AWSTemplateFormatVersion: 2010-09-09

Description: Creating ECS service

Parameters:

  PrivateALB:
    Type: String
  ECSCluster:
    Type: String
  VPC:
    Type: String
  PrivateSubnet1:
    Type: String
  PrivateSubnet2:
    Type: String
  SecurityGroup:
    Type: String

Resources:
  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub /ecs/${AWS::StackName}
  taskdefinition:
    Type: 'AWS::ECS::TaskDefinition'
    Properties:
      RequiresCompatibilities:
        - "EC2"
      Cpu: 256
      Memory: 1GB
      NetworkMode: awsvpc
      ContainerDefinitions:
        - Name: Greeting
          Cpu: 10
          Image: arungupta/greeting
          Memory: 500
          PortMappings:
            - ContainerPort: 8081
          LogConfiguration:
             LogDriver: awslogs
             Options:
               awslogs-group: !Ref LogGroup
               awslogs-region: !Ref AWS::Region
               awslogs-stream-prefix: greeting

  service:
    Type: 'AWS::ECS::Service'
    DependsOn: listener
    Properties:
      Cluster: !Ref ECSCluster
      DesiredCount: 1
      HealthCheckGracePeriodSeconds: 60
      LaunchType: EC2
      NetworkConfiguration:
        AwsvpcConfiguration:
          SecurityGroups:
            - !Ref SecurityGroup
          Subnets:
            - !Ref PrivateSubnet1
            - !Ref PrivateSubnet2
      LoadBalancers:
        - TargetGroupArn: !Ref targetgroup001
          ContainerPort: 8081
          ContainerName: Greeting
      TaskDefinition: !Ref taskdefinition
      ServiceName: greeting

  targetgroup001:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 60
      UnhealthyThresholdCount: 10
      HealthCheckPath: /resources/greeting
      Name: greeting
      Port: 8081
      Protocol: HTTP
      VpcId: !Ref VPC
      TargetType: ip

  listener:
      Type: AWS::ElasticLoadBalancingV2::Listener
      DependsOn: ECSServiceRole
      Properties:
        DefaultActions:
          - Type: forward
            TargetGroupArn:
              Ref: targetgroup001
        LoadBalancerArn: !Ref PrivateALB
        Port: 8081
        Protocol: HTTP
  ECSServiceRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service: [ecs.amazonaws.com]
          Action: ['sts:AssumeRole']
      Path: /
      Policies:
      - PolicyName: ecs-service
        PolicyDocument:
          Statement:
          - Effect: Allow
            Action: ['elasticloadbalancing:DeregisterInstancesFromLoadBalancer', 'elasticloadbalancing:DeregisterTargets',
              'elasticloadbalancing:Describe*', 'elasticloadbalancing:RegisterInstancesWithLoadBalancer',
              'elasticloadbalancing:RegisterTargets', 'ec2:Describe*', 'ec2:AuthorizeSecurityGroupIngress']
            Resource: '*'