-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathECS-ALB.yaml
166 lines (156 loc) · 4.83 KB
/
ECS-ALB.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
AWSTemplateFormatVersion: 2010-09-09
Description: AWS CloudFormation template to create an ECS Cluster, Task Definition, Service, Task with nginx image in private subnet,
ALB, Security Groups.(Dependency Network.yaml)
Parameters:
ECSClusterName:
Type: String
Description: Name of the ECS Cluster
Default: demo-ecs-cluster
Resources:
# Creating Access Role for ECS-Tasks
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: ECS-Task-ExecutionRole
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
# Creating ECS Cluster
MyECSCluster:
Type: 'AWS::ECS::Cluster'
Properties:
ClusterName: !Ref ECSClusterName
CapacityProviders:
- FARGATE
- FARGATE_SPOT
ClusterSettings:
- Name: containerInsights
Value: disabled
Configuration:
ExecuteCommandConfiguration:
Logging: DEFAULT
ServiceConnectDefaults:
Namespace: !Ref ECSClusterName
# Creating ECS Task definition
MyTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: demo-task-definition
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
ExecutionRoleArn: !Ref ExecutionRole
# TaskRoleArn: <your-task-role-arn>
ContainerDefinitions:
- Name: my-container
Image: 'nginx:latest'
PortMappings:
- ContainerPort: 80
Protocol: tcp
AppProtocol: http
HostPort: 80
RuntimePlatform:
CpuArchitecture: X86_64
OperatingSystemFamily: LINUX
Memory: 512
Cpu: 256
# Creating ECS Service
MyService:
Type: AWS::ECS::Service
DependsOn: LoadBalancerListener
Properties:
Cluster: !Ref MyECSCluster
TaskDefinition: !Ref MyTaskDefinition
DesiredCount: 2
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- !Ref MyECSSecurityGroup
Subnets:
- !ImportValue PrivateSubnet1Id
- !ImportValue PrivateSubnet2Id
LoadBalancers:
- ContainerName: my-container
ContainerPort: 80
TargetGroupArn: !Ref TargetGroup
# Creating Security Group for Load Balancer
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: ALB-SG
GroupDescription: "Security Group for Load Balancer"
VpcId: !ImportValue VPCId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
# Creating ECS Security Group
MyECSSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: ECS-SG
GroupDescription: "security group for ECS"
VpcId: !ImportValue VPCId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
# Creating an Application LoadBalancer
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Name: ECS-LoadBalancer
Scheme: internet-facing
SecurityGroups:
- !Ref LoadBalancerSecurityGroup
Subnets:
- !ImportValue PublicSubnet1Id
- !ImportValue PublicSubnet2Id
Type: application
# Create a TargetGroup for HTTP port 80
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: ECS-TargetGroup
Port: 80
Protocol: HTTP
TargetType: ip
VpcId: !ImportValue VPCId
HealthCheckIntervalSeconds: 30
HealthCheckPath: /
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 10
HealthyThresholdCount: 2
UnhealthyThresholdCount: 5
Matcher:
HttpCode: 200
# Create a LoadBalancerListener and attach the TargetGroup and LoadBalancer
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref TargetGroup
Type: forward
LoadBalancerArn: !Ref LoadBalancer
Port: 80
Protocol: HTTP
Outputs:
ECSCluster:
Description: The created cluster.
Value: !Ref MyECSCluster
TaskDefinition:
Description: The created Taskdefinition.
Value: !Ref MyTaskDefinition
AlbDNSName:
Description: DNS name of the Application Load Balancer
Value: !Join [ "", [ "http://", !GetAtt LoadBalancer.DNSName ] ]