Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
161 lines (160 sloc) 5.53 KB
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Kibana ECS task/service definition with ELB.",
"Parameters": {
"ECSCluster": {
"Type": "String",
"Description": "Name of an existing ECS Cluster to run the task and service on"
},
"SubnetId": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Description": "List of an existing subnet IDs to use for the load balancer and auto scaling group"
},
"ElasticSearchHost": {
"Type": "String",
"Description": "The Hostname of the elasticsearch endpoint including protocol and port. Example: 'https://foo.com:9200'"
},
"CertificateARN": {
"Type": "String",
"Description": "The ARN of the SSL Certificate to use for the load balancer"
},
"KibanaDockerImageUrl": {
"Type": "String",
"Description": "The URL for the kibana docker image. Example: 354500939573.dkr.ecr.us-east-1.amazonaws.com/kibana:latest"
}
},
"Resources": {
"taskdefinition": {
"Type": "AWS::ECS::TaskDefinition",
"Properties": {
"ContainerDefinitions": [{
"Memory": 1024,
"PortMappings": [{
"HostPort": 5601,
"ContainerPort": 5601,
"Protocol": "tcp"
}],
"Essential": true,
"Name": "kibana",
"Environment": [
{
"Name": "ELASTICSEARCH_URL",
"Value": {
"Ref": "ElasticSearchHost"
}
},
{
"Name": "SERVER_SSLCERT",
"Value": "/localhost.pem"
},
{
"Name": "SERVER_SSLKEY",
"Value": "/localhost-nopass.key"
}
],
"Image": { "Ref": "KibanaDockerImageUrl" },
"Cpu": 512
}],
"Volumes": []
}
},
"service": {
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "ECSCluster"
},
"DesiredCount": "1",
"LoadBalancers": [{
"ContainerName": "kibana",
"ContainerPort": "5601",
"LoadBalancerName": {
"Ref": "EcsElasticLoadBalancer"
}
}],
"Role": {
"Ref": "ECSServiceRole"
},
"TaskDefinition": {
"Ref": "taskdefinition"
}
}
},
"EcsElasticLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Scheme": "internal",
"Listeners": [{
"LoadBalancerPort": "443",
"InstancePort": "5601",
"InstanceProtocol": "HTTPS",
"Protocol": "HTTPS",
"SSLCertificateId": { "Ref": "CertificateARN" }
}],
"HealthCheck": {
"Target": "HTTPS:5601/status#",
"HealthyThreshold": "2",
"UnhealthyThreshold": "10",
"Interval": "6",
"Timeout": "5"
},
"Subnets": {
"Ref": "SubnetId"
}
}
},
"ECSServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [
"ecs.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "ecs-service",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"ec2:Describe*",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": "*"
}]
}
}]
}
}
},
"Outputs": {
"ecsservice": {
"Value": {
"Ref": "service"
}
},
"taskdef": {
"Value": {
"Ref": "taskdefinition"
}
},
"KibanaLoadBalancerDNSName": {
"Description": "The DNSName of the logstash load balancer",
"Value": {
"Fn::GetAtt": ["EcsElasticLoadBalancer", "DNSName"]
}
}
}
}