This repository has been archived by the owner on Jan 8, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.dev.cloudformation.yml
310 lines (293 loc) · 8.93 KB
/
.dev.cloudformation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
AWSTemplateFormatVersion: '2010-09-09'
Metadata:
License: Apache-2.0
Parameters:
DBUserPassword:
Description: The password to be used by the database user
NoEcho: true
Type: String
ECRRepositoryStackName:
Description: The name of the ECRRepository cloudformation stack to associate with this service
Type: String
EcsServiceDesiredCount:
Description: The desired number of api tasks to run for the ECS service
Default: 1
Type: Number
ServicesVpcStackName:
Description: The name of the ServicesVPC cloudformation stack to associate with this service
Type: String
Resources:
ApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Subnets:
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1a
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1b
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1c
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1d
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1e
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1f
Tags:
- Key: Application
Value: Api
- Key: Name
Value: !Ref AWS::StackName
- Key: Stack
Value: !Ref AWS::StackName
Type: application
IpAddressType: dualstack
ALBHTTPListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref ALBTargetGroup
Type: forward
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 80
Protocol: HTTP
ALBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckPath: '/info/health'
HealthCheckPort: 4000
HealthCheckProtocol: HTTP
Port: 4000
Protocol: HTTP
Tags:
- Key: Application
Value: Api
- Key: Name
Value: !Ref AWS::StackName
- Key: Stack
Value: !Ref AWS::StackName
TargetType: ip
VpcId:
Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ServicesVpc
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Database instances are in this group.
SecurityGroupEgress:
- CidrIp:
Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ServicesVpc:Cidr
FromPort: -1
IpProtocol: "-1"
ToPort: -1
- CidrIpv6:
Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ServicesVpc:CidrIpv6
FromPort: -1
IpProtocol: "-1"
ToPort: -1
SecurityGroupIngress:
- CidrIp:
Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ServicesVpc:Cidr
FromPort: 5432
IpProtocol: tcp
ToPort: 5432
- CidrIpv6:
Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ServicesVpc:CidrIpv6
FromPort: 5432
IpProtocol: tcp
ToPort: 5432
Tags:
- Key: Application
Value: Api
- Key: Name
Value: !Sub ${AWS::StackName}:DB
- Key: Stack
Value: !Ref AWS::StackName
VpcId:
Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ServicesVpc
ECSCluster:
Type: AWS::ECS::Cluster
Properties: {}
ECSService:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ECSCluster
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 50
DesiredCount: !Ref EcsServiceDesiredCount
LaunchType: FARGATE
LoadBalancers:
- ContainerName: ApiService
ContainerPort: 4000
TargetGroupArn: !Ref ALBTargetGroup
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1a
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1b
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1c
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1d
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1e
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:ExternalSubnet:UsEast1f
ServiceName: !Sub ${AWS::StackName}_Api
TaskDefinition: !Ref ECSTaskDefinition
DependsOn:
- ApplicationLoadBalancer
- ALBTargetGroup
- ALBHTTPListener
- ExecutionIAMRole
- LogGroup
- RDSDBInstanceMaster
- TaskIAMRole
ECSTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Environment:
- Name: DB_HOSTNAME
Value: !GetAtt RDSDBInstanceMaster.Endpoint.Address
Image: !Join
- ':'
- - Fn::ImportValue:
!Sub ${ECRRepositoryStackName}:ECRRepository:Uri
- latest
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: !Ref AWS::Region
awslogs-group: !Ref LogGroup
awslogs-stream-prefix: api
Name: ApiService
PortMappings:
- ContainerPort: 4000
Protocol: tcp
Cpu: '512'
ExecutionRoleArn: !GetAtt ExecutionIAMRole.Arn
Family: !Ref AWS::StackName
Memory: '1GB'
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
TaskRoleArn: !GetAtt TaskIAMRole.Arn
ExecutionIAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Allow
Principal:
Service: ecs.amazonaws.com
Action:
- sts:AssumeRole
-
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Path: '/'
RoleName: !Join
- '_'
- - !Ref AWS::StackName
- ExecutionIAMRole
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Ref AWS::StackName
RetentionInDays: 1
RDSDBInstanceMaster:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: "10"
AllowMajorVersionUpgrade: true
AutoMinorVersionUpgrade: true
BackupRetentionPeriod: "7"
CopyTagsToSnapshot: true
DBInstanceClass: "db.t2.micro"
DBName: api_prod
DBSubnetGroupName: !Ref RDSDBSubnetGroup
Engine: postgres
EngineVersion: "9.6.5"
MasterUsername: postgres
MasterUserPassword: !Ref DBUserPassword
MultiAZ: false
PreferredBackupWindow: "09:00-09:30"
PreferredMaintenanceWindow: "Wed:09:30-Wed:10:00"
PubliclyAccessible: false
StorageType: gp2
Tags:
- Key: Application
Value: Api
- Key: Name
Value: !Ref AWS::StackName
- Key: Stack
Value: !Ref AWS::StackName
VPCSecurityGroups:
- !Ref DBSecurityGroup
RDSDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: An group of AZ distributed, internal VPC subnets for DB services.
SubnetIds:
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:InternalSubnet:UsEast1a
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:InternalSubnet:UsEast1b
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:InternalSubnet:UsEast1c
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:InternalSubnet:UsEast1d
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:InternalSubnet:UsEast1e
- Fn::ImportValue:
!Sub ${ServicesVpcStackName}:InternalSubnet:UsEast1f
Tags:
- Key: Application
Value: Api
- Key: Name
Value: !Ref AWS::StackName
- Key: Stack
Value: !Ref AWS::StackName
TaskIAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Allow
Principal:
Service: ecs.amazonaws.com
Action:
- sts:AssumeRole
-
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Path: '/'
RoleName: !Join
- '_'
- - !Ref AWS::StackName
- TaskIAMRole