unity-builder/action/task-def-formation.yml

146 lines
4.1 KiB
YAML
Raw Normal View History

AWSTemplateFormatVersion: '2010-09-09'
Description: AWS Fargate cluster that can span public and private subnets. Supports
public facing load balancers, private internal load balancers, and
both internal and external service discovery namespaces.
Parameters:
EnvironmentName:
Type: String
Default: development
Description: "Your deployment environment: DEV, QA , PROD"
ServiceName:
Type: String
Default: example
Description: A name for the service
ImageUrl:
Type: String
Default: nginx
Description: The url of a docker image that contains the application process that
will handle the traffic for this service
2021-02-07 00:37:34 +00:00
ContainerPort:
Type: Number
Default: 80
Description: What port number the application inside the docker container is binding to
ContainerCpu:
Type: Number
Default: 256
Description: How much CPU to give the container. 1024 is 1 CPU
ContainerMemory:
Type: Number
Default: 512
Description: How much memory in megabytes to give the container
Prefix:
Type: String
Default: "test"
DesiredCount:
Type: Number
Default: 1
Description: How many copies of the service task to run
Role:
Type: String
Default: ""
Description: (Optional) An IAM role to give the service's containers if the code within needs to
access other AWS resources like S3 buckets, DynamoDB tables, etc
EFSMountPath:
Type: String
Default: "/usr/share/nginx/html"
Mappings:
# Hard values for the subnet masks. These masks define
# the range of internal IP addresses that can be assigned.
# The VPC can have all IP's from 10.0.0.0 to 10.0.255.255
# There are four subnets which cover the ranges:
#
# 10.0.0.0 - 10.0.0.255
# 10.0.1.0 - 10.0.1.255
# 10.0.2.0 - 10.0.2.255
# 10.0.3.0 - 10.0.3.255
SubnetConfig:
VPC:
CIDR: '10.0.0.0/16'
PublicOne:
CIDR: '10.0.0.0/24'
PublicTwo:
CIDR: '10.0.1.0/24'
# A log group for storing the stdout logs from this service's containers
Conditions:
HasCustomRole: !Not [ !Equals [!Ref 'Role', ''] ]
2021-02-07 00:37:34 +00:00
Resources:
2021-02-07 01:13:56 +00:00
SubscriptionFilter:
Type: AWS::Logs::SubscriptionFilter
Properties:
RoleArn:
Fn::GetAtt:
- "CloudWatchIAMRole"
- "Arn"
2021-02-07 02:09:29 +00:00
LogGroupName: !Ref 'ServiceName'
2021-02-07 01:13:56 +00:00
DestinationArn:
Fn::GetAtt:
- "KinesisStream"
- "Arn"
2021-02-07 02:08:17 +00:00
CloudWatchIAMRole:
Type: 'AWS::IAM::Role'
Properties:
2021-02-07 02:23:13 +00:00
AssumeRolePolicyDocument:
2021-02-07 02:26:27 +00:00
Version: "2012-10-17"
2021-02-07 02:23:13 +00:00
Statement:
- Effect: "Allow"
2021-02-07 02:28:45 +00:00
Action: "*"
Resource: "*"
2021-02-07 01:13:56 +00:00
2021-02-07 00:37:34 +00:00
KinesisStream:
Type: AWS::Kinesis::Stream
Properties:
Name: !Ref 'ServiceName'
ShardCount: 1
# The task definition. This is a simple metadata description of what
# container to run, and what resource requirements it has.
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Ref 'ServiceName'
Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory'
NetworkMode: awsvpc
Volumes:
- Name: efs-data
EFSVolumeConfiguration:
2021-02-07 00:37:34 +00:00
FilesystemId:
Fn::ImportValue: !Sub ${EnvironmentName}:EfsFileStorageId
TransitEncryption: ENABLED
RequiresCompatibilities:
- FARGATE
2021-02-07 00:37:34 +00:00
ExecutionRoleArn:
Fn::ImportValue: !Sub ${EnvironmentName}:ECSTaskExecutionRole
TaskRoleArn:
Fn::If:
- 'HasCustomRole'
- !Ref 'Role'
- !Ref "AWS::NoValue"
ContainerDefinitions:
2021-02-07 00:37:34 +00:00
- Name: !Ref 'ServiceName'
Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory'
Image: !Ref 'ImageUrl'
Environment:
- Name: ALLOW_EMPTY_PASSWORD
Value: 'yes'
MountPoints:
- SourceVolume: efs-data
ContainerPath: !Ref EFSMountPath
ReadOnly: false
LogConfiguration:
LogDriver: 'awslogs'
Options:
awslogs-group: !Ref 'ServiceName'
awslogs-region: !Ref 'AWS::Region'
2021-02-07 00:37:34 +00:00
awslogs-stream-prefix: !Ref 'ServiceName'