diff --git a/provider/indexer-aws/CloudFormation/Automated/ecs-indexer-queue.yml b/provider/indexer-aws/CloudFormation/Automated/ecs-indexer-queue.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9dcd1638d782a4d2ba52e7572ff769dc591df0e7
--- /dev/null
+++ b/provider/indexer-aws/CloudFormation/Automated/ecs-indexer-queue.yml
@@ -0,0 +1,579 @@
+# Copyright © Amazon Web Services
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+AWSTemplateFormatVersion: 2010-09-09
+Description: >-
+ CloudFormation template for creating the resources used for the ECS cluster the application will
+ be deployed into. Will create the CodeDeploy application, the ECR repository, and the ECS cluster.
+
+Parameters:
+ Environment:
+ Description: An environment name that will be prefixed to resource names.
+ Type: String
+ AllowedValues:
+ - dev
+ - uat
+ - prod
+ ConstraintDescription: Can only be "dev/uat/prod"
+ Default: dev
+
+ Region:
+ Description: The AWS region to deploy the resources to.
+ Type: String
+ Default: us-east-1
+
+ ApplicationName:
+ Description: >
+ The name of the application, which will be used to generate the ECS cluster name.
+ It will be prefixed with the environment name.
+ Type: String
+ MinLength: '1'
+ MaxLength: '64'
+ AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
+ ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
+ Default: os-indexer
+
+ KeyName:
+ Description: >
+ Name of an existing EC2 KeyPair to enable SSH access to the ECS instances. Note that key pairs cannot
+ be created through CloudFormation, but instead must be uploaded through the AWS Console.
+ Type: AWS::EC2::KeyPair::KeyName
+ Default: ecs_indexer_key
+
+ DesiredCapacity:
+ Description: The default number of instances to launch in the ECS cluster.
+ Type: Number
+ Default: '0'
+
+ MinSize:
+ Description: Maximum number of instances that can be launched in the ECS cluster.
+ Type: Number
+ Default: '0'
+
+ MaxSize:
+ Description: Maximum number of instances that can be launched in the ECS cluster.
+ Type: Number
+ Default: '1'
+
+ InstanceType:
+ Description: EC2 instance type
+ Type: String
+ Default: t3.micro
+ AllowedValues:
+ - m5.large
+ - m5.xlarge
+ - m5.2xlarge
+ - m5.4xlarge
+ - m5.12xlarge
+ - m5.16xlarge
+ - m5.24xlarge
+ - m4.large
+ - m4.xlarge
+ - m4.2xlarge
+ - m4.4xlarge
+ - m4.10xlarge
+ - m4.16xlarge
+ - t3.nano
+ - t3.micro
+ - t3.small
+ - t3.medium
+ - t3.large
+ - t3.xlarge
+ - t3.2xlarge
+ - c5.large
+ - c5.xlarge
+ - c5.2xlarge
+ - c5.4xlarge
+ - c5.12xlarge
+ - c5.16xlarge
+ - c5.24xlarge
+ - r5.large
+ - r5.xlarge
+ - r5.2xlarge
+ - r5.4xlarge
+ - r5.12xlarge
+ - r5.24xlarge
+ - r4.large
+ - r4.xlarge
+ - r4.2xlarge
+ - r4.4xlarge
+ - r4.8xlarge
+ - r4.16xlarge
+ - i3.large
+ - i3.xlarge
+ - i3.2xlarge
+ - i3.4xlarge
+ - i3.10xlarge
+ - i3.16xlarge
+ - x1e.xlarge
+ - x1e.2xlarge
+ - x1e.4xlarge
+ - x1e.8xlarge
+ - x1e.16xlarge
+ - x1e.32xlarge
+ ConstraintDescription: Please choose a valid EC2 instance type for the ECS container instances.
+
+Mappings:
+ # This mapping is for the ECS-optimized edition of the November 13-14, 2019 release of the Amazon Linux 2 AMI
+ # It will need to be periodically updated as new versions are released by Amazon.
+ # The latest ECS-optimized AMI IDs can be found here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html
+ # The mapping is used to input the correct AMI ID based on the region the instance is being spun up in.
+ AWSRegionToAMI:
+ us-east-1:
+ AMIID: ami-097e3d1cdb541f43e
+ us-east-2:
+ AMIID: ami-0fbd313043845c4f2
+ us-west-1:
+ AMIID: ami-03d7632ea0ab75eaa
+ us-west-2:
+ AMIID: ami-0fb71e703258ab7eb
+ eu-north-1:
+ AMIID: ami-0f8edbbca6bac13a6
+ eu-west-1:
+ AMIID: ami-0bf45a5f4ab05b949
+ eu-west-2:
+ AMIID: ami-0393b5f363fbd613a
+ eu-west-3:
+ AMIID: ami-03490ca40775a62f0
+ eu-central-1:
+ AMIID: ami-074dc9dd588b6ea52
+ ap-northeast-1:
+ AMIID: ami-0934e28fe3e390537
+ ap-northeast-2:
+ AMIID: ami-0fa5d85859452a178
+ ap-south-1:
+ AMIID: ami-0312d67ff59a3db34
+ ap-southeast-1:
+ AMIID: ami-01f07b3fa86406c96
+ ap-southeast-2:
+ AMIID: ami-07610e278b1ddf331
+ ca-central-1:
+ AMIID: ami-0057d82f917a17334
+ sa-east-1:
+ AMIID: ami-0c947c117562538ee
+
+Resources:
+ CodeDeployApplication:
+ Type: AWS::CodeDeploy::Application
+ Properties:
+ ApplicationName: !Sub ${Environment}-${ApplicationName}-code-deploy
+ ComputePlatform: ECS
+
+ ECRRepository:
+ Type: AWS::ECR::Repository
+ Properties:
+ RepositoryName: !Sub ${Environment}-${ApplicationName}-repository
+ RepositoryPolicyText:
+ Version: "2012-10-17"
+ Statement:
+ - Sid: AllowPushPull
+ Effect: Allow
+ Principal:
+ AWS:
+ - !Sub arn:aws:iam::${AWS::AccountId}:root
+ - Fn::ImportValue:
+ !Sub "${Environment}-${ApplicationName}-CodeBuildRoleArn"
+ - Fn::ImportValue:
+ !Sub "${Environment}-${ApplicationName}-CFNRoleArn"
+ - Fn::ImportValue:
+ !Sub "${Environment}-${ApplicationName}-PipelineRoleArn"
+ Service:
+ - codebuild.amazonaws.com
+ Action:
+ - "ecr:GetDownloadUrlForLayer"
+ - "ecr:BatchGetImage"
+ - "ecr:BatchCheckLayerAvailability"
+ - "ecr:PutImage"
+ - "ecr:InitiateLayerUpload"
+ - "ecr:UploadLayerPart"
+ - "ecr:CompleteLayerUpload"
+
+ ApplicationECSCluster:
+ Type: AWS::ECS::Cluster
+ Properties:
+ ClusterName: !Sub ${Environment}-${ApplicationName}-cluster
+ Tags:
+ - Key: Environment
+ Value: !Ref Environment
+
+ ECSSecurityGroup:
+ Type: AWS::EC2::SecurityGroup
+ Properties:
+ GroupDescription: Indexer Service ECS Security Group
+ VpcId:
+ Fn::ImportValue:
+ !Sub "${Environment}-OSDU-VPC"
+
+ # Public access to port 80
+ ECSSecurityGroupHTTPInbound:
+ Type: AWS::EC2::SecurityGroupIngress
+ Properties:
+ GroupId: !Ref 'ECSSecurityGroup'
+ IpProtocol: tcp
+ FromPort: '80'
+ ToPort: '80'
+ CidrIp: 0.0.0.0/0
+
+ # Public access to port 443
+ ECSSecurityGroupHTTPSInbound:
+ Type: AWS::EC2::SecurityGroupIngress
+ Properties:
+ GroupId: !Ref 'ECSSecurityGroup'
+ IpProtocol: tcp
+ FromPort: '443'
+ ToPort: '443'
+ CidrIp: 0.0.0.0/0
+
+ # Public access to port 8080
+ ECSSecurityGroupHTTPAltInbound:
+ Type: AWS::EC2::SecurityGroupIngress
+ Properties:
+ GroupId: !Ref 'ECSSecurityGroup'
+ IpProtocol: tcp
+ FromPort: '8080'
+ ToPort: '8080'
+ CidrIp: 0.0.0.0/0
+
+ # Public access to port 8443
+ ECSSecurityGroupHTTPSAltInbound:
+ Type: AWS::EC2::SecurityGroupIngress
+ Properties:
+ GroupId: !Ref 'ECSSecurityGroup'
+ IpProtocol: tcp
+ FromPort: '8443'
+ ToPort: '8443'
+ CidrIp: 0.0.0.0/0
+
+ # SSH access for instances in our VPC's jump box subnet group (coming soon – will be part of the Util CFN)
+ # TODO: Make security group in Util and enable it
+ # ECSSecurityGroupSSHInbound:
+ # Type: AWS::EC2::SecurityGroupIngress
+ # Properties:
+ # GroupId: !Ref 'ECSSecurityGroup'
+ # IpProtocol: tcp
+ # FromPort: '443'
+ # ToPort: '443'
+ # SourceSecurityGroupId:
+ # Fn::ImportValue:
+ # !Sub "${Environment}-OSDU-JumpBoxSecurityGroup"
+
+ # Open Application Load Balancer port range to itself
+ ECSSecurityGroupALBports:
+ Type: AWS::EC2::SecurityGroupIngress
+ Properties:
+ GroupId: !Ref 'ECSSecurityGroup'
+ IpProtocol: tcp
+ FromPort: '31000'
+ ToPort: '61000'
+ SourceSecurityGroupId: !Ref 'ECSSecurityGroup'
+
+ CloudWatchLogsGroup:
+ Type: AWS::Logs::LogGroup
+ Properties:
+ LogGroupName: !Join ['-', [ECSLogGroup, !Ref 'ApplicationName']]
+ RetentionInDays: 365
+
+ TaskDefinition:
+ Type: AWS::ECS::TaskDefinition
+ Properties:
+ Family: !Join ['', [!Ref 'AWS::StackName', -, !Ref 'ApplicationName']]
+ ContainerDefinitions:
+ - Name: !Ref 'ApplicationName'
+ Cpu: '10'
+ Essential: 'true'
+ Image: !Sub ${AWS::AccountId}.dkr.ecr.region.amazonaws.com/${Environment}-${ApplicationName}-repository:latest
+ Memory: '300'
+ LogConfiguration:
+ LogDriver: awslogs
+ Options:
+ awslogs-group: !Ref 'CloudWatchLogsGroup'
+ awslogs-region: !Ref 'AWS::Region'
+ awslogs-stream-prefix: !Ref 'ApplicationName'
+ MountPoints:
+ - ContainerPath: /root/.m2
+ SourceVolume: docker-volume
+ PortMappings:
+ - ContainerPort: 80
+ # - Name: busybox
+ # Cpu: 10
+ # Command: ['/bin/sh -c "while true; do echo ''<html> <head> <title>Amazon ECS
+ # Sample App</title> <style>body {margin-top: 40px; background-color: #333;}
+ # </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon
+ # ECS Sample App</h1> <h2>Congratulations!</h2> <p>The application is now
+ # running on a container in Amazon ECS.</p>'' > top; /bin/date > date ;
+ # echo ''</div></body></html>'' > bottom; cat top date bottom > /usr/local/apache2/htdocs/index.html
+ # ; sleep 1; done"']
+ # EntryPoint: [sh, -c]
+ # Essential: false
+ # Image: busybox
+ # Memory: 200
+ # LogConfiguration:
+ # LogDriver: awslogs
+ # Options:
+ # awslogs-group: !Ref 'CloudWatchLogsGroup'
+ # awslogs-region: !Ref 'AWS::Region'
+ # awslogs-stream-prefix: !Ref 'ApplicationName'
+ # VolumesFrom:
+ # - SourceContainer: !Ref 'ApplicationName'
+ Volumes:
+ - Name: docker-volume
+
+ ECSALB:
+ Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+ Properties:
+ Name: !Sub ECSALB-${ApplicationName}
+ Scheme: internet-facing
+ LoadBalancerAttributes:
+ - Key: idle_timeout.timeout_seconds
+ Value: '30'
+ Subnets:
+ - Fn::ImportValue:
+ !Sub "${Environment}-OSDU-PublicSubnet-AZ1"
+ - Fn::ImportValue:
+ !Sub "${Environment}-OSDU-PublicSubnet-AZ2"
+ SecurityGroups: [!Ref 'ECSSecurityGroup']
+
+ ALBListener:
+ Type: AWS::ElasticLoadBalancingV2::Listener
+ DependsOn: ECSServiceRole
+ Properties:
+ DefaultActions:
+ - Type: forward
+ TargetGroupArn: !Ref 'ECSTG'
+ LoadBalancerArn: !Ref 'ECSALB'
+ Port: '80'
+ Protocol: HTTP
+
+ ECSALBListenerRule:
+ Type: AWS::ElasticLoadBalancingV2::ListenerRule
+ DependsOn: ALBListener
+ Properties:
+ Actions:
+ - Type: forward
+ TargetGroupArn: !Ref 'ECSTG'
+ Conditions:
+ - Field: path-pattern
+ Values: [/]
+ ListenerArn: !Ref 'ALBListener'
+ Priority: 1
+
+ ECSTG:
+ Type: AWS::ElasticLoadBalancingV2::TargetGroup
+ DependsOn: ECSALB
+ Properties:
+ HealthCheckIntervalSeconds: 10
+ HealthCheckPath: /
+ HealthCheckProtocol: HTTP
+ HealthCheckTimeoutSeconds: 5
+ HealthyThresholdCount: 2
+ Name: ECSTG
+ Port: 80
+ Protocol: HTTP
+ UnhealthyThresholdCount: 2
+ VpcId:
+ Fn::ImportValue:
+ !Sub "${Environment}-OSDU-VPC"
+
+ ECSAutoScalingGroup:
+ Type: AWS::AutoScaling::AutoScalingGroup
+ Properties:
+ VPCZoneIdentifier:
+ - Fn::ImportValue:
+ !Sub "${Environment}-OSDU-PublicSubnet-AZ1"
+ - Fn::ImportValue:
+ !Sub "${Environment}-OSDU-PublicSubnet-AZ2"
+ LaunchConfigurationName: !Ref 'ContainerInstances'
+ MinSize: !Ref 'MinSize'
+ MaxSize: !Ref 'MaxSize'
+ DesiredCapacity: !Ref 'DesiredCapacity'
+ CreationPolicy:
+ ResourceSignal:
+ Timeout: PT15M
+ UpdatePolicy:
+ AutoScalingReplacingUpdate:
+ WillReplace: 'true'
+
+ ContainerInstances:
+ Type: AWS::AutoScaling::LaunchConfiguration
+ Properties:
+ ImageId: !FindInMap [AWSRegionToAMI, !Ref 'AWS::Region', AMIID]
+ SecurityGroups: [!Ref 'ECSSecurityGroup']
+ InstanceType: !Ref 'InstanceType'
+ IamInstanceProfile: !Ref 'EC2InstanceProfile'
+ KeyName: !Ref 'KeyName'
+ UserData:
+ Fn::Base64: !Sub |
+ #!/bin/bash -xe
+ echo ECS_CLUSTER=${ApplicationECSCluster} >> /etc/ecs/ecs.config
+ yum install -y aws-cfn-bootstrap
+ /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource ECSAutoScalingGroup --region ${AWS::Region}
+
+ Service:
+ Type: AWS::ECS::Service
+ DependsOn: ALBListener
+ Properties:
+ Cluster: !Ref 'ApplicationECSCluster'
+ DesiredCount: '1'
+ LoadBalancers:
+ - ContainerName: !Ref 'ApplicationName'
+ ContainerPort: '80'
+ TargetGroupArn: !Ref 'ECSTG'
+ Role: !Ref 'ECSServiceRole'
+ TaskDefinition: !Ref 'TaskDefinition'
+
+ ECSServiceRole:
+ Type: AWS::IAM::Role
+ Properties:
+ AssumeRolePolicyDocument:
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: [ecs.amazonaws.com]
+ Action: ['sts:AssumeRole']
+ Path: /
+ Policies:
+ - PolicyName: !Sub ${Environment}-${ApplicationName}-ecs-service
+ PolicyDocument:
+ Statement:
+ - Effect: Allow
+ Action: ['elasticloadbalancing:DeregisterInstancesFromLoadBalancer', 'elasticloadbalancing:DeregisterTargets',
+ 'elasticloadbalancing:Describe*', 'elasticloadbalancing:RegisterInstancesWithLoadBalancer',
+ 'elasticloadbalancing:RegisterTargets', 'ec2:Describe*', 'ec2:AuthorizeSecurityGroupIngress']
+ Resource: '*'
+
+ ServiceScalingTarget:
+ Type: AWS::ApplicationAutoScaling::ScalableTarget
+ DependsOn: Service
+ Properties:
+ MaxCapacity: 2
+ MinCapacity: 1
+ ResourceId: !Join ['', [service/, !Ref 'ApplicationECSCluster', /, !GetAtt [Service, Name]]]
+ RoleARN: !GetAtt [AutoscalingRole, Arn]
+ ScalableDimension: ecs:service:DesiredCount
+ ServiceNamespace: ecs
+
+ ServiceScalingPolicy:
+ Type: AWS::ApplicationAutoScaling::ScalingPolicy
+ Properties:
+ PolicyName: AStepPolicy
+ PolicyType: StepScaling
+ ScalingTargetId: !Ref 'ServiceScalingTarget'
+ StepScalingPolicyConfiguration:
+ AdjustmentType: PercentChangeInCapacity
+ Cooldown: 60
+ MetricAggregationType: Average
+ StepAdjustments:
+ - MetricIntervalLowerBound: 0
+ ScalingAdjustment: 200
+
+ ALB500sAlarmScaleUp:
+ Type: AWS::CloudWatch::Alarm
+ Properties:
+ EvaluationPeriods: '1'
+ Statistic: Average
+ Threshold: '10'
+ AlarmDescription: Alarm triggering ECS to scale up if our ALB generates too many HTTP 500 errors.
+ Period: '60'
+ AlarmActions: [!Ref 'ServiceScalingPolicy']
+ Namespace: AWS/ApplicationELB
+ Dimensions:
+ - Name: LoadBalancer
+ Value: !GetAtt
+ - ECSALB
+ - LoadBalancerFullName
+ ComparisonOperator: GreaterThanThreshold
+ MetricName: HTTPCode_ELB_5XX_Count
+
+ EC2Role:
+ Type: AWS::IAM::Role
+ Properties:
+ AssumeRolePolicyDocument:
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: [ec2.amazonaws.com]
+ Action: ['sts:AssumeRole']
+ Path: /
+ Policies:
+ - PolicyName: !Sub ${Environment}-${ApplicationName}-ecs-service
+ PolicyDocument:
+ Statement:
+ - Effect: Allow
+ Action: ['ecs:CreateCluster', 'ecs:DeregisterContainerInstance', 'ecs:DiscoverPollEndpoint',
+ 'ecs:Poll', 'ecs:RegisterContainerInstance', 'ecs:StartTelemetrySession',
+ 'ecs:Submit*', 'logs:CreateLogStream', 'logs:PutLogEvents']
+ Resource: '*'
+
+ AutoscalingRole:
+ Type: AWS::IAM::Role
+ Properties:
+ AssumeRolePolicyDocument:
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: [application-autoscaling.amazonaws.com]
+ Action: ['sts:AssumeRole']
+ Path: /
+ Policies:
+ - PolicyName: !Sub ${Environment}-${ApplicationName}-service-autoscaling
+ PolicyDocument:
+ Statement:
+ - Effect: Allow
+ Action: ['application-autoscaling:*', 'cloudwatch:DescribeAlarms', 'cloudwatch:PutMetricAlarm',
+ 'ecs:DescribeServices', 'ecs:UpdateService']
+ Resource: '*'
+
+ EC2InstanceProfile:
+ Type: AWS::IAM::InstanceProfile
+ Properties:
+ Path: /
+ Roles: [!Ref 'EC2Role']
+
+ SchedulingRule:
+ Type: AWS::Events::Rule
+ Properties:
+ ScheduleExpression: rate(5 minutes)
+ State: ENABLED
+
+
+Outputs:
+ ApplicationECSClusterArn:
+ Description: The ARN of the application's ECS cluster.
+ Value: !GetAtt ApplicationECSCluster.Arn
+ Export:
+ Name: !Sub ${Environment}-${ApplicationName}-EcsClusterArn
+
+ ApplicationECSClusterName:
+ Description: The logical name of the application's ECS cluster.
+ Value: !Ref ApplicationECSCluster
+ Export:
+ Name: !Sub ${Environment}-${ApplicationName}-EcsClusterName
+
+ ECSServiceArn:
+ Description: The ARN of the Indexer Service service in the ECS cluster.
+ Value: !Ref 'Service'
+ Export:
+ Name: !Sub ${Environment}-${ApplicationName}-EcsServiceArn
+
+ ECSALBUrl:
+ Description: The Indexer Service ALB DNS URL.
+ Value: !Join ['', [!GetAtt [ECSALB, DNSName]]]
+ Export:
+ Name: !Sub ${Environment}-${ApplicationName}-EcsAlbUrl
+
+ TaskDefinitionArn:
+ Description: The ARN of the Indexer Service ECS task definition.
+ Value: !Ref 'TaskDefinition'
+ Export:
+ Name: !Sub ${Environment}-${ApplicationName}-EcsTaskDefinitionArn
diff --git a/provider/indexer-aws/CloudFormation/Automated/ecs.yml b/provider/indexer-aws/CloudFormation/Automated/ecs.yml
index fc07108db1453591327093cda0a1a14552a90682..077839d0b80edc446dfe72068a22859cdbef07e3 100644
--- a/provider/indexer-aws/CloudFormation/Automated/ecs.yml
+++ b/provider/indexer-aws/CloudFormation/Automated/ecs.yml
@@ -1,17 +1,3 @@
-# Copyright © Amazon Web Services
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
AWSTemplateFormatVersion: 2010-09-09
Description: >-
CloudFormation template for creating the resources used for the ECS cluster the application will
@@ -59,7 +45,7 @@ Parameters:
MinSize:
Description: Maximum number of instances that can be launched in the ECS cluster.
Type: Number
- Default: '0'
+ Default: '1'
MaxSize:
Description: Maximum number of instances that can be launched in the ECS cluster.
@@ -210,7 +196,8 @@ Resources:
ECSSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
- GroupDescription: Indexer Service ECS Security Group
+ GroupName: !Sub "${Environment}-${ApplicationName}-sg"
+ GroupDescription: Storage Service ECS Security Group
VpcId:
Fn::ImportValue:
!Sub "${Environment}-OSDU-VPC"
@@ -256,17 +243,14 @@ Resources:
CidrIp: 0.0.0.0/0
# SSH access for instances in our VPC's jump box subnet group (coming soon – will be part of the Util CFN)
- # TODO: Make security group in Util and enable it
- # ECSSecurityGroupSSHInbound:
- # Type: AWS::EC2::SecurityGroupIngress
- # Properties:
- # GroupId: !Ref 'ECSSecurityGroup'
- # IpProtocol: tcp
- # FromPort: '443'
- # ToPort: '443'
- # SourceSecurityGroupId:
- # Fn::ImportValue:
- # !Sub "${Environment}-OSDU-JumpBoxSecurityGroup"
+ ECSSecurityGroupSSHInbound:
+ Type: AWS::EC2::SecurityGroupIngress
+ Properties:
+ GroupId: !Ref 'ECSSecurityGroup'
+ IpProtocol: tcp
+ FromPort: '22'
+ ToPort: '22'
+ CidrIp: 0.0.0.0/0
# Open Application Load Balancer port range to itself
ECSSecurityGroupALBports:
@@ -292,7 +276,7 @@ Resources:
- Name: !Ref 'ApplicationName'
Cpu: '10'
Essential: 'true'
- Image: !Sub ${AWS::AccountId}.dkr.ecr.region.amazonaws.com/${Environment}-${ApplicationName}-repository:latest
+ Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${Environment}-${ApplicationName}-repository:latest
Memory: '300'
LogConfiguration:
LogDriver: awslogs
@@ -305,27 +289,15 @@ Resources:
SourceVolume: docker-volume
PortMappings:
- ContainerPort: 80
- # - Name: busybox
- # Cpu: 10
- # Command: ['/bin/sh -c "while true; do echo ''<html> <head> <title>Amazon ECS
- # Sample App</title> <style>body {margin-top: 40px; background-color: #333;}
- # </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon
- # ECS Sample App</h1> <h2>Congratulations!</h2> <p>The application is now
- # running on a container in Amazon ECS.</p>'' > top; /bin/date > date ;
- # echo ''</div></body></html>'' > bottom; cat top date bottom > /usr/local/apache2/htdocs/index.html
- # ; sleep 1; done"']
- # EntryPoint: [sh, -c]
- # Essential: false
- # Image: busybox
- # Memory: 200
- # LogConfiguration:
- # LogDriver: awslogs
- # Options:
- # awslogs-group: !Ref 'CloudWatchLogsGroup'
- # awslogs-region: !Ref 'AWS::Region'
- # awslogs-stream-prefix: !Ref 'ApplicationName'
- # VolumesFrom:
- # - SourceContainer: !Ref 'ApplicationName'
+ Environment: # TODO: secure the sources of these values
+ - Name: AWS_ACCESS_KEY_ID
+ Value: AKIA453FG2R3UKGYA252
+ - Name: AWS_SECRET_KEY
+ Value: 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
+ - Name: ENVIRONMENT
+ Value: dev
+ - Name: VSTS_FEED_TOKEN
+ Value: 4t46p4pkk2kinwhjet3ucjb5prhexcme5cbmt4txpuoqn4jns22q
Volumes:
- Name: docker-volume
@@ -350,34 +322,34 @@ Resources:
Properties:
DefaultActions:
- Type: forward
- TargetGroupArn: !Ref 'ECSTG'
+ TargetGroupArn: !Ref 'ECSTargetGroup'
LoadBalancerArn: !Ref 'ECSALB'
Port: '80'
Protocol: HTTP
- ECSALBListenerRule:
+ ECSALBPrimaryListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
DependsOn: ALBListener
Properties:
Actions:
- Type: forward
- TargetGroupArn: !Ref 'ECSTG'
+ TargetGroupArn: !Ref 'ECSTargetGroup'
Conditions:
- Field: path-pattern
Values: [/]
ListenerArn: !Ref 'ALBListener'
Priority: 1
- ECSTG:
+ ECSTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
DependsOn: ECSALB
Properties:
- HealthCheckIntervalSeconds: 10
- HealthCheckPath: /
+ HealthCheckIntervalSeconds: 120
+ HealthCheckPath: /api/storage/v2/
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
- Name: ECSTG
+ Name: !Sub ECSTargetGroup-${ApplicationName}
Port: 80
Protocol: HTTP
UnhealthyThresholdCount: 2
@@ -428,7 +400,7 @@ Resources:
LoadBalancers:
- ContainerName: !Ref 'ApplicationName'
ContainerPort: '80'
- TargetGroupArn: !Ref 'ECSTG'
+ TargetGroupArn: !Ref 'ECSTargetGroup'
Role: !Ref 'ECSServiceRole'
TaskDefinition: !Ref 'TaskDefinition'
@@ -466,7 +438,7 @@ Resources:
ServiceScalingPolicy:
Type: AWS::ApplicationAutoScaling::ScalingPolicy
Properties:
- PolicyName: AStepPolicy
+ PolicyName: !Sub ScalingPolicy-${ApplicationName}
PolicyType: StepScaling
ScalingTargetId: !Ref 'ServiceScalingTarget'
StepScalingPolicyConfiguration:
@@ -512,7 +484,7 @@ Resources:
- Effect: Allow
Action: ['ecs:CreateCluster', 'ecs:DeregisterContainerInstance', 'ecs:DiscoverPollEndpoint',
'ecs:Poll', 'ecs:RegisterContainerInstance', 'ecs:StartTelemetrySession',
- 'ecs:Submit*', 'logs:CreateLogStream', 'logs:PutLogEvents']
+ 'ecs:Submit*', 'logs:CreateLogStream', 'logs:PutLogEvents', 'ecr:*']
Resource: '*'
AutoscalingRole:
@@ -554,19 +526,25 @@ Outputs:
Name: !Sub ${Environment}-${ApplicationName}-EcsClusterName
ECSServiceArn:
- Description: The ARN of the Indexer Service service in the ECS cluster.
+ Description: The ARN of the Storage Service service in the ECS cluster.
Value: !Ref 'Service'
Export:
Name: !Sub ${Environment}-${ApplicationName}-EcsServiceArn
ECSALBUrl:
- Description: The Indexer Service ALB DNS URL.
+ Description: The Storage Service ALB DNS URL.
Value: !Join ['', [!GetAtt [ECSALB, DNSName]]]
Export:
Name: !Sub ${Environment}-${ApplicationName}-EcsAlbUrl
TaskDefinitionArn:
- Description: The ARN of the Indexer Service ECS task definition.
+ Description: The ARN of the Storage Service ECS task definition.
Value: !Ref 'TaskDefinition'
Export:
Name: !Sub ${Environment}-${ApplicationName}-EcsTaskDefinitionArn
+
+ ECSSecurityGroupId:
+ Description: The ID of the Storage Service ECS EC2 security group.
+ Value: !Ref 'ECSSecurityGroup'
+ Export:
+ Name: !Sub ${Environment}-${ApplicationName}-EcsSecurityGroupId