Skip to content

Latest commit

 

History

History
1000 lines (975 loc) · 33.1 KB

README.md

File metadata and controls

1000 lines (975 loc) · 33.1 KB

cfn-modules: Fargate service

Fargate service.

📚 Check out our new book Rapid Docker on AWS

  • Written for DevOps engineers and web developers who want to run dockerized web applications on AWS.
  • Prior knowledge of Docker and AWS is not required.
  • Continuous Deployment of your Web Application and Infrastructure as Code.

Install

Install Node.js and npm first!

npm i @cfn-modules/fargate-service

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Service:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
        ClusterModule: !GetAtt 'Cluster.Outputs.StackName' # optional
        TargetModule: '' # optional
        FileSystemModule1: '' # optional
        AlertingModule: '' # optional
        ClientSgModule1: '' # optional
        ClientSgModule2: '' # optional
        ClientSgModule3: '' # optional
        ManagedPolicyArns: '' # optional
        ProxyImage: '' # optional
        ProxyImageSecretModule '' # optional
        ProxyPort: '8000' # optional
        ProxyEnvironment1Key: '' # optional
        ProxyEnvironment1Value: '' # optional
        ProxyEnvironment1SecretModule: '' # optional
        ProxyEnvironment2Key: '' # optional
        ProxyEnvironment2Value: '' # optional
        ProxyEnvironment2SecretModule: '' # optional
        ProxyEnvironment3Key: '' # optional
        ProxyEnvironment3Value: '' # optional
        ProxyEnvironment3SecretModule: '' # optional
        ProxyEnvironment4Key: '' # optional
        ProxyEnvironment4Value: '' # optional
        ProxyEnvironment4SecretModule: '' # optional
        ProxyEnvironment5Key: '' # optional
        ProxyEnvironment5Value: '' # optional
        ProxyEnvironment5SecretModule: '' # optional
        AppImage: 'widdix/hello:v1' # optional
        AppImageSecretModule '' # optional
        AppPort: '80' # optional
        AppEnvironment1Key: '' # optional
        AppEnvironment1Value: '' # optional
        AppEnvironment1SecretModule: '' # optional
        AppEnvironment2Key: '' # optional
        AppEnvironment2Value: '' # optional
        AppEnvironment2SecretModule: '' # optional
        AppEnvironment3Key: '' # optional
        AppEnvironment3Value: '' # optional
        AppEnvironment3SecretModule: '' # optional
        AppEnvironment4Key: '' # optional
        AppEnvironment4Value: '' # optional
        AppEnvironment4SecretModule: '' # optional
        AppEnvironment5Key: '' # optional
        AppEnvironment5Value: '' # optional
        AppEnvironment5SecretModule: '' # optional
        AppEnvironment6Key: '' # optional
        AppEnvironment6Value: '' # optional
        AppEnvironment7Key: '' # optional
        AppEnvironment7Value: '' # optional
        AppEnvironment8Key: '' # optional
        AppEnvironment8Value: '' # optional
        AppEnvironment9Key: '' # optional
        AppEnvironment9Value: '' # optional
        AppEnvironment10Key: '' # optional
        AppEnvironment10Value: '' # optional
        AppEnvironment10Key: '' # optional
        AppEnvironment10Value: '' # optional
        AppEnvironment11Key: '' # optional
        AppEnvironment11Value: '' # optional
        AppEnvironment12Key: '' # optional
        AppEnvironment12Value: '' # optional
        AppEnvironment13Key: '' # optional
        AppEnvironment13Value: '' # optional
        AppEnvironment14Key: '' # optional
        AppEnvironment14Value: '' # optional
        AppEnvironment15Key: '' # optional
        AppEnvironment15Value: '' # optional
        AppEnvironment16Key: '' # optional
        AppEnvironment16Value: '' # optional
        AppEnvironment17Key: '' # optional
        AppEnvironment17Value: '' # optional
        AppEnvironment18Key: '' # optional
        AppEnvironment18Value: '' # optional
        AppEnvironment19Key: '' # optional
        AppEnvironment19Value: '' # optional
        AppEnvironment20Key: '' # optional
        AppEnvironment20Value: '' # optional
        SidecarImage: '' # optional
        SidecarImageSecretModule '' # optional
        SidecarPort: '9000' # optional
        SidecarProtocol: 'tcp' # optional
        SidecarEnvironment1Key: '' # optional
        SidecarEnvironment1Value: '' # optional
        SidecarEnvironment1SecretModule: '' # optional
        SidecarEnvironment2Key: '' # optional
        SidecarEnvironment2Value: '' # optional
        SidecarEnvironment2SecretModule: '' # optional
        SidecarEnvironment3Key: '' # optional
        SidecarEnvironment3Value: '' # optional
        SidecarEnvironment3SecretModule: '' # optional
        SidecarEnvironment4Key: '' # optional
        SidecarEnvironment4Value: '' # optional
        SidecarEnvironment4SecretModule: '' # optional
        SidecarEnvironment5Key: '' # optional
        SidecarEnvironment5Value: '' # optional
        SidecarEnvironment5SecretModule: '' # optional
        Cpu: '0.25' # optional
        Memory: '0.5' # optional
        DesiredCount: '2' # optional
        MaxCapacity: '4' # optional
        MinCapacity: '2' # optional
        LogsRetentionInDays: '14' # optional
        SubnetsReach: 'Public' # optional
        AutoScaling: 'true' # optional
        HealthCheckGracePeriodSeconds: '60' # optional
        Spot: 'false' # optional
        CpuArchitecture: 'X86_64' # optional
        OperatingSystemFamily: 'LINUX' # optional
        ExecuteCommand: 'false' # optional
      TemplateURL: './node_modules/@cfn-modules/fargate-service/module.yml'

Examples

Related modules

Parameters

Name Description Default Required? Allowed values
VpcModule Stack name of vpc module yes
ClusterModule Stack name of ecs-cluster module (if empty, an ECS cluster is created) no
TargetModule Stack name of module implementing Target no
FileSystemModule1 Stack name of efs-file-system module mounted to /mnt/efs1 no
AlertingModule Stack name of alerting module no
ClientSgModule1 Stack name of client-sg module to mark traffic from Fargate task no
ClientSgModule2 Stack name of client-sg module to mark traffic from Fargate task no
ClientSgModule3 Stack name of client-sg module to mark traffic from Fargate task no
ManagedPolicyArns Comma-delimited list of IAM managed policy ARNs to attach to the task's IAM role no
ProxyImage Docker image to use for the proxy container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set ProxyyImageSecretModule as well! no
ProxyImageSecretModule Stack name of secret module which contains the repository credentials for private registry authentication no
ProxyPort The port exposed by the proxy container that receives traffic from the load balancer (ProxyPort != AppPort != SidecarPort; ignored if ProxyImage and/or TargetModule are/is not set) 8000 no
ProxyEnvironment1Key Environment variable 1 key for proxy container no
ProxyEnvironment1Value Environment variable 1 plain-text value for proxy container (if ProxyEnvironment1Key is set, set either ProxyEnvironment1Value or ProxyEnvironment1SecretModule) no
ProxyEnvironment1SecretModule Environment variable 1 stack name of secret module for proxy container (if ProxyEnvironment1Key is set, set either ProxyEnvironment1Value or ProxyEnvironment1SecretModule) no
ProxyEnvironment2Key Environment variable 2 key for proxy container no
ProxyEnvironment2Value Environment variable 2 plain-text value for proxy container (if ProxyEnvironment2Key is set, set either ProxyEnvironment2Value or ProxyEnvironment2SecretModule) no
ProxyEnvironment2SecretModule Environment variable 2 stack name of secret module for proxy container (if ProxyEnvironment2Key is set, set either ProxyEnvironment2Value or ProxyEnvironment2SecretModule) no
ProxyEnvironment3Key Environment variable 3 key for proxy container no
ProxyEnvironment3Value Environment variable 3 plain-text value for proxy container (if ProxyEnvironment3Key is set, set either ProxyEnvironment3Value or ProxyEnvironment3SecretModule) no
ProxyEnvironment3SecretModule Environment variable 3 stack name of secret module for proxy container (if ProxyEnvironment3Key is set, set either ProxyEnvironment3Value or ProxyEnvironment3SecretModule) no
ProxyEnvironment4Key Environment variable 4 key for proxy container no
ProxyEnvironment4Value Environment variable 4 plain-text value for proxy container (if ProxyEnvironment4Key is set, set either ProxyEnvironment4Value or ProxyEnvironment4SecretModule) no
ProxyEnvironment4SecretModule Environment variable 4 stack name of secret module for proxy container (if ProxyEnvironment4Key is set, set either ProxyEnvironment4Value or ProxyEnvironment4SecretModule) no
ProxyEnvironment5Key Environment variable 5 key for proxy container no
ProxyEnvironment5Value Environment variable 5 plain-text value for proxy container (if ProxyEnvironment5Key is set, set either ProxyEnvironment5Value or ProxyEnvironment5SecretModule) no
ProxyEnvironment5SecretModule Environment variable 5 stack name of secret module for proxy container (if ProxyEnvironment5Key is set, set either ProxyEnvironment5Value or ProxyEnvironment5SecretModule) no
AppImage The Docker image to use for the app container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set AppImageSecretModule as well! widdix/hello:v1 no
AppImageSecretModule Stack name of secret module which contains the repository credentials for private registry authentication no
AppPort The port exposed by the app container that receives traffic from the load balancer or the proxy container (AppPort != ProxyPort != SidecarPort; ignored if TargetModule is not set) 80 no
AppEnvironment1Key Environment variable 1 key for app container no
AppEnvironment1Value Environment variable 1 plain-text value for app container (if AppEnvironment1Key is set, set either AppEnvironment1Value or AppEnvironment1SecretModule) no
AppEnvironment1SecretModule Environment variable 1 stack name of secret module for app container (if AppEnvironment1Key is set, set either AppEnvironment1Value or AppEnvironment1SecretModule) no
AppEnvironment2Key Environment variable 2 key for app container no
AppEnvironment2Value Environment variable 2 plain-text value for app container (if AppEnvironment2Key is set, set either AppEnvironment2Value or AppEnvironment2SecretModule) no
AppEnvironment2SecretModule Environment variable 2 stack name of secret module for app container (if AppEnvironment2Key is set, set either AppEnvironment2Value or AppEnvironment2SecretModule) no
AppEnvironment3Key Environment variable 3 key for app container no
AppEnvironment3Value Environment variable 3 plain-text value for app container (if AppEnvironment3Key is set, set either AppEnvironment3Value or AppEnvironment3SecretModule) no
AppEnvironment3SecretModule Environment variable 3 stack name of secret module for app container (if AppEnvironment3Key is set, set either AppEnvironment3Value or AppEnvironment3SecretModule) no
AppEnvironment4Key Environment variable 4 key for app container no
AppEnvironment4Value Environment variable 4 plain-text value for app container (if AppEnvironment4Key is set, set either AppEnvironment4Value or AppEnvironment4SecretModule) no
AppEnvironment4SecretModule Environment variable 4 stack name of secret module for app container (if AppEnvironment4Key is set, set either AppEnvironment4Value or AppEnvironment4SecretModule) no
AppEnvironment5Key Environment variable 5 key for app container no
AppEnvironment5Value Environment variable 5 plain-text value for app container (if AppEnvironment5Key is set, set either AppEnvironment5Value or AppEnvironment5SecretModule) no
AppEnvironment5SecretModule Environment variable 5 stack name of secret module for app container (if AppEnvironment5Key is set, set either AppEnvironment5Value or AppEnvironment5SecretModule) no
AppEnvironment6Key Environment variable 6 key for app container no
AppEnvironment6Value Environment variable 6 plain-text value for app container no
AppEnvironment7Key Environment variable 7 key for app container no
AppEnvironment7Value Environment variable 7 plain-text value for app container no
AppEnvironment8Key Environment variable 8 key for app container no
AppEnvironment8Value Environment variable 8 plain-text value for app container no
AppEnvironment9Key Environment variable 9 key for app container no
AppEnvironment9Value Environment variable 9 plain-text value for app container no
AppEnvironment10Key Environment variable 10 key for app container no
AppEnvironment10Value Environment variable 10 plain-text value for app container no
AppEnvironment11Key Environment variable 11 key for app container no
AppEnvironment11Value Environment variable 11 plain-text value for app container no
AppEnvironment12Key Environment variable 12 key for app container no
AppEnvironment12Value Environment variable 12 plain-text value for app container no
AppEnvironment13Key Environment variable 13 key for app container no
AppEnvironment13Value Environment variable 13 plain-text value for app container no
AppEnvironment14Key Environment variable 14 key for app container no
AppEnvironment14Value Environment variable 14 plain-text value for app container no
AppEnvironment15Key Environment variable 15 key for app container no
AppEnvironment15Value Environment variable 15 plain-text value for app container no
AppEnvironment16Key Environment variable 16 key for app container no
AppEnvironment16Value Environment variable 16 plain-text value for app container no
AppEnvironment17Key Environment variable 17 key for app container no
AppEnvironment17Value Environment variable 17 plain-text value for app container no
AppEnvironment18Key Environment variable 18 key for app container no
AppEnvironment18Value Environment variable 18 plain-text value for app container no
AppEnvironment19Key Environment variable 19 key for app container no
AppEnvironment19Value Environment variable 19 plain-text value for app container no
AppEnvironment20Key Environment variable 20 key for app container no
AppEnvironment20Value Environment variable 20 plain-text value for app container no
SidecarImage Docker image to use for the sidecar container. You can use images in the Docker Hub registry or specify other repositories (repository-url/image:tag). If the repository is private, set SidecarImageSecretModule as well! no
SidecarImageSecretModule Stack name of secret module which contains the repository credentials for private registry authentication no
SidecarPort The port exposed by the sidecar container reachable from the app container on host localhost (SidecarPort != ProxyPort != AppPort) 9000 no
SidecarProtocol The protocol used by the sidecar container reachable from the app container on host localhost. tcp no [tcp, udp]
SidecarEnvironment1Key Environment variable 1 key for sidecar container no
SidecarEnvironment1Value Environment variable 1 plain-text value for sidecar container (if SidecarEnvironment1Key is set, set either SidecarEnvironment1Value or SidecarEnvironment1SecretModule) no
SidecarEnvironment1SecretModule Environment variable 1 stack name of secret module for sidecar container (if SidecarEnvironment1Key is set, set either SidecarEnvironment1Value or SidecarEnvironment1SecretModule) no
SidecarEnvironment2Key Environment variable 2 key for sidecar container no
SidecarEnvironment2Value Environment variable 2 plain-text value for sidecar container (if SidecarEnvironment2Key is set, set either SidecarEnvironment2Value or SidecarEnvironment2SecretModule) no
SidecarEnvironment2SecretModule Environment variable 2 stack name of secret module for sidecar container (if SidecarEnvironment2Key is set, set either SidecarEnvironment2Value or SidecarEnvironment2SecretModule) no
SidecarEnvironment3Key Environment variable 3 key for sidecar container no
SidecarEnvironment3Value Environment variable 3 plain-text value for sidecar container (if SidecarEnvironment3Key is set, set either SidecarEnvironment3Value or SidecarEnvironment3SecretModule) no
SidecarEnvironment3SecretModule Environment variable 3 stack name of secret module for sidecar container (if SidecarEnvironment3Key is set, set either SidecarEnvironment3Value or SidecarEnvironment3SecretModule) no
SidecarEnvironment4Key Environment variable 4 key for sidecar container no
SidecarEnvironment4Value Environment variable 4 plain-text value for sidecar container (if SidecarEnvironment4Key is set, set either SidecarEnvironment4Value or SidecarEnvironment4SecretModule) no
SidecarEnvironment4SecretModule Environment variable 4 stack name of secret module for sidecar container (if SidecarEnvironment4Key is set, set either SidecarEnvironment4Value or SidecarEnvironment4SecretModule) no
SidecarEnvironment5Key Environment variable 5 key for sidecar container no
SidecarEnvironment5Value Environment variable 5 plain-text value for sidecar container (if SidecarEnvironment5Key is set, set either SidecarEnvironment5Value or SidecarEnvironment5SecretModule) no
SidecarEnvironment5SecretModule Environment variable 5 stack name of secret module for sidecar container (if SidecarEnvironment5Key is set, set either SidecarEnvironment5Value or SidecarEnvironment5SecretModule) no
Cpu The minimum number of vCPUs to reserve for the container 0.25 no [0.25, 0.5, 1, 2, 4]
Memory The amount (in GB) of memory used by the task 0.5 no [0.5, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30]
DesiredCount The number of simultaneous tasks, that you want to run on the cluster 2 no 1-N
MaxCapacity The maximum number of simultaneous tasks, that you want to run on the cluster 4 no 1-N
MinCapacity The minimum number of simultaneous tasks, that you want to run on the cluster 2 no 1-N
LogsRetentionInDays Specifies the number of days you want to retain log events in the specified log group 14 no [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653]
SubnetsReach Should the service have direct access to the Internet or do you prefer private subnets with NAT? Public no [Public, Private]
AutoScaling Scale number of tasks based on CPU load? true no [true, false]
HealthCheckGracePeriodSeconds The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started (ignored if TargetModule is not set) 60 no 0-1800
Spot Run workload on spot capacity? false no [true, false]
CpuArchitecture The CPU architecture of the container. X86_64 no [X86_64, ARM64]
OperatingSystemFamily The operating system family of the container. LINUX no [LINUX, WINDOWS_SERVER_2004_CORE, WINDOWS_SERVER_2016_FULL, WINDOWS_SERVER_2019_CORE, WINDOWS_SERVER_2019_FULL, WINDOWS_SERVER_2022_CORE, WINDOWS_SERVER_2022_FULL, WINDOWS_SERVER_20H2_CORE]
ExecuteCommand Enable or disable ECS execute command false no [false, true]

Outputs

Name Interface Description Exported?
ModuleId global Id of the module no
ModuleVersion global Version of the module no
StackName global Name of the stack (used to pass module references) no
TaskRoleArn IAM Role ARN of task yes

Private repositories

To fetch Docker images from private repositories, you have to provide the repository credentials via AWS Secrets Manager. Go to AWS Secrets Manager and create a new secret of type other type) with the plaintext value:

{
  "username": "DOCKERHUB_USERNAME",
  "password": "DOCKERHUB_PASSWORD"
}

Use the secret module wrapper to use the secret within cfn-modules.

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Secret:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        Arn: 'arn:aws:secretsmanager:eu-west-1:111111111111:secret:name/of/secret' # TODO replace with your secret ARN
      TemplateURL: './node_modules/@cfn-modules/secret/wrapper.yml'

The following image prameters support a secret:

Parameter Secret
 ProxyImage ProxyImageSecretModule
AppImage AppImageSecretModule
SidecarImage SidecarImageSecretModule

Migration Guides

Migrate to v2

  • Rename AmbassadorImage to ProxyImage.
  • Rename AmbassadorPort to ProxyPort.
  • Rename AmbassadorEnvironment1Key to ProxyEnvironment1Key.
  • Rename AmbassadorEnvironment1Value to ProxyEnvironment1Value.
  • Rename AmbassadorEnvironment2Key to ProxyEnvironment2Key.
  • Rename AmbassadorEnvironment2Value to ProxyEnvironment2Value.
  • Rename AmbassadorEnvironment3Key to ProxyEnvironment3Key.
  • Rename AmbassadorEnvironment3Value to ProxyEnvironment3Value.