unity-builder/action/task-def-formation.yml

283 lines
8.2 KiB
YAML
Raw Normal View History

2021-02-07 17:57:25 +00:00
AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS Fargate cluster that can span public and private subnets. Supports public
facing load balancers, private internal load balancers, and both internal and
external service discovery namespaces.
Parameters:
EnvironmentName:
Type: String
Default: development
2021-02-07 17:57:25 +00:00
Description: 'Your deployment environment: DEV, QA , PROD'
ServiceName:
Type: String
Default: example
Description: A name for the service
ImageUrl:
Type: String
Default: nginx
2021-02-07 17:57:25 +00:00
Description: >-
The url of a docker image that contains the application process that will
handle the traffic for this service
ContainerPort:
Type: Number
Default: 80
Description: What port number the application inside the docker container is binding to
ContainerCpu:
Type: Number
Default: 256
Description: How much CPU to give the container. 1024 is 1 CPU
ContainerMemory:
Type: Number
Default: 512
Description: How much memory in megabytes to give the container
Command:
Type: String
Default: 'ls'
EntryPoint:
Type: String
2021-02-14 17:23:42 +00:00
Default: '/bin/sh'
WorkingDirectory:
Type: String
Default: '/efsdata/'
Role:
Type: String
2021-02-07 17:57:25 +00:00
Default: ''
Description: >-
(Optional) An IAM role to give the service's containers if the code within
needs to access other AWS resources like S3 buckets, DynamoDB tables, etc
EFSMountDirectory:
Type: String
2021-02-14 19:30:42 +00:00
Default: '/efsdata'
2021-02-14 19:27:42 +00:00
GithubToken:
2021-02-14 18:24:09 +00:00
Type: String
2021-02-14 19:58:22 +00:00
Default: 'Secret'
2021-02-14 19:27:42 +00:00
UnityLicense:
2021-02-14 19:14:41 +00:00
Type: String
2021-02-14 19:58:22 +00:00
Default: 'Secret'
2021-02-14 19:27:42 +00:00
AndroidKeystoreBase64:
2021-02-14 19:14:41 +00:00
Type: String
2021-02-14 19:58:22 +00:00
Default: 'Secret'
2021-02-14 19:27:42 +00:00
AndroidKeystorePass:
2021-02-14 19:14:41 +00:00
Type: String
2021-02-14 19:58:22 +00:00
Default: 'Secret'
2021-02-14 19:27:42 +00:00
AndroidKeyAliasPass:
2021-02-14 18:24:09 +00:00
Type: String
2021-02-14 19:58:22 +00:00
Default: 'Secret'
2021-02-14 20:24:27 +00:00
BUILDID:
Type: String
Default: 'noid'
Mappings:
SubnetConfig:
VPC:
2021-02-07 17:57:25 +00:00
CIDR: 10.0.0.0/16
PublicOne:
2021-02-07 17:57:25 +00:00
CIDR: 10.0.0.0/24
PublicTwo:
2021-02-07 17:57:25 +00:00
CIDR: 10.0.1.0/24
Conditions:
2021-02-07 17:57:25 +00:00
HasCustomRole: !Not
- !Equals
- Ref: Role
- ''
Resources:
2021-02-07 14:26:22 +00:00
LogGroup:
2021-02-07 17:57:25 +00:00
Type: 'AWS::Logs::LogGroup'
2021-02-07 14:26:22 +00:00
Properties:
2021-02-07 17:57:25 +00:00
LogGroupName: !Ref ServiceName
Metadata:
'AWS::CloudFormation::Designer':
id: aece53ae-b82d-4267-bc16-ed964b05db27
2021-02-07 01:13:56 +00:00
SubscriptionFilter:
2021-02-07 17:57:25 +00:00
Type: 'AWS::Logs::SubscriptionFilter'
2021-02-07 01:13:56 +00:00
Properties:
2021-02-07 14:24:01 +00:00
FilterPattern: ''
2021-02-07 16:18:46 +00:00
RoleArn:
2021-02-07 17:57:25 +00:00
'Fn::ImportValue': !Sub '${EnvironmentName}:CloudWatchIAMRole'
LogGroupName: !Ref ServiceName
2021-02-07 01:13:56 +00:00
DestinationArn:
2021-02-07 17:57:25 +00:00
'Fn::GetAtt':
- KinesisStream
- Arn
Metadata:
'AWS::CloudFormation::Designer':
id: 7f809e91-9e5d-4678-98c1-c5085956c480
DependsOn:
- LogGroup
- KinesisStream
2021-02-07 00:37:34 +00:00
KinesisStream:
2021-02-07 17:57:25 +00:00
Type: 'AWS::Kinesis::Stream'
2021-02-07 00:37:34 +00:00
Properties:
2021-02-07 17:57:25 +00:00
Name: !Ref ServiceName
2021-02-07 00:37:34 +00:00
ShardCount: 1
2021-02-07 17:57:25 +00:00
Metadata:
'AWS::CloudFormation::Designer':
id: c6f18447-b879-4696-8873-f981b2cedd2b
2021-02-14 19:43:22 +00:00
2021-02-14 19:27:42 +00:00
GithubTokenSecret:
2021-02-14 19:14:41 +00:00
Type: AWS::SecretsManager::Secret
Properties:
2021-02-14 20:24:27 +00:00
Name: !Join [ "", [ 'GithubToken', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
SecretString: !Ref GithubToken
2021-02-14 19:43:22 +00:00
2021-02-14 19:14:41 +00:00
UnityLicenseSecret:
Type: AWS::SecretsManager::Secret
Properties:
2021-02-14 20:24:27 +00:00
Name: !Join [ "", [ 'UnityLicense', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
SecretString: !Ref UnityLicense
2021-02-14 19:43:22 +00:00
2021-02-14 19:14:41 +00:00
AndroidKeystoreBase64Secret:
Type: AWS::SecretsManager::Secret
Properties:
2021-02-14 20:24:27 +00:00
Name: !Join [ "", [ 'AndroidKeystoreBase64', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
SecretString: !Ref AndroidKeystoreBase64
2021-02-14 19:43:22 +00:00
2021-02-14 19:14:41 +00:00
AndroidKeystorePassSecret:
Type: AWS::SecretsManager::Secret
Properties:
2021-02-14 20:24:27 +00:00
Name: !Join [ "", [ 'AndroidKeystorePass', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
SecretString: !Ref AndroidKeystorePass
2021-02-14 19:43:22 +00:00
2021-02-14 19:27:42 +00:00
AndroidKeyAliasPassSecret:
2021-02-14 18:24:09 +00:00
Type: AWS::SecretsManager::Secret
Properties:
2021-02-14 20:24:27 +00:00
Name: !Join [ "", [ 'AndroidKeyAliasPass', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
SecretString: !Ref AndroidKeyAliasPass
2021-02-14 19:43:22 +00:00
TaskDefinition:
2021-02-07 17:57:25 +00:00
Type: 'AWS::ECS::TaskDefinition'
Properties:
2021-02-07 17:57:25 +00:00
Family: !Ref ServiceName
Cpu: !Ref ContainerCpu
Memory: !Ref ContainerMemory
NetworkMode: awsvpc
Volumes:
- Name: efs-data
EFSVolumeConfiguration:
2021-02-07 00:37:34 +00:00
FilesystemId:
2021-02-07 17:57:25 +00:00
'Fn::ImportValue': !Sub '${EnvironmentName}:EfsFileStorageId'
TransitEncryption: ENABLED
RequiresCompatibilities:
- FARGATE
2021-02-07 00:37:34 +00:00
ExecutionRoleArn:
2021-02-07 17:57:25 +00:00
'Fn::ImportValue': !Sub '${EnvironmentName}:ECSTaskExecutionRole'
TaskRoleArn:
2021-02-07 17:57:25 +00:00
'Fn::If':
- HasCustomRole
- !Ref Role
- !Ref 'AWS::NoValue'
ContainerDefinitions:
2021-02-07 17:57:25 +00:00
- Name: !Ref ServiceName
Cpu: !Ref ContainerCpu
Memory: !Ref ContainerMemory
Image: !Ref ImageUrl
EntryPoint:
Fn::Split:
- ","
- !Ref EntryPoint
Command:
Fn::Split:
- ","
2021-02-12 21:29:53 +00:00
- !Ref Command
2021-02-12 21:34:09 +00:00
WorkingDirectory: !Ref WorkingDirectory
2021-02-07 00:37:34 +00:00
Environment:
- Name: ALLOW_EMPTY_PASSWORD
Value: 'yes'
MountPoints:
- SourceVolume: efs-data
ContainerPath: !Ref EFSMountDirectory
ReadOnly: false
2021-02-14 18:24:09 +00:00
Secrets:
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'GITHUB_TOKEN_', !Ref BUILDID ] ]
2021-02-14 19:47:02 +00:00
ValueFrom: !Ref GithubTokenSecret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'UNITY_LICENSE_', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
ValueFrom: !Ref UnityLicenseSecret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'ANDROID_KEYSTORE_BASE64_', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
ValueFrom: !Ref AndroidKeystoreBase64Secret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'ANDROID_KEYSTORE_PASS_', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
ValueFrom: !Ref AndroidKeystorePassSecret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'ANDROID_KEYALIAS_PASS_', !Ref BUILDID ] ]
2021-02-14 19:27:42 +00:00
ValueFrom: !Ref AndroidKeyAliasPassSecret
LogConfiguration:
2021-02-07 17:57:25 +00:00
LogDriver: awslogs
2021-02-14 19:27:42 +00:00
SecretOptions:
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'GITHUB_TOKEN_', !Ref BUILDID ] ]
2021-02-14 19:51:26 +00:00
ValueFrom: !Ref GithubTokenSecret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'UNITY_LICENSE_', !Ref BUILDID ] ]
2021-02-14 19:30:42 +00:00
ValueFrom: !Ref UnityLicenseSecret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'ANDROID_KEYSTORE_BASE64_', !Ref BUILDID ] ]
2021-02-14 19:30:42 +00:00
ValueFrom: !Ref AndroidKeystoreBase64Secret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'ANDROID_KEYSTORE_PASS_', !Ref BUILDID ] ]
2021-02-14 19:30:42 +00:00
ValueFrom: !Ref AndroidKeystorePassSecret
2021-02-14 20:24:27 +00:00
- Name: !Join [ "", [ 'ANDROID_KEYALIAS_PASS_', !Ref BUILDID ] ]
2021-02-14 19:30:42 +00:00
ValueFrom: !Ref AndroidKeyAliasPassSecret
Options:
2021-02-07 17:57:25 +00:00
awslogs-group: !Ref ServiceName
awslogs-region: !Ref 'AWS::Region'
2021-02-07 17:57:25 +00:00
awslogs-stream-prefix: !Ref ServiceName
Metadata:
'AWS::CloudFormation::Designer':
id: dabb0116-abe0-48a6-a8af-cf9111c879a5
DependsOn:
- LogGroup
Metadata:
'AWS::CloudFormation::Designer':
dabb0116-abe0-48a6-a8af-cf9111c879a5:
size:
width: 60
height: 60
position:
x: 270
'y': 90
z: 1
embeds: []
dependson:
- aece53ae-b82d-4267-bc16-ed964b05db27
c6f18447-b879-4696-8873-f981b2cedd2b:
size:
width: 60
height: 60
position:
x: 270
'y': 210
z: 1
embeds: []
7f809e91-9e5d-4678-98c1-c5085956c480:
size:
width: 60
height: 60
position:
x: 60
'y': 300
z: 1
embeds: []
dependson:
- aece53ae-b82d-4267-bc16-ed964b05db27
- c6f18447-b879-4696-8873-f981b2cedd2b
aece53ae-b82d-4267-bc16-ed964b05db27:
size:
width: 150
height: 150
position:
x: 60
'y': 90
z: 1
embeds: []
4d2da56c-3643-46b8-aaee-e46e19f95fcc:
source:
id: 7f809e91-9e5d-4678-98c1-c5085956c480
target:
id: aece53ae-b82d-4267-bc16-ed964b05db27
z: 11
14eb957b-f094-4653-93c4-77b2f851953c:
source:
id: 7f809e91-9e5d-4678-98c1-c5085956c480
target:
id: c6f18447-b879-4696-8873-f981b2cedd2b
z: 12
85c57444-e5bb-4230-bc85-e545cd4558f6:
source:
id: dabb0116-abe0-48a6-a8af-cf9111c879a5
target:
id: aece53ae-b82d-4267-bc16-ed964b05db27
z: 13