Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add dedicated lb template and move as default #13

Merged
merged 1 commit into from
Apr 3, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions apps/ecs-fargate-shared/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Gurum - ECS Fargate Application on Shared Load Balancer

ECS Fargate Application running on a Shared Load Balancer.
[https://aws.amazon.com/documentation/codepipeline/](https://aws.amazon.com/documentation/codepipeline/)

## Table of contents

* [Parameters](#parameters)
* [Generic](#generic)
* [Prescribed](#prescribed)
* [Examples](#examples)
* [minimal](#minimal)
* [complete](#complete)

## Parameters

### Generic

These parameters are required, but generic or require privileged access to the underlying AWS account.

Name | Description | Default | Accepted Values
-------------- | --------------- | --------------- | ---------------
DesiredCount|How many instances of this task to run across our cluster|1|Int
HealthCheckPath|The health check path to register with the Application Load Balancer|/|String
ServiceDiscoveryTTL|The amount of time, in seconds, that you want DNS resolvers to cache the settings for this record.|60|Double

### Prescribed

These are parameters that are prescribed by the plan and are not configurable, should adjusting any of these be required please choose a plan that makes them available.

Name | Description | Value
-------------- | --------------- | ---------------
BucketName|Must contain only lowercase letters, numbers, periods (.), and hyphens. If set to Auto, a bucket name will be generated (-),Cannot end in numbers|Auto

## Examples

***Note:*** Examples do not include generic parameters, if you have not setup defaults for these you will need to add
them as additional parameters

### Minimal

```yaml
environments:
- name: dev
config:
DesiredCount: 1
HealthCheckPath: '/'
ServiceDiscoveryTTL: 60
```

### Complete

```yaml
environments:
- name: dev
config:
DesiredCount: 4
HealthCheckPath: '/health'
ServiceDiscoveryTTL: 60
env_vars:
environment: prod
YourVar: AnotherEnvVar
```
253 changes: 253 additions & 0 deletions apps/ecs-fargate-shared/latest.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,253 @@
# This is a sample, non-production-ready template.
#
# © 2019 Amazon Web Services, In​c. or its affiliates. All Rights Reserved.
#
# This AWS Content is provided subject to the terms of the
# AWS Customer Agreement available at http://aws.amazon.com/agreement
# or other written agreement between Customer and either
# Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.

AWSTemplateFormatVersion: "2010-09-09"
Description: Platform App on Shared Load Balancer

Parameters:

# User Parameters - Dynamically generated from the API
DesiredCount:
Description: How many instances of this task should we run across our cluster?
Type: Number
Default: 1

Priority:
Description: The Application Load Balancer rule priority
Type: Number
Default: 1

HealthCheckPath:
Description: The health check path to register with the Application Load Balancer
Type: String
Default: /

DockerImage:
Description: Docker image to start the container with
Type: String
Default: nginx:latest

ServiceDiscoveryTTL:
Type: String
Description: The amount of time, in seconds, that you want DNS resolvers to cache the settings for this record.
Default: '60'

# Platform Parameters - Resolved from SSM.
PlatformDomainName:
Type: AWS::SSM::Parameter::Value<String>
Description: Name of the Hosted Zone to register service with
Default: /gurum/platform/domain-name

PlatformVPC:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform VPC
Default: /gurum/platform/vpc

PlatformPrivateSubnets:
Type: AWS::SSM::Parameter::Value<List<String>>
Description: Platform Private Subnets
Default: /gurum/platform/subnets/private

PlatformCluster:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform ECS Cluster
Default: /gurum/platform/ecs

PlatformLoadBalancerDnsName:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Load Balancer DNS Name
Default: /gurum/platform/loadbalancer/dns-name

PlatformLoadBalancerHostedZoneId:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Load Balancer Hosted Zone ID
Default: /gurum/platform/loadbalancer/hosted-zone-id

PlatformLoadBalancerListener:
Type: AWS::SSM::Parameter::Value<String>
Description: The Application Load Balancer listener to register with
Default: /gurum/platform/loadbalancer/listener-arn

PlatformLoadBalancerSecurityGroup:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Load Balancer Security Group
Default: /gurum/platform/loadbalancer/security-group

PlatformNamespaceId:
Type: AWS::SSM::Parameter::Value<String>
Description: Platform Namespace ID
Default: /gurum/platform/service-discovery/namespace-id

Resources:

Service:
Type: AWS::ECS::Service
DependsOn: ListenerRule
Properties:
ServiceName:
Ref: AWS::StackName
Cluster: !Ref PlatformCluster
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 50
DesiredCount: !Ref DesiredCount
TaskDefinition: !Ref TaskDefinition
LaunchType: FARGATE
LoadBalancers:
- ContainerName: web
ContainerPort: 80
TargetGroupArn: !Ref TargetGroup
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- !GetAtt ApplicationServiceSecurityGroup.GroupId
Subnets: !Ref PlatformPrivateSubnets
ServiceRegistries:
-
Port: 80
RegistryArn: !GetAtt ServiceDiscoveryService.Arn

TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family:
Ref: AWS::StackName
Cpu: "1024"
Memory: "2048"
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
TaskRoleArn: !GetAtt ApplicationContainerRole.Arn
ExecutionRoleArn: !GetAtt ApplicationExecutionRole.Arn
ContainerDefinitions:
- Name: web
Essential: true
Image: !Ref DockerImage
Memory: 2048
PortMappings:
- ContainerPort: 80
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref CloudWatchLogsGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: 'app'

CloudWatchLogsGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub 'app-${AWS::StackName}'
RetentionInDays: 365

ApplicationServiceSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupName: !Sub 'app-sg-${AWS::StackName}'
GroupDescription: !Sub '(${AWS::StackName}) Application Service Security Group'
SecurityGroupIngress:
- SourceSecurityGroupId: !Ref PlatformLoadBalancerSecurityGroup
FromPort: 80
ToPort: 80
IpProtocol: tcp
VpcId: !Ref PlatformVPC

TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name:
Ref: AWS::StackName
TargetType: ip
Port: 80
Protocol: HTTP
VpcId: !Ref PlatformVPC
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: "50"
Matcher:
HttpCode: 200-299
HealthCheckIntervalSeconds: 10
HealthCheckPath: !Ref HealthCheckPath
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2

ListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
ListenerArn: !Ref PlatformLoadBalancerListener
Priority: !Ref Priority
Conditions:
- Field: host-header
Values:
- !Join ['', [!Ref 'AWS::StackName', ., !Ref 'PlatformDomainName']]
Actions:
- TargetGroupArn: !Ref TargetGroup
Type: forward

ServiceDNSRecord:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Join ['', [!Ref 'PlatformDomainName', .]]
Comment: !Sub 'DNS Record for ${AWS::StackName}'
Name: !Join ['', [!Ref 'AWS::StackName', ., !Ref 'PlatformDomainName']]
Type: A
AliasTarget:
HostedZoneId: !Ref PlatformLoadBalancerHostedZoneId
DNSName: !Ref PlatformLoadBalancerDnsName

ServiceDiscoveryService:
Type: AWS::ServiceDiscovery::Service
Properties:
DnsConfig:
NamespaceId: !Ref PlatformNamespaceId
DnsRecords:
- Type: SRV
TTL: !Ref ServiceDiscoveryTTL
HealthCheckCustomConfig:
FailureThreshold: 1
Name:
Ref: AWS::StackName

# IAM Role that the container tasks assume to gain access to AWS Services such as S3 etc.
ApplicationContainerRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub 'platform-role-${AWS::StackName}'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonS3FullAccess
AssumeRolePolicyDocument:
Version: "2008-10-17"
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole

# Execution role for EC2 to assume to pull images and write to CloudWatch Logs
ApplicationExecutionRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub 'platform-execution-role-${AWS::StackName}'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
AssumeRolePolicyDocument:
Version: "2008-10-17"
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole

Outputs:
Endpoint:
Value: !Join ['', [!Ref 'AWS::StackName', ., !Ref 'PlatformDomainName']]

ServiceRole:
Value: !GetAtt ApplicationContainerRole.Arn
4 changes: 2 additions & 2 deletions apps/ecs-fargate/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Gurum - ECS Fargate Application on Shared Load Balancer
# Gurum - ECS Fargate Application on Dedicated Load Balancer

ECS Fargate Application running on a Shared Load Balancer.
ECS Fargate Application running on a Dedicated Load Balancer.
[https://aws.amazon.com/documentation/codepipeline/](https://aws.amazon.com/documentation/codepipeline/)

## Table of contents
Expand Down
Loading