AWSTemplateFormatVersion: '2010-09-09' Description: Deploy a scheduled Fargate task that will be initiated off of EventBridge Events. Mappings: TaskSize: x-small: cpu: 256 memory: 512 small: cpu: 512 memory: 1024 medium: cpu: 1024 memory: 2048 large: cpu: 2048 memory: 4096 x-large: cpu: 4096 memory: 8192 Resources: ScheduledEventRule: Type: 'AWS::Events::Rule' Properties: ScheduleExpression: '{{service_instance.inputs.schedule_expression}}' State: ENABLED Targets: - Arn: '{{environment.outputs.ClusterArn}}' EcsParameters: LaunchType: FARGATE NetworkConfiguration: AwsVpcConfiguration: {% if service_instance.inputs.subnet_type == 'private' %} AssignPublicIp: DISABLED {% else %} AssignPublicIp: ENABLED {% endif %} SecurityGroups: - !GetAtt - ScheduledTaskDefSecurityGroup - GroupId Subnets: {% if service_instance.inputs.subnet_type == 'private' %} - '{{environment.outputs.PrivateSubnet1}}' - '{{environment.outputs.PrivateSubnet2}}' {% else %} - '{{environment.outputs.PublicSubnet1}}' - '{{environment.outputs.PublicSubnet2}}' {% endif %} TaskCount: '{{service_instance.inputs.desired_count}}' TaskDefinitionArn: !Ref ScheduledTaskDef Id: Target0 Input: '{}' RoleArn: !GetAtt - ScheduledTaskDefEventsRole - Arn ScheduledTaskDefTaskRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Statement: - Action: 'sts:AssumeRole' Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Version: 2012-10-17 Policies: - PolicyName: 'Publish2SNS' PolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Action: 'sns:Publish' Resource: '{{environment.outputs.SNSTopicArn}}' ScheduledTaskDef: Type: 'AWS::ECS::TaskDefinition' Properties: ContainerDefinitions: - Essential: true Image: '{{service_instance.inputs.image}}' LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref ScheduledTaskDefLogGroup awslogs-stream-prefix: '{{service.name}}/{{service_instance.name}}' awslogs-region: !Ref 'AWS::Region' Name: '{{service_instance.name}}' Environment: - Name: SNS_TOPIC_ARN Value: '{"ping":"{{environment.outputs.SNSTopicArn}}"}' - Name: SNS_REGION Value: "{{environment.outputs.SNSRegion}}" Cpu: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, cpu] ExecutionRoleArn: '{{environment.outputs.ServiceTaskDefExecutionRoleArn}}' Family: '{{service.name}}_{{service_instance.name}}' Memory: !FindInMap [TaskSize, {{service_instance.inputs.task_size}}, memory] NetworkMode: awsvpc RequiresCompatibilities: - FARGATE TaskRoleArn: !GetAtt - ScheduledTaskDefTaskRole - Arn ScheduledTaskDefLogGroup: Type: 'AWS::Logs::LogGroup' UpdateReplacePolicy: Retain DeletionPolicy: Retain ScheduledTaskDefEventsRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Statement: - Action: 'sts:AssumeRole' Effect: Allow Principal: Service: events.amazonaws.com Version: 2012-10-17 ScheduledTaskDefEventsRoleDefaultPolicy: Type: 'AWS::IAM::Policy' Properties: PolicyDocument: Statement: - Action: 'ecs:RunTask' Condition: ArnEquals: 'ecs:cluster': '{{environment.outputs.ClusterArn}}' Effect: Allow Resource: !Ref ScheduledTaskDef - Action: 'iam:PassRole' Effect: Allow Resource: '{{environment.outputs.ServiceTaskDefExecutionRoleArn}}' - Action: 'iam:PassRole' Effect: Allow Resource: !GetAtt - ScheduledTaskDefTaskRole - Arn Version: 2012-10-17 PolicyName: ScheduledTaskDefEventsRoleDefaultPolicy Roles: - !Ref ScheduledTaskDefEventsRole ScheduledTaskDefSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Automatically created Security Group for the Task SecurityGroupEgress: - CidrIp: 0.0.0.0/0 Description: Allow all outbound traffic by default IpProtocol: '-1' VpcId: '{{environment.outputs.VPC}}'