typescript aws
							parent
							
								
									479d05321f
								
							
						
					
					
						commit
						03175de2bf
					
				|  | @ -0,0 +1,413 @@ | |||
| AWSTemplateFormatVersion: '2010-09-09' | ||||
| Description: AWS Fargate cluster that can span public and private subnets. Supports | ||||
|              public facing load balancers, private internal load balancers, and | ||||
|              both internal and external service discovery namespaces. | ||||
| Parameters: | ||||
|   EnvironmentName: | ||||
|     Type: String | ||||
|     Default: development | ||||
|     Description: "Your deployment environment: DEV, QA , PROD" | ||||
| 
 | ||||
|   # ContainerPort: | ||||
|   #   Type: Number | ||||
|   #   Default: 80 | ||||
|   #   Description: What port number the application inside the docker container is binding to | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| Mappings: | ||||
|   # Hard values for the subnet masks. These masks define | ||||
|   # the range of internal IP addresses that can be assigned. | ||||
|   # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 | ||||
|   # There are four subnets which cover the ranges: | ||||
|   # | ||||
|   # 10.0.0.0 - 10.0.0.255 | ||||
|   # 10.0.1.0 - 10.0.1.255 | ||||
|   # 10.0.2.0 - 10.0.2.255 | ||||
|   # 10.0.3.0 - 10.0.3.255 | ||||
| 
 | ||||
|   SubnetConfig: | ||||
|     VPC: | ||||
|       CIDR: '10.0.0.0/16' | ||||
|     PublicOne: | ||||
|       CIDR: '10.0.0.0/24' | ||||
|     PublicTwo: | ||||
|       CIDR: '10.0.1.0/24' | ||||
| 
 | ||||
| Resources: | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
|   # VPC in which containers will be networked. | ||||
|   # It has two public subnets, and two private subnets. | ||||
|   # We distribute the subnets across the first two available subnets | ||||
|   # for the region, for high availability. | ||||
|   VPC: | ||||
|     Type: AWS::EC2::VPC | ||||
|     Properties: | ||||
|       EnableDnsSupport: true | ||||
|       EnableDnsHostnames: true | ||||
|       CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] | ||||
| 
 | ||||
|   EFSServerSecurityGroup: | ||||
|     Type: AWS::EC2::SecurityGroup | ||||
|     Properties: | ||||
|       GroupName: "efs-server-endpoints" | ||||
|       GroupDescription: Which client ip addrs are allowed to access EFS server | ||||
|       VpcId: !Ref 'VPC' | ||||
|       SecurityGroupIngress: | ||||
|         - IpProtocol: tcp | ||||
|           FromPort: 2049 | ||||
|           ToPort: 2049 | ||||
|           SourceSecurityGroupId: !Ref ContainerSecurityGroup | ||||
|           #CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] | ||||
|     # A security group for the containers we will run in Fargate. | ||||
|   # Rules are added to this security group based on what ingress you | ||||
|   # add for the cluster. | ||||
|   ContainerSecurityGroup: | ||||
|     Type: AWS::EC2::SecurityGroup | ||||
|     Properties: | ||||
|       GroupName: "task security group" | ||||
|       GroupDescription: Access to the Fargate containers | ||||
|       VpcId: !Ref 'VPC' | ||||
|       # SecurityGroupIngress: | ||||
|       #   - IpProtocol: tcp | ||||
|       #     FromPort: !Ref ContainerPort | ||||
|       #     ToPort: !Ref ContainerPort | ||||
|       #     CidrIp: 0.0.0.0/0 | ||||
|       SecurityGroupEgress: | ||||
|         - IpProtocol: -1 | ||||
|           FromPort: 2049 | ||||
|           ToPort: 2049 | ||||
|           CidrIp: "0.0.0.0/0" | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
|   # Two public subnets, where containers can have public IP addresses | ||||
|   PublicSubnetOne: | ||||
|     Type: AWS::EC2::Subnet | ||||
|     Properties: | ||||
|       AvailabilityZone: !Select | ||||
|         - 0 | ||||
|         - Fn::GetAZs: !Ref 'AWS::Region' | ||||
|       VpcId: !Ref 'VPC' | ||||
|       CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] | ||||
|     #  MapPublicIpOnLaunch: true | ||||
| 
 | ||||
|   PublicSubnetTwo: | ||||
|     Type: AWS::EC2::Subnet | ||||
|     Properties: | ||||
|       AvailabilityZone: !Select | ||||
|         - 1 | ||||
|         - Fn::GetAZs: !Ref 'AWS::Region' | ||||
|       VpcId: !Ref 'VPC' | ||||
|       CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] | ||||
|     #  MapPublicIpOnLaunch: true | ||||
| 
 | ||||
| 
 | ||||
|   # Setup networking resources for the public subnets. Containers | ||||
|   # in the public subnets have public IP addresses and the routing table | ||||
|   # sends network traffic via the internet gateway. | ||||
|   InternetGateway: | ||||
|     Type: AWS::EC2::InternetGateway | ||||
|   GatewayAttachement: | ||||
|     Type: AWS::EC2::VPCGatewayAttachment | ||||
|     Properties: | ||||
|       VpcId: !Ref 'VPC' | ||||
|       InternetGatewayId: !Ref 'InternetGateway' | ||||
| 
 | ||||
|   # Attaching a Internet Gateway to route table makes it public. | ||||
|   PublicRouteTable: | ||||
|     Type: AWS::EC2::RouteTable | ||||
|     Properties: | ||||
|       VpcId: !Ref 'VPC' | ||||
|   PublicRoute: | ||||
|     Type: AWS::EC2::Route | ||||
|     DependsOn: GatewayAttachement | ||||
|     Properties: | ||||
|       RouteTableId: !Ref 'PublicRouteTable' | ||||
|       DestinationCidrBlock: '0.0.0.0/0' | ||||
|       GatewayId: !Ref 'InternetGateway' | ||||
| 
 | ||||
|   # Attaching a public route table makes a subnet public. | ||||
|   PublicSubnetOneRouteTableAssociation: | ||||
|     Type: AWS::EC2::SubnetRouteTableAssociation | ||||
|     Properties: | ||||
|       SubnetId: !Ref PublicSubnetOne | ||||
|       RouteTableId: !Ref PublicRouteTable | ||||
|   PublicSubnetTwoRouteTableAssociation: | ||||
|     Type: AWS::EC2::SubnetRouteTableAssociation | ||||
|     Properties: | ||||
|       SubnetId: !Ref PublicSubnetTwo | ||||
|       RouteTableId: !Ref PublicRouteTable | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
|   # ECS Resources | ||||
|   ECSCluster: | ||||
|     Type: AWS::ECS::Cluster | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
|   # A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets | ||||
|   # on your AWS account | ||||
|   AutoscalingRole: | ||||
|     Type: AWS::IAM::Role | ||||
|     Properties: | ||||
|       AssumeRolePolicyDocument: | ||||
|         Statement: | ||||
|         - Effect: Allow | ||||
|           Principal: | ||||
|             Service: [application-autoscaling.amazonaws.com] | ||||
|           Action: ['sts:AssumeRole'] | ||||
|       Path: / | ||||
|       Policies: | ||||
|       - PolicyName: service-autoscaling | ||||
|         PolicyDocument: | ||||
|           Statement: | ||||
|           - Effect: Allow | ||||
|             Action: | ||||
|               - 'application-autoscaling:*' | ||||
|               - 'cloudwatch:DescribeAlarms' | ||||
|               - 'cloudwatch:PutMetricAlarm' | ||||
|               - 'ecs:DescribeServices' | ||||
|               - 'ecs:UpdateService' | ||||
|             Resource: '*' | ||||
| 
 | ||||
|   # This is an IAM role which authorizes ECS to manage resources on your | ||||
|   # account on your behalf, such as updating your load balancer with the | ||||
|   # details of where your containers are, so that traffic can reach your | ||||
|   # containers. | ||||
|   ECSRole: | ||||
|     Type: AWS::IAM::Role | ||||
|     Properties: | ||||
|       AssumeRolePolicyDocument: | ||||
|         Statement: | ||||
|         - Effect: Allow | ||||
|           Principal: | ||||
|             Service: [ecs.amazonaws.com] | ||||
|           Action: ['sts:AssumeRole'] | ||||
|       Path: / | ||||
|       Policies: | ||||
|       - PolicyName: ecs-service | ||||
|         PolicyDocument: | ||||
|           Statement: | ||||
|           - Effect: Allow | ||||
|             Action: | ||||
|               # Rules which allow ECS to attach network interfaces to instances | ||||
|               # on your behalf in order for awsvpc networking mode to work right | ||||
|               - 'ec2:AttachNetworkInterface' | ||||
|               - 'ec2:CreateNetworkInterface' | ||||
|               - 'ec2:CreateNetworkInterfacePermission' | ||||
|               - 'ec2:DeleteNetworkInterface' | ||||
|               - 'ec2:DeleteNetworkInterfacePermission' | ||||
|               - 'ec2:Describe*' | ||||
|               - 'ec2:DetachNetworkInterface' | ||||
| 
 | ||||
|               # Rules which allow ECS to update load balancers on your behalf | ||||
|               # with the information sabout how to send traffic to your containers | ||||
|               - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer' | ||||
|               - 'elasticloadbalancing:DeregisterTargets' | ||||
|               - 'elasticloadbalancing:Describe*' | ||||
|               - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer' | ||||
|               - 'elasticloadbalancing:RegisterTargets' | ||||
|             Resource: '*' | ||||
| 
 | ||||
|   # This is a role which is used by the ECS tasks themselves. | ||||
|   ECSTaskExecutionRole: | ||||
|     Type: AWS::IAM::Role | ||||
|     Properties: | ||||
|       AssumeRolePolicyDocument: | ||||
|         Statement: | ||||
|         - Effect: Allow | ||||
|           Principal: | ||||
|             Service: [ecs-tasks.amazonaws.com] | ||||
|           Action: ['sts:AssumeRole'] | ||||
|       Path: / | ||||
|       Policies: | ||||
|         - PolicyName: AmazonECSTaskExecutionRolePolicy | ||||
|           PolicyDocument: | ||||
|             Statement: | ||||
|             - Effect: Allow | ||||
|               Action: | ||||
|                 # Allow upload to S3 | ||||
|                 - 's3:GetObject' | ||||
|                 - 's3:GetObjectVersion' | ||||
|                 - 's3:PutObject' | ||||
| 
 | ||||
|                 # Allow the use of secret manager | ||||
|                 - 'secretsmanager:GetSecretValue' | ||||
|                 - 'kms:Decrypt' | ||||
| 
 | ||||
|                 # Allow the ECS Tasks to download images from ECR | ||||
|                 - 'ecr:GetAuthorizationToken' | ||||
|                 - 'ecr:BatchCheckLayerAvailability' | ||||
|                 - 'ecr:GetDownloadUrlForLayer' | ||||
|                 - 'ecr:BatchGetImage' | ||||
| 
 | ||||
|                 # Allow the ECS tasks to upload logs to CloudWatch | ||||
|                 - 'logs:CreateLogStream' | ||||
|                 - 'logs:PutLogEvents' | ||||
|               Resource: '*' | ||||
|    | ||||
|   DeleteCFNLambdaExecutionRole: | ||||
|     Type: "AWS::IAM::Role" | ||||
|     Properties: | ||||
|       AssumeRolePolicyDocument: | ||||
|         Version: "2012-10-17" | ||||
|         Statement: | ||||
|         - Effect: "Allow" | ||||
|           Principal: | ||||
|             Service: ["lambda.amazonaws.com"] | ||||
|           Action: "sts:AssumeRole" | ||||
|       Path: "/" | ||||
|       Policies: | ||||
|       - PolicyName: "DeleteLambdaExRoleName" | ||||
|         PolicyDocument: | ||||
|           Version: "2012-10-17" | ||||
|           Statement: | ||||
|           - Effect: "Allow" | ||||
|             Action: | ||||
|             - "logs:CreateLogGroup" | ||||
|             - "logs:CreateLogStream" | ||||
|             - "logs:PutLogEvents" | ||||
|             Resource: "arn:aws:logs:*:*:*" | ||||
|           - Effect: "Allow" | ||||
|             Action: | ||||
|             - "cloudformation:DeleteStack" | ||||
|             Resource: "*" | ||||
| 
 | ||||
| 
 | ||||
| ### cloud watch to kinesis role | ||||
| 
 | ||||
|   CloudWatchIAMRole: | ||||
|     Type: AWS::IAM::Role | ||||
|     Properties: | ||||
|       AssumeRolePolicyDocument: | ||||
|         Statement: | ||||
|         - Effect: Allow | ||||
|           Principal: | ||||
|             Service: [logs.amazonaws.com] | ||||
|           Action: ['sts:AssumeRole'] | ||||
|       Path: / | ||||
|       Policies: | ||||
|       - PolicyName: service-autoscaling | ||||
|         PolicyDocument: | ||||
|           Statement: | ||||
|           - Effect: Allow | ||||
|             Action: | ||||
|               - 'kinesis:PutRecord' | ||||
|             Resource: '*' | ||||
| #####################EFS##################### | ||||
| 
 | ||||
|   EfsFileStorage: | ||||
|     Type: 'AWS::EFS::FileSystem' | ||||
|     Properties: | ||||
|       BackupPolicy: | ||||
|         Status: ENABLED | ||||
|       PerformanceMode: maxIO | ||||
|       Encrypted: false | ||||
| 
 | ||||
| 
 | ||||
|       FileSystemPolicy: | ||||
|         Version: "2012-10-17" | ||||
|         Statement: | ||||
|           - Effect: "Allow" | ||||
|             Action: | ||||
|               - "elasticfilesystem:ClientMount" | ||||
|               - "elasticfilesystem:ClientWrite" | ||||
|               - "elasticfilesystem:ClientRootAccess" | ||||
|             Principal: | ||||
|               AWS: "*" | ||||
| 
 | ||||
| 
 | ||||
|   MountTargetResource1: | ||||
|     Type: AWS::EFS::MountTarget | ||||
|     Properties: | ||||
|       FileSystemId: !Ref EfsFileStorage | ||||
|       SubnetId: !Ref PublicSubnetOne | ||||
|       SecurityGroups: | ||||
|       - !Ref EFSServerSecurityGroup | ||||
| 
 | ||||
|   MountTargetResource2: | ||||
|     Type: AWS::EFS::MountTarget | ||||
|     Properties: | ||||
|       FileSystemId: !Ref EfsFileStorage | ||||
|       SubnetId: !Ref PublicSubnetTwo | ||||
|       SecurityGroups: | ||||
|       - !Ref EFSServerSecurityGroup | ||||
| 
 | ||||
|   S3Bucket: | ||||
|     Type: 'AWS::S3::Bucket' | ||||
|     DeletionPolicy: Retain | ||||
|     Properties: | ||||
|       BucketName: game-ci-storage | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| Outputs: | ||||
| 
 | ||||
|   EfsFileStorageId: | ||||
|     Description: 'The connection endpoint for the database.' | ||||
|     Value: !Ref EfsFileStorage | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:EfsFileStorageId | ||||
|   ClusterName: | ||||
|     Description: The name of the ECS cluster | ||||
|     Value: !Ref 'ECSCluster' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:ClusterName | ||||
|   AutoscalingRole: | ||||
|     Description: The ARN of the role used for autoscaling | ||||
|     Value: !GetAtt 'AutoscalingRole.Arn' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:AutoscalingRole | ||||
|   ECSRole: | ||||
|     Description: The ARN of the ECS role | ||||
|     Value: !GetAtt 'ECSRole.Arn' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:ECSRole | ||||
|   ECSTaskExecutionRole: | ||||
|     Description: The ARN of the ECS role tsk execution role | ||||
|     Value: !GetAtt 'ECSTaskExecutionRole.Arn' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:ECSTaskExecutionRole | ||||
|    | ||||
|   DeleteCFNLambdaExecutionRole: | ||||
|     Description: s3 | ||||
|     Value: !GetAtt 'ECSTaskExecutionRole.Arn' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:DeleteCFNLambdaExecutionRole | ||||
| 
 | ||||
|   CloudWatchIAMRole: | ||||
|     Description: The ARN of the CloudWatch role for subscription filter | ||||
|     Value: !GetAtt 'CloudWatchIAMRole.Arn' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:CloudWatchIAMRole | ||||
|   VpcId: | ||||
|     Description: The ID of the VPC that this stack is deployed in | ||||
|     Value: !Ref 'VPC' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:VpcId | ||||
|   PublicSubnetOne: | ||||
|     Description: Public subnet one | ||||
|     Value: !Ref 'PublicSubnetOne' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:PublicSubnetOne | ||||
|   PublicSubnetTwo: | ||||
|     Description: Public subnet two | ||||
|     Value: !Ref 'PublicSubnetTwo' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:PublicSubnetTwo | ||||
| 
 | ||||
|   ContainerSecurityGroup: | ||||
|     Description: A security group used to allow Fargate containers to receive traffic | ||||
|     Value: !Ref 'ContainerSecurityGroup' | ||||
|     Export: | ||||
|       Name: !Sub ${EnvironmentName}:ContainerSecurityGroup | ||||
|  | @ -23,39 +23,32 @@ Parameters: | |||
|   TTL: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
|   DeleteLambdaExRoleName: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
|   DeleteCFNLambdaName: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
|   DeleteStackEventRuleName: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
|   DeleteCFNLambdaPermissionName: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
|   LambdaExecutionRoleName: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
|   GenerateCronExpressionLambdaName: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
|   GenerateCronExpressionName: | ||||
|     Type: Number | ||||
|     Description: Time-to-live in minutes for the stack. | ||||
| Resources: | ||||
|   DeleteCFNLambdaExecutionRole: | ||||
|     Type: "AWS::IAM::Role" | ||||
|     Properties: | ||||
|       AssumeRolePolicyDocument: | ||||
|         Version: "2012-10-17" | ||||
|         Statement: | ||||
|         - Effect: "Allow" | ||||
|           Principal: | ||||
|             Service: ["lambda.amazonaws.com"] | ||||
|           Action: "sts:AssumeRole" | ||||
|       Path: "/" | ||||
|       Policies: | ||||
|       - PolicyName: "DeleteLambdaExRole${BUILDID}" | ||||
|         PolicyDocument: | ||||
|           Version: "2012-10-17" | ||||
|           Statement: | ||||
|           - Effect: "Allow" | ||||
|             Action: | ||||
|             - "logs:CreateLogGroup" | ||||
|             - "logs:CreateLogStream" | ||||
|             - "logs:PutLogEvents" | ||||
|             Resource: "arn:aws:logs:*:*:*" | ||||
|           - Effect: "Allow" | ||||
|             Action: | ||||
|             - "cloudformation:DeleteStack" | ||||
|             Resource: !Sub "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${BUILDID}/*" | ||||
|   DeleteCFNLambda: | ||||
|     Type: "AWS::Lambda::Function" | ||||
|     DependsOn: | ||||
|       - DeleteCFNLambdaExecutionRole | ||||
|     Properties: | ||||
|       FunctionName: "DeleteCFNLambda-${BUILDID}" | ||||
|       FunctionName: !Ref "DeleteCFNLambdaName" | ||||
|       Code: | ||||
|         ZipFile: | | ||||
|           import boto3 | ||||
|  | @ -83,14 +76,14 @@ Resources: | |||
|       Handler: "index.handler" | ||||
|       Runtime: "python3.6" | ||||
|       Timeout: "5" | ||||
|       Role: !GetAtt DeleteCFNLambdaExecutionRole.Arn | ||||
|       Role: 'Fn::ImportValue': !Sub '${EnvironmentName}:DeleteCFNLambdaExecutionRole' | ||||
|   DeleteStackEventRule: | ||||
|      DependsOn: | ||||
|        - DeleteCFNLambda | ||||
|        - GenerateCronExpression | ||||
|      Type: "AWS::Events::Rule" | ||||
|      Properties: | ||||
|        Name: "DeleteStackEventRule${BUILDID}" | ||||
|        Name: !Ref "DeleteStackEventRuleName" | ||||
|        Description: Delete stack event | ||||
|        ScheduleExpression: !GetAtt GenerateCronExpression.cron_exp | ||||
|        State: "ENABLED" | ||||
|  | @ -101,36 +94,14 @@ Resources: | |||
|   PermissionForDeleteCFNLambda:  | ||||
|     Type: "AWS::Lambda::Permission" | ||||
|     Properties:  | ||||
|       FunctionName: "DeleteCFNLambda-${BUILDID}" | ||||
|       FunctionName: "DeleteCFNLambdaPermission" | ||||
|       Action: "lambda:InvokeFunction" | ||||
|       Principal: "events.amazonaws.com" | ||||
|       SourceArn: !GetAtt DeleteStackEventRule.Arn | ||||
|   BasicLambdaExecutionRole: | ||||
|     Type: "AWS::IAM::Role" | ||||
|     Properties: | ||||
|       AssumeRolePolicyDocument: | ||||
|         Version: "2012-10-17" | ||||
|         Statement: | ||||
|         - Effect: "Allow" | ||||
|           Principal: | ||||
|             Service: ["lambda.amazonaws.com"] | ||||
|           Action: "sts:AssumeRole" | ||||
|       Path: "/" | ||||
|       Policies: | ||||
|       - PolicyName: "BasicLambdaExecutionRole-${BUILDID}" | ||||
|         PolicyDocument: | ||||
|           Version: "2012-10-17" | ||||
|           Statement: | ||||
|           - Effect: "Allow" | ||||
|             Action: | ||||
|             - "logs:CreateLogGroup" | ||||
|             - "logs:CreateLogStream" | ||||
|             - "logs:PutLogEvents" | ||||
|             Resource: "arn:aws:logs:*:*:*" | ||||
|   GenerateCronExpLambda: | ||||
|     Type: "AWS::Lambda::Function" | ||||
|     Properties: | ||||
|       FunctionName: "MakeCronLambda-${BUILDID}" | ||||
|       FunctionName: "GenerateCronExpressionLambda" | ||||
|       Code: | ||||
|         ZipFile: | | ||||
|           from datetime import datetime, timedelta | ||||
|  | @ -168,12 +139,11 @@ Resources: | |||
|       Handler: "index.handler" | ||||
|       Runtime: "python3.6" | ||||
|       Timeout: "5" | ||||
|       Role: !GetAtt BasicLambdaExecutionRole.Arn | ||||
| 
 | ||||
|       Role: 'Fn::ImportValue': !Sub '${EnvironmentName}:ECSTaskExecutionRole' | ||||
|   GenerateCronExpression: | ||||
|     Type: "Custom::GenerateCronExpression" | ||||
|     Version: "1.0" | ||||
|     Properties: | ||||
|       Name: !Sub "GenerateCronExpression-${BUILDID}" | ||||
|       Name: "GenerateCronExpression" | ||||
|       ServiceToken: !GetAtt GenerateCronExpLambda.Arn | ||||
|       ttl: !Ref 'TTL' | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue