-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtemplate.yaml
150 lines (130 loc) · 3.72 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
AWSTemplateFormatVersion: "2010-09-09"
Description: Logstash Deployment on Fargate
Parameters:
Vpc:
Type: AWS::EC2::VPC::Id
PrivateSubnets:
Type: List<AWS::EC2::Subnet::Id>
Cluster:
Type: String
Image:
Type: String
HealthCheckImage:
Type: String
TaskRole:
Type: String
ElasticHost:
Type: String
ElasticRegion:
Type: String
PrivateServiceDiscoveryNamespace:
Type: String
Resources:
LogstashService:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref Cluster
LaunchType: FARGATE
DesiredCount: 1
TaskDefinition: !Ref LogstashTaskDefinition
ServiceRegistries:
- RegistryArn: !GetAtt [ServiceDiscovery, Arn]
NetworkConfiguration:
AwsvpcConfiguration:
SecurityGroups:
- !Ref LogstashSecurityGroup
Subnets: !Ref PrivateSubnets
ServiceDiscovery:
Type: AWS::ServiceDiscovery::Service
Properties:
Name: logstash
DnsConfig:
DnsRecords:
- Type: A
TTL: 60
NamespaceId: !Ref PrivateServiceDiscoveryNamespace
HealthCheckCustomConfig:
FailureThreshold: 1
LogstashTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Essential: true
Image: !Ref Image
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref LogstashLog
awslogs-region: !Ref 'AWS::Region'
awslogs-stream-prefix: task
Name: logstash
PortMappings:
- ContainerPort: 9601
- ContainerPort: 9602
Privileged: 'false'
Environment:
- Name: ELASTICSEARCH_HOST
Value: !Ref ElasticHost
- Name: ELASTICSEARCH_REGION
Value: !Ref ElasticRegion
- Name: LOGSTASH_FALLBACK_QUEUE
Value: !GetAtt LogstashFallbackQueue.QueueName
- Name: LOGSTASH_FALLBACK_QUEUE_REGION
Value: !Ref "AWS::Region"
- Essential: true
Image: !Ref HealthCheckImage
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref LogstashLog
awslogs-region: !Ref 'AWS::Region'
awslogs-stream-prefix: task
Name: healthcheck
Privileged: 'false'
Cpu: 512
Memory: 2048
Family: logstash
NetworkMode: awsvpc
ExecutionRoleArn: !Ref TaskRole
TaskRoleArn: !Ref TaskRole
RequiresCompatibilities: [FARGATE]
LogstashLog:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogstashSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: LogstashSecurityGroup
GroupDescription: 'Security Group for Logstash'
VpcId: !Ref Vpc
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 10.0.0.0/8
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
LogstashFallbackQueue:
Type: AWS::SQS::Queue
Properties:
VisibilityTimeout: 1800
MessageRetentionPeriod: 604800
ReceiveMessageWaitTimeSeconds: 20
RedrivePolicy:
deadLetterTargetArn: !GetAtt [LogstashFallbackDeadLetterQueue, Arn]
maxReceiveCount: 5
LogstashFallbackDeadLetterQueue:
Type: AWS::SQS::Queue
Properties:
MessageRetentionPeriod: 1209600
Outputs:
LogstashFallbackQueue:
Description: AWS SQS for when Logstash is down.
Value: !Ref LogstashFallbackQueue
Export:
Name: LogstashFallbackQueue
LogstashFallbackQueueArn:
Description: AWS SQS ARN for when Logstash is down.
Value: !GetAtt LogstashFallbackQueue.Arn
Export:
Name: LogstashFallbackQueueArn