1- service : StepFuncFargate
1+ service : StepFunctionFargate
22
33frameworkVersion : " >=1.2.0 <2.0.0"
44
@@ -220,79 +220,13 @@ resources:
220220 Properties :
221221 GroupDescription : Access to the Fargate containers
222222 VpcId : !Ref 'VPC'
223- EcsSecurityGroupIngressFromPublicALB :
224- Type : AWS::EC2::SecurityGroupIngress
225- Properties :
226- Description : Ingress from the public ALB
227- GroupId : !Ref 'FargateContainerSecurityGroup'
228- IpProtocol : -1
229- SourceSecurityGroupId : !Ref 'PublicLoadBalancerSG'
230223 EcsSecurityGroupIngressFromSelf :
231224 Type : AWS::EC2::SecurityGroupIngress
232225 Properties :
233226 Description : Ingress from other containers in the same security group
234227 GroupId : !Ref 'FargateContainerSecurityGroup'
235228 IpProtocol : -1
236229 SourceSecurityGroupId : !Ref 'FargateContainerSecurityGroup'
237-
238- # Load balancers for getting traffic to containers.
239- # This sample template creates one load balancer:
240- #
241- # - One public load balancer, hosted in public subnets that is accessible
242- # to the public, and is intended to route traffic to one or more public
243- # facing services.
244-
245- # A public facing load balancer, this is used for accepting traffic from the public
246- # internet and directing it to public facing microservices
247- PublicLoadBalancerSG :
248- Type : AWS::EC2::SecurityGroup
249- Properties :
250- GroupDescription : Access to the public facing load balancer
251- VpcId : !Ref 'VPC'
252- SecurityGroupIngress :
253- # Allow access to ALB from anywhere on the internet
254- - CidrIp : 0.0.0.0/0
255- IpProtocol : -1
256- PublicLoadBalancer :
257- Type : AWS::ElasticLoadBalancingV2::LoadBalancer
258- Properties :
259- Scheme : internet-facing
260- LoadBalancerAttributes :
261- - Key : idle_timeout.timeout_seconds
262- Value : ' 30'
263- Subnets :
264- # The load balancer is placed into the public subnets, so that traffic
265- # from the internet can reach the load balancer directly via the internet gateway
266- - !Ref PublicSubnetOne
267- - !Ref PublicSubnetTwo
268- SecurityGroups : [!Ref 'PublicLoadBalancerSG']
269- # A dummy target group is used to setup the ALB to just drop traffic
270- # initially, before any real service target groups have been added.
271- DummyTargetGroupPublic :
272- Type : AWS::ElasticLoadBalancingV2::TargetGroup
273- Properties :
274- HealthCheckIntervalSeconds : 6
275- HealthCheckPath : /
276- HealthCheckProtocol : HTTP
277- HealthCheckTimeoutSeconds : 5
278- HealthyThresholdCount : 2
279- Name : !Join ['-', [!Ref 'AWS::StackName', 'drop-1']]
280- Port : 80
281- Protocol : HTTP
282- UnhealthyThresholdCount : 2
283- VpcId : !Ref 'VPC'
284- PublicLoadBalancerListener :
285- Type : AWS::ElasticLoadBalancingV2::Listener
286- DependsOn :
287- - PublicLoadBalancer
288- Properties :
289- DefaultActions :
290- - TargetGroupArn : !Ref 'DummyTargetGroupPublic'
291- Type : ' forward'
292- LoadBalancerArn : !Ref 'PublicLoadBalancer'
293- Port : 80
294- Protocol : HTTP
295-
296230 # This is an IAM role which authorizes ECS to manage resources on your
297231 # account on your behalf, such as updating your load balancer with the
298232 # details of where your containers are, so that traffic can reach your
@@ -322,14 +256,6 @@ resources:
322256 - ' ec2:DeleteNetworkInterfacePermission'
323257 - ' ec2:Describe*'
324258 - ' ec2:DetachNetworkInterface'
325-
326- # Rules which allow ECS to update load balancers on your behalf
327- # with the information sabout how to send traffic to your containers
328- - ' elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
329- - ' elasticloadbalancing:DeregisterTargets'
330- - ' elasticloadbalancing:Describe*'
331- - ' elasticloadbalancing:RegisterInstancesWithLoadBalancer'
332- - ' elasticloadbalancing:RegisterTargets'
333259 Resource : ' *'
334260
335261 # This is a role which is used by the ECS tasks themselves.
@@ -396,7 +322,6 @@ resources:
396322 # as monitor the number of running tasks and replace any that have crashed
397323 Service :
398324 Type : AWS::ECS::Service
399- DependsOn : LoadBalancerRule
400325 Properties :
401326 ServiceName : !Ref 'ServiceName'
402327 Cluster : !Ref 'ECSCluster'
@@ -414,43 +339,7 @@ resources:
414339 - !Ref PublicSubnetOne
415340 - !Ref PublicSubnetTwo
416341 TaskDefinition : !Ref 'FargateTaskDefinition'
417- LoadBalancers :
418- - ContainerName : !Ref 'ServiceName'
419- ContainerPort : !Ref 'ContainerPort'
420- TargetGroupArn : !Ref 'TargetGroup'
421342
422- # A target group. This is used for keeping track of all the tasks, and
423- # what IP addresses / port numbers they have. You can query it yourself,
424- # to use the addresses yourself, but most often this target group is just
425- # connected to an application load balancer, or network load balancer, so
426- # it can automatically distribute traffic across all the targets.
427- TargetGroup :
428- Type : AWS::ElasticLoadBalancingV2::TargetGroup
429- Properties :
430- HealthCheckIntervalSeconds : 6
431- HealthCheckPath : /
432- HealthCheckProtocol : HTTP
433- HealthCheckTimeoutSeconds : 5
434- HealthyThresholdCount : 2
435- TargetType : ip
436- Name : !Ref 'ServiceName'
437- Port : !Ref 'ContainerPort'
438- Protocol : HTTP
439- UnhealthyThresholdCount : 2
440- VpcId : !Ref 'VPC'
441-
442- # Create a rule on the load balancer for routing traffic to the target group
443- LoadBalancerRule :
444- Type : AWS::ElasticLoadBalancingV2::ListenerRule
445- Properties :
446- Actions :
447- - TargetGroupArn : !Ref 'TargetGroup'
448- Type : ' forward'
449- Conditions :
450- - Field : path-pattern
451- Values : [!Ref 'Path']
452- ListenerArn : !Ref PublicLoadBalancerListener
453- Priority : !Ref 'Priority'
454343 ECSPassRole :
455344 Type : AWS::IAM::Role
456345 Properties :
0 commit comments