actions
/
unity-builder
mirror of https://github.com/game-ci/unity-builder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

baked in cloud formation template

pull/387/head
Frostebite 2022-04-20 22:59:33 +01:00
parent fe99ed800f
commit 709c102c38
3 changed files with 773 additions and 773 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

722
dist/index.js vendored
View File

@ -1409,393 +1409,393 @@ class BaseStackFormation {
} }
exports.BaseStackFormation = BaseStackFormation; exports.BaseStackFormation = BaseStackFormation;
BaseStackFormation.formation = ` AWSTemplateFormatVersion: '2010-09-09' BaseStackFormation.formation = ` AWSTemplateFormatVersion: '2010-09-09'
Description: Game-CI base stack Description: Game-CI base stack
Parameters: Parameters:
EnvironmentName: EnvironmentName:
Type: String Type: String
Default: development Default: development
Description: 'Your deployment environment: DEV, QA , PROD' Description: 'Your deployment environment: DEV, QA , PROD'
Version: Version:
Type: String Type: String
Description: 'hash of template' Description: 'hash of template'
# ContainerPort: # ContainerPort:
# Type: Number # Type: Number
# Default: 80 # Default: 80
# Description: What port number the application inside the docker container is binding to # Description: What port number the application inside the docker container is binding to
Mappings: Mappings:
# Hard values for the subnet masks. These masks define # Hard values for the subnet masks. These masks define
# the range of internal IP addresses that can be assigned. # the range of internal IP addresses that can be assigned.
# The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255
# There are four subnets which cover the ranges: # There are four subnets which cover the ranges:
# #
# 10.0.0.0 - 10.0.0.255 # 10.0.0.0 - 10.0.0.255
# 10.0.1.0 - 10.0.1.255 # 10.0.1.0 - 10.0.1.255
# 10.0.2.0 - 10.0.2.255 # 10.0.2.0 - 10.0.2.255
# 10.0.3.0 - 10.0.3.255 # 10.0.3.0 - 10.0.3.255
SubnetConfig: SubnetConfig:
VPC:
CIDR: '10.0.0.0/16'
PublicOne:
CIDR: '10.0.0.0/24'
PublicTwo:
CIDR: '10.0.1.0/24'
Resources:
# VPC in which containers will be networked.
# It has two public subnets, and two private subnets.
# We distribute the subnets across the first two available subnets
# for the region, for high availability.
VPC: VPC:
CIDR: '10.0.0.0/16' Type: AWS::EC2::VPC
PublicOne: Properties:
CIDR: '10.0.0.0/24' EnableDnsSupport: true
PublicTwo: EnableDnsHostnames: true
CIDR: '10.0.1.0/24' CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
Resources: EFSServerSecurityGroup:
# VPC in which containers will be networked. Type: AWS::EC2::SecurityGroup
# It has two public subnets, and two private subnets. Properties:
# We distribute the subnets across the first two available subnets GroupName: 'efs-server-endpoints'
# for the region, for high availability. GroupDescription: Which client ip addrs are allowed to access EFS server
VPC: VpcId: !Ref 'VPC'
Type: AWS::EC2::VPC SecurityGroupIngress:
Properties: - IpProtocol: tcp
EnableDnsSupport: true FromPort: 2049
EnableDnsHostnames: true ToPort: 2049
CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] SourceSecurityGroupId: !Ref ContainerSecurityGroup
#CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
# A security group for the containers we will run in Fargate.
# Rules are added to this security group based on what ingress you
# add for the cluster.
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: 'task security group'
GroupDescription: Access to the Fargate containers
VpcId: !Ref 'VPC'
# SecurityGroupIngress:
# - IpProtocol: tcp
# FromPort: !Ref ContainerPort
# ToPort: !Ref ContainerPort
# CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
FromPort: 2049
ToPort: 2049
CidrIp: '0.0.0.0/0'
EFSServerSecurityGroup: # Two public subnets, where containers can have public IP addresses
Type: AWS::EC2::SecurityGroup PublicSubnetOne:
Properties: Type: AWS::EC2::Subnet
GroupName: 'efs-server-endpoints' Properties:
GroupDescription: Which client ip addrs are allowed to access EFS server AvailabilityZone: !Select
VpcId: !Ref 'VPC' - 0
SecurityGroupIngress: - Fn::GetAZs: !Ref 'AWS::Region'
- IpProtocol: tcp VpcId: !Ref 'VPC'
FromPort: 2049 CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']
ToPort: 2049 # MapPublicIpOnLaunch: true
SourceSecurityGroupId: !Ref ContainerSecurityGroup
#CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
# A security group for the containers we will run in Fargate.
# Rules are added to this security group based on what ingress you
# add for the cluster.
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: 'task security group'
GroupDescription: Access to the Fargate containers
VpcId: !Ref 'VPC'
# SecurityGroupIngress:
# - IpProtocol: tcp
# FromPort: !Ref ContainerPort
# ToPort: !Ref ContainerPort
# CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
FromPort: 2049
ToPort: 2049
CidrIp: '0.0.0.0/0'
# Two public subnets, where containers can have public IP addresses PublicSubnetTwo:
PublicSubnetOne: Type: AWS::EC2::Subnet
Type: AWS::EC2::Subnet Properties:
Properties: AvailabilityZone: !Select
AvailabilityZone: !Select - 1
- 0 - Fn::GetAZs: !Ref 'AWS::Region'
- Fn::GetAZs: !Ref 'AWS::Region' VpcId: !Ref 'VPC'
VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR']
CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] # MapPublicIpOnLaunch: true
# MapPublicIpOnLaunch: true
PublicSubnetTwo: # Setup networking resources for the public subnets. Containers
Type: AWS::EC2::Subnet # in the public subnets have public IP addresses and the routing table
Properties: # sends network traffic via the internet gateway.
AvailabilityZone: !Select InternetGateway:
- 1 Type: AWS::EC2::InternetGateway
- Fn::GetAZs: !Ref 'AWS::Region' GatewayAttachement:
VpcId: !Ref 'VPC' Type: AWS::EC2::VPCGatewayAttachment
CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] Properties:
# MapPublicIpOnLaunch: true VpcId: !Ref 'VPC'
InternetGatewayId: !Ref 'InternetGateway'
# Setup networking resources for the public subnets. Containers # Attaching a Internet Gateway to route table makes it public.
# in the public subnets have public IP addresses and the routing table PublicRouteTable:
# sends network traffic via the internet gateway. Type: AWS::EC2::RouteTable
InternetGateway: Properties:
Type: AWS::EC2::InternetGateway VpcId: !Ref 'VPC'
GatewayAttachement: PublicRoute:
Type: AWS::EC2::VPCGatewayAttachment Type: AWS::EC2::Route
Properties: DependsOn: GatewayAttachement
VpcId: !Ref 'VPC' Properties:
InternetGatewayId: !Ref 'InternetGateway' RouteTableId: !Ref 'PublicRouteTable'
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref 'InternetGateway'
# Attaching a Internet Gateway to route table makes it public. # Attaching a public route table makes a subnet public.
PublicRouteTable: PublicSubnetOneRouteTableAssociation:
Type: AWS::EC2::RouteTable Type: AWS::EC2::SubnetRouteTableAssociation
Properties: Properties:
VpcId: !Ref 'VPC' SubnetId: !Ref PublicSubnetOne
PublicRoute: RouteTableId: !Ref PublicRouteTable
Type: AWS::EC2::Route PublicSubnetTwoRouteTableAssociation:
DependsOn: GatewayAttachement Type: AWS::EC2::SubnetRouteTableAssociation
Properties: Properties:
RouteTableId: !Ref 'PublicRouteTable' SubnetId: !Ref PublicSubnetTwo
DestinationCidrBlock: '0.0.0.0/0' RouteTableId: !Ref PublicRouteTable
GatewayId: !Ref 'InternetGateway'
# Attaching a public route table makes a subnet public. # ECS Resources
PublicSubnetOneRouteTableAssociation: ECSCluster:
Type: AWS::EC2::SubnetRouteTableAssociation Type: AWS::ECS::Cluster
Properties:
SubnetId: !Ref PublicSubnetOne
RouteTableId: !Ref PublicRouteTable
PublicSubnetTwoRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetTwo
RouteTableId: !Ref PublicRouteTable
# ECS Resources # A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets
ECSCluster: # on your AWS account
Type: AWS::ECS::Cluster AutoscalingRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [application-autoscaling.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: service-autoscaling
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'application-autoscaling:*'
- 'cloudwatch:DescribeAlarms'
- 'cloudwatch:PutMetricAlarm'
- 'ecs:DescribeServices'
- 'ecs:UpdateService'
Resource: '*'
# A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets # This is an IAM role which authorizes ECS to manage resources on your
# on your AWS account # account on your behalf, such as updating your load balancer with the
AutoscalingRole: # details of where your containers are, so that traffic can reach your
Type: AWS::IAM::Role # containers.
Properties: ECSRole:
AssumeRolePolicyDocument: Type: AWS::IAM::Role
Statement: Properties:
- Effect: Allow AssumeRolePolicyDocument:
Principal: Statement:
Service: [application-autoscaling.amazonaws.com] - Effect: Allow
Action: ['sts:AssumeRole'] Principal:
Path: / Service: [ecs.amazonaws.com]
Policies: Action: ['sts:AssumeRole']
- PolicyName: service-autoscaling Path: /
PolicyDocument: Policies:
Statement: - PolicyName: ecs-service
- Effect: Allow PolicyDocument:
Action: Statement:
- 'application-autoscaling:*' - Effect: Allow
- 'cloudwatch:DescribeAlarms' Action:
- 'cloudwatch:PutMetricAlarm' # Rules which allow ECS to attach network interfaces to instances
- 'ecs:DescribeServices' # on your behalf in order for awsvpc networking mode to work right
- 'ecs:UpdateService' - 'ec2:AttachNetworkInterface'
Resource: '*' - 'ec2:CreateNetworkInterface'
- 'ec2:CreateNetworkInterfacePermission'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DeleteNetworkInterfacePermission'
- 'ec2:Describe*'
- 'ec2:DetachNetworkInterface'
# This is an IAM role which authorizes ECS to manage resources on your # Rules which allow ECS to update load balancers on your behalf
# account on your behalf, such as updating your load balancer with the # with the information sabout how to send traffic to your containers
# details of where your containers are, so that traffic can reach your - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
# containers. - 'elasticloadbalancing:DeregisterTargets'
ECSRole: - 'elasticloadbalancing:Describe*'
Type: AWS::IAM::Role - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
Properties: - 'elasticloadbalancing:RegisterTargets'
AssumeRolePolicyDocument: Resource: '*'
Statement:
- Effect: Allow
Principal:
Service: [ecs.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: ecs-service
PolicyDocument:
Statement:
- Effect: Allow
Action:
# Rules which allow ECS to attach network interfaces to instances
# on your behalf in order for awsvpc networking mode to work right
- 'ec2:AttachNetworkInterface'
- 'ec2:CreateNetworkInterface'
- 'ec2:CreateNetworkInterfacePermission'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DeleteNetworkInterfacePermission'
- 'ec2:Describe*'
- 'ec2:DetachNetworkInterface'
# Rules which allow ECS to update load balancers on your behalf # This is a role which is used by the ECS tasks themselves.
# with the information sabout how to send traffic to your containers ECSTaskExecutionRole:
- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer' Type: AWS::IAM::Role
- 'elasticloadbalancing:DeregisterTargets' Properties:
- 'elasticloadbalancing:Describe*' AssumeRolePolicyDocument:
- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer' Statement:
- 'elasticloadbalancing:RegisterTargets' - Effect: Allow
Resource: '*' Principal:
Service: [ecs-tasks.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: AmazonECSTaskExecutionRolePolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
# Allow the use of secret manager
- 'secretsmanager:GetSecretValue'
- 'kms:Decrypt'
# This is a role which is used by the ECS tasks themselves. # Allow the ECS Tasks to download images from ECR
ECSTaskExecutionRole: - 'ecr:GetAuthorizationToken'
Type: AWS::IAM::Role - 'ecr:BatchCheckLayerAvailability'
Properties: - 'ecr:GetDownloadUrlForLayer'
AssumeRolePolicyDocument: - 'ecr:BatchGetImage'
Statement:
- Effect: Allow
Principal:
Service: [ecs-tasks.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: AmazonECSTaskExecutionRolePolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
# Allow the use of secret manager
- 'secretsmanager:GetSecretValue'
- 'kms:Decrypt'
# Allow the ECS Tasks to download images from ECR # Allow the ECS tasks to upload logs to CloudWatch
- 'ecr:GetAuthorizationToken' - 'logs:CreateLogStream'
- 'ecr:BatchCheckLayerAvailability' - 'logs:PutLogEvents'
- 'ecr:GetDownloadUrlForLayer' Resource: '*'
- 'ecr:BatchGetImage'
# Allow the ECS tasks to upload logs to CloudWatch DeleteCFNLambdaExecutionRole:
- 'logs:CreateLogStream' Type: 'AWS::IAM::Role'
- 'logs:PutLogEvents' Properties:
Resource: '*' AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Service: ['lambda.amazonaws.com']
Action: 'sts:AssumeRole'
Path: '/'
Policies:
- PolicyName: DeleteCFNLambdaExecutionRole
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:logs:*:*:*'
- Effect: 'Allow'
Action:
- 'cloudformation:DeleteStack'
- 'kinesis:DeleteStream'
- 'secretsmanager:DeleteSecret'
- 'kinesis:DescribeStreamSummary'
- 'logs:DeleteLogGroup'
- 'logs:DeleteSubscriptionFilter'
- 'ecs:DeregisterTaskDefinition'
- 'lambda:DeleteFunction'
- 'lambda:InvokeFunction'
- 'events:RemoveTargets'
- 'events:DeleteRule'
- 'lambda:RemovePermission'
Resource: '*'
DeleteCFNLambdaExecutionRole: ### cloud watch to kinesis role
Type: 'AWS::IAM::Role' CloudWatchIAMRole:
Properties: Type: AWS::IAM::Role
AssumeRolePolicyDocument: Properties:
Version: '2012-10-17' AssumeRolePolicyDocument:
Statement: Statement:
- Effect: 'Allow' - Effect: Allow
Principal: Principal:
Service: ['lambda.amazonaws.com'] Service: [logs.amazonaws.com]
Action: 'sts:AssumeRole' Action: ['sts:AssumeRole']
Path: '/' Path: /
Policies: Policies:
- PolicyName: DeleteCFNLambdaExecutionRole - PolicyName: service-autoscaling
PolicyDocument: PolicyDocument:
Version: '2012-10-17' Statement:
Statement: - Effect: Allow
- Effect: 'Allow' Action:
Action: - 'kinesis:PutRecord'
- 'logs:CreateLogGroup' Resource: '*'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:logs:*:*:*'
- Effect: 'Allow'
Action:
- 'cloudformation:DeleteStack'
- 'kinesis:DeleteStream'
- 'secretsmanager:DeleteSecret'
- 'kinesis:DescribeStreamSummary'
- 'logs:DeleteLogGroup'
- 'logs:DeleteSubscriptionFilter'
- 'ecs:DeregisterTaskDefinition'
- 'lambda:DeleteFunction'
- 'lambda:InvokeFunction'
- 'events:RemoveTargets'
- 'events:DeleteRule'
- 'lambda:RemovePermission'
Resource: '*'
### cloud watch to kinesis role #####################EFS#####################
CloudWatchIAMRole: EfsFileStorage:
Type: AWS::IAM::Role Type: 'AWS::EFS::FileSystem'
Properties: Properties:
AssumeRolePolicyDocument: BackupPolicy:
Statement: Status: ENABLED
- Effect: Allow PerformanceMode: maxIO
Principal: Encrypted: false
Service: [logs.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: service-autoscaling
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'kinesis:PutRecord'
Resource: '*'
#####################EFS##################### FileSystemPolicy:
EfsFileStorage: Version: '2012-10-17'
Type: 'AWS::EFS::FileSystem' Statement:
Properties: - Effect: 'Allow'
BackupPolicy: Action:
Status: ENABLED - 'elasticfilesystem:ClientMount'
PerformanceMode: maxIO - 'elasticfilesystem:ClientWrite'
Encrypted: false - 'elasticfilesystem:ClientRootAccess'
Principal:
AWS: '*'
FileSystemPolicy: MountTargetResource1:
Version: '2012-10-17' Type: AWS::EFS::MountTarget
Statement: Properties:
- Effect: 'Allow' FileSystemId: !Ref EfsFileStorage
Action: SubnetId: !Ref PublicSubnetOne
- 'elasticfilesystem:ClientMount' SecurityGroups:
- 'elasticfilesystem:ClientWrite' - !Ref EFSServerSecurityGroup
- 'elasticfilesystem:ClientRootAccess'
Principal:
AWS: '*'
MountTargetResource1: MountTargetResource2:
Type: AWS::EFS::MountTarget Type: AWS::EFS::MountTarget
Properties: Properties:
FileSystemId: !Ref EfsFileStorage FileSystemId: !Ref EfsFileStorage
SubnetId: !Ref PublicSubnetOne SubnetId: !Ref PublicSubnetTwo
SecurityGroups: SecurityGroups:
- !Ref EFSServerSecurityGroup - !Ref EFSServerSecurityGroup
MountTargetResource2: Outputs:
Type: AWS::EFS::MountTarget EfsFileStorageId:
Properties: Description: 'The connection endpoint for the database.'
FileSystemId: !Ref EfsFileStorage Value: !Ref EfsFileStorage
SubnetId: !Ref PublicSubnetTwo Export:
SecurityGroups: Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
- !Ref EFSServerSecurityGroup ClusterName:
Description: The name of the ECS cluster
Value: !Ref 'ECSCluster'
Export:
Name: !Sub${' ${EnvironmentName}'}:ClusterName
AutoscalingRole:
Description: The ARN of the role used for autoscaling
Value: !GetAtt 'AutoscalingRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole
ECSRole:
Description: The ARN of the ECS role
Value: !GetAtt 'ECSRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSRole
ECSTaskExecutionRole:
Description: The ARN of the ECS role tsk execution role
Value: !GetAtt 'ECSTaskExecutionRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole
Outputs: DeleteCFNLambdaExecutionRole:
EfsFileStorageId: Description: Lambda execution role for cleaning up cloud formations
Description: 'The connection endpoint for the database.' Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn'
Value: !Ref EfsFileStorage Export:
Export: Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole
Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
ClusterName:
Description: The name of the ECS cluster
Value: !Ref 'ECSCluster'
Export:
Name: !Sub${' ${EnvironmentName}'}:ClusterName
AutoscalingRole:
Description: The ARN of the role used for autoscaling
Value: !GetAtt 'AutoscalingRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole
ECSRole:
Description: The ARN of the ECS role
Value: !GetAtt 'ECSRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSRole
ECSTaskExecutionRole:
Description: The ARN of the ECS role tsk execution role
Value: !GetAtt 'ECSTaskExecutionRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole
DeleteCFNLambdaExecutionRole: CloudWatchIAMRole:
Description: Lambda execution role for cleaning up cloud formations Description: The ARN of the CloudWatch role for subscription filter
Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn' Value: !GetAtt 'CloudWatchIAMRole.Arn'
Export: Export:
Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole
VpcId:
CloudWatchIAMRole: Description: The ID of the VPC that this stack is deployed in
Description: The ARN of the CloudWatch role for subscription filter Value: !Ref 'VPC'
Value: !GetAtt 'CloudWatchIAMRole.Arn' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:VpcId
Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole PublicSubnetOne:
VpcId: Description: Public subnet one
Description: The ID of the VPC that this stack is deployed in Value: !Ref 'PublicSubnetOne'
Value: !Ref 'VPC' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne
Name: !Sub ${'${EnvironmentName}'}:VpcId PublicSubnetTwo:
PublicSubnetOne: Description: Public subnet two
Description: Public subnet one Value: !Ref 'PublicSubnetTwo'
Value: !Ref 'PublicSubnetOne' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne ContainerSecurityGroup:
PublicSubnetTwo: Description: A security group used to allow Fargate containers to receive traffic
Description: Public subnet two Value: !Ref 'ContainerSecurityGroup'
Value: !Ref 'PublicSubnetTwo' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo
ContainerSecurityGroup:
Description: A security group used to allow Fargate containers to receive traffic
Value: !Ref 'ContainerSecurityGroup'
Export:
Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup
`; `;

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

722
src/model/cloud-runner/providers/aws/cloud-formations/base-stack-formation.ts
View File

@ -1,391 +1,391 @@
export class BaseStackFormation { export class BaseStackFormation {
public static readonly formation: string = ` AWSTemplateFormatVersion: '2010-09-09' public static readonly formation: string = ` AWSTemplateFormatVersion: '2010-09-09'
Description: Game-CI base stack Description: Game-CI base stack
Parameters: Parameters:
EnvironmentName: EnvironmentName:
Type: String Type: String
Default: development Default: development
Description: 'Your deployment environment: DEV, QA , PROD' Description: 'Your deployment environment: DEV, QA , PROD'
Version: Version:
Type: String Type: String
Description: 'hash of template' Description: 'hash of template'
# ContainerPort: # ContainerPort:
# Type: Number # Type: Number
# Default: 80 # Default: 80
# Description: What port number the application inside the docker container is binding to # Description: What port number the application inside the docker container is binding to
Mappings: Mappings:
# Hard values for the subnet masks. These masks define # Hard values for the subnet masks. These masks define
# the range of internal IP addresses that can be assigned. # the range of internal IP addresses that can be assigned.
# The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255
# There are four subnets which cover the ranges: # There are four subnets which cover the ranges:
# #
# 10.0.0.0 - 10.0.0.255 # 10.0.0.0 - 10.0.0.255
# 10.0.1.0 - 10.0.1.255 # 10.0.1.0 - 10.0.1.255
# 10.0.2.0 - 10.0.2.255 # 10.0.2.0 - 10.0.2.255
# 10.0.3.0 - 10.0.3.255 # 10.0.3.0 - 10.0.3.255
SubnetConfig: SubnetConfig:
VPC:
CIDR: '10.0.0.0/16'
PublicOne:
CIDR: '10.0.0.0/24'
PublicTwo:
CIDR: '10.0.1.0/24'
Resources:
# VPC in which containers will be networked.
# It has two public subnets, and two private subnets.
# We distribute the subnets across the first two available subnets
# for the region, for high availability.
VPC: VPC:
CIDR: '10.0.0.0/16' Type: AWS::EC2::VPC
PublicOne: Properties:
CIDR: '10.0.0.0/24' EnableDnsSupport: true
PublicTwo: EnableDnsHostnames: true
CIDR: '10.0.1.0/24' CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
Resources: EFSServerSecurityGroup:
# VPC in which containers will be networked. Type: AWS::EC2::SecurityGroup
# It has two public subnets, and two private subnets. Properties:
# We distribute the subnets across the first two available subnets GroupName: 'efs-server-endpoints'
# for the region, for high availability. GroupDescription: Which client ip addrs are allowed to access EFS server
VPC: VpcId: !Ref 'VPC'
Type: AWS::EC2::VPC SecurityGroupIngress:
Properties: - IpProtocol: tcp
EnableDnsSupport: true FromPort: 2049
EnableDnsHostnames: true ToPort: 2049
CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] SourceSecurityGroupId: !Ref ContainerSecurityGroup
#CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
# A security group for the containers we will run in Fargate.
# Rules are added to this security group based on what ingress you
# add for the cluster.
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: 'task security group'
GroupDescription: Access to the Fargate containers
VpcId: !Ref 'VPC'
# SecurityGroupIngress:
# - IpProtocol: tcp
# FromPort: !Ref ContainerPort
# ToPort: !Ref ContainerPort
# CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
FromPort: 2049
ToPort: 2049
CidrIp: '0.0.0.0/0'
EFSServerSecurityGroup: # Two public subnets, where containers can have public IP addresses
Type: AWS::EC2::SecurityGroup PublicSubnetOne:
Properties: Type: AWS::EC2::Subnet
GroupName: 'efs-server-endpoints' Properties:
GroupDescription: Which client ip addrs are allowed to access EFS server AvailabilityZone: !Select
VpcId: !Ref 'VPC' - 0
SecurityGroupIngress: - Fn::GetAZs: !Ref 'AWS::Region'
- IpProtocol: tcp VpcId: !Ref 'VPC'
FromPort: 2049 CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']
ToPort: 2049 # MapPublicIpOnLaunch: true
SourceSecurityGroupId: !Ref ContainerSecurityGroup
#CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
# A security group for the containers we will run in Fargate.
# Rules are added to this security group based on what ingress you
# add for the cluster.
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: 'task security group'
GroupDescription: Access to the Fargate containers
VpcId: !Ref 'VPC'
# SecurityGroupIngress:
# - IpProtocol: tcp
# FromPort: !Ref ContainerPort
# ToPort: !Ref ContainerPort
# CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
FromPort: 2049
ToPort: 2049
CidrIp: '0.0.0.0/0'
# Two public subnets, where containers can have public IP addresses PublicSubnetTwo:
PublicSubnetOne: Type: AWS::EC2::Subnet
Type: AWS::EC2::Subnet Properties:
Properties: AvailabilityZone: !Select
AvailabilityZone: !Select - 1
- 0 - Fn::GetAZs: !Ref 'AWS::Region'
- Fn::GetAZs: !Ref 'AWS::Region' VpcId: !Ref 'VPC'
VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR']
CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] # MapPublicIpOnLaunch: true
# MapPublicIpOnLaunch: true
PublicSubnetTwo: # Setup networking resources for the public subnets. Containers
Type: AWS::EC2::Subnet # in the public subnets have public IP addresses and the routing table
Properties: # sends network traffic via the internet gateway.
AvailabilityZone: !Select InternetGateway:
- 1 Type: AWS::EC2::InternetGateway
- Fn::GetAZs: !Ref 'AWS::Region' GatewayAttachement:
VpcId: !Ref 'VPC' Type: AWS::EC2::VPCGatewayAttachment
CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] Properties:
# MapPublicIpOnLaunch: true VpcId: !Ref 'VPC'
InternetGatewayId: !Ref 'InternetGateway'
# Setup networking resources for the public subnets. Containers # Attaching a Internet Gateway to route table makes it public.
# in the public subnets have public IP addresses and the routing table PublicRouteTable:
# sends network traffic via the internet gateway. Type: AWS::EC2::RouteTable
InternetGateway: Properties:
Type: AWS::EC2::InternetGateway VpcId: !Ref 'VPC'
GatewayAttachement: PublicRoute:
Type: AWS::EC2::VPCGatewayAttachment Type: AWS::EC2::Route
Properties: DependsOn: GatewayAttachement
VpcId: !Ref 'VPC' Properties:
InternetGatewayId: !Ref 'InternetGateway' RouteTableId: !Ref 'PublicRouteTable'
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref 'InternetGateway'
# Attaching a Internet Gateway to route table makes it public. # Attaching a public route table makes a subnet public.
PublicRouteTable: PublicSubnetOneRouteTableAssociation:
Type: AWS::EC2::RouteTable Type: AWS::EC2::SubnetRouteTableAssociation
Properties: Properties:
VpcId: !Ref 'VPC' SubnetId: !Ref PublicSubnetOne
PublicRoute: RouteTableId: !Ref PublicRouteTable
Type: AWS::EC2::Route PublicSubnetTwoRouteTableAssociation:
DependsOn: GatewayAttachement Type: AWS::EC2::SubnetRouteTableAssociation
Properties: Properties:
RouteTableId: !Ref 'PublicRouteTable' SubnetId: !Ref PublicSubnetTwo
DestinationCidrBlock: '0.0.0.0/0' RouteTableId: !Ref PublicRouteTable
GatewayId: !Ref 'InternetGateway'
# Attaching a public route table makes a subnet public. # ECS Resources
PublicSubnetOneRouteTableAssociation: ECSCluster:
Type: AWS::EC2::SubnetRouteTableAssociation Type: AWS::ECS::Cluster
Properties:
SubnetId: !Ref PublicSubnetOne
RouteTableId: !Ref PublicRouteTable
PublicSubnetTwoRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetTwo
RouteTableId: !Ref PublicRouteTable
# ECS Resources # A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets
ECSCluster: # on your AWS account
Type: AWS::ECS::Cluster AutoscalingRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [application-autoscaling.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: service-autoscaling
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'application-autoscaling:*'
- 'cloudwatch:DescribeAlarms'
- 'cloudwatch:PutMetricAlarm'
- 'ecs:DescribeServices'
- 'ecs:UpdateService'
Resource: '*'
# A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets # This is an IAM role which authorizes ECS to manage resources on your
# on your AWS account # account on your behalf, such as updating your load balancer with the
AutoscalingRole: # details of where your containers are, so that traffic can reach your
Type: AWS::IAM::Role # containers.
Properties: ECSRole:
AssumeRolePolicyDocument: Type: AWS::IAM::Role
Statement: Properties:
- Effect: Allow AssumeRolePolicyDocument:
Principal: Statement:
Service: [application-autoscaling.amazonaws.com] - Effect: Allow
Action: ['sts:AssumeRole'] Principal:
Path: / Service: [ecs.amazonaws.com]
Policies: Action: ['sts:AssumeRole']
- PolicyName: service-autoscaling Path: /
PolicyDocument: Policies:
Statement: - PolicyName: ecs-service
- Effect: Allow PolicyDocument:
Action: Statement:
- 'application-autoscaling:*' - Effect: Allow
- 'cloudwatch:DescribeAlarms' Action:
- 'cloudwatch:PutMetricAlarm' # Rules which allow ECS to attach network interfaces to instances
- 'ecs:DescribeServices' # on your behalf in order for awsvpc networking mode to work right
- 'ecs:UpdateService' - 'ec2:AttachNetworkInterface'
Resource: '*' - 'ec2:CreateNetworkInterface'
- 'ec2:CreateNetworkInterfacePermission'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DeleteNetworkInterfacePermission'
- 'ec2:Describe*'
- 'ec2:DetachNetworkInterface'
# This is an IAM role which authorizes ECS to manage resources on your # Rules which allow ECS to update load balancers on your behalf
# account on your behalf, such as updating your load balancer with the # with the information sabout how to send traffic to your containers
# details of where your containers are, so that traffic can reach your - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
# containers. - 'elasticloadbalancing:DeregisterTargets'
ECSRole: - 'elasticloadbalancing:Describe*'
Type: AWS::IAM::Role - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
Properties: - 'elasticloadbalancing:RegisterTargets'
AssumeRolePolicyDocument: Resource: '*'
Statement:
- Effect: Allow
Principal:
Service: [ecs.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: ecs-service
PolicyDocument:
Statement:
- Effect: Allow
Action:
# Rules which allow ECS to attach network interfaces to instances
# on your behalf in order for awsvpc networking mode to work right
- 'ec2:AttachNetworkInterface'
- 'ec2:CreateNetworkInterface'
- 'ec2:CreateNetworkInterfacePermission'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DeleteNetworkInterfacePermission'
- 'ec2:Describe*'
- 'ec2:DetachNetworkInterface'
# Rules which allow ECS to update load balancers on your behalf # This is a role which is used by the ECS tasks themselves.
# with the information sabout how to send traffic to your containers ECSTaskExecutionRole:
- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer' Type: AWS::IAM::Role
- 'elasticloadbalancing:DeregisterTargets' Properties:
- 'elasticloadbalancing:Describe*' AssumeRolePolicyDocument:
- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer' Statement:
- 'elasticloadbalancing:RegisterTargets' - Effect: Allow
Resource: '*' Principal:
Service: [ecs-tasks.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: AmazonECSTaskExecutionRolePolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
# Allow the use of secret manager
- 'secretsmanager:GetSecretValue'
- 'kms:Decrypt'
# This is a role which is used by the ECS tasks themselves. # Allow the ECS Tasks to download images from ECR
ECSTaskExecutionRole: - 'ecr:GetAuthorizationToken'
Type: AWS::IAM::Role - 'ecr:BatchCheckLayerAvailability'
Properties: - 'ecr:GetDownloadUrlForLayer'
AssumeRolePolicyDocument: - 'ecr:BatchGetImage'
Statement:
- Effect: Allow
Principal:
Service: [ecs-tasks.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: AmazonECSTaskExecutionRolePolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
# Allow the use of secret manager
- 'secretsmanager:GetSecretValue'
- 'kms:Decrypt'
# Allow the ECS Tasks to download images from ECR # Allow the ECS tasks to upload logs to CloudWatch
- 'ecr:GetAuthorizationToken' - 'logs:CreateLogStream'
- 'ecr:BatchCheckLayerAvailability' - 'logs:PutLogEvents'
- 'ecr:GetDownloadUrlForLayer' Resource: '*'
- 'ecr:BatchGetImage'
# Allow the ECS tasks to upload logs to CloudWatch DeleteCFNLambdaExecutionRole:
- 'logs:CreateLogStream' Type: 'AWS::IAM::Role'
- 'logs:PutLogEvents' Properties:
Resource: '*' AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Service: ['lambda.amazonaws.com']
Action: 'sts:AssumeRole'
Path: '/'
Policies:
- PolicyName: DeleteCFNLambdaExecutionRole
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:logs:*:*:*'
- Effect: 'Allow'
Action:
- 'cloudformation:DeleteStack'
- 'kinesis:DeleteStream'
- 'secretsmanager:DeleteSecret'
- 'kinesis:DescribeStreamSummary'
- 'logs:DeleteLogGroup'
- 'logs:DeleteSubscriptionFilter'
- 'ecs:DeregisterTaskDefinition'
- 'lambda:DeleteFunction'
- 'lambda:InvokeFunction'
- 'events:RemoveTargets'
- 'events:DeleteRule'
- 'lambda:RemovePermission'
Resource: '*'
DeleteCFNLambdaExecutionRole: ### cloud watch to kinesis role
Type: 'AWS::IAM::Role' CloudWatchIAMRole:
Properties: Type: AWS::IAM::Role
AssumeRolePolicyDocument: Properties:
Version: '2012-10-17' AssumeRolePolicyDocument:
Statement: Statement:
- Effect: 'Allow' - Effect: Allow
Principal: Principal:
Service: ['lambda.amazonaws.com'] Service: [logs.amazonaws.com]
Action: 'sts:AssumeRole' Action: ['sts:AssumeRole']
Path: '/' Path: /
Policies: Policies:
- PolicyName: DeleteCFNLambdaExecutionRole - PolicyName: service-autoscaling
PolicyDocument: PolicyDocument:
Version: '2012-10-17' Statement:
Statement: - Effect: Allow
- Effect: 'Allow' Action:
Action: - 'kinesis:PutRecord'
- 'logs:CreateLogGroup' Resource: '*'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:logs:*:*:*'
- Effect: 'Allow'
Action:
- 'cloudformation:DeleteStack'
- 'kinesis:DeleteStream'
- 'secretsmanager:DeleteSecret'
- 'kinesis:DescribeStreamSummary'
- 'logs:DeleteLogGroup'
- 'logs:DeleteSubscriptionFilter'
- 'ecs:DeregisterTaskDefinition'
- 'lambda:DeleteFunction'
- 'lambda:InvokeFunction'
- 'events:RemoveTargets'
- 'events:DeleteRule'
- 'lambda:RemovePermission'
Resource: '*'
### cloud watch to kinesis role #####################EFS#####################
CloudWatchIAMRole: EfsFileStorage:
Type: AWS::IAM::Role Type: 'AWS::EFS::FileSystem'
Properties: Properties:
AssumeRolePolicyDocument: BackupPolicy:
Statement: Status: ENABLED
- Effect: Allow PerformanceMode: maxIO
Principal: Encrypted: false
Service: [logs.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: service-autoscaling
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'kinesis:PutRecord'
Resource: '*'
#####################EFS##################### FileSystemPolicy:
EfsFileStorage: Version: '2012-10-17'
Type: 'AWS::EFS::FileSystem' Statement:
Properties: - Effect: 'Allow'
BackupPolicy: Action:
Status: ENABLED - 'elasticfilesystem:ClientMount'
PerformanceMode: maxIO - 'elasticfilesystem:ClientWrite'
Encrypted: false - 'elasticfilesystem:ClientRootAccess'
Principal:
AWS: '*'
FileSystemPolicy: MountTargetResource1:
Version: '2012-10-17' Type: AWS::EFS::MountTarget
Statement: Properties:
- Effect: 'Allow' FileSystemId: !Ref EfsFileStorage
Action: SubnetId: !Ref PublicSubnetOne
- 'elasticfilesystem:ClientMount' SecurityGroups:
- 'elasticfilesystem:ClientWrite' - !Ref EFSServerSecurityGroup
- 'elasticfilesystem:ClientRootAccess'
Principal:
AWS: '*'
MountTargetResource1: MountTargetResource2:
Type: AWS::EFS::MountTarget Type: AWS::EFS::MountTarget
Properties: Properties:
FileSystemId: !Ref EfsFileStorage FileSystemId: !Ref EfsFileStorage
SubnetId: !Ref PublicSubnetOne SubnetId: !Ref PublicSubnetTwo
SecurityGroups: SecurityGroups:
- !Ref EFSServerSecurityGroup - !Ref EFSServerSecurityGroup
MountTargetResource2: Outputs:
Type: AWS::EFS::MountTarget EfsFileStorageId:
Properties: Description: 'The connection endpoint for the database.'
FileSystemId: !Ref EfsFileStorage Value: !Ref EfsFileStorage
SubnetId: !Ref PublicSubnetTwo Export:
SecurityGroups: Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
- !Ref EFSServerSecurityGroup ClusterName:
Description: The name of the ECS cluster
Value: !Ref 'ECSCluster'
Export:
Name: !Sub${' ${EnvironmentName}'}:ClusterName
AutoscalingRole:
Description: The ARN of the role used for autoscaling
Value: !GetAtt 'AutoscalingRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole
ECSRole:
Description: The ARN of the ECS role
Value: !GetAtt 'ECSRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSRole
ECSTaskExecutionRole:
Description: The ARN of the ECS role tsk execution role
Value: !GetAtt 'ECSTaskExecutionRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole
Outputs: DeleteCFNLambdaExecutionRole:
EfsFileStorageId: Description: Lambda execution role for cleaning up cloud formations
Description: 'The connection endpoint for the database.' Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn'
Value: !Ref EfsFileStorage Export:
Export: Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole
Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
ClusterName:
Description: The name of the ECS cluster
Value: !Ref 'ECSCluster'
Export:
Name: !Sub${' ${EnvironmentName}'}:ClusterName
AutoscalingRole:
Description: The ARN of the role used for autoscaling
Value: !GetAtt 'AutoscalingRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole
ECSRole:
Description: The ARN of the ECS role
Value: !GetAtt 'ECSRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSRole
ECSTaskExecutionRole:
Description: The ARN of the ECS role tsk execution role
Value: !GetAtt 'ECSTaskExecutionRole.Arn'
Export:
Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole
DeleteCFNLambdaExecutionRole: CloudWatchIAMRole:
Description: Lambda execution role for cleaning up cloud formations Description: The ARN of the CloudWatch role for subscription filter
Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn' Value: !GetAtt 'CloudWatchIAMRole.Arn'
Export: Export:
Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole
VpcId:
CloudWatchIAMRole: Description: The ID of the VPC that this stack is deployed in
Description: The ARN of the CloudWatch role for subscription filter Value: !Ref 'VPC'
Value: !GetAtt 'CloudWatchIAMRole.Arn' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:VpcId
Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole PublicSubnetOne:
VpcId: Description: Public subnet one
Description: The ID of the VPC that this stack is deployed in Value: !Ref 'PublicSubnetOne'
Value: !Ref 'VPC' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne
Name: !Sub ${'${EnvironmentName}'}:VpcId PublicSubnetTwo:
PublicSubnetOne: Description: Public subnet two
Description: Public subnet one Value: !Ref 'PublicSubnetTwo'
Value: !Ref 'PublicSubnetOne' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne ContainerSecurityGroup:
PublicSubnetTwo: Description: A security group used to allow Fargate containers to receive traffic
Description: Public subnet two Value: !Ref 'ContainerSecurityGroup'
Value: !Ref 'PublicSubnetTwo' Export:
Export: Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo
ContainerSecurityGroup:
Description: A security group used to allow Fargate containers to receive traffic
Value: !Ref 'ContainerSecurityGroup'
Export:
Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup
`; `;
} }