Skip to content
This repository has been archived by the owner on Jan 4, 2024. It is now read-only.

Commit

Permalink
Updated AMIs and Auto-formatted YAML files
Browse files Browse the repository at this point in the history
  • Loading branch information
@PaulMaddox
PaulMaddox committed Nov 13, 2018
1 parent 06dbee0 commit 10f18ef
Show file tree
Hide file tree
Showing 8 changed files with 1,115 additions and 1,129 deletions.
660 changes: 328 additions & 332 deletions infrastructure/ecs-cluster.yaml
View file

Large diffs are not rendered by default.

74 changes: 37 additions & 37 deletions infrastructure/lifecyclehook.yaml
View file
@@ -1,5 +1,5 @@
Description: >
This template deploys a Lambda Function and Auto Scaling Lifecycle Hook to drain Tasks from your Container Instances when an Instance is selected for Termination in your Auto Scaling Group.
This template deploys a Lambda Function and Auto Scaling Lifecycle Hook to drain Tasks from your Container Instances when an Instance is selected for Termination in your Auto Scaling Group.
Parameters:
Cluster:
Type: String
Expand All @@ -9,28 +9,28 @@ Parameters:
Description: Name of Auto Scaling Group
Resources:
NotificationTopic:
Type: 'AWS::SNS::Topic'
Type: "AWS::SNS::Topic"
Properties:
Subscription:
- Endpoint: !GetAtt
- Endpoint: !GetAtt
- LifecycleHandlerFunction
- Arn
Protocol: lambda
DependsOn: LifecycleHandlerFunction
InstanceTerminatingHook:
Type: 'AWS::AutoScaling::LifecycleHook'
Type: "AWS::AutoScaling::LifecycleHook"
Properties:
AutoScalingGroupName: !Ref ECSAutoScalingGroupName
DefaultResult: ABANDON
HeartbeatTimeout: '900'
LifecycleTransition: 'autoscaling:EC2_INSTANCE_TERMINATING'
HeartbeatTimeout: "900"
LifecycleTransition: "autoscaling:EC2_INSTANCE_TERMINATING"
NotificationTargetARN: !Ref NotificationTopic
RoleARN: !GetAtt
RoleARN: !GetAtt
- AutoscalingNotificationRole
- Arn
DependsOn: NotificationTopic
AutoscalingNotificationRole:
Type: 'AWS::IAM::Role'
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Expand All @@ -40,11 +40,11 @@ Resources:
Service:
- autoscaling.amazonaws.com
Action:
- 'sts:AssumeRole'
- "sts:AssumeRole"
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole'
- "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole"
LambdaExecutionRole:
Type: 'AWS::IAM::Role'
Type: "AWS::IAM::Role"
Properties:
Policies:
- PolicyName: lambda-inline
Expand All @@ -53,24 +53,24 @@ Resources:
Statement:
- Effect: Allow
Action:
- 'autoscaling:CompleteLifecycleAction'
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
- 'ec2:DescribeInstances'
- 'ec2:DescribeInstanceAttribute'
- 'ec2:DescribeInstanceStatus'
- 'ec2:DescribeHosts'
- 'ecs:ListContainerInstances'
- 'ecs:SubmitContainerStateChange'
- 'ecs:SubmitTaskStateChange'
- 'ecs:DescribeContainerInstances'
- 'ecs:UpdateContainerInstancesState'
- 'ecs:ListTasks'
- 'ecs:DescribeTasks'
- 'sns:Publish'
- 'sns:ListSubscriptions'
Resource: '*'
- "autoscaling:CompleteLifecycleAction"
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
- "ec2:DescribeInstances"
- "ec2:DescribeInstanceAttribute"
- "ec2:DescribeInstanceStatus"
- "ec2:DescribeHosts"
- "ecs:ListContainerInstances"
- "ecs:SubmitContainerStateChange"
- "ecs:SubmitTaskStateChange"
- "ecs:DescribeContainerInstances"
- "ecs:UpdateContainerInstancesState"
- "ecs:ListTasks"
- "ecs:DescribeTasks"
- "sns:Publish"
- "sns:ListSubscriptions"
Resource: "*"
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
Expand All @@ -79,25 +79,25 @@ Resources:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
- "sts:AssumeRole"
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole'
- "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole"
LambdaInvokePermission:
Type: 'AWS::Lambda::Permission'
Type: "AWS::Lambda::Permission"
Properties:
FunctionName: !Ref LifecycleHandlerFunction
Action: 'lambda:InvokeFunction'
Action: "lambda:InvokeFunction"
Principal: sns.amazonaws.com
SourceArn: !Ref NotificationTopic
LifecycleHandlerFunction:
Type: 'AWS::Lambda::Function'
Type: "AWS::Lambda::Function"
Properties:
Environment:
Variables:
CLUSTER: !Ref Cluster
Code:
ZipFile: !Join
- ''
ZipFile: !Join
- ""
- - |
import boto3,json,os,time
ec2Client = boto3.client('ec2')
Expand Down Expand Up @@ -138,7 +138,7 @@ Resources:
time.sleep(5)
publishSNSMessage(snsMessage,snsTopicArn)
Handler: index.lambda_handler
Role: !GetAtt
Role: !GetAtt
- LambdaExecutionRole
- Arn
Runtime: python3.6
Expand Down
111 changes: 53 additions & 58 deletions infrastructure/load-balancers.yaml
View file
@@ -1,71 +1,66 @@
Description: >
This template deploys an Application Load Balancer that exposes our various ECS services.
We create them in a seperate nested template, so it can be referenced by all of the other nested templates.
This template deploys an Application Load Balancer that exposes our various ECS services.
We create them in a seperate nested template, so it can be referenced by all of the other nested templates.
Parameters:
EnvironmentName:
Description: An environment name that will be prefixed to resource names
Type: String

EnvironmentName:
Description: An environment name that will be prefixed to resource names
Type: String
VPC:
Type: AWS::EC2::VPC::Id
Description: Choose which VPC the Application Load Balancer should be deployed to

VPC:
Type: AWS::EC2::VPC::Id
Description: Choose which VPC the Application Load Balancer should be deployed to
Subnets:
Description: Choose which subnets the Application Load Balancer should be deployed to
Type: List<AWS::EC2::Subnet::Id>

Subnets:
Description: Choose which subnets the Application Load Balancer should be deployed to
Type: List<AWS::EC2::Subnet::Id>

SecurityGroup:
Description: Select the Security Group to apply to the Application Load Balancer
Type: AWS::EC2::SecurityGroup::Id
SecurityGroup:
Description: Select the Security Group to apply to the Application Load Balancer
Type: AWS::EC2::SecurityGroup::Id

Resources:
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Ref EnvironmentName
Subnets: !Ref Subnets
SecurityGroups:
- !Ref SecurityGroup
Tags:
- Key: Name
Value: !Ref EnvironmentName

LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Ref EnvironmentName
Subnets: !Ref Subnets
SecurityGroups:
- !Ref SecurityGroup
Tags:
- Key: Name
Value: !Ref EnvironmentName

LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref LoadBalancer
Port: 80
Protocol: HTTP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref DefaultTargetGroup

# We define a default target group here, as this is a mandatory Parameters
# when creating an Application Load Balancer Listener. This is not used, instead
# a target group is created per-service in each service template (../services/*)
DefaultTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Sub ${EnvironmentName}-default
VpcId: !Ref VPC
Port: 80
Protocol: HTTP

Outputs:
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref LoadBalancer
Port: 80
Protocol: HTTP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref DefaultTargetGroup

LoadBalancer:
Description: A reference to the Application Load Balancer
Value: !Ref LoadBalancer
# We define a default target group here, as this is a mandatory Parameters
# when creating an Application Load Balancer Listener. This is not used, instead
# a target group is created per-service in each service template (../services/*)
DefaultTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Sub ${EnvironmentName}-default
VpcId: !Ref VPC
Port: 80
Protocol: HTTP

LoadBalancerUrl:
Description: The URL of the ALB
Value: !GetAtt LoadBalancer.DNSName
Outputs:
LoadBalancer:
Description: A reference to the Application Load Balancer
Value: !Ref LoadBalancer

Listener:
Description: A reference to a port 80 listener
Value: !Ref LoadBalancerListener
LoadBalancerUrl:
Description: The URL of the ALB
Value: !GetAtt LoadBalancer.DNSName


Listener:
Description: A reference to a port 80 listener
Value: !Ref LoadBalancerListener
98 changes: 47 additions & 51 deletions infrastructure/security-groups.yaml
View file
@@ -1,59 +1,55 @@
Description: >
This template contains the security groups required by our entire stack.
We create them in a seperate nested template, so they can be referenced
by all of the other nested templates.
This template contains the security groups required by our entire stack.
We create them in a seperate nested template, so they can be referenced
by all of the other nested templates.
Parameters:

EnvironmentName:
Description: An environment name that will be prefixed to resource names
Type: String

VPC:
Type: AWS::EC2::VPC::Id
Description: Choose which VPC the security groups should be deployed to
EnvironmentName:
Description: An environment name that will be prefixed to resource names
Type: String

Resources:

# This security group defines who/where is allowed to access the ECS hosts directly.
# By default we're just allowing access from the load balancer. If you want to SSH
# into the hosts, or expose non-load balanced services you can open their ports here.
ECSHostSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: Access to the ECS hosts and the tasks/containers that run on them
SecurityGroupIngress:
# Only allow inbound access to ECS from the ELB
- SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
IpProtocol: -1
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-ECS-Hosts
VPC:
Type: AWS::EC2::VPC::Id
Description: Choose which VPC the security groups should be deployed to

# This security group defines who/where is allowed to access the Application Load Balancer.
# By default, we've opened this up to the public internet (0.0.0.0/0) but can you restrict
# it further if you want.
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: Access to the load balancer that sits in front of ECS
SecurityGroupIngress:
# Allow access from anywhere to our ECS services
- CidrIp: 0.0.0.0/0
IpProtocol: -1
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-LoadBalancers
Resources:
# This security group defines who/where is allowed to access the ECS hosts directly.
# By default we're just allowing access from the load balancer. If you want to SSH
# into the hosts, or expose non-load balanced services you can open their ports here.
ECSHostSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: Access to the ECS hosts and the tasks/containers that run on them
SecurityGroupIngress:
# Only allow inbound access to ECS from the ELB
- SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
IpProtocol: -1
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-ECS-Hosts

# This security group defines who/where is allowed to access the Application Load Balancer.
# By default, we've opened this up to the public internet (0.0.0.0/0) but can you restrict
# it further if you want.
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: Access to the load balancer that sits in front of ECS
SecurityGroupIngress:
# Allow access from anywhere to our ECS services
- CidrIp: 0.0.0.0/0
IpProtocol: -1
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-LoadBalancers

Outputs:
ECSHostSecurityGroup:
Description: A reference to the security group for ECS hosts
Value: !Ref ECSHostSecurityGroup

ECSHostSecurityGroup:
Description: A reference to the security group for ECS hosts
Value: !Ref ECSHostSecurityGroup

LoadBalancerSecurityGroup:
Description: A reference to the security group for load balancers
Value: !Ref LoadBalancerSecurityGroup

LoadBalancerSecurityGroup:
Description: A reference to the security group for load balancers
Value: !Ref LoadBalancerSecurityGroup

0 comments on commit 10f18ef

Please sign in to comment.