actions
/
unity-builder
mirror of https://github.com/game-ci/unity-builder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

baked in cloud formation template

pull/387/head
Frostebite 2022-04-20 23:51:30 +01:00
parent 09c6df818f
commit d26cc2b620
4 changed files with 1085 additions and 1089 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1086
dist/index.js vendored
View File

File diff suppressed because it is too large Load Diff

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

774
src/model/cloud-runner/providers/aws/cloud-formations/base-stack-formation.ts
View File

@ -1,391 +1,391 @@
export class BaseStackFormation { export class BaseStackFormation {
public static readonly formation: string = ` AWSTemplateFormatVersion: '2010-09-09' public static readonly formation: string = `AWSTemplateFormatVersion: '2010-09-09'
Description: Game-CI base stack Description: Game-CI base stack
Parameters: Parameters:
EnvironmentName: EnvironmentName:
Type: String Type: String
Default: development Default: development
Description: 'Your deployment environment: DEV, QA , PROD' Description: 'Your deployment environment: DEV, QA , PROD'
Version: Version:
Type: String Type: String
Description: 'hash of template' Description: 'hash of template'
# ContainerPort: # ContainerPort:
# Type: Number # Type: Number
# Default: 80 # Default: 80
# Description: What port number the application inside the docker container is binding to # Description: What port number the application inside the docker container is binding to
Mappings: Mappings:
# Hard values for the subnet masks. These masks define # Hard values for the subnet masks. These masks define
# the range of internal IP addresses that can be assigned. # the range of internal IP addresses that can be assigned.
# The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255
# There are four subnets which cover the ranges: # There are four subnets which cover the ranges:
# #
# 10.0.0.0 - 10.0.0.255 # 10.0.0.0 - 10.0.0.255
# 10.0.1.0 - 10.0.1.255 # 10.0.1.0 - 10.0.1.255
# 10.0.2.0 - 10.0.2.255 # 10.0.2.0 - 10.0.2.255
# 10.0.3.0 - 10.0.3.255 # 10.0.3.0 - 10.0.3.255
SubnetConfig: SubnetConfig:
VPC:
CIDR: '10.0.0.0/16'
PublicOne:
CIDR: '10.0.0.0/24'
PublicTwo:
CIDR: '10.0.1.0/24'
Resources:
# VPC in which containers will be networked.
# It has two public subnets, and two private subnets.
# We distribute the subnets across the first two available subnets
# for the region, for high availability.
VPC: VPC:
Type: AWS::EC2::VPC CIDR: '10.0.0.0/16'
Properties: PublicOne:
EnableDnsSupport: true CIDR: '10.0.0.0/24'
EnableDnsHostnames: true PublicTwo:
CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] CIDR: '10.0.1.0/24'
EFSServerSecurityGroup: Resources:
Type: AWS::EC2::SecurityGroup # VPC in which containers will be networked.
Properties: # It has two public subnets, and two private subnets.
GroupName: 'efs-server-endpoints' # We distribute the subnets across the first two available subnets
GroupDescription: Which client ip addrs are allowed to access EFS server # for the region, for high availability.
VpcId: !Ref 'VPC' VPC:
SecurityGroupIngress: Type: AWS::EC2::VPC
- IpProtocol: tcp Properties:
FromPort: 2049 EnableDnsSupport: true
ToPort: 2049 EnableDnsHostnames: true
SourceSecurityGroupId: !Ref ContainerSecurityGroup CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
#CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
# A security group for the containers we will run in Fargate. EFSServerSecurityGroup:
# Rules are added to this security group based on what ingress you Type: AWS::EC2::SecurityGroup
# add for the cluster. Properties:
ContainerSecurityGroup: GroupName: 'efs-server-endpoints'
Type: AWS::EC2::SecurityGroup GroupDescription: Which client ip addrs are allowed to access EFS server
Properties: VpcId: !Ref 'VPC'
GroupName: 'task security group' SecurityGroupIngress:
GroupDescription: Access to the Fargate containers - IpProtocol: tcp
VpcId: !Ref 'VPC' FromPort: 2049
# SecurityGroupIngress: ToPort: 2049
# - IpProtocol: tcp SourceSecurityGroupId: !Ref ContainerSecurityGroup
# FromPort: !Ref ContainerPort #CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
# ToPort: !Ref ContainerPort # A security group for the containers we will run in Fargate.
# CidrIp: 0.0.0.0/0 # Rules are added to this security group based on what ingress you
SecurityGroupEgress: # add for the cluster.
- IpProtocol: -1 ContainerSecurityGroup:
FromPort: 2049 Type: AWS::EC2::SecurityGroup
ToPort: 2049 Properties:
CidrIp: '0.0.0.0/0' GroupName: 'task security group'
GroupDescription: Access to the Fargate containers
# Two public subnets, where containers can have public IP addresses VpcId: !Ref 'VPC'
PublicSubnetOne: # SecurityGroupIngress:
Type: AWS::EC2::Subnet # - IpProtocol: tcp
Properties: # FromPort: !Ref ContainerPort
AvailabilityZone: !Select # ToPort: !Ref ContainerPort
- 0 # CidrIp: 0.0.0.0/0
- Fn::GetAZs: !Ref 'AWS::Region' SecurityGroupEgress:
VpcId: !Ref 'VPC' - IpProtocol: -1
CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] FromPort: 2049
# MapPublicIpOnLaunch: true ToPort: 2049
CidrIp: '0.0.0.0/0'
PublicSubnetTwo:
Type: AWS::EC2::Subnet # Two public subnets, where containers can have public IP addresses
Properties: PublicSubnetOne:
AvailabilityZone: !Select Type: AWS::EC2::Subnet
- 1 Properties:
- Fn::GetAZs: !Ref 'AWS::Region' AvailabilityZone: !Select
VpcId: !Ref 'VPC' - 0
CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] - Fn::GetAZs: !Ref 'AWS::Region'
# MapPublicIpOnLaunch: true VpcId: !Ref 'VPC'
CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']
# Setup networking resources for the public subnets. Containers # MapPublicIpOnLaunch: true
# in the public subnets have public IP addresses and the routing table
# sends network traffic via the internet gateway. PublicSubnetTwo:
InternetGateway: Type: AWS::EC2::Subnet
Type: AWS::EC2::InternetGateway Properties:
GatewayAttachement: AvailabilityZone: !Select
Type: AWS::EC2::VPCGatewayAttachment - 1
Properties: - Fn::GetAZs: !Ref 'AWS::Region'
VpcId: !Ref 'VPC' VpcId: !Ref 'VPC'
InternetGatewayId: !Ref 'InternetGateway' CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR']
# MapPublicIpOnLaunch: true
# Attaching a Internet Gateway to route table makes it public.
PublicRouteTable: # Setup networking resources for the public subnets. Containers
Type: AWS::EC2::RouteTable # in the public subnets have public IP addresses and the routing table
Properties: # sends network traffic via the internet gateway.
VpcId: !Ref 'VPC' InternetGateway:
PublicRoute: Type: AWS::EC2::InternetGateway
Type: AWS::EC2::Route GatewayAttachement:
DependsOn: GatewayAttachement Type: AWS::EC2::VPCGatewayAttachment
Properties: Properties:
RouteTableId: !Ref 'PublicRouteTable' VpcId: !Ref 'VPC'
DestinationCidrBlock: '0.0.0.0/0' InternetGatewayId: !Ref 'InternetGateway'
GatewayId: !Ref 'InternetGateway'
# Attaching a Internet Gateway to route table makes it public.
# Attaching a public route table makes a subnet public. PublicRouteTable:
PublicSubnetOneRouteTableAssociation: Type: AWS::EC2::RouteTable
Type: AWS::EC2::SubnetRouteTableAssociation Properties:
Properties: VpcId: !Ref 'VPC'
SubnetId: !Ref PublicSubnetOne PublicRoute:
RouteTableId: !Ref PublicRouteTable Type: AWS::EC2::Route
PublicSubnetTwoRouteTableAssociation: DependsOn: GatewayAttachement
Type: AWS::EC2::SubnetRouteTableAssociation Properties:
Properties: RouteTableId: !Ref 'PublicRouteTable'
SubnetId: !Ref PublicSubnetTwo DestinationCidrBlock: '0.0.0.0/0'
RouteTableId: !Ref PublicRouteTable GatewayId: !Ref 'InternetGateway'
# ECS Resources # Attaching a public route table makes a subnet public.
ECSCluster: PublicSubnetOneRouteTableAssociation:
Type: AWS::ECS::Cluster Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
# A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets SubnetId: !Ref PublicSubnetOne
# on your AWS account RouteTableId: !Ref PublicRouteTable
AutoscalingRole: PublicSubnetTwoRouteTableAssociation:
Type: AWS::IAM::Role Type: AWS::EC2::SubnetRouteTableAssociation
Properties: Properties:
AssumeRolePolicyDocument: SubnetId: !Ref PublicSubnetTwo
Statement: RouteTableId: !Ref PublicRouteTable
- Effect: Allow
Principal: # ECS Resources
Service: [application-autoscaling.amazonaws.com] ECSCluster:
Action: ['sts:AssumeRole'] Type: AWS::ECS::Cluster
Path: /
Policies: # A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets
- PolicyName: service-autoscaling # on your AWS account
PolicyDocument: AutoscalingRole:
Statement: Type: AWS::IAM::Role
- Effect: Allow Properties:
Action: AssumeRolePolicyDocument:
- 'application-autoscaling:*' Statement:
- 'cloudwatch:DescribeAlarms' - Effect: Allow
- 'cloudwatch:PutMetricAlarm' Principal:
- 'ecs:DescribeServices' Service: [application-autoscaling.amazonaws.com]
- 'ecs:UpdateService' Action: ['sts:AssumeRole']
Resource: '*' Path: /
Policies:
# This is an IAM role which authorizes ECS to manage resources on your - PolicyName: service-autoscaling
# account on your behalf, such as updating your load balancer with the PolicyDocument:
# details of where your containers are, so that traffic can reach your Statement:
# containers. - Effect: Allow
ECSRole: Action:
Type: AWS::IAM::Role - 'application-autoscaling:*'
Properties: - 'cloudwatch:DescribeAlarms'
AssumeRolePolicyDocument: - 'cloudwatch:PutMetricAlarm'
Statement: - 'ecs:DescribeServices'
- Effect: Allow - 'ecs:UpdateService'
Principal: Resource: '*'
Service: [ecs.amazonaws.com]
Action: ['sts:AssumeRole'] # This is an IAM role which authorizes ECS to manage resources on your
Path: / # account on your behalf, such as updating your load balancer with the
Policies: # details of where your containers are, so that traffic can reach your
- PolicyName: ecs-service # containers.
PolicyDocument: ECSRole:
Statement: Type: AWS::IAM::Role
- Effect: Allow Properties:
Action: AssumeRolePolicyDocument:
# Rules which allow ECS to attach network interfaces to instances Statement:
# on your behalf in order for awsvpc networking mode to work right - Effect: Allow
- 'ec2:AttachNetworkInterface' Principal:
- 'ec2:CreateNetworkInterface' Service: [ecs.amazonaws.com]
- 'ec2:CreateNetworkInterfacePermission' Action: ['sts:AssumeRole']
- 'ec2:DeleteNetworkInterface' Path: /
- 'ec2:DeleteNetworkInterfacePermission' Policies:
- 'ec2:Describe*' - PolicyName: ecs-service
- 'ec2:DetachNetworkInterface' PolicyDocument:
Statement:
# Rules which allow ECS to update load balancers on your behalf - Effect: Allow
# with the information sabout how to send traffic to your containers Action:
- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer' # Rules which allow ECS to attach network interfaces to instances
- 'elasticloadbalancing:DeregisterTargets' # on your behalf in order for awsvpc networking mode to work right
- 'elasticloadbalancing:Describe*' - 'ec2:AttachNetworkInterface'
- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer' - 'ec2:CreateNetworkInterface'
- 'elasticloadbalancing:RegisterTargets' - 'ec2:CreateNetworkInterfacePermission'
Resource: '*' - 'ec2:DeleteNetworkInterface'
- 'ec2:DeleteNetworkInterfacePermission'
# This is a role which is used by the ECS tasks themselves. - 'ec2:Describe*'
ECSTaskExecutionRole: - 'ec2:DetachNetworkInterface'
Type: AWS::IAM::Role
Properties: # Rules which allow ECS to update load balancers on your behalf
AssumeRolePolicyDocument: # with the information sabout how to send traffic to your containers
Statement: - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
- Effect: Allow - 'elasticloadbalancing:DeregisterTargets'
Principal: - 'elasticloadbalancing:Describe*'
Service: [ecs-tasks.amazonaws.com] - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
Action: ['sts:AssumeRole'] - 'elasticloadbalancing:RegisterTargets'
Path: / Resource: '*'
Policies:
- PolicyName: AmazonECSTaskExecutionRolePolicy # This is a role which is used by the ECS tasks themselves.
PolicyDocument: ECSTaskExecutionRole:
Statement: Type: AWS::IAM::Role
- Effect: Allow Properties:
Action: AssumeRolePolicyDocument:
# Allow the use of secret manager Statement:
- 'secretsmanager:GetSecretValue' - Effect: Allow
- 'kms:Decrypt' Principal:
Service: [ecs-tasks.amazonaws.com]
# Allow the ECS Tasks to download images from ECR Action: ['sts:AssumeRole']
- 'ecr:GetAuthorizationToken' Path: /
- 'ecr:BatchCheckLayerAvailability' Policies:
- 'ecr:GetDownloadUrlForLayer' - PolicyName: AmazonECSTaskExecutionRolePolicy
- 'ecr:BatchGetImage' PolicyDocument:
Statement:
# Allow the ECS tasks to upload logs to CloudWatch - Effect: Allow
- 'logs:CreateLogStream' Action:
- 'logs:PutLogEvents' # Allow the use of secret manager
Resource: '*' - 'secretsmanager:GetSecretValue'
- 'kms:Decrypt'
DeleteCFNLambdaExecutionRole:
Type: 'AWS::IAM::Role' # Allow the ECS Tasks to download images from ECR
Properties: - 'ecr:GetAuthorizationToken'
AssumeRolePolicyDocument: - 'ecr:BatchCheckLayerAvailability'
Version: '2012-10-17' - 'ecr:GetDownloadUrlForLayer'
Statement: - 'ecr:BatchGetImage'
- Effect: 'Allow'
Principal: # Allow the ECS tasks to upload logs to CloudWatch
Service: ['lambda.amazonaws.com'] - 'logs:CreateLogStream'
Action: 'sts:AssumeRole' - 'logs:PutLogEvents'
Path: '/' Resource: '*'
Policies:
- PolicyName: DeleteCFNLambdaExecutionRole DeleteCFNLambdaExecutionRole:
PolicyDocument: Type: 'AWS::IAM::Role'
Version: '2012-10-17' Properties:
Statement: AssumeRolePolicyDocument:
- Effect: 'Allow' Version: '2012-10-17'
Action: Statement:
- 'logs:CreateLogGroup' - Effect: 'Allow'
- 'logs:CreateLogStream' Principal:
- 'logs:PutLogEvents' Service: ['lambda.amazonaws.com']
Resource: 'arn:aws:logs:*:*:*' Action: 'sts:AssumeRole'
- Effect: 'Allow' Path: '/'
Action: Policies:
- 'cloudformation:DeleteStack' - PolicyName: DeleteCFNLambdaExecutionRole
- 'kinesis:DeleteStream' PolicyDocument:
- 'secretsmanager:DeleteSecret' Version: '2012-10-17'
- 'kinesis:DescribeStreamSummary' Statement:
- 'logs:DeleteLogGroup' - Effect: 'Allow'
- 'logs:DeleteSubscriptionFilter' Action:
- 'ecs:DeregisterTaskDefinition' - 'logs:CreateLogGroup'
- 'lambda:DeleteFunction' - 'logs:CreateLogStream'
- 'lambda:InvokeFunction' - 'logs:PutLogEvents'
- 'events:RemoveTargets' Resource: 'arn:aws:logs:*:*:*'
- 'events:DeleteRule' - Effect: 'Allow'
- 'lambda:RemovePermission' Action:
Resource: '*' - 'cloudformation:DeleteStack'
- 'kinesis:DeleteStream'
### cloud watch to kinesis role - 'secretsmanager:DeleteSecret'
CloudWatchIAMRole: - 'kinesis:DescribeStreamSummary'
Type: AWS::IAM::Role - 'logs:DeleteLogGroup'
Properties: - 'logs:DeleteSubscriptionFilter'
AssumeRolePolicyDocument: - 'ecs:DeregisterTaskDefinition'
Statement: - 'lambda:DeleteFunction'
- Effect: Allow - 'lambda:InvokeFunction'
Principal: - 'events:RemoveTargets'
Service: [logs.amazonaws.com] - 'events:DeleteRule'
Action: ['sts:AssumeRole'] - 'lambda:RemovePermission'
Path: / Resource: '*'
Policies:
- PolicyName: service-autoscaling ### cloud watch to kinesis role
PolicyDocument: CloudWatchIAMRole:
Statement: Type: AWS::IAM::Role
- Effect: Allow Properties:
Action: AssumeRolePolicyDocument:
- 'kinesis:PutRecord' Statement:
Resource: '*' - Effect: Allow
Principal:
#####################EFS##################### Service: [logs.amazonaws.com]
EfsFileStorage: Action: ['sts:AssumeRole']
Type: 'AWS::EFS::FileSystem' Path: /
Properties: Policies:
BackupPolicy: - PolicyName: service-autoscaling
Status: ENABLED PolicyDocument:
PerformanceMode: maxIO Statement:
Encrypted: false - Effect: Allow
Action:
FileSystemPolicy: - 'kinesis:PutRecord'
Version: '2012-10-17' Resource: '*'
Statement:
- Effect: 'Allow' #####################EFS#####################
Action: EfsFileStorage:
- 'elasticfilesystem:ClientMount' Type: 'AWS::EFS::FileSystem'
- 'elasticfilesystem:ClientWrite' Properties:
- 'elasticfilesystem:ClientRootAccess' BackupPolicy:
Principal: Status: ENABLED
AWS: '*' PerformanceMode: maxIO
Encrypted: false
MountTargetResource1:
Type: AWS::EFS::MountTarget FileSystemPolicy:
Properties: Version: '2012-10-17'
FileSystemId: !Ref EfsFileStorage Statement:
SubnetId: !Ref PublicSubnetOne - Effect: 'Allow'
SecurityGroups: Action:
- !Ref EFSServerSecurityGroup - 'elasticfilesystem:ClientMount'
- 'elasticfilesystem:ClientWrite'
MountTargetResource2: - 'elasticfilesystem:ClientRootAccess'
Type: AWS::EFS::MountTarget Principal:
Properties: AWS: '*'
FileSystemId: !Ref EfsFileStorage
SubnetId: !Ref PublicSubnetTwo MountTargetResource1:
SecurityGroups: Type: AWS::EFS::MountTarget
- !Ref EFSServerSecurityGroup Properties:
FileSystemId: !Ref EfsFileStorage
Outputs: SubnetId: !Ref PublicSubnetOne
EfsFileStorageId: SecurityGroups:
Description: 'The connection endpoint for the database.' - !Ref EFSServerSecurityGroup
Value: !Ref EfsFileStorage
Export: MountTargetResource2:
Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId Type: AWS::EFS::MountTarget
ClusterName: Properties:
Description: The name of the ECS cluster FileSystemId: !Ref EfsFileStorage
Value: !Ref 'ECSCluster' SubnetId: !Ref PublicSubnetTwo
Export: SecurityGroups:
Name: !Sub${' ${EnvironmentName}'}:ClusterName - !Ref EFSServerSecurityGroup
AutoscalingRole:
Description: The ARN of the role used for autoscaling Outputs:
Value: !GetAtt 'AutoscalingRole.Arn' EfsFileStorageId:
Export: Description: 'The connection endpoint for the database.'
Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole Value: !Ref EfsFileStorage
ECSRole: Export:
Description: The ARN of the ECS role Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
Value: !GetAtt 'ECSRole.Arn' ClusterName:
Export: Description: The name of the ECS cluster
Name: !Sub ${'${EnvironmentName}'}:ECSRole Value: !Ref 'ECSCluster'
ECSTaskExecutionRole: Export:
Description: The ARN of the ECS role tsk execution role Name: !Sub${' ${EnvironmentName}'}:ClusterName
Value: !GetAtt 'ECSTaskExecutionRole.Arn' AutoscalingRole:
Export: Description: The ARN of the role used for autoscaling
Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole Value: !GetAtt 'AutoscalingRole.Arn'
Export:
DeleteCFNLambdaExecutionRole: Name: !Sub ${'${EnvironmentName}'}:AutoscalingRole
Description: Lambda execution role for cleaning up cloud formations ECSRole:
Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn' Description: The ARN of the ECS role
Export: Value: !GetAtt 'ECSRole.Arn'
Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole Export:
Name: !Sub ${'${EnvironmentName}'}:ECSRole
CloudWatchIAMRole: ECSTaskExecutionRole:
Description: The ARN of the CloudWatch role for subscription filter Description: The ARN of the ECS role tsk execution role
Value: !GetAtt 'CloudWatchIAMRole.Arn' Value: !GetAtt 'ECSTaskExecutionRole.Arn'
Export: Export:
Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole Name: !Sub ${'${EnvironmentName}'}:ECSTaskExecutionRole
VpcId:
Description: The ID of the VPC that this stack is deployed in DeleteCFNLambdaExecutionRole:
Value: !Ref 'VPC' Description: Lambda execution role for cleaning up cloud formations
Export: Value: !GetAtt 'DeleteCFNLambdaExecutionRole.Arn'
Name: !Sub ${'${EnvironmentName}'}:VpcId Export:
PublicSubnetOne: Name: !Sub ${'${EnvironmentName}'}:DeleteCFNLambdaExecutionRole
Description: Public subnet one
Value: !Ref 'PublicSubnetOne' CloudWatchIAMRole:
Export: Description: The ARN of the CloudWatch role for subscription filter
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne Value: !GetAtt 'CloudWatchIAMRole.Arn'
PublicSubnetTwo: Export:
Description: Public subnet two Name: !Sub ${'${EnvironmentName}'}:CloudWatchIAMRole
Value: !Ref 'PublicSubnetTwo' VpcId:
Export: Description: The ID of the VPC that this stack is deployed in
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo Value: !Ref 'VPC'
ContainerSecurityGroup: Export:
Description: A security group used to allow Fargate containers to receive traffic Name: !Sub ${'${EnvironmentName}'}:VpcId
Value: !Ref 'ContainerSecurityGroup' PublicSubnetOne:
Export: Description: Public subnet one
Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup Value: !Ref 'PublicSubnetOne'
Export:
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetOne
PublicSubnetTwo:
Description: Public subnet two
Value: !Ref 'PublicSubnetTwo'
Export:
Name: !Sub ${'${EnvironmentName}'}:PublicSubnetTwo
ContainerSecurityGroup:
Description: A security group used to allow Fargate containers to receive traffic
Value: !Ref 'ContainerSecurityGroup'
Export:
Name: !Sub ${'${EnvironmentName}'}:ContainerSecurityGroup
`; `;
} }

312
src/model/cloud-runner/providers/aws/cloud-formations/task-definition-formation.ts
View File

@ -1,160 +1,158 @@
export class TaskDefinitionFormation { export class TaskDefinitionFormation {
public static readonly formation: string = ` AWSTemplateFormatVersion: 2010-09-09 public static readonly formation: string = `AWSTemplateFormatVersion: 2010-09-09
Description: >- Description: >-
AWS Fargate cluster that can span public and private subnets. Supports public AWS Fargate cluster that can span public and private subnets. Supports public
facing load balancers, private internal load balancers, and both internal and facing load balancers, private internal load balancers, and both internal and
external service discovery namespaces. external service discovery namespaces.
Parameters: Parameters:
EnvironmentName: EnvironmentName:
Type: String Type: String
Default: development Default: development
Description: 'Your deployment environment: DEV, QA , PROD' Description: 'Your deployment environment: DEV, QA , PROD'
ServiceName: ServiceName:
Type: String Type: String
Default: example Default: example
Description: A name for the service Description: A name for the service
ImageUrl: ImageUrl:
Type: String Type: String
Default: nginx Default: nginx
Description: >- Description: >-
The url of a docker image that contains the application process that will The url of a docker image that contains the application process that will
handle the traffic for this service handle the traffic for this service
ContainerPort: ContainerPort:
Type: Number Type: Number
Default: 80 Default: 80
Description: What port number the application inside the docker container is binding to Description: What port number the application inside the docker container is binding to
ContainerCpu: ContainerCpu:
Type: Number Type: Number
Default: 1024 Default: 1024
Description: How much CPU to give the container. 1024 is 1 CPU Description: How much CPU to give the container. 1024 is 1 CPU
ContainerMemory: ContainerMemory:
Type: Number Type: Number
Default: 2048 Default: 2048
Description: How much memory in megabytes to give the container Description: How much memory in megabytes to give the container
BUILDGUID: BUILDGUID:
Type: String Type: String
Default: '' Default: ''
Command: Command:
Type: String Type: String
Default: 'ls' Default: 'ls'
EntryPoint: EntryPoint:
Type: String Type: String
Default: '/bin/sh' Default: '/bin/sh'
WorkingDirectory: WorkingDirectory:
Type: String Type: String
Default: '/efsdata/' Default: '/efsdata/'
Role: Role:
Type: String Type: String
Default: '' Default: ''
Description: >- Description: >-
(Optional) An IAM role to give the service's containers if the code within (Optional) An IAM role to give the service's containers if the code within
needs to access other AWS resources like S3 buckets, DynamoDB tables, etc needs to access other AWS resources like S3 buckets, DynamoDB tables, etc
EFSMountDirectory: EFSMountDirectory:
Type: String Type: String
Default: '/efsdata' Default: '/efsdata'
# template secrets p1 - input # template secrets p1 - input
Mappings: Mappings:
SubnetConfig: SubnetConfig:
VPC: VPC:
CIDR: 10.0.0.0/16 CIDR: 10.0.0.0/16
PublicOne: PublicOne:
CIDR: 10.0.0.0/24 CIDR: 10.0.0.0/24
PublicTwo: PublicTwo:
CIDR: 10.0.1.0/24 CIDR: 10.0.1.0/24
Conditions: Conditions:
HasCustomRole: !Not HasCustomRole: !Not
- !Equals - !Equals
- Ref: Role - Ref: Role
- '' - ''
Resources: Resources:
LogGroup: LogGroup:
Type: 'AWS::Logs::LogGroup' Type: 'AWS::Logs::LogGroup'
Properties: Properties:
LogGroupName: !Ref ServiceName LogGroupName: !Ref ServiceName
Metadata: Metadata:
'AWS::CloudFormation::Designer': 'AWS::CloudFormation::Designer':
id: aece53ae-b82d-4267-bc16-ed964b05db27 id: aece53ae-b82d-4267-bc16-ed964b05db27
SubscriptionFilter: SubscriptionFilter:
Type: 'AWS::Logs::SubscriptionFilter' Type: 'AWS::Logs::SubscriptionFilter'
Properties: Properties:
FilterPattern: '' FilterPattern: ''
RoleArn: RoleArn:
'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:CloudWatchIAMRole' 'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:CloudWatchIAMRole'
LogGroupName: !Ref ServiceName LogGroupName: !Ref ServiceName
DestinationArn: DestinationArn:
'Fn::GetAtt': 'Fn::GetAtt':
- KinesisStream - KinesisStream
- Arn - Arn
Metadata: Metadata:
'AWS::CloudFormation::Designer': 'AWS::CloudFormation::Designer':
id: 7f809e91-9e5d-4678-98c1-c5085956c480 id: 7f809e91-9e5d-4678-98c1-c5085956c480
DependsOn: DependsOn:
- LogGroup - LogGroup
- KinesisStream - KinesisStream
KinesisStream: KinesisStream:
Type: 'AWS::Kinesis::Stream' Type: 'AWS::Kinesis::Stream'
Properties: Properties:
Name: !Ref ServiceName Name: !Ref ServiceName
ShardCount: 1 ShardCount: 1
Metadata: Metadata:
'AWS::CloudFormation::Designer': 'AWS::CloudFormation::Designer':
id: c6f18447-b879-4696-8873-f981b2cedd2b id: c6f18447-b879-4696-8873-f981b2cedd2b
# template secrets p2 - secret
# template secrets p2 - secret TaskDefinition:
Type: 'AWS::ECS::TaskDefinition'
TaskDefinition: Properties:
Type: 'AWS::ECS::TaskDefinition' Family: !Ref ServiceName
Properties: Cpu: !Ref ContainerCpu
Family: !Ref ServiceName Memory: !Ref ContainerMemory
Cpu: !Ref ContainerCpu NetworkMode: awsvpc
Memory: !Ref ContainerMemory Volumes:
NetworkMode: awsvpc - Name: efs-data
Volumes: EFSVolumeConfiguration:
- Name: efs-data FilesystemId:
EFSVolumeConfiguration: 'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:EfsFileStorageId'
FilesystemId: TransitEncryption: ENABLED
'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:EfsFileStorageId' RequiresCompatibilities:
TransitEncryption: ENABLED - FARGATE
RequiresCompatibilities: ExecutionRoleArn:
- FARGATE 'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:ECSTaskExecutionRole'
ExecutionRoleArn: TaskRoleArn:
'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:ECSTaskExecutionRole' 'Fn::If':
TaskRoleArn: - HasCustomRole
'Fn::If': - !Ref Role
- HasCustomRole - !Ref 'AWS::NoValue'
- !Ref Role ContainerDefinitions:
- !Ref 'AWS::NoValue' - Name: !Ref ServiceName
ContainerDefinitions: Cpu: !Ref ContainerCpu
- Name: !Ref ServiceName Memory: !Ref ContainerMemory
Cpu: !Ref ContainerCpu Image: !Ref ImageUrl
Memory: !Ref ContainerMemory EntryPoint:
Image: !Ref ImageUrl Fn::Split:
EntryPoint: - ','
Fn::Split: - !Ref EntryPoint
- ',' Command:
- !Ref EntryPoint Fn::Split:
Command: - ','
Fn::Split: - !Ref Command
- ',' WorkingDirectory: !Ref WorkingDirectory
- !Ref Command Environment:
WorkingDirectory: !Ref WorkingDirectory - Name: ALLOW_EMPTY_PASSWORD
Environment: Value: 'yes'
- Name: ALLOW_EMPTY_PASSWORD # template - env vars
Value: 'yes' MountPoints:
# template - env vars - SourceVolume: efs-data
MountPoints: ContainerPath: !Ref EFSMountDirectory
- SourceVolume: efs-data ReadOnly: false
ContainerPath: !Ref EFSMountDirectory Secrets:
ReadOnly: false # template secrets p3 - container def
Secrets: LogConfiguration:
# template secrets p3 - container def LogDriver: awslogs
LogConfiguration: Options:
LogDriver: awslogs awslogs-group: !Ref ServiceName
Options: awslogs-region: !Ref 'AWS::Region'
awslogs-group: !Ref ServiceName awslogs-stream-prefix: !Ref ServiceName
awslogs-region: !Ref 'AWS::Region' DependsOn:
awslogs-stream-prefix: !Ref ServiceName - LogGroup
DependsOn:
- LogGroup
`; `;
} }