def ecs_network_config(self):
if self.family.service_compute.launch_type == "EXTERNAL":
return NoValue
return use_external_lt_con(
NoValue,
NetworkConfiguration(AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=self.subnets,
SecurityGroups=self.security_groups,
AssignPublicIp=self.eip_assign,
)),
)
Description='A VPC subnet ID for the container.',
))
cluster = t.add_resource(Cluster('Cluster'))
task_definition = t.add_resource(
TaskDefinition('TaskDefinition',
RequiresCompatibilities=['FARGATE'],
Cpu='256',
Memory='512',
NetworkMode='awsvpc',
ContainerDefinitions=[
ContainerDefinition(
Name='nginx',
Image='nginx',
Essential=True,
PortMappings=[PortMapping(ContainerPort=80)])
]))
service = t.add_resource(
Service(
'NginxService',
Cluster=Ref(cluster),
DesiredCount=1,
TaskDefinition=Ref(task_definition),
LaunchType='FARGATE',
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(Subnets=[Ref('Subnet')]))))
print(t.to_json())
def _add_service(self, service_name, config):
launch_type = self.LAUNCH_TYPE_FARGATE if 'fargate' in config else self.LAUNCH_TYPE_EC2
env_config = build_config(
self.env,
self.application_name,
self.env_sample_file_path
)
container_definition_arguments = {
"Environment": [
Environment(Name=k, Value=v) for (k, v) in env_config
],
"Name": service_name + "Container",
"Image": self.ecr_image_uri + ':' + self.current_version,
"Essential": 'true',
"LogConfiguration": self._gen_log_config(service_name),
"MemoryReservation": int(config['memory_reservation']),
"Cpu": 0
}
if 'http_interface' in config:
container_definition_arguments['PortMappings'] = [
PortMapping(
ContainerPort=int(
config['http_interface']['container_port']
)
)
]
if config['command'] is not None:
container_definition_arguments['Command'] = [config['command']]
cd = ContainerDefinition(**container_definition_arguments)
task_role = self.template.add_resource(Role(
service_name + "Role",
AssumeRolePolicyDocument=PolicyDocument(
Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service", ["ecs-tasks.amazonaws.com"])
)
]
)
))
launch_type_td = {}
if launch_type == self.LAUNCH_TYPE_FARGATE:
launch_type_td = {
'RequiresCompatibilities': ['FARGATE'],
'ExecutionRoleArn': boto3.resource('iam').Role('ecsTaskExecutionRole').arn,
'NetworkMode': 'awsvpc',
'Cpu': str(config['fargate']['cpu']),
'Memory': str(config['fargate']['memory'])
}
td = TaskDefinition(
service_name + "TaskDefinition",
Family=service_name + "Family",
ContainerDefinitions=[cd],
TaskRoleArn=Ref(task_role),
**launch_type_td
)
self.template.add_resource(td)
desired_count = self._get_desired_task_count_for_service(service_name)
deployment_configuration = DeploymentConfiguration(
MinimumHealthyPercent=100,
MaximumPercent=200
)
if 'http_interface' in config:
alb, lb, service_listener, alb_sg = self._add_alb(cd, service_name, config, launch_type)
if launch_type == self.LAUNCH_TYPE_FARGATE:
# if launch type is ec2, then services inherit the ec2 instance security group
# otherwise, we need to specify a security group for the service
service_security_group = SecurityGroup(
pascalcase("FargateService" + self.env + service_name),
GroupName=pascalcase("FargateService" + self.env + service_name),
SecurityGroupIngress=[{
'IpProtocol': 'TCP',
'SourceSecurityGroupId': Ref(alb_sg),
'ToPort': int(config['http_interface']['container_port']),
'FromPort': int(config['http_interface']['container_port']),
}],
VpcId=Ref(self.vpc),
GroupDescription=pascalcase("FargateService" + self.env + service_name)
)
self.template.add_resource(service_security_group)
launch_type_svc = {
'NetworkConfiguration': NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=[
Ref(self.private_subnet1),
Ref(self.private_subnet2)
],
SecurityGroups=[
Ref(service_security_group)
]
)
)
}
else:
launch_type_svc = {
'Role': Ref(self.ecs_service_role),
'PlacementStrategies': self.PLACEMENT_STRATEGIES
}
svc = Service(
service_name,
LoadBalancers=[lb],
Cluster=self.cluster_name,
TaskDefinition=Ref(td),
DesiredCount=desired_count,
DependsOn=service_listener.title,
LaunchType=launch_type,
**launch_type_svc,
)
self.template.add_output(
Output(
service_name + 'EcsServiceName',
Description='The ECS name which needs to be entered',
Value=GetAtt(svc, 'Name')
)
)
self.template.add_output(
Output(
service_name + "URL",
Description="The URL at which the service is accessible",
Value=Sub("https://${" + alb.name + ".DNSName}")
)
)
self.template.add_resource(svc)
else:
launch_type_svc = {}
if launch_type == self.LAUNCH_TYPE_FARGATE:
# if launch type is ec2, then services inherit the ec2 instance security group
# otherwise, we need to specify a security group for the service
service_security_group = SecurityGroup(
pascalcase("FargateService" + self.env + service_name),
GroupName=pascalcase("FargateService" + self.env + service_name),
SecurityGroupIngress=[],
VpcId=Ref(self.vpc),
GroupDescription=pascalcase("FargateService" + self.env + service_name)
)
self.template.add_resource(service_security_group)
launch_type_svc = {
'NetworkConfiguration': NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=[
Ref(self.private_subnet1),
Ref(self.private_subnet2)
],
SecurityGroups=[
Ref(service_security_group)
]
)
)
}
else:
launch_type_svc = {
'PlacementStrategies': self.PLACEMENT_STRATEGIES
}
svc = Service(
service_name,
Cluster=self.cluster_name,
TaskDefinition=Ref(td),
DesiredCount=desired_count,
DeploymentConfiguration=deployment_configuration,
LaunchType=launch_type,
**launch_type_svc
)
self.template.add_output(
Output(
service_name + 'EcsServiceName',
Description='The ECS name which needs to be entered',
Value=GetAtt(svc, 'Name')
)
)
self.template.add_resource(svc)
self._add_service_alarms(svc)
task_definition = t.add_resource(
TaskDefinition(
"TaskDefinition",
RequiresCompatibilities=["FARGATE"],
Cpu="256",
Memory="512",
NetworkMode="awsvpc",
ContainerDefinitions=[
ContainerDefinition(
Name="nginx",
Image="nginx",
Essential=True,
PortMappings=[PortMapping(ContainerPort=80)],
)
],
))
service = t.add_resource(
Service(
"NginxService",
Cluster=Ref(cluster),
DesiredCount=1,
TaskDefinition=Ref(task_definition),
LaunchType="FARGATE",
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(Subnets=[Ref("Subnet")])),
))
print(t.to_json())
def __create_ecs():
template = Template()
desired_count = template.add_parameter(
parameter=Parameter(title='DesiredCount', Default=1, Type='Number'))
cpu = template.add_parameter(
parameter=Parameter(title='Cpu', Default=256, Type='Number'))
memory = template.add_parameter(
parameter=Parameter(title='Memory', Default=512, Type='Number'))
cluster = template.add_resource(resource=Cluster(title='SampleCluster', ))
log_group = template.add_resource(resource=LogGroup(
title='SampleLogGroup', LogGroupName='/aws/ecs/sample'))
container_name = 'sample-nginx'
task_definition = template.add_resource(resource=TaskDefinition(
title='SampleTaskDefinition',
Cpu=Ref(cpu),
Family='sample-fargate-task',
RequiresCompatibilities=['FARGATE'],
Memory=Ref(memory),
NetworkMode='awsvpc',
ExecutionRoleArn=Sub(
'arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole'),
ContainerDefinitions=[
ContainerDefinition(
Image='nginx:latest',
Name=container_name,
PortMappings=[
PortMapping(ContainerPort=80, HostPort=80, Protocol='tcp')
],
LogConfiguration=LogConfiguration(
LogDriver='awslogs',
Options={
'awslogs-region': Ref('AWS::Region'),
'awslogs-group': Ref(log_group),
'awslogs-stream-prefix': 'nginx'
}))
]))
template.add_resource(resource=Service(
title='SampleService',
ServiceName='sample-fargate',
Cluster=Ref(cluster),
DesiredCount=Ref(desired_count),
TaskDefinition=Ref(task_definition),
LaunchType='FARGATE',
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
AssignPublicIp='ENABLED',
SecurityGroups=[
ImportValue(ExportName.TASK_SECURITY_GROUP.value)
],
Subnets=[
ImportValue(
CommonResource.ExportName.PUBLIC_SUBNET_A_ID.value),
ImportValue(
CommonResource.ExportName.PUBLIC_SUBNET_B_ID.value),
])),
LoadBalancers=[
EcsLoadBalancer(ContainerName=container_name,
ContainerPort=80,
TargetGroupArn=ImportValue(
ExportName.TARGET_GROUP.value))
]))
output_template_file(template, 'ecs.yml')
def generate_template(d):
# Set template metadata
t = Template()
t.add_version("2010-09-09")
t.set_description(d["cf_template_description"])
aws_account_id = Ref("AWS::AccountId")
aws_region = Ref("AWS::Region")
# Task definition
task_definition = t.add_resource(
TaskDefinition(
"TaskDefinition",
Family=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
RequiresCompatibilities=["FARGATE"],
Cpu=d["container_cpu"],
Memory=d["container_memory"],
NetworkMode="awsvpc",
ExecutionRoleArn=ImportValue(d["ecs_stack_name"] +
"-ECSClusterRole"),
ContainerDefinitions=[
ContainerDefinition(
Name=Join("", [
d["env"], "-", d["project_name"], "-",
d["service_name"]
]),
Image=Join(
"",
[
aws_account_id, ".dkr.ecr.", aws_region,
".amazonaws.com/", d["env"], d["project_name"],
d["service_name"], ":latest"
],
),
Essential=True,
PortMappings=[
PortMapping(
ContainerPort=d["container_port"],
HostPort=d["container_port"],
)
],
EntryPoint=["sh", "-c"],
Command=[d["container_command"]],
LogConfiguration=LogConfiguration(
LogDriver="awslogs",
Options={
"awslogs-region":
aws_region,
"awslogs-group":
Join("", [
d["env"], "-", d["project_name"], "-",
d["service_name"]
]),
"awslogs-stream-prefix":
"ecs",
"awslogs-create-group":
"true"
}))
],
Tags=Tags(d["tags"],
{"Name": d["project_name"] + "-task-definition"}),
))
# ECR
ecr = t.add_resource(
Repository(
"ECR",
DependsOn="ListenerRule",
RepositoryName=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-ecr"}),
))
# Target group
target_group = t.add_resource(
elb.TargetGroup(
"TargetGroup",
Name=Join("", [d["env"], "-", d["service_name"]]),
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckPort=d["container_port"],
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
HealthCheckPath=d["tg_health_check_path"],
Matcher=elb.Matcher(HttpCode="200-299"),
Port=d["container_port"],
Protocol="HTTP",
TargetType="ip",
UnhealthyThresholdCount="3",
VpcId=ImportValue(d["network_stack_name"] + "-VPCId"),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-ecr"}),
))
# Listener rule
t.add_resource(
elb.ListenerRule(
"ListenerRule",
DependsOn="TargetGroup",
ListenerArn=ImportValue(d["ecs_stack_name"] + "-ListenerArnHTTP"),
Conditions=[
elb.Condition(Field="path-pattern",
Values=[d["application_path_api"]])
],
Actions=[
elb.Action(Type="forward", TargetGroupArn=Ref(target_group))
],
Priority="1",
))
# ECS service
ecs_service = t.add_resource(
Service(
"ECSService",
ServiceName=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
DependsOn="pipeline",
DesiredCount=d["container_desired_tasks_count"],
TaskDefinition=Ref(task_definition),
LaunchType="FARGATE",
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=[
ImportValue(d["network_stack_name"] +
"-PrivateSubnetId1"),
ImportValue(d["network_stack_name"] +
"-PrivateSubnetId2"),
],
SecurityGroups=[
ImportValue(d["ecs_stack_name"] + "-ECSClusterSG")
],
)),
LoadBalancers=([
LoadBalancer(
ContainerName=Join(
"",
[
d["env"], "-", d["project_name"], "-",
d["service_name"]
],
),
ContainerPort=d["container_port"],
TargetGroupArn=Ref(target_group),
)
]),
Cluster=ImportValue(d["ecs_stack_name"] + "-ECSClusterName"),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-ecs-service"}),
))
# App Autoscaling target
# App Autoscaling policy
# Codebuild project
codebuild = t.add_resource(
Project(
"codebuild",
Name=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
DependsOn="ECR",
ServiceRole=ImportValue(d["ecs_stack_name"] +
"-CodebuildDeveloperRole"),
Artifacts=Artifacts(
Name="Build",
Location=d["artifact_store"],
Type="S3",
),
Description="Build a docker image and send it to ecr",
Source=Source(
BuildSpec="buildspec.yml",
Type="S3",
Location=d["artifact_store"] + "/" + d["artifact_name"],
),
Environment=Environment(
ComputeType="BUILD_GENERAL1_SMALL",
Image="aws/codebuild/standard:4.0",
PrivilegedMode=True,
Type="LINUX_CONTAINER",
EnvironmentVariables=[
EnvironmentVariable(
Name="AWS_DEFAULT_REGION",
Type="PLAINTEXT",
Value=aws_region,
),
EnvironmentVariable(
Name="SERVICE_NAME",
Type="PLAINTEXT",
Value=Join(
"",
[
d["env"], "-", d["project_name"], "-",
d["service_name"]
],
),
),
EnvironmentVariable(
Name="IMAGE_URI",
Type="PLAINTEXT",
Value=Join(
"",
[
aws_account_id,
".dkr.ecr.",
aws_region,
".amazonaws.com/",
d["env"],
"-",
d["project_name"],
"-",
d["service_name"],
],
),
),
],
),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-codebuild"}),
))
# Codepipeline
pipeline = t.add_resource(
Pipeline(
"pipeline",
Name=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
RoleArn=ImportValue(d["ecs_stack_name"] + "-CodePipelineRole"),
Stages=[
Stages(
Name="Source",
Actions=[
Actions(
Name="Source",
ActionTypeId=ActionTypeId(
Category="Source",
Owner="AWS",
Version="1",
Provider="S3",
),
OutputArtifacts=[
OutputArtifacts(Name="source_artifact")
],
Configuration={
"S3Bucket": d["artifact_store"],
"S3ObjectKey": d["artifact_name"],
},
RunOrder="1",
)
],
),
Stages(
Name="Build",
Actions=[
Actions(
Name="Build",
InputArtifacts=[
InputArtifacts(Name="source_artifact")
],
OutputArtifacts=[
OutputArtifacts(Name="build_artifact")
],
ActionTypeId=ActionTypeId(
Category="Build",
Owner="AWS",
Version="1",
Provider="CodeBuild",
),
Configuration={"ProjectName": Ref(codebuild)},
RunOrder="1",
)
],
),
Stages(
Name="Deploy",
Actions=[
Actions(
Name="Deploy",
InputArtifacts=[
InputArtifacts(Name="build_artifact")
],
ActionTypeId=ActionTypeId(
Category="Deploy",
Owner="AWS",
Version="1",
Provider="ECS",
),
Configuration={
"ClusterName":
ImportValue(d["ecs_stack_name"] +
"-ECSClusterName"),
"ServiceName":
Join(
"",
[
d["env"],
"-",
d["project_name"],
"-",
d["service_name"],
],
),
"FileName":
"definitions.json",
},
)
],
),
],
ArtifactStore=ArtifactStore(Type="S3",
Location=d["artifact_store"]),
))
# Route53
# Outputs
return t
Service('GhostService',
Cluster=Ref(cluster),
DesiredCount=1,
TaskDefinition=Ref(ghost_task_definition),
LaunchType='FARGATE',
LoadBalancers=[
LoadBalancer(ContainerName='ghost',
ContainerPort=2368,
TargetGroupArn=ImportValue(
Sub("${DependencyStackName}-GhostTG")))
],
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=[
ImportValue(Sub("${DependencyStackName}-Subnet1")),
ImportValue(Sub("${DependencyStackName}-Subnet2"))
],
SecurityGroups=[
ImportValue(Sub("${DependencyStackName}-GhostSG"))
],
))))
# Create the required Outputs
# Output the Fargate Service Name
t.add_output(
Output("GhostFargateServiceName",
Value=GetAtt(ghost_service, "Name"),
Description="Ghost Fargate Service Name"))
print(t.to_json())
def generate_service_definition(self, task_definition):
"""
Function to generate the Service definition.
This is the last step in defining the service, after all other settings have been prepared.
"""
service_sgs = [
Ref(sg) for sg in self.sgs
if not isinstance(sg, (Ref, Sub, If, GetAtt))
]
service_sgs += [
sg for sg in self.sgs if isinstance(sg, (Ref, Sub, If, GetAtt))
]
if self.config.replicas != ecs_params.SERVICE_COUNT.Default:
self.parameters[ecs_params.SERVICE_COUNT_T] = self.config.replicas
self.ecs_service = EcsService(
ecs_params.SERVICE_T,
template=self.template,
Cluster=Ref(ecs_params.CLUSTER_NAME),
DeploymentController=DeploymentController(
Type=Ref(ecs_params.ECS_CONTROLLER)),
EnableECSManagedTags=True,
DesiredCount=If(
ecs_conditions.SERVICE_COUNT_ZERO_AND_FARGATE_CON_T,
1,
If(
ecs_conditions.USE_FARGATE_CON_T,
Ref(ecs_params.SERVICE_COUNT),
If(
ecs_conditions.SERVICE_COUNT_ZERO_CON_T,
Ref(AWS_NO_VALUE),
Ref(ecs_params.SERVICE_COUNT),
),
),
),
SchedulingStrategy=If(
ecs_conditions.USE_FARGATE_CON_T,
"REPLICA",
If(
ecs_conditions.SERVICE_COUNT_ZERO_AND_FARGATE_CON_T,
"REPLICA",
"DAEMON",
),
),
HealthCheckGracePeriodSeconds=Ref(AWS_NO_VALUE),
PlacementStrategies=If(
ecs_conditions.USE_FARGATE_CON_T,
Ref(AWS_NO_VALUE),
define_placement_strategies(),
),
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=Ref(vpc_params.APP_SUBNETS),
SecurityGroups=service_sgs)),
TaskDefinition=Ref(task_definition),
LaunchType=If(
ecs_conditions.USE_CLUSTER_CAPACITY_PROVIDERS_CON_T,
Ref(AWS_NO_VALUE),
Ref(ecs_params.LAUNCH_TYPE),
),
Tags=Tags({
"Name": Ref(ecs_params.SERVICE_NAME),
"StackName": Ref(AWS_STACK_NAME),
}),
PropagateTags="SERVICE",
**self.service_attrs,
)
def main():
template = Template()
template.add_version("2010-09-09")
template.set_description("AWS CloudFormation ECS Service")
# Add the Parameters
Application = template.add_parameter(
Parameter(
"Application",
Type="String",
))
DockerImage = template.add_parameter(
Parameter(
"DockerImage",
Type="String",
))
ClusterName = template.add_parameter(
Parameter(
"ClusterName",
Type="String",
))
ContainerPort = template.add_parameter(
Parameter(
"ContainerPort",
Type="String",
))
HostPort = template.add_parameter(Parameter(
"HostPort",
Type="String",
))
HostedZoneName = template.add_parameter(
Parameter(
"HostedZoneName",
Type="String",
))
CertArn = template.add_parameter(Parameter(
"CertArn",
Type="String",
))
ExecutionRoleArn = template.add_parameter(
Parameter("ExecutionRoleArn",
Type="String",
Description="Execution Role to get creadentials from ssm"))
HealthCheckPath = template.add_parameter(
Parameter(
"HealthCheckPath",
Type="String",
))
HealthCheckIntervalSeconds = template.add_parameter(
Parameter(
"HealthCheckIntervalSeconds",
Type="String",
))
HealthyThresholdCount = template.add_parameter(
Parameter(
"HealthyThresholdCount",
Type="String",
))
HealthCheckTimeoutSeconds = template.add_parameter(
Parameter(
"HealthCheckTimeoutSeconds",
Type="String",
))
UnhealthyThresholdCount = template.add_parameter(
Parameter(
"UnhealthyThresholdCount",
Type="String",
))
VpcId = template.add_parameter(Parameter(
"VpcId",
Type="String",
))
Subnets = template.add_parameter(
Parameter(
"Subnets",
Type="List<AWS::EC2::Subnet::Id>",
))
PrivateSubnets = template.add_parameter(
Parameter(
"PrivateSubnets",
Type="List<AWS::EC2::Subnet::Id>",
))
# Add the application ELB
NetworkLB = template.add_resource(
elb.LoadBalancer("NetworkLB",
Name=Join("", [Ref(Application), "-nlb"]),
Scheme="internet-facing",
Subnets=Ref(Subnets),
Type='network'))
NlbTargetGroup = template.add_resource(
elb.TargetGroup(
"NlbTargetGroup",
Name='ecs-fargate-service-targetgroup',
HealthCheckIntervalSeconds=Ref(HealthCheckIntervalSeconds),
HealthCheckProtocol="TCP",
HealthyThresholdCount=Ref(HealthyThresholdCount),
Port=80,
Protocol="TCP",
TargetType="ip",
UnhealthyThresholdCount=Ref(UnhealthyThresholdCount),
VpcId=Ref(VpcId)))
NlbListener = template.add_resource(
elb.Listener(
"Listener",
DependsOn=["NlbTargetGroup", "NetworkLB"],
Certificates=[elb.Certificate(CertificateArn=Ref(CertArn))],
Port="443",
Protocol="TLS",
LoadBalancerArn=Ref(NetworkLB),
DefaultActions=[
elb.Action(Type="forward", TargetGroupArn=Ref(NlbTargetGroup))
]))
Task_Definition = template.add_resource(
TaskDefinition(
'TaskDefinition',
Memory='512',
Cpu='256',
RequiresCompatibilities=['FARGATE'],
NetworkMode='awsvpc',
ExecutionRoleArn=Ref(ExecutionRoleArn),
ContainerDefinitions=[
ContainerDefinition(
Name=Join("", [Ref(Application)]),
Image=Ref(DockerImage),
Essential=True,
Environment=[Environment(Name="MY_ENV_VAR", Value="true")],
DockerLabels={
'aws-account': Ref("AWS::AccountId"),
'region': Ref("AWS::Region"),
'stack': Ref("AWS::StackName")
},
PortMappings=[
PortMapping(ContainerPort=Ref(ContainerPort))
])
]))
AwsVpcSg = template.add_resource(
ec2.SecurityGroup('SecurityGroup',
GroupDescription='Security Group',
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='-1',
CidrIp='10.0.0.0/8')
],
SecurityGroupEgress=[
ec2.SecurityGroupRule(IpProtocol="-1",
CidrIp="0.0.0.0/0")
],
VpcId=Ref(VpcId)))
app_service = template.add_resource(
Service("AppService",
DependsOn=["Listener", "TaskDefinition"],
Cluster=Ref(ClusterName),
LaunchType='FARGATE',
DesiredCount=1,
TaskDefinition=Ref(Task_Definition),
ServiceName=Join("", [Ref(Application), "-ecs-service"]),
LoadBalancers=[
ecs.LoadBalancer(ContainerName=Join(
"", [Ref(Application)]),
ContainerPort=Ref(ContainerPort),
TargetGroupArn=Ref(NlbTargetGroup))
],
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=Ref(PrivateSubnets),
SecurityGroups=[Ref(AwsVpcSg)]))))
AppDNSRecord = template.add_resource(
RecordSetType(
"AppDNSRecord",
DependsOn=["AppService"],
HostedZoneName=Join("", [Ref(HostedZoneName), "."]),
Name=Join("", [Ref(Application), ".",
Ref(HostedZoneName), "."]),
Type="CNAME",
TTL="900",
ResourceRecords=[GetAtt(NetworkLB, "DNSName")]))
template.add_output(
Output("URL",
Description="DomainName",
Value=Join("", ["https://", Ref(AppDNSRecord)])))
with open("ecs-fargate-service-cf.yaml", "w") as yamlout:
yamlout.write(template.to_yaml())
DesiredCount=1,
HealthCheckGracePeriodSeconds=300,
LaunchType="FARGATE",
LoadBalancers=[
LoadBalancer(
"HelloWorldECSServiceLB",
ContainerName="hello-world-web",
ContainerPort=80,
TargetGroupArn=Ref(resources["ALBTargetGroup"]),
)
],
NetworkConfiguration=NetworkConfiguration(
"HelloWorldNetConf",
AwsvpcConfiguration=AwsvpcConfiguration(
"HelloWorldVPCConf",
AssignPublicIp="DISABLED",
SecurityGroups=[
Ref(resources["HelloWorldECSTaskSecurityGroup"])
],
Subnets=[ImportValue("PRVA"),
ImportValue("PRVB")])),
ServiceName=Join("-", [Ref(parameters["Project"]), "ecs", "service"]),
TaskDefinition=Ref(resources["HelloWorldTaskDef"])))
### Template JSON ###
output = open(
path.dirname(path.abspath(__file__)) + "/" +
path.splitext(path.basename(__file__))[0] + ".json", "w")
#print(template.to_json())
output.write(template.to_json())
output.close()