-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathecs.yaml
156 lines (156 loc) · 4.26 KB
/
ecs.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
AWSTemplateFormatVersion: 2010-09-09
Description: AWS CloudFormation template for cAdvisor
Parameters:
ClusterName:
Type: String
ClusterSecurityGroup:
Type: String
Vpc:
Type: AWS::EC2::VPC::Id
FirstAlbSubnet:
Type: AWS::EC2::Subnet::Id
SecondAlbSubnet:
Type: AWS::EC2::Subnet::Id
ServiceName:
Type: String
Image:
Type: String
DesiredCount:
Type: Number
Default: 3
LogzioToken:
Type: String
Default: none
Resources:
ECSServiceRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${ServiceName}-ecs-service-role
Path: /
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- ecs.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole
EcsSerciceTaskRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${ServiceName}-task-role
Path: /
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
EcsServiceTaskDefinition:
Type: 'AWS::ECS::TaskDefinition'
Properties:
TaskRoleArn: !GetAtt EcsSerciceTaskRole.Arn
Family: !Sub '${ServiceName}-task-definition'
ContainerDefinitions:
- Name: !Sub '${ServiceName}-container-definition'
Image: !Ref Image
Environment:
- Name: JAVA_OPTS
Value: -Xms256m -Xmx800m
- Name: AWS_ACCOUNT_ID
Value: !Ref AWS::AccountId
- Name: LOGZIO_TOKEN
Value: !Ref LogzioToken
Essential: true
Memory: 1000
Cpu: 10
PortMappings:
- ContainerPort: 8080
HostPort: 0
EcsService:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ClusterName
Role: !Ref ECSServiceRole
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
HealthCheckGracePeriodSeconds: 60
DesiredCount: !Ref DesiredCount
TaskDefinition: !Ref EcsServiceTaskDefinition
LaunchType: EC2
LoadBalancers:
- ContainerName: !Sub '${ServiceName}-container-definition'
ContainerPort: 8080
TargetGroupArn: !Ref EcsTargetGroup
DependsOn:
- EcsAlbListener
EcsAlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref EcsAlb
Port: 80
Protocol: HTTP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref EcsTargetGroup
EcsTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
DependsOn: EcsAlb
Properties:
VpcId: !Ref Vpc
Port: 8080
Protocol: HTTP
Matcher:
HttpCode: 200
HealthCheckIntervalSeconds: 10
HealthCheckPath: /actuator/health
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: 30
EcsAlbSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub ${ServiceName}-alb
VpcId: !Ref Vpc
EcsAlb:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Subnets:
- !Ref FirstAlbSubnet
- !Ref SecondAlbSubnet
SecurityGroups:
- !Ref EcsAlbSecurityGroup
DockerSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref ClusterSecurityGroup
SourceSecurityGroupId: !Ref EcsAlbSecurityGroup
IpProtocol: tcp
FromPort: 32768
ToPort: 61000
EcsServiceSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref ClusterSecurityGroup
SourceSecurityGroupId: !Ref EcsAlbSecurityGroup
IpProtocol: tcp
FromPort: 32768
ToPort: 61000
Description: !Ref ServiceName
EcsAlbSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref EcsAlbSecurityGroup
CidrIp: 0.0.0.0/0
IpProtocol: tcp
FromPort: 80
ToPort: 80