Skip to content

Commit

Permalink
feat: add dedicated lb template and move as default (#13)
Browse files Browse the repository at this point in the history 
Co-authored-by: Karl Wallbom <[email protected]>
  • Loading branch information
@kalleeh
kalleeh and Karl Wallbom authored Apr 3, 2020
1 parent 6134b21 commit fa56a10
Show file tree
Hide file tree
Showing 4 changed files with 421 additions and 29 deletions.
63 changes: 63 additions & 0 deletions apps/ecs-fargate-shared/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Gurum - ECS Fargate Application on Shared Load Balancer

ECS Fargate Application running on a Shared Load Balancer.
[https://aws.amazon.com/documentation/codepipeline/](https://aws.amazon.com/documentation/codepipeline/)

## Table of contents

* [Parameters](#parameters)
* [Generic](#generic)
* [Prescribed](#prescribed)
* [Examples](#examples)
* [minimal](#minimal)
* [complete](#complete)

## Parameters

### Generic

These parameters are required, but generic or require privileged access to the underlying AWS account.

Name | Description | Default | Accepted Values
-------------- | --------------- | --------------- | ---------------
DesiredCount|How many instances of this task to run across our cluster|1|Int
HealthCheckPath|The health check path to register with the Application Load Balancer|/|String
ServiceDiscoveryTTL|The amount of time, in seconds, that you want DNS resolvers to cache the settings for this record.|60|Double

### Prescribed

These are parameters that are prescribed by the plan and are not configurable, should adjusting any of these be required please choose a plan that makes them available.

Name | Description | Value
-------------- | --------------- | ---------------
BucketName|Must contain only lowercase letters, numbers, periods (.), and hyphens. If set to Auto, a bucket name will be generated (-),Cannot end in numbers|Auto

## Examples

***Note:*** Examples do not include generic parameters, if you have not setup defaults for these you will need to add
them as additional parameters

### Minimal

```yaml
environments:
- name: dev
config:
DesiredCount: 1
HealthCheckPath: '/'
ServiceDiscoveryTTL: 60
```
### Complete
```yaml
environments:
- name: dev
config:
DesiredCount: 4
HealthCheckPath: '/health'
ServiceDiscoveryTTL: 60
env_vars:
environment: prod
YourVar: AnotherEnvVar
```
253 changes: 253 additions & 0 deletions apps/ecs-fargate-shared/latest.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,253 @@
# This is a sample, non-production-ready template.
#
# © 2019 Amazon Web Services, In​c. or its affiliates. All Rights Reserved.
#
# This AWS Content is provided subject to the terms of the
# AWS Customer Agreement available at http://aws.amazon.com/agreement
# or other written agreement between Customer and either
# Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.

AWSTemplateFormatVersion: "2010-09-09"
Description: Platform App on Shared Load Balancer

Parameters:

# User Parameters - Dynamically generated from the API
DesiredCount:
Description: How many instances of this task should we run across our cluster?
Type: Number
Default: 1

Priority:
Description: The Application Load Balancer rule priority
Type: Number
Default: 1

HealthCheckPath:
Description: The health check path to register with the Application Load Balancer
Type: String
Default: /

DockerImage:
Description: Docker image to start the container with
Type: String
Default: nginx:latest

ServiceDiscoveryTTL:
Type: String
Description: The amount of time, in seconds, that you want DNS resolvers to cache the settings for this record.
Default: '60'

# Platform Parameters - Resolved from SSM.
PlatformDomainName:
Type: AWS::SSM::Parameter::Value<String>
Description: Name of the Hosted Zone to register service with
Default: /gurum/platform/domain-name

PlatformVPC:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform VPC
Default: /gurum/platform/vpc

PlatformPrivateSubnets:
Type: AWS::SSM::Parameter::Value<List<String>>
Description: Platform Private Subnets
Default: /gurum/platform/subnets/private

PlatformCluster:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform ECS Cluster
Default: /gurum/platform/ecs

PlatformLoadBalancerDnsName:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Load Balancer DNS Name
Default: /gurum/platform/loadbalancer/dns-name

PlatformLoadBalancerHostedZoneId:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Load Balancer Hosted Zone ID
Default: /gurum/platform/loadbalancer/hosted-zone-id

PlatformLoadBalancerListener:
Type: AWS::SSM::Parameter::Value<String>
Description: The Application Load Balancer listener to register with
Default: /gurum/platform/loadbalancer/listener-arn

PlatformLoadBalancerSecurityGroup:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Load Balancer Security Group
Default: /gurum/platform/loadbalancer/security-group

PlatformNamespaceId:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Namespace ID
Default: /gurum/platform/service-discovery/namespace-id

Resources:

Service:
Type: AWS::ECS::Service
DependsOn: ListenerRule
Properties:
ServiceName:
Ref: AWS::StackName
Cluster: !Ref PlatformCluster
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 50
DesiredCount: !Ref DesiredCount
TaskDefinition: !Ref TaskDefinition
LaunchType: FARGATE
LoadBalancers:
- ContainerName: web
ContainerPort: 80
TargetGroupArn: !Ref TargetGroup
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- !GetAtt ApplicationServiceSecurityGroup.GroupId
Subnets: !Ref PlatformPrivateSubnets
ServiceRegistries:
-
Port: 80
RegistryArn: !GetAtt ServiceDiscoveryService.Arn

TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family:
Ref: AWS::StackName
Cpu: "1024"
Memory: "2048"
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
TaskRoleArn: !GetAtt ApplicationContainerRole.Arn
ExecutionRoleArn: !GetAtt ApplicationExecutionRole.Arn
ContainerDefinitions:
- Name: web
Essential: true
Image: !Ref DockerImage
Memory: 2048
PortMappings:
- ContainerPort: 80
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref CloudWatchLogsGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: 'app'

CloudWatchLogsGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub 'app-${AWS::StackName}'
RetentionInDays: 365

ApplicationServiceSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupName: !Sub 'app-sg-${AWS::StackName}'
GroupDescription: !Sub '(${AWS::StackName}) Application Service Security Group'
SecurityGroupIngress:
- SourceSecurityGroupId: !Ref PlatformLoadBalancerSecurityGroup
FromPort: 80
ToPort: 80
IpProtocol: tcp
VpcId: !Ref PlatformVPC

TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name:
Ref: AWS::StackName
TargetType: ip
Port: 80
Protocol: HTTP
VpcId: !Ref PlatformVPC
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: "50"
Matcher:
HttpCode: 200-299
HealthCheckIntervalSeconds: 10
HealthCheckPath: !Ref HealthCheckPath
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2

ListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
ListenerArn: !Ref PlatformLoadBalancerListener
Priority: !Ref Priority
Conditions:
- Field: host-header
Values:
- !Join ['', [!Ref 'AWS::StackName', ., !Ref 'PlatformDomainName']]
Actions:
- TargetGroupArn: !Ref TargetGroup
Type: forward

ServiceDNSRecord:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Join ['', [!Ref 'PlatformDomainName', .]]
Comment: !Sub 'DNS Record for ${AWS::StackName}'
Name: !Join ['', [!Ref 'AWS::StackName', ., !Ref 'PlatformDomainName']]
Type: A
AliasTarget:
HostedZoneId: !Ref PlatformLoadBalancerHostedZoneId
DNSName: !Ref PlatformLoadBalancerDnsName

ServiceDiscoveryService:
Type: AWS::ServiceDiscovery::Service
Properties:
DnsConfig:
NamespaceId: !Ref PlatformNamespaceId
DnsRecords:
- Type: SRV
TTL: !Ref ServiceDiscoveryTTL
HealthCheckCustomConfig:
FailureThreshold: 1
Name:
Ref: AWS::StackName

# IAM Role that the container tasks assume to gain access to AWS Services such as S3 etc.
ApplicationContainerRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub 'platform-role-${AWS::StackName}'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonS3FullAccess
AssumeRolePolicyDocument:
Version: "2008-10-17"
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole

# Execution role for EC2 to assume to pull images and write to CloudWatch Logs
ApplicationExecutionRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub 'platform-execution-role-${AWS::StackName}'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
AssumeRolePolicyDocument:
Version: "2008-10-17"
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole

Outputs:
Endpoint:
Value: !Join ['', [!Ref 'AWS::StackName', ., !Ref 'PlatformDomainName']]

ServiceRole:
Value: !GetAtt ApplicationContainerRole.Arn
4 changes: 2 additions & 2 deletions apps/ecs-fargate/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Gurum - ECS Fargate Application on Shared Load Balancer
# Gurum - ECS Fargate Application on Dedicated Load Balancer

ECS Fargate Application running on a Shared Load Balancer.
ECS Fargate Application running on a Dedicated Load Balancer.
[https://aws.amazon.com/documentation/codepipeline/](https://aws.amazon.com/documentation/codepipeline/)

## Table of contents
Expand Down
Loading

0 comments on commit fa56a10

Please sign in to comment.