-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathecs-1.yml
133 lines (132 loc) · 3.85 KB
/
ecs-1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Subnet1ID:
Type: String
Subnet2ID:
Type: String
VPCID:
Type: String
DomainName:
Type: String
Resources:
ACMCertificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Sub "api.${DomainName}"
DomainValidationOptions:
- DomainName: !Sub "api.${DomainName}"
ValidationDomain: !Sub "api.${DomainName}"
ValidationMethod: DNS
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: aws-ecs-smartup-api
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: aws-ecs-smartup-api-group
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: aws-ecs-smartup-api-role
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
TaskRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Policies:
- PolicyDocument:
Statement:
Action:
- ses:SendEmail
Effect: Allow
Resource: '*'
PolicyName: send-mail
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: ContainerSecurityGroup
GroupDescription: Security group for container
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: aws-ecs-smartup-task
Cpu: 256
Memory: 512
NetworkMode: awsvpc
ExecutionRoleArn: !Ref ExecutionRole
TaskRoleArn: !Ref TaskRole
ContainerDefinitions:
- Name: aws-ecs-smartup-container
Image: nginx:1.17.7
PortMappings:
- ContainerPort: 80
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: !Ref AWS::Region
awslogs-group: !Ref LogGroup
awslogs-stream-prefix: ecs
RequiresCompatibilities:
- FARGATE
Service:
Type: AWS::ECS::Service
Properties:
ServiceName: aws-ecs-smartup-svc
Cluster: !Ref Cluster
TaskDefinition: !Ref TaskDefinition
DesiredCount: 1
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- !Ref Subnet1ID
- !Ref Subnet2ID
SecurityGroups:
- !GetAtt ContainerSecurityGroup.GroupId
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: LoadBalancerSecurityGroup
GroupDescription: Security group for load balancer
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: aws-ecs-smartup-api-alb
Subnets:
- !Ref Subnet1ID
- !Ref Subnet2ID
SecurityGroups:
- !GetAtt LoadBalancerSecurityGroup.GroupId
# aws cloudformation create-stack --stack-name aws-ecs-smartup-api --template-body file://./ecs-1.yml --capabilities CAPABILITY_NAMED_IAM \
# --parameters ParameterKey=VPCID,ParameterValue=YOUR_VPC_ID \
# ParameterKey=Subnet1ID,ParameterValue=YOUR_SUBNET_1_ID \
# ParameterKey=Subnet2ID,ParameterValue=YOUR_SUBNET_2_ID \
# ParameterKey=DomainName,ParameterValue=YOUR_DOMAIN_NAME.com