulimits(ecs.Ulimit(
name=ecs.UlimitName.MEMLOCK, hard_limit=-1, soft_limit=-1))
node.add_mount_points(ecs.MountPoint(
container_path="/usr/share/elasticsearch/data",
source_volume="esdata",
read_only=False,
))
node_service = ecs.Ec2Service(
scope=self,
id="ES-NODE-SERVICE",
cluster=cluster,
task_definition=node_task_def,
desired_count=1,
service_name="NODE",
security_group=sg,
)
node_lb = elbv2.ApplicationLoadBalancer(
scope=self,
id="NODE-ELB",
vpc=vpc,
internet_facing=True,
)
node_listener = node_lb.add_listener(
id="NODE-LISTENER",
port=80,
)
node_service.register_load_balancer_targets(
ecs.EcsTarget(
new_target_group_id="NODE-GRP",
container_name=node.container_name,
listener=ecs.ListenerConfig.application_listener(
listener=node_listener,
protocol=elbv2.ApplicationProtocol.HTTP),
))
core.CfnOutput(
scope=self,
id="DNS-NODE",
value=node_lb.load_balancer_dns_name,
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
#vpc = ec2.Vpc.from_lookup(self, 'VPC', is_default=True)
vpc = ec2.Vpc(
self, "MyVpc",
max_azs=2
)
rdsInst = rds.DatabaseInstance(self, 'SpringPetclinicDB',
engine=rds.DatabaseInstanceEngine.MYSQL,
engine_version='5.7.31',
instance_class=ec2.InstanceType('t2.medium'),
master_username = '******',
database_name = 'petclinic',
master_user_password = core.SecretValue('Welcome#123456'),
vpc = vpc,
deletion_protection = False,
backup_retention = core.Duration.days(0),
removal_policy = core.RemovalPolicy.DESTROY,
#vpc_placement = ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC)
)
rdsInst.connections.allow_default_port_from_any_ipv4()
cluster = ecs.Cluster(
self, 'EcsCluster',
vpc=vpc
)
cluster.add_capacity("DefaultAutoScalingGroup",
instance_type=ec2.InstanceType('t2.large'),
vpc_subnets = ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
min_capacity = 6)
alb = elbv2.ApplicationLoadBalancer(self, 'EcsLb', vpc=vpc, internet_facing=True)
listener = alb.add_listener('EcsListener', port=80)
listener.add_fixed_response('Default-Fix', status_code= '404')
listener.node.default_child.default_action=[{
"type": "fixed-response",
"fixedResponseConfig": {"statusCode": "404"}
}]
for s in ['customers', 'vets', 'visits', 'static']:
asset = ecr_assets.DockerImageAsset(self, 'spring-petclinic-' + s,
directory='./work/build/spring-petclinic-' + s + '-service',
build_args={
'JAR_FILE': 'spring-petclinic-' + s + '-service-2.1.4.jar'
})
ecs_task = ecs.Ec2TaskDefinition(self, 'TaskDef-' + s)
env={}
if s != 'static':
env = {
'SPRING_DATASOURCE_PASSWORD': '******',
'SPRING_DATASOURCE_USERNAME': '******',
'SPRING_PROFILES_ACTIVE': 'mysql',
'SPRING_DATASOURCE_URL': 'jdbc:mysql://' + rdsInst.db_instance_endpoint_address + '/petclinic?useUnicode=true',
'SERVER_SERVLET_CONTEXT_PATH': '/api/' + s.rstrip('s')
}
ecs_container = ecs_task.add_container(
'Container-' + s,
memory_limit_mib=512,
image=ecs.ContainerImage.from_docker_image_asset(asset),
logging=ecs.LogDriver.aws_logs(stream_prefix=s),
environment=env
)
ecs_container.add_port_mappings(ecs.PortMapping(container_port=8080))
ecs_service = ecs.Ec2Service(
self, 'Ec2Service-' + s,
cluster = cluster,
service_name = 'spring-petclinic-' + s,
desired_count = 2,
task_definition = ecs_task
)
if s == 'static':
parttern = '/*'
priority = 1100
check={'path': '/'}
else:
parttern = '/api/' + s.rstrip('s') + '/*'
priority = randint(1, 1000)
check={'path': '/api/' + s.rstrip('s') + '/manage'}
target = listener.add_targets(
'ECS-' + s,
path_pattern=parttern,
priority = priority,
port=80,
targets=[ecs_service],
health_check=check
)
core.CfnOutput(self,"LoadBalancer",export_name="LoadBalancer",value=alb.load_balancer_dns_name)
stack,
"nginx-awsvpc",
network_mode=ecs.NetworkMode.AWS_VPC,
)
web_container = task_definition.add_container(
"nginx",
image=ecs.ContainerImage.from_registry("nginx:latest"),
cpu=100,
memory_limit_mib=256,
essential=True)
port_mapping = ecs.PortMapping(container_port=80, protocol=ecs.Protocol.TCP)
web_container.add_port_mappings(port_mapping)
# Create a security group that allows HTTP traffic on port 80 for our
# containers without modifying the security group on the instance
security_group = ec2.SecurityGroup(stack,
"nginx--7623",
vpc=vpc,
allow_all_outbound=False)
security_group.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80))
# Create the service
service = ecs.Ec2Service(stack,
"awsvpc-ecs-demo-service",
cluster=cluster,
task_definition=task_definition,
security_groups=[security_group])
app.synth()
def __init__(self, parent, name, **kwargs):
super().__init__(parent, name, **kwargs)
vpc = ec2.Vpc(self, 'GreetingVpc', max_azs=2)
# create an ECS cluster
cluster = ecs.Cluster(self, "Cluster", vpc=vpc)
# add capacity to id
cluster.add_capacity('greeter-capacity',
instance_type=ec2.InstanceType('t2.micro'),
min_capacity=3,
max_capacity=3
)
# Name service
name_task_definition = ecs.Ec2TaskDefinition(self, "name-task-definition")
name_container = name_task_definition.add_container(
'name',
image=ecs.ContainerImage.from_registry('nathanpeck/name'),
memory_limit_mib=128
)
name_container.add_port_mappings(ecs.PortMapping(
container_port=3000
))
name_service = ecs.Ec2Service(self, "name-service",
cluster=cluster,
desired_count=2,
task_definition=name_task_definition
)
# Greeting service
greeting_task_definition = ecs.Ec2TaskDefinition(self, "greeting-task-definition")
greeting_container = greeting_task_definition.add_container(
'greeting',
image=ecs.ContainerImage.from_registry('nathanpeck/greeting'),
memory_limit_mib=128
)
greeting_container.add_port_mappings(ecs.PortMapping(
container_port=3000
))
greeting_service = ecs.Ec2Service(self, "greeting-service",
cluster=cluster,
desired_count=1,
task_definition=greeting_task_definition
)
internal_lb = elbv2.ApplicationLoadBalancer(self, "internal",
vpc=vpc,
internet_facing=False
)
# Internal load balancer for the backend services
internal_listener = internal_lb.add_listener('PublicListener',
port=80,
open=True
)
internal_listener.add_target_groups('default',
target_groups=[elbv2.ApplicationTargetGroup(
self, 'default',
vpc=vpc,
protocol=elbv2.ApplicationProtocol.HTTP,
port=80
)]
)
internal_listener.add_targets('name',
port=80,
path_pattern='/name*',
priority=1,
targets=[name_service]
)
internal_listener.add_targets('greeting',
port=80,
path_pattern='/greeting*',
priority=2,
targets=[greeting_service]
)
# Greeter service
greeter_task_definition = ecs.Ec2TaskDefinition(self, "greeter-task-definition")
greeter_container = greeter_task_definition.add_container(
'greeter',
image=ecs.ContainerImage.from_registry('nathanpeck/greeter'),
memory_limit_mib=128,
environment={
"GREETING_URL": 'http://' + internal_lb.load_balancer_dns_name + '/greeting',
"NAME_URL": 'http://' + internal_lb.load_balancer_dns_name + '/name'
}
)
greeter_container.add_port_mappings(ecs.PortMapping(
container_port=3000
))
greeter_service = ecs.Ec2Service(self, "greeter-service",
cluster=cluster,
desired_count=2,
task_definition=greeter_task_definition
)
# Internet facing load balancer fo the frontend services
external_lb = elbv2.ApplicationLoadBalancer(self, 'external',
vpc=vpc,
internet_facing=True
)
external_listener = external_lb.add_listener('PublicListener',
port=80,
open=True
)
external_listener.add_targets('greeter',
port=80,
targets=[greeter_service]
)
# output dns addresses
self.internal_dns = core.CfnOutput(self, 'InternalDNS',
export_name='greeter-app-internal',
value=internal_lb.load_balancer_dns_name
)
self.external_dns = core.CfnOutput(self, 'ExternalDNS',
export_name='ExternalDNS',
value=external_lb.load_balancer_dns_name
)
