-
Notifications
You must be signed in to change notification settings - Fork 222
/
Copy pathmy_ecs_construct-stack.yaml
437 lines (437 loc) · 14.9 KB
/
my_ecs_construct-stack.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
Resources:
MyVpcF9F0CA6F:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/Resource
MyVpcPublicSubnet1SubnetF6608456:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.0.0/18
VpcId: !Ref MyVpcF9F0CA6F
AvailabilityZone: !Select
- 0
- !GetAZs ''
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PublicSubnet1
- Key: aws-cdk:subnet-name
Value: Public
- Key: aws-cdk:subnet-type
Value: Public
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet1/Subnet
MyVpcPublicSubnet1RouteTableC46AB2F4:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVpcF9F0CA6F
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PublicSubnet1
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet1/RouteTable
MyVpcPublicSubnet1RouteTableAssociation2ECEE1CB:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyVpcPublicSubnet1RouteTableC46AB2F4
SubnetId: !Ref MyVpcPublicSubnet1SubnetF6608456
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet1/RouteTableAssociation
MyVpcPublicSubnet1DefaultRoute95FDF9EB:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref MyVpcPublicSubnet1RouteTableC46AB2F4
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyVpcIGW5C4A4F63
DependsOn:
- MyVpcVPCGW488ACE0D
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet1/DefaultRoute
MyVpcPublicSubnet1EIP096967CB:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet1/EIP
MyVpcPublicSubnet1NATGatewayAD3400C1:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt MyVpcPublicSubnet1EIP096967CB.AllocationId
SubnetId: !Ref MyVpcPublicSubnet1SubnetF6608456
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PublicSubnet1
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet1/NATGateway
MyVpcPublicSubnet2Subnet492B6BFB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.64.0/18
VpcId: !Ref MyVpcF9F0CA6F
AvailabilityZone: !Select
- 1
- !GetAZs ''
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PublicSubnet2
- Key: aws-cdk:subnet-name
Value: Public
- Key: aws-cdk:subnet-type
Value: Public
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet2/Subnet
MyVpcPublicSubnet2RouteTable1DF17386:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVpcF9F0CA6F
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PublicSubnet2
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet2/RouteTable
MyVpcPublicSubnet2RouteTableAssociation227DE78D:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyVpcPublicSubnet2RouteTable1DF17386
SubnetId: !Ref MyVpcPublicSubnet2Subnet492B6BFB
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet2/RouteTableAssociation
MyVpcPublicSubnet2DefaultRoute052936F6:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref MyVpcPublicSubnet2RouteTable1DF17386
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyVpcIGW5C4A4F63
DependsOn:
- MyVpcVPCGW488ACE0D
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet2/DefaultRoute
MyVpcPublicSubnet2EIP8CCBA239:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet2/EIP
MyVpcPublicSubnet2NATGateway91BFBEC9:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt MyVpcPublicSubnet2EIP8CCBA239.AllocationId
SubnetId: !Ref MyVpcPublicSubnet2Subnet492B6BFB
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PublicSubnet2
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PublicSubnet2/NATGateway
MyVpcPrivateSubnet1Subnet5057CF7E:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.128.0/18
VpcId: !Ref MyVpcF9F0CA6F
AvailabilityZone: !Select
- 0
- !GetAZs ''
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PrivateSubnet1
- Key: aws-cdk:subnet-name
Value: Private
- Key: aws-cdk:subnet-type
Value: Private
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet1/Subnet
MyVpcPrivateSubnet1RouteTable8819E6E2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVpcF9F0CA6F
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PrivateSubnet1
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet1/RouteTable
MyVpcPrivateSubnet1RouteTableAssociation56D38C7E:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyVpcPrivateSubnet1RouteTable8819E6E2
SubnetId: !Ref MyVpcPrivateSubnet1Subnet5057CF7E
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet1/RouteTableAssociation
MyVpcPrivateSubnet1DefaultRouteA8CDE2FA:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref MyVpcPrivateSubnet1RouteTable8819E6E2
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref MyVpcPublicSubnet1NATGatewayAD3400C1
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet1/DefaultRoute
MyVpcPrivateSubnet2Subnet0040C983:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.192.0/18
VpcId: !Ref MyVpcF9F0CA6F
AvailabilityZone: !Select
- 1
- !GetAZs ''
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PrivateSubnet2
- Key: aws-cdk:subnet-name
Value: Private
- Key: aws-cdk:subnet-type
Value: Private
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet2/Subnet
MyVpcPrivateSubnet2RouteTableCEDCEECE:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVpcF9F0CA6F
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc/PrivateSubnet2
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet2/RouteTable
MyVpcPrivateSubnet2RouteTableAssociation86A610DA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyVpcPrivateSubnet2RouteTableCEDCEECE
SubnetId: !Ref MyVpcPrivateSubnet2Subnet0040C983
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet2/RouteTableAssociation
MyVpcPrivateSubnet2DefaultRoute9CE96294:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref MyVpcPrivateSubnet2RouteTableCEDCEECE
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref MyVpcPublicSubnet2NATGateway91BFBEC9
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/PrivateSubnet2/DefaultRoute
MyVpcIGW5C4A4F63:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: MyEcsConstruct/MyVpc
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/IGW
MyVpcVPCGW488ACE0D:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVpcF9F0CA6F
InternetGatewayId: !Ref MyVpcIGW5C4A4F63
Metadata:
aws:cdk:path: MyEcsConstruct/MyVpc/VPCGW
MyCluster4C1BA579:
Type: AWS::ECS::Cluster
Metadata:
aws:cdk:path: MyEcsConstruct/MyCluster/Resource
MyFargateServiceLBDE830E97:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
LoadBalancerAttributes: []
Scheme: internet-facing
SecurityGroups:
- !GetAtt MyFargateServiceLBSecurityGroup6FBF16F1.GroupId
Subnets:
- !Ref MyVpcPublicSubnet1SubnetF6608456
- !Ref MyVpcPublicSubnet2Subnet492B6BFB
Type: application
DependsOn:
- MyVpcPublicSubnet1DefaultRoute95FDF9EB
- MyVpcPublicSubnet2DefaultRoute052936F6
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/LB/Resource
MyFargateServiceLBSecurityGroup6FBF16F1:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Automatically created Security Group for ELB MyEcsConstructMyFargateServiceLB5E4E9AE3
SecurityGroupEgress: []
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
Description: Allow from anyone on port 80
FromPort: 80
IpProtocol: tcp
ToPort: 80
VpcId: !Ref MyVpcF9F0CA6F
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/LB/SecurityGroup/Resource
MyFargateServiceLBSecurityGrouptoMyEcsConstructMyFargateServiceSecurityGroup67F71DB380B308A4F1:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !GetAtt MyFargateServiceLBSecurityGroup6FBF16F1.GroupId
IpProtocol: tcp
Description: Load balancer to target
DestinationSecurityGroupId: !GetAtt MyFargateServiceSecurityGroup7016792A.GroupId
FromPort: 80
ToPort: 80
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/LB/SecurityGroup/to MyEcsConstructMyFargateServiceSecurityGroup67F71DB3:80
MyFargateServiceLBPublicListener61A1042F:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref MyFargateServiceLBPublicListenerECSGroup4A3EDF05
Type: forward
LoadBalancerArn: !Ref MyFargateServiceLBDE830E97
Port: 80
Protocol: HTTP
Certificates: []
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/LB/PublicListener/Resource
MyFargateServiceLBPublicListenerECSGroup4A3EDF05:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 80
Protocol: HTTP
TargetGroupAttributes: []
Targets: []
TargetType: ip
VpcId: !Ref MyVpcF9F0CA6F
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/LB/PublicListener/ECSGroup/Resource
MyFargateServiceTaskDefTaskRole62C7D397:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: !Join
- ''
- - ecs-tasks.
- !Ref AWS::URLSuffix
Version: '2012-10-17'
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/TaskDef/TaskRole/Resource
MyFargateServiceTaskDef5DA17B39:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Essential: true
Image: amazon/amazon-ecs-sample
Links: []
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref MyFargateServiceTaskDefwebLogGroup4A6C44E8
awslogs-stream-prefix: MyFargateService
awslogs-region: !Ref AWS::Region
MountPoints: []
Name: web
PortMappings:
- ContainerPort: 80
Protocol: tcp
Ulimits: []
VolumesFrom: []
Cpu: '512'
ExecutionRoleArn: !GetAtt MyFargateServiceTaskDefExecutionRoleD6305504.Arn
Family: MyEcsConstructMyFargateServiceTaskDef164AB9B9
Memory: '2048'
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
TaskRoleArn: !GetAtt MyFargateServiceTaskDefTaskRole62C7D397.Arn
Volumes: []
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/TaskDef/Resource
MyFargateServiceTaskDefwebLogGroup4A6C44E8:
Type: AWS::Logs::LogGroup
DeletionPolicy: Retain
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/TaskDef/web/LogGroup/Resource
MyFargateServiceTaskDefExecutionRoleD6305504:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: !Join
- ''
- - ecs-tasks.
- !Ref AWS::URLSuffix
Version: '2012-10-17'
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/TaskDef/ExecutionRole/Resource
MyFargateServiceTaskDefExecutionRoleDefaultPolicyEC22B20F:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource: !GetAtt MyFargateServiceTaskDefwebLogGroup4A6C44E8.Arn
Version: '2012-10-17'
PolicyName: MyFargateServiceTaskDefExecutionRoleDefaultPolicyEC22B20F
Roles:
- !Ref MyFargateServiceTaskDefExecutionRoleD6305504
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/TaskDef/ExecutionRole/DefaultPolicy/Resource
MyFargateServiceF490C034:
Type: AWS::ECS::Service
Properties:
TaskDefinition: !Ref MyFargateServiceTaskDef5DA17B39
Cluster: !Ref MyCluster4C1BA579
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 50
DesiredCount: 6
HealthCheckGracePeriodSeconds: 60
LaunchType: FARGATE
LoadBalancers:
- ContainerName: web
ContainerPort: 80
TargetGroupArn: !Ref MyFargateServiceLBPublicListenerECSGroup4A3EDF05
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- !GetAtt MyFargateServiceSecurityGroup7016792A.GroupId
Subnets:
- !Ref MyVpcPrivateSubnet1Subnet5057CF7E
- !Ref MyVpcPrivateSubnet2Subnet0040C983
ServiceRegistries: []
DependsOn:
- MyFargateServiceLBPublicListenerECSGroup4A3EDF05
- MyFargateServiceLBPublicListener61A1042F
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/Service/Service
MyFargateServiceSecurityGroup7016792A:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: MyEcsConstruct/MyFargateService/Service/SecurityGroup
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic by default
IpProtocol: '-1'
SecurityGroupIngress: []
VpcId: !Ref MyVpcF9F0CA6F
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/Service/SecurityGroup/Resource
MyFargateServiceSecurityGroupfromMyEcsConstructMyFargateServiceLBSecurityGroup8793A2F780B3ABD3C6:
Type: AWS::EC2::SecurityGroupIngress
Properties:
IpProtocol: tcp
Description: Load balancer to target
FromPort: 80
GroupId: !GetAtt MyFargateServiceSecurityGroup7016792A.GroupId
SourceSecurityGroupId: !GetAtt MyFargateServiceLBSecurityGroup6FBF16F1.GroupId
ToPort: 80
Metadata:
aws:cdk:path: MyEcsConstruct/MyFargateService/Service/SecurityGroup/from MyEcsConstructMyFargateServiceLBSecurityGroup8793A2F7:80
Outputs:
MyFargateServiceLoadBalancerDNS704F6391:
Value: !GetAtt MyFargateServiceLBDE830E97.DNSName