--- AWSTemplateFormatVersion: '2010-09-09' Description: Atlassian Connect Add-on for Jira Software Data Provider APIs - AWS Fargate. Metadata: LICENSE: |- Copyright 2019 Amazon Web Services Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. AWS::CloudFormation::Interface: ParameterGroups: - Label: default: AWS Fargate and Atlassian Connect Configuration Parameters: - ECRImageURI - JiraUser - JiraPass - JiraServerPort - ProjectName ParameterLabels: ECRImageURI: default: Amazon ECR Image URI JiraUser: default: Jira Username JiraPass: default: Jira Authentication Token JiraServerPort: default: Jira Connect App Server Port ProjectName: default: Project Name Parameters: ECRImageURI: Description: Path to Amazon ECR Repository Image Type: String Default: yourpath/atlassian-connect:latest JiraUser: Description: Your Atlassian cloud account login ID. Type: String Default: secuser@company.com JiraPass: Type: String Description: For instructions on generating a token visit https://confluence.atlassian.com/cloud/api-tokens-938839638.html NoEcho: True JiraServerPort: Description: The desired port for your app. Type: Number Default: 8080 ProjectName: Description: Desired name for your project. Type: String Default: atlassian-connect Mappings: SubnetConfig: VPC: CIDR: '10.0.0.0/16' PublicOne: CIDR: '10.0.0.0/24' PublicTwo: CIDR: '10.0.1.0/24' Resources: VPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: true EnableDnsHostnames: true CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] InternetGateway: Type: AWS::EC2::InternetGateway GatewayAttachement: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref 'VPC' InternetGatewayId: !Ref 'InternetGateway' PublicSubnetOne: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] MapPublicIpOnLaunch: true PublicSubnetTwo: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] MapPublicIpOnLaunch: true PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref 'VPC' PublicRoute: Type: AWS::EC2::Route DependsOn: GatewayAttachement Properties: RouteTableId: !Ref 'PublicRouteTable' DestinationCidrBlock: '0.0.0.0/0' GatewayId: !Ref 'InternetGateway' PublicSubnetOneRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnetOne RouteTableId: !Ref PublicRouteTable PublicSubnetTwoRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnetTwo RouteTableId: !Ref PublicRouteTable PublicLoadBalancer: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Type: network Scheme: internet-facing Subnets: - !Ref PublicSubnetOne - !Ref PublicSubnetTwo PublicLoadBalancerListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - TargetGroupArn: !Ref 'TargetGroup' Type: 'forward' LoadBalancerArn: !Ref 'PublicLoadBalancer' Port: !Ref 'JiraServerPort' Protocol: TCP TargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 10 HealthCheckProtocol: TCP HealthyThresholdCount: 2 TargetType: ip Name: !Join ['-', [!Ref 'AWS::StackName', 'target']] Port: !Ref 'JiraServerPort' Protocol: TCP UnhealthyThresholdCount: 2 VpcId: !Ref VPC FargateTaskRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ecs-tasks.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy FargateLogGroup: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 7 FargateContainerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Access to the Fargate containers VpcId: !Ref 'VPC' SecurityGroupIngress: - CidrIp: 0.0.0.0/0 IpProtocol: 'tcp' FromPort: !Ref 'JiraServerPort' ToPort: !Ref 'JiraServerPort' FargateCluster: Type: AWS::ECS::Cluster Properties: ClusterName: !Ref 'ProjectName' FargateService: DependsOn: PublicLoadBalancerListener Type: AWS::ECS::Service Properties: Cluster: Ref: FargateCluster ServiceName: !Ref 'ProjectName' LaunchType: FARGATE DesiredCount: 1 TaskDefinition: Ref: FargateTaskDefinition NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: ENABLED SecurityGroups: - !Ref 'FargateContainerSecurityGroup' Subnets: - !Ref 'PublicSubnetOne' - !Ref 'PublicSubnetTwo' LoadBalancers: - ContainerName: !Sub ${AWS::StackName}-${ProjectName} ContainerPort: !Ref 'JiraServerPort' TargetGroupArn: !Ref 'TargetGroup' FargateTaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Cpu: '2048' Memory: '4096' NetworkMode: awsvpc RequiresCompatibilities: - FARGATE ExecutionRoleArn: Fn::GetAtt: FargateTaskRole.Arn ContainerDefinitions: - Name: !Sub ${AWS::StackName}-${ProjectName} Image: !Ref 'ECRImageURI' PortMappings: - ContainerPort: !Ref 'JiraServerPort' Protocol: tcp Ulimits: - Name: nproc SoftLimit: 65535 HardLimit: 65535 - Name: nofile SoftLimit: 32000 HardLimit: 40000 Environment: - Name: SECURITY_LOGIN Value: !Ref 'JiraUser' - Name: SECURITY_PASSWORD Value: !Ref 'JiraPass' - Name: ADDON_BASE_URL Value: !Join ['', ['https://', !GetAtt 'PublicLoadBalancer.DNSName']] - Name: SERVER_PORT Value: !Ref 'JiraServerPort' LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref 'FargateLogGroup' awslogs-region: !Ref AWS::Region awslogs-stream-prefix: !Ref 'ProjectName' Outputs: FargateClusterName: Description: The name of the Fargate cluster Value: !Ref 'FargateCluster' Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ProjectName' ] ] ExternalUrl: Description: The url of the external load balancer Value: !Join ['', [ 'http://', !GetAtt 'PublicLoadBalancer.DNSName', ':', !Ref 'JiraServerPort' ] ] Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ExternalUrl' ] ] FargateRole: Description: The ARN of the ECS Fargate role Value: !GetAtt 'FargateTaskRole.Arn' Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'FargateRole' ] ] PublicListener: Description: The ARN of the public load balancer's Listener Value: !Ref PublicLoadBalancerListener Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicListener' ] ] VPCId: Description: The ID of the VPC that this stack is deployed in Value: !Ref 'VPC' Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'VPCId' ] ] PublicSubnetOne: Description: Public subnet one Value: !Ref 'PublicSubnetOne' Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetOne' ] ] PublicSubnetTwo: Description: Public subnet two Value: !Ref 'PublicSubnetTwo' Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetTwo' ] ] FargateContainerSecurityGroup: Description: A security group used to allow Fargate containers to receive traffic Value: !Ref 'FargateContainerSecurityGroup' Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'FargateContainerSecurityGroup' ] ]