274 lines
		
	
	
		
			7.6 KiB
		
	
	
	
		
			YAML
		
	
	
			
		
		
	
	
			274 lines
		
	
	
		
			7.6 KiB
		
	
	
	
		
			YAML
		
	
	
| AWSTemplateFormatVersion: 2010-09-09
 | |
| Description: >-
 | |
|   AWS Fargate cluster that can span public and private subnets. Supports public
 | |
|   facing load balancers, private internal load balancers, and both internal and
 | |
|   external service discovery namespaces.  
 | |
| Parameters:
 | |
|   EnvironmentName:
 | |
|     Type: String
 | |
|     Default: development
 | |
|     Description: 'Your deployment environment: DEV, QA , PROD'
 | |
|   ServiceName:
 | |
|     Type: String
 | |
|     Default: example
 | |
|     Description: A name for the service
 | |
|   ImageUrl:
 | |
|     Type: String
 | |
|     Default: nginx
 | |
|     Description: >-
 | |
|       The url of a docker image that contains the application process that will
 | |
|       handle the traffic for this service      
 | |
|   ContainerPort:
 | |
|     Type: Number
 | |
|     Default: 80
 | |
|     Description: What port number the application inside the docker container is binding to
 | |
|   ContainerCpu:
 | |
|     Type: Number
 | |
|     Default: 256
 | |
|     Description: How much CPU to give the container. 1024 is 1 CPU
 | |
|   ContainerMemory:
 | |
|     Type: Number
 | |
|     Default: 512
 | |
|     Description: How much memory in megabytes to give the container
 | |
|   Command:
 | |
|     Type: String
 | |
|     Default: 'ls'
 | |
|   EntryPoint:
 | |
|     Type: String
 | |
|     Default: '/bin/sh'
 | |
|   WorkingDirectory:
 | |
|     Type: String
 | |
|     Default: '/efsdata/'
 | |
|   Role:
 | |
|     Type: String
 | |
|     Default: ''
 | |
|     Description: >-
 | |
|       (Optional) An IAM role to give the service's containers if the code within
 | |
|       needs to access other AWS resources like S3 buckets, DynamoDB tables, etc      
 | |
|   EFSMountDirectory:
 | |
|     Type: String
 | |
|     Default: '/efsdata'
 | |
|   GithubToken:
 | |
|     Type: String
 | |
|     Default: 'Secret'
 | |
|   UnityLicense:
 | |
|     Type: String
 | |
|     Default: 'Secret'
 | |
|   AndroidKeystoreBase64:
 | |
|     Type: String
 | |
|     Default: 'Secret'
 | |
|   AndroidKeystorePass:
 | |
|     Type: String
 | |
|     Default: 'Secret'
 | |
|   AndroidKeyAliasPass:
 | |
|     Type: String
 | |
|     Default: ''
 | |
| Mappings:
 | |
|   SubnetConfig:
 | |
|     VPC:
 | |
|       CIDR: 10.0.0.0/16
 | |
|     PublicOne:
 | |
|       CIDR: 10.0.0.0/24
 | |
|     PublicTwo:
 | |
|       CIDR: 10.0.1.0/24
 | |
| Conditions:
 | |
|   HasCustomRole: !Not
 | |
|     - !Equals
 | |
|       - Ref: Role
 | |
|       - ''
 | |
| Resources:
 | |
|   LogGroup:
 | |
|     Type: 'AWS::Logs::LogGroup'
 | |
|     Properties:
 | |
|       LogGroupName: !Ref ServiceName
 | |
|     Metadata:
 | |
|       'AWS::CloudFormation::Designer':
 | |
|         id: aece53ae-b82d-4267-bc16-ed964b05db27
 | |
|   SubscriptionFilter:
 | |
|     Type: 'AWS::Logs::SubscriptionFilter'
 | |
|     Properties:
 | |
|       FilterPattern: ''
 | |
|       RoleArn:
 | |
|         'Fn::ImportValue': !Sub '${EnvironmentName}:CloudWatchIAMRole'
 | |
|       LogGroupName: !Ref ServiceName
 | |
|       DestinationArn:
 | |
|         'Fn::GetAtt':
 | |
|           - KinesisStream
 | |
|           - Arn
 | |
|     Metadata:
 | |
|       'AWS::CloudFormation::Designer':
 | |
|         id: 7f809e91-9e5d-4678-98c1-c5085956c480
 | |
|     DependsOn:
 | |
|       - LogGroup
 | |
|       - KinesisStream
 | |
|   KinesisStream:
 | |
|     Type: 'AWS::Kinesis::Stream'
 | |
|     Properties:
 | |
|       Name: !Ref ServiceName
 | |
|       ShardCount: 1
 | |
|     Metadata:
 | |
|       'AWS::CloudFormation::Designer':
 | |
|         id: c6f18447-b879-4696-8873-f981b2cedd2b
 | |
|   GithubTokenSecret:
 | |
|     Type: AWS::SecretsManager::Secret
 | |
|     Properties: 
 | |
|       Name: GithubToken
 | |
|       SecretString: !Ref GithubToken
 | |
|   UnityLicenseSecret:
 | |
|     Type: AWS::SecretsManager::Secret
 | |
|     Properties: 
 | |
|       Name: UnityLicense
 | |
|       SecretString: !Ref UnityLicense
 | |
|   AndroidKeystoreBase64Secret:
 | |
|     Type: AWS::SecretsManager::Secret
 | |
|     Properties: 
 | |
|       Name: AndroidKeystoreBase64
 | |
|       SecretString: !Ref AndroidKeystoreBase64
 | |
|   AndroidKeystorePassSecret:
 | |
|     Type: AWS::SecretsManager::Secret
 | |
|     Properties: 
 | |
|       Name: AndroidKeystorePass
 | |
|       SecretString: !Ref AndroidKeystorePass
 | |
|   AndroidKeyAliasPassSecret:
 | |
|     Type: AWS::SecretsManager::Secret
 | |
|     Properties: 
 | |
|       Name: AndroidKeyAliasPass
 | |
|       SecretString: !Ref AndroidKeyAliasPass
 | |
|   TaskDefinition:
 | |
|     Type: 'AWS::ECS::TaskDefinition'
 | |
|     Properties:
 | |
|       Family: !Ref ServiceName
 | |
|       Cpu: !Ref ContainerCpu
 | |
|       Memory: !Ref ContainerMemory
 | |
|       NetworkMode: awsvpc
 | |
|       Volumes:
 | |
|         - Name: efs-data
 | |
|           EFSVolumeConfiguration:
 | |
|             FilesystemId:
 | |
|               'Fn::ImportValue': !Sub '${EnvironmentName}:EfsFileStorageId'
 | |
|             TransitEncryption: ENABLED
 | |
|       RequiresCompatibilities:
 | |
|         - FARGATE
 | |
|       ExecutionRoleArn:
 | |
|         'Fn::ImportValue': !Sub '${EnvironmentName}:ECSTaskExecutionRole'
 | |
|       TaskRoleArn:
 | |
|         'Fn::If':
 | |
|           - HasCustomRole
 | |
|           - !Ref Role
 | |
|           - !Ref 'AWS::NoValue'
 | |
|       ContainerDefinitions:
 | |
|         - Name: !Ref ServiceName
 | |
|           Cpu: !Ref ContainerCpu
 | |
|           Memory: !Ref ContainerMemory
 | |
|           Image: !Ref ImageUrl
 | |
|           EntryPoint:
 | |
|             Fn::Split:
 | |
|                 - ","
 | |
|                 - !Ref EntryPoint
 | |
|           Command:
 | |
|             Fn::Split:
 | |
|                 - ","
 | |
|                 - !Ref Command
 | |
|           WorkingDirectory: !Ref WorkingDirectory
 | |
|           Environment:
 | |
|             - Name: ALLOW_EMPTY_PASSWORD
 | |
|               Value: 'yes'
 | |
|           MountPoints:
 | |
|             - SourceVolume: efs-data
 | |
|               ContainerPath: !Ref EFSMountDirectory
 | |
|               ReadOnly: false
 | |
|           Secrets:
 | |
|             - Name: GITHUB_TOKEN
 | |
|               ValueFrom: !Ref GitHubTokenSecret
 | |
|             - Name: UNITY_LICENSE
 | |
|               ValueFrom: !Ref UnityLicenseSecret
 | |
|             - Name: ANDROID_KEYSTORE_BASE64
 | |
|               ValueFrom: !Ref AndroidKeystoreBase64Secret
 | |
|             - Name: ANDROID_KEYSTORE_PASS
 | |
|               ValueFrom: !Ref AndroidKeystorePassSecret
 | |
|             - Name: ANDROID_KEYALIAS_PASS
 | |
|               ValueFrom: !Ref AndroidKeyAliasPassSecret
 | |
|           LogConfiguration:
 | |
|             LogDriver: awslogs
 | |
|             SecretOptions:
 | |
|               - Name: GITHUB_TOKEN
 | |
|                 ValueFrom: !Ref GitHubTokenSecret
 | |
|               - Name: UNITY_LICENSE
 | |
|                 ValueFrom: !Ref UnityLicenseSecret
 | |
|               - Name: !Ref ANDROID_KEYSTORE_BASE64
 | |
|                 ValueFrom: !Ref AndroidKeystoreBase64Secret
 | |
|               - Name: ANDROID_KEYSTORE_PASS
 | |
|                 ValueFrom: !Ref AndroidKeystorePassSecret
 | |
|               - Name: ANDROID_KEYALIAS_PASS
 | |
|                 ValueFrom: !Ref AndroidKeyAliasPassSecret
 | |
|             Options:
 | |
|               awslogs-group: !Ref ServiceName
 | |
|               awslogs-region: !Ref 'AWS::Region'
 | |
|               awslogs-stream-prefix: !Ref ServiceName
 | |
|     Metadata:
 | |
|       'AWS::CloudFormation::Designer':
 | |
|         id: dabb0116-abe0-48a6-a8af-cf9111c879a5
 | |
|     DependsOn:
 | |
|       - LogGroup
 | |
| Metadata:
 | |
|   'AWS::CloudFormation::Designer':
 | |
|     dabb0116-abe0-48a6-a8af-cf9111c879a5:
 | |
|       size:
 | |
|         width: 60
 | |
|         height: 60
 | |
|       position:
 | |
|         x: 270
 | |
|         'y': 90
 | |
|       z: 1
 | |
|       embeds: []
 | |
|       dependson:
 | |
|         - aece53ae-b82d-4267-bc16-ed964b05db27
 | |
|     c6f18447-b879-4696-8873-f981b2cedd2b:
 | |
|       size:
 | |
|         width: 60
 | |
|         height: 60
 | |
|       position:
 | |
|         x: 270
 | |
|         'y': 210
 | |
|       z: 1
 | |
|       embeds: []
 | |
|     7f809e91-9e5d-4678-98c1-c5085956c480:
 | |
|       size:
 | |
|         width: 60
 | |
|         height: 60
 | |
|       position:
 | |
|         x: 60
 | |
|         'y': 300
 | |
|       z: 1
 | |
|       embeds: []
 | |
|       dependson:
 | |
|         - aece53ae-b82d-4267-bc16-ed964b05db27
 | |
|         - c6f18447-b879-4696-8873-f981b2cedd2b
 | |
|     aece53ae-b82d-4267-bc16-ed964b05db27:
 | |
|       size:
 | |
|         width: 150
 | |
|         height: 150
 | |
|       position:
 | |
|         x: 60
 | |
|         'y': 90
 | |
|       z: 1
 | |
|       embeds: []
 | |
|     4d2da56c-3643-46b8-aaee-e46e19f95fcc:
 | |
|       source:
 | |
|         id: 7f809e91-9e5d-4678-98c1-c5085956c480
 | |
|       target:
 | |
|         id: aece53ae-b82d-4267-bc16-ed964b05db27
 | |
|       z: 11
 | |
|     14eb957b-f094-4653-93c4-77b2f851953c:
 | |
|       source:
 | |
|         id: 7f809e91-9e5d-4678-98c1-c5085956c480
 | |
|       target:
 | |
|         id: c6f18447-b879-4696-8873-f981b2cedd2b
 | |
|       z: 12
 | |
|     85c57444-e5bb-4230-bc85-e545cd4558f6:
 | |
|       source:
 | |
|         id: dabb0116-abe0-48a6-a8af-cf9111c879a5
 | |
|       target:
 | |
|         id: aece53ae-b82d-4267-bc16-ed964b05db27
 | |
|       z: 13
 |