--- AWSTemplateFormatVersion: '2010-09-09' Description: > This Cloudformation Template deploys the frontend applications Greenlight and Scalelite to the previously created ECS Cluster. Disclaimer: Not for production use. Demo and testing purposes only. Author: David Surey Parameters: BBBHostedZone: Description: Hosted zone in which the DNS entries Type: String BBBDomainName: Description: Base domain name Type: String BBBFrontendELBSecurityGroup: Description: Security Group that should be assigned for the frontend ELB Type: String Default: "AWS::NoValue" BBBScaleliteELBSecurityGroup: Description: Security Group that should be assigned for the Scalelite ELB Type: String BBBPublicApplicationSubnets: Description: Comma separated list of the public subnets Type: CommaDelimitedList BBBPrivateApplicationSubnets: Description: Comma separated list of the private EC2 instance subnets Type: CommaDelimitedList BBBNotificationTopic: Description: Topic to be used for alarm notifications Type: String BBBVPCs: Description: Reference for the VPC Type: String BBBRDSDBConnectionSecret: Description: Amazon RDS Connection Secret Type: String BBBECSCluster: Description: Reference for the ECS Cluster in which to deploy the services Type: String BBBGreenlightRepositoryUri: Description: Greenlight Repository URI Type: String Default: "bigbluebutton/greenlight" BBBScaleliteRepositoryUri: Description: Scalelite Repository URI Type: String Default: "blindsidenetwks/scalelite" BBBgreenlightImageTag: Description: Greenlight docker image identifier Type: String Default: "v3" BBBScaleliteApiImageTag: Description: Scalelite API docker image identifier Type: String Default: "v1-api" BBBScaleliteNginxImageTag: Description: Scalelite NGINX docker image identifier Type: String Default: "v1-nginx" BBBScalelitePollerImageTag: Description: Scalelite Poller docker image identifier Type: String Default: "v1-poller" BBBScaleliteImporterImageTag: Description: Scalelite Importer docker image identifier Type: String Default: "v1-recording-importer" BBBCacheDBAddress: Description: Amazon ElastiCache Cluster address Type: String BBBCacheDBPort: Description: Amazon ElastiCache Cluster port Type: String BBBGreenlightMemory: Description: Memory constraints for Greenlight container Type: Number Default: 1024 BBBGreenlightCPU: Description: CPU constraints for Greenlight container Type: Number Default: 512 BBBScaleliteMemory: Description: Memory constraints for Scalelite Fargate Task Type: Number Default: 2048 BBBScaleliteCPU: Description: CPU constraints for Scalelite Fargate Task Type: Number Default: 1024 BBBSESProviderArn: Description: ARN of the custom SES provider Type: String BBBSMTPSecretProviderArn: Description: ARN of the custom SMTP secrets provider Type: String BBBGreenlightMinReplicas: Description: Minimum amount of Greenlight containers available Type: Number Default: 1 BBBGreenlightMaxReplicas: Description: Maximum amount of Greenlight containers available Type: Number Default: 3 BBBGreenlightDesiredReplicas: Description: Desired amount of Greenlight containers available Type: Number Default: 1 BBBScaleliteMinReplicas: Description: Minimum amount of Scalelite containers available Type: Number Default: 1 BBBScaleliteMaxReplicas: Description: Maximum amount of Scalelite containers available Type: Number Default: 3 BBBScaleliteDesiredReplicas: Description: Desired amount of Scalelite containers available Type: Number Default: 1 BBBSharedStorageFS: Description: File system id for the Amazon EFS volume to be mounted Type: String BBBSharedStorageAPspool: Description: Access Point id for the Amazon EFS volume to be mounted Type: String BBBSharedStorageAPpublished: Description: Access Point id for the Amazon EFS volume to be mounted Type: String BBBSharedStorageAPunpublished: Description: Access Point id for the Amazon EFS volume to be mounted Type: String BBBSharedStorageAPrecordings: Description: Access Point id for the Amazon EFS volume to be mounted Type: String BBBSesRegion: Description: Region for the SES Domain. If not set, current deployment region will be used Type: String BBBOperatorEMail: Description: EMail address to notify if there are any operational issues Type: String AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)" ConstraintDescription: must be a valid email address. Default: johndoe@example.com BBBECSInstanceType: Description: Set the ECS Instance Type to either EC2 based or Fargate based deployments Type: String BBBECSTaskSecurityGroup: Description: Security Group that should be assigned for the EC2 Instances Type: String BBBApplicationLogsGroup: Description: Log group to be used for the Application logs Type: String BBBSESValidated: Description: If the SES Domain is already validated manually we do not need the automation Type: String Default: false AllowedValues: [ true, false ] BBBACMCertArn: Description: Set this parameter if you want to reuse an existing ACM certificate for your deployment Type: String Default: "AWS::NoValue" BBBFrontendType: Type: String Default: Greenlight AllowedValues: - Greenlight - External Conditions: BBBSESRegionSet: !Not [ !Equals [ !Ref BBBSesRegion, "AWS::NoValue" ] ] BBBECSFargate: !Equals [ !Ref BBBECSInstanceType, fargate ] BBBECSEC2: !Not [ !Equals [ !Ref BBBECSInstanceType, fargate ] ] BBBSESNotValidated: !Equals [ false, !Ref BBBSESValidated ] BBBACMNewCert: !Equals [ !Ref BBBACMCertArn, "AWS::NoValue" ] BBBGreenlight: !Equals [!Ref BBBFrontendType, Greenlight] BBBSESNotValidatedGreenlight: !And [!Equals [!Ref BBBFrontendType, Greenlight], !Equals [ false, !Ref BBBSESValidated ]] Resources: BBBSESDomainIdentity: Type: Custom::DomainIdentity Condition: BBBSESNotValidatedGreenlight Properties: Domain: !Ref BBBDomainName Region: !If [ BBBSESRegionSet, !Ref BBBSesRegion, !Ref "AWS::Region" ] RecordSetDefaults: TTL: 60 Weight: 1 SetIdentifier: !If [ BBBSESRegionSet, !Ref BBBSesRegion, !Ref "AWS::Region" ] ServiceToken: !Ref BBBSESProviderArn BBBSESVerifiedIdentity: Type: Custom::VerifiedIdentity Condition: BBBSESNotValidatedGreenlight DependsOn: - BBBSESDkimRecords - BBBSESVerificationRecords Properties: Identity: !GetAtt BBBSESDomainIdentity.Domain Region: !GetAtt BBBSESDomainIdentity.Region Dummy: true ServiceToken: !Ref BBBSESProviderArn BBBSESVerificationRecords: Type: AWS::Route53::RecordSetGroup Condition: BBBSESNotValidatedGreenlight Properties: Comment: !Sub 'SES identity for ${BBBDomainName}' HostedZoneId: !Ref BBBHostedZone RecordSets: !GetAtt 'BBBSESDomainIdentity.RecordSets' BBBSESDkimTokens: Type: Custom::DkimTokens Condition: BBBSESNotValidatedGreenlight Properties: Domain: !GetAtt 'BBBSESDomainIdentity.Domain' Region: !GetAtt 'BBBSESDomainIdentity.Region' ServiceToken: !Ref BBBSESProviderArn BBBSESDkimRecords: Type: AWS::Route53::RecordSetGroup Condition: BBBSESNotValidatedGreenlight Properties: Comment: !Sub 'DKIM records for ${BBBDomainName}' HostedZoneId: !Ref BBBHostedZone RecordSets: !GetAtt 'BBBSESDkimTokens.RecordSets' BBBSESIdentityNotifications: Type: Custom::IdentityNotifications Condition: BBBSESNotValidatedGreenlight Properties: Identity: !GetAtt BBBSESVerifiedIdentity.Identity Region: !GetAtt BBBSESVerifiedIdentity.Region BounceTopic: !Ref BBBNotificationTopic ComplaintTopic: !Ref BBBNotificationTopic HeadersInBounceNotificationsEnabled: true HeadersInComplaintNotificationsEnabled: true ForwardingEnabled: false ServiceToken: !Ref BBBSESProviderArn BBBSMTPUser: Type: AWS::IAM::User Condition: BBBGreenlight Properties: Policies: - PolicyName: BBBSMTPUserPolicy PolicyDocument: Statement: - Effect: Allow Action: - ses:SendRawEmail Resource: "*" BBBUserAccessKey: Type: AWS::IAM::AccessKey Condition: BBBGreenlight Properties: Serial: 8 Status: Active UserName: !Ref BBBSMTPUser BBBSMTPAccessKey: Type: Custom::SMTPPW Condition: BBBGreenlight Properties: Description: The SMTP User Password for Email Sendout SecretKey: !GetAtt BBBUserAccessKey.SecretAccessKey Region: !If [ BBBSESRegionSet, !Ref BBBSesRegion, !Ref "AWS::Region" ] NoEcho: true ServiceToken: !Ref BBBSMTPSecretProviderArn BBBSMTPAccessSecret: Type: AWS::SecretsManager::Secret Condition: BBBGreenlight Properties: Description: 'This is the BBB SMTP Login' SecretString: !Sub "{\"smtpusername\":\"${BBBUserAccessKey}\",\"smtppassword\":\"${BBBSMTPAccessKey}\"}" BBBApplicationBaseSecret: Type: AWS::SecretsManager::Secret Properties: Description: 'This is the BBB base secret' GenerateSecretString: SecretStringTemplate: '{"basekeyname": "basesecretkey"}' GenerateStringKey: 'basekeyvalue' PasswordLength: 64 ExcludePunctuation: true ExcludeUppercase: true BBBLoadbalancerSecret: Type: AWS::SecretsManager::Secret Properties: Description: 'This is the BBB Loadbalancer secret' GenerateSecretString: SecretStringTemplate: '{"basekeyname": "basesecretkey"}' GenerateStringKey: 'basekeyvalue' PasswordLength: 32 ExcludePunctuation: true ExcludeUppercase: true BBBAdministratorlogin: Type: AWS::SecretsManager::Secret Condition: BBBGreenlight Properties: Description: 'This is the BBB Admin Login' GenerateSecretString: SecretStringTemplate: !Sub "{\"username\":\"${BBBOperatorEMail}\"}" GenerateStringKey: 'password' PasswordLength: 16 BBBScaleliteExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy' Policies: - PolicyName: BBBScaleliteSecretPolicy PolicyDocument: Statement: - Effect: Allow Action: - "ssm:GetParameters" - "secretsmanager:GetSecretValue" Resource: - !Ref BBBRDSDBConnectionSecret - !Ref BBBApplicationBaseSecret - !Ref BBBLoadbalancerSecret BBBScaleliteRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: 'sts:AssumeRole' Policies: - PolicyName: BBBScaleliteECSEXEC PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - ssmmessages:CreateControlChannel - ssmmessages:CreateDataChannel - ssmmessages:OpenControlChannel - ssmmessages:OpenDataChannel Resource: "*" BBBGreenlightTaskExecutionRole: Type: AWS::IAM::Role Condition: BBBGreenlight Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy' Policies: - PolicyName: BBBGreenlightSecretPolicy PolicyDocument: Statement: - Effect: Allow Action: - "ssm:GetParameters" - "secretsmanager:GetSecretValue" Resource: - !Ref BBBRDSDBConnectionSecret - !Ref BBBApplicationBaseSecret - !Ref BBBSMTPAccessSecret - !Ref BBBAdministratorlogin - !Ref BBBLoadbalancerSecret BBBGreenlightTaskRole: Type: AWS::IAM::Role Condition: BBBGreenlight Properties: Policies: - PolicyName: BBBGreenlightECSEXEC PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - ssmmessages:CreateControlChannel - ssmmessages:CreateDataChannel - ssmmessages:OpenControlChannel - ssmmessages:OpenDataChannel Resource: '*' AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: 'sts:AssumeRole' BBBAutoscalingRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: [ application-autoscaling.amazonaws.com ] Action: [ "sts:AssumeRole" ] Path: / Policies: - PolicyName: service-autoscaling PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "cloudwatch:DescribeAlarms" - "cloudwatch:PutMetricAlarm" - "ecs:DescribeServices" - "ecs:UpdateService" Resource: - !If [ BBBGreenlight, !Ref BBBgreenlightService, !Ref "AWS::NoValue" ] - !Ref BBBScaleliteService - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*" BBBPublicCertificate: Condition: BBBACMNewCert Type: 'AWS::CertificateManager::Certificate' Properties: ValidationMethod: DNS DomainName: !Sub "*.${BBBDomainName}" SubjectAlternativeNames: - !Ref BBBDomainName - !Sub "*.${BBBDomainName}" DomainValidationOptions: - DomainName: !Ref BBBDomainName HostedZoneId: !Ref BBBHostedZone ValidationMethod: DNS BBBFrontendALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Condition: BBBGreenlight Properties: Scheme: internet-facing LoadBalancerAttributes: - Key: idle_timeout.timeout_seconds Value: "30" Subnets: !Ref BBBPublicApplicationSubnets SecurityGroups: - !Ref BBBFrontendELBSecurityGroup BBBFrontendALBListener: Type: AWS::ElasticLoadBalancingV2::Listener Condition: BBBGreenlight Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref BBBFrontendTG LoadBalancerArn: !Ref BBBFrontendALB Port: 443 Protocol: HTTPS Certificates: - CertificateArn: !If [ BBBACMNewCert, !Ref BBBPublicCertificate, !Ref BBBACMCertArn ] BBBFrontendTG: Type: AWS::ElasticLoadBalancingV2::TargetGroup Condition: BBBGreenlight DependsOn: BBBFrontendALB Properties: HealthCheckIntervalSeconds: 90 HealthCheckPath: / HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 60 HealthyThresholdCount: 3 Port: !If [ BBBECSFargate, 3000, 80 ] TargetType: !If [ BBBECSFargate, ip, instance ] Protocol: HTTP UnhealthyThresholdCount: 3 VpcId: !Ref BBBVPCs BBBFrontendALBListenerHTTP2HTTPS: Type: AWS::ElasticLoadBalancingV2::Listener Condition: BBBGreenlight Properties: DefaultActions: - Type: redirect RedirectConfig: Host: "#{host}" Path: "/#{path}" Port: "443" Protocol: "HTTPS" Query: "#{query}" StatusCode: "HTTP_301" LoadBalancerArn: !Ref BBBFrontendALB Port: 80 Protocol: HTTP BBBFrontendALBDNS: Type: AWS::Route53::RecordSetGroup Condition: BBBGreenlight Properties: HostedZoneId: !Ref BBBHostedZone Comment: ALB for Big Blue Button Frontend RecordSets: - Name: !Sub conference.${BBBDomainName} Type: CNAME TTL: '60' ResourceRecords: - !GetAtt 'BBBFrontendALB.DNSName' BBBScaleliteALBDNSName: Type: AWS::Route53::RecordSetGroup Properties: HostedZoneId: !Ref BBBHostedZone Comment: ALB for Scalelite RecordSets: - Name: !Sub scalelite.${BBBDomainName} Type: CNAME TTL: '60' ResourceRecords: - !GetAtt 'BBBScaleliteALB.DNSName' BBBScaleliteALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Scheme: internet-facing LoadBalancerAttributes: - Key: idle_timeout.timeout_seconds Value: "30" Subnets: !Ref BBBPublicApplicationSubnets SecurityGroups: - !Ref BBBScaleliteELBSecurityGroup BBBScaleliteALBListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref BBBScaleliteTG LoadBalancerArn: !Ref BBBScaleliteALB Port: 443 Protocol: HTTPS Certificates: - CertificateArn: !If [ BBBACMNewCert, !Ref BBBPublicCertificate, !Ref BBBACMCertArn ] BBBScaleliteALBListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule Properties: Actions: - Type: forward TargetGroupArn: !Ref BBBScaleliteTG Conditions: - Field: path-pattern Values: [ / ] ListenerArn: !Ref BBBScaleliteALBListener Priority: 1 BBBScaleliteTG: Type: AWS::ElasticLoadBalancingV2::TargetGroup DependsOn: BBBScaleliteALB Properties: HealthCheckIntervalSeconds: 90 HealthCheckPath: / HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 60 HealthyThresholdCount: 2 Port: 80 TargetType: !If [ BBBECSFargate, ip, instance ] Protocol: HTTP UnhealthyThresholdCount: 2 VpcId: !Ref BBBVPCs BBBgreenlightTaskdefinition: Type: AWS::ECS::TaskDefinition Condition: BBBGreenlight DependsOn: - BBBSMTPAccessKey Properties: Family: !Join [ "", [ !Ref "AWS::StackName", -greenlight ] ] ExecutionRoleArn: !Ref BBBGreenlightTaskExecutionRole NetworkMode: !If [ BBBECSFargate, awsvpc, !Ref "AWS::NoValue" ] Memory: !Ref BBBGreenlightMemory Cpu: !Ref BBBGreenlightCPU TaskRoleArn: !Ref BBBGreenlightTaskRole RequiresCompatibilities: !If - BBBECSFargate - - FARGATE - !Ref "AWS::NoValue" ContainerDefinitions: - Name: greenlight Essential: true Image: !Join - ':' - - !Ref BBBGreenlightRepositoryUri - !Ref BBBgreenlightImageTag LinuxParameters: InitProcessEnabled: true LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref BBBApplicationLogsGroup awslogs-region: !Ref "AWS::Region" awslogs-stream-prefix: greenlight PortMappings: - ContainerPort: 3000 Secrets: - Name: SECRET_KEY_BASE ValueFrom: !Sub "${BBBApplicationBaseSecret}:basekeyvalue::" - Name: BIGBLUEBUTTON_SECRET ValueFrom: !Sub "${BBBLoadbalancerSecret}:basekeyvalue::" - Name: SMTP_PASSWORD ValueFrom: !Sub "${BBBSMTPAccessSecret}:smtppassword::" - Name: SMTP_USERNAME ValueFrom: !Sub "${BBBSMTPAccessSecret}:smtpusername::" - Name: DATABASE_URL ValueFrom: !Sub "${BBBRDSDBConnectionSecret}:connectionString::" Environment: - Name: BIGBLUEBUTTON_ENDPOINT Value: !Join [ "", [ "https://", !Sub "scalelite.${BBBDomainName}", "/bigbluebutton/api" ] ] - Name: ALLOW_GREENLIGHT_ACCOUNTS Value: "true" - Name: RAILS_LOG_TO_STDOUT Value: "true" - Name: ALLOW_MAIL_NOTIFICATIONS Value: "true" - Name: GREENLIGHT_DOMAIN Value: !Sub ${BBBDomainName} - Name: GREENLIGHT_USE_WEBHOOKS Value: "false" - Name: SMTP_SERVER Value: !If [ BBBSESRegionSet, !Sub "email-smtp.${BBBSesRegion}.amazonaws.com" , !Sub "email-smtp.${AWS::Region}.amazonaws.com" ] - Name: SMTP_PORT Value: 587 - Name: SMTP_DOMAIN Value: !Sub ${BBBDomainName} - Name: SMTP_AUTH Value: LOGIN - Name: SMTP_STARTTLS_AUTO Value: "true" - Name: SMTP_STARTTLS Value: "true" - Name: SMTP_SSL_VERIFY Value: "true" - Name: SMTP_SENDER_EMAIL Value: !Sub "bigbluebutton@${BBBDomainName}" - Name: SMTP_SENDER_NAME Value: "BitBlueButton" - Name: REDIS_URL Value: !Sub - "redis://${BBBCacheDBAddress}:${BBBCacheDBPort}" - BBBCacheDBAddress: !Ref BBBCacheDBAddress BBBCacheDBPort: !Ref BBBCacheDBPort BBBgreenlightService: Type: AWS::ECS::Service Condition: BBBGreenlight DependsOn: - BBBFrontendALBListener Properties: Cluster: !Ref BBBECSCluster DesiredCount: !Ref BBBGreenlightDesiredReplicas PlatformVersion: !If [ BBBECSFargate, 1.4.0, !Ref "AWS::NoValue" ] EnableExecuteCommand: true NetworkConfiguration: !If - BBBECSFargate - AwsvpcConfiguration: AssignPublicIp: DISABLED SecurityGroups: - !Ref BBBECSTaskSecurityGroup Subnets: !Ref BBBPrivateApplicationSubnets - !Ref "AWS::NoValue" LoadBalancers: - ContainerName: greenlight ContainerPort: 3000 TargetGroupArn: !Ref BBBFrontendTG TaskDefinition: !Ref BBBgreenlightTaskdefinition HealthCheckGracePeriodSeconds: 60 LaunchType: !If [ BBBECSFargate, FARGATE, !Ref "AWS::NoValue" ] BBBgreenlightServiceScalingTarget: Type: AWS::ApplicationAutoScaling::ScalableTarget Condition: BBBGreenlight DependsOn: BBBAutoscalingRole Properties: MaxCapacity: !Ref BBBGreenlightMaxReplicas MinCapacity: !Ref BBBGreenlightMinReplicas ResourceId: !Join [ "", [ service/, !Ref BBBECSCluster, /, !GetAtt [ BBBgreenlightService, Name ] ], ] RoleARN: !GetAtt BBBAutoscalingRole.Arn ScalableDimension: ecs:service:DesiredCount ServiceNamespace: ecs BBBgreenlightServiceScalingPolicy: Type: AWS::ApplicationAutoScaling::ScalingPolicy Condition: BBBGreenlight DependsOn: BBBAutoscalingRole Properties: PolicyName: BBBgreenlightTargetTrackingPolicy PolicyType: TargetTrackingScaling ScalingTargetId: !Ref BBBgreenlightServiceScalingTarget TargetTrackingScalingPolicyConfiguration: TargetValue: 80 DisableScaleIn: False ScaleInCooldown: 15 ScaleOutCooldown: 15 PredefinedMetricSpecification: PredefinedMetricType: ALBRequestCountPerTarget ResourceLabel: !Join [ "/", [ !GetAtt BBBFrontendALB.LoadBalancerFullName, !GetAtt BBBFrontendTG.TargetGroupFullName ] ] BBBScaleliteTaskdefinition: Type: AWS::ECS::TaskDefinition Properties: Family: !Join [ "", [ !Ref "AWS::StackName", -scalelite ] ] ExecutionRoleArn: !Ref BBBScaleliteExecutionRole NetworkMode: !If [ BBBECSFargate, awsvpc, !Ref "AWS::NoValue" ] Memory: !Ref BBBScaleliteMemory Cpu: !Ref BBBScaleliteCPU TaskRoleArn: !Ref BBBScaleliteRole RequiresCompatibilities: !If - BBBECSFargate - - FARGATE - !Ref "AWS::NoValue" Volumes: - Name: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPspool IAM: ENABLED - Name: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPpublished IAM: ENABLED - Name: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPunpublished IAM: ENABLED - Name: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPrecordings IAM: ENABLED ContainerDefinitions: - Name: scalelite-importer Essential: true Image: !Join - ':' - - !Ref BBBScaleliteRepositoryUri - !Ref BBBScaleliteImporterImageTag MountPoints: - ContainerPath: /var/bigbluebutton/spool SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/published SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/unpublished SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] LinuxParameters: InitProcessEnabled: true LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref BBBApplicationLogsGroup awslogs-region: !Ref "AWS::Region" awslogs-stream-prefix: scalelite-importer HealthCheck: Command: - CMD-SHELL - exit 0 Secrets: - Name: SECRET_KEY_BASE ValueFrom: !Sub "${BBBApplicationBaseSecret}:basekeyvalue::" - Name: LOADBALANCER_SECRET ValueFrom: !Sub "${BBBLoadbalancerSecret}:basekeyvalue::" - Name: DATABASE_URL ValueFrom: !Sub "${BBBRDSDBConnectionSecret}:connectionString::" Environment: - Name: REDIS_URL Value: !Sub - "redis://${BBBCacheDBAddress}:${BBBCacheDBPort}" - BBBCacheDBAddress: !Ref BBBCacheDBAddress BBBCacheDBPort: !Ref BBBCacheDBPort - Name: BEHIND_PROXY Value: 'true' - Name: NGINX_BEHIND_PROXY Value: 'true' - Name: scalelite-poller Essential: true Image: !Join - ':' - - !Ref BBBScaleliteRepositoryUri - !Ref BBBScalelitePollerImageTag LinuxParameters: InitProcessEnabled: true LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref BBBApplicationLogsGroup awslogs-region: !Ref "AWS::Region" awslogs-stream-prefix: scalelite-poller HealthCheck: Command: - CMD-SHELL - exit 0 Secrets: - Name: SECRET_KEY_BASE ValueFrom: !Sub "${BBBApplicationBaseSecret}:basekeyvalue::" - Name: LOADBALANCER_SECRET ValueFrom: !Sub "${BBBLoadbalancerSecret}:basekeyvalue::" - Name: DATABASE_URL ValueFrom: !Sub "${BBBRDSDBConnectionSecret}:connectionString::" Environment: - Name: REDIS_URL Value: !Sub - "redis://${BBBCacheDBAddress}:${BBBCacheDBPort}" - BBBCacheDBAddress: !Ref BBBCacheDBAddress BBBCacheDBPort: !Ref BBBCacheDBPort - Name: BEHIND_PROXY Value: true - Name: NGINX_BEHIND_PROXY Value: 'true' - Name: scalelite-nginx Essential: true DependsOn: - ContainerName: scalelite-importer Condition: START Image: !Join - ':' - - !Ref BBBScaleliteRepositoryUri - !Ref BBBScaleliteNginxImageTag EntryPoint: !If - BBBECSFargate - - "sh" - "-c" - !Ref "AWS::NoValue" Command: !If - BBBECSFargate - - "/bin/sh -c \"sed -i 's/scalelite-api/127.0.0.1/g' /etc/nginx/http.d/scalelite-proxy.template && /etc/nginx/start -g daemon off\"" - !Ref "AWS::NoValue" Links: !If - BBBECSEC2 - - scalelite-api:scalelite-api - !Ref "AWS::NoValue" MountPoints: - ContainerPath: /var/bigbluebutton/spool SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/published SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/unpublished SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] LinuxParameters: InitProcessEnabled: true LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref BBBApplicationLogsGroup awslogs-region: !Ref "AWS::Region" awslogs-stream-prefix: scalelite-nginx PortMappings: - ContainerPort: 80 HealthCheck: Command: - CMD-SHELL - exit 0 Secrets: - Name: SECRET_KEY_BASE ValueFrom: !Sub "${BBBApplicationBaseSecret}:basekeyvalue::" - Name: LOADBALANCER_SECRET ValueFrom: !Sub "${BBBLoadbalancerSecret}:basekeyvalue::" - Name: DATABASE_URL ValueFrom: !Sub "${BBBRDSDBConnectionSecret}:connectionString::" Environment: - Name: REDIS_URL Value: !Sub - "redis://${BBBCacheDBAddress}:${BBBCacheDBPort}" - BBBCacheDBAddress: !Ref BBBCacheDBAddress BBBCacheDBPort: !Ref BBBCacheDBPort - Name: BEHIND_PROXY Value: true - Name: NGINX_BEHIND_PROXY Value: 'true' - Name: URL_HOST Value: !Sub scalelite.${BBBDomainName} - Name: scalelite-api Essential: true Image: !Join - ':' - - !Ref BBBScaleliteRepositoryUri - !Ref BBBScaleliteApiImageTag MountPoints: - ContainerPath: /var/bigbluebutton/spool SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/published SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/unpublished SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] LinuxParameters: InitProcessEnabled: true LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref BBBApplicationLogsGroup awslogs-region: !Ref "AWS::Region" awslogs-stream-prefix: scalelite-api Command: - /bin/sh - -c - bin/rake db:setup; bin/start HealthCheck: Command: - CMD-SHELL - exit 0 Secrets: - Name: SECRET_KEY_BASE ValueFrom: !Sub "${BBBApplicationBaseSecret}:basekeyvalue::" - Name: LOADBALANCER_SECRET ValueFrom: !Sub "${BBBLoadbalancerSecret}:basekeyvalue::" - Name: DATABASE_URL ValueFrom: !Sub "${BBBRDSDBConnectionSecret}:connectionString::" Environment: - Name: REDIS_URL Value: !Sub - "redis://${BBBCacheDBAddress}:${BBBCacheDBPort}" - BBBCacheDBAddress: !Ref BBBCacheDBAddress BBBCacheDBPort: !Ref BBBCacheDBPort - Name: BEHIND_PROXY Value: true - Name: NGINX_BEHIND_PROXY Value: 'true' BBBScaleliteService: Type: AWS::ECS::Service DependsOn: BBBScaleliteALBListener Properties: Cluster: !Ref BBBECSCluster DesiredCount: !Ref BBBScaleliteDesiredReplicas TaskDefinition: !Ref BBBScaleliteTaskdefinition PlatformVersion: !If [ BBBECSFargate, 1.4.0, !Ref "AWS::NoValue" ] EnableExecuteCommand: true NetworkConfiguration: !If - BBBECSFargate - AwsvpcConfiguration: AssignPublicIp: DISABLED SecurityGroups: - !Ref BBBECSTaskSecurityGroup Subnets: !Ref BBBPrivateApplicationSubnets - !Ref "AWS::NoValue" LoadBalancers: - ContainerName: scalelite-nginx ContainerPort: 80 TargetGroupArn: !Ref BBBScaleliteTG LaunchType: !If [ BBBECSFargate, FARGATE, !Ref "AWS::NoValue" ] BBBScaleliteServiceScalingTarget: Type: AWS::ApplicationAutoScaling::ScalableTarget Properties: MaxCapacity: !Ref BBBScaleliteMaxReplicas MinCapacity: !Ref BBBScaleliteMinReplicas ResourceId: !Join [ "", [ service/, !Ref BBBECSCluster, /, !GetAtt [ BBBScaleliteService, Name ] ], ] RoleARN: !GetAtt BBBAutoscalingRole.Arn ScalableDimension: ecs:service:DesiredCount ServiceNamespace: ecs BBBscaliteServiceScalingPolicyCPU: Type: AWS::ApplicationAutoScaling::ScalingPolicy Properties: PolicyName: BBBscaliteTargetTrackingPolicyCPU PolicyType: TargetTrackingScaling ScalingTargetId: !Ref BBBScaleliteServiceScalingTarget TargetTrackingScalingPolicyConfiguration: TargetValue: 75 DisableScaleIn: False ScaleInCooldown: 60 ScaleOutCooldown: 15 PredefinedMetricSpecification: PredefinedMetricType: ECSServiceAverageCPUUtilization BBBscaliteServiceScalingPolicyMEM: Type: AWS::ApplicationAutoScaling::ScalingPolicy Properties: PolicyName: BBBscaliteTargetTrackingPolicyMEM PolicyType: TargetTrackingScaling ScalingTargetId: !Ref BBBScaleliteServiceScalingTarget TargetTrackingScalingPolicyConfiguration: TargetValue: 75 DisableScaleIn: False ScaleInCooldown: 60 ScaleOutCooldown: 15 PredefinedMetricSpecification: PredefinedMetricType: ECSServiceAverageMemoryUtilization Outputs: BBBScaleliteTaskExecutionRole: Description: Scalelite Task Execution Role ARN Value: !GetAtt BBBScaleliteExecutionRole.Arn BBBGreenlightTaskExecutionRole: Condition: BBBGreenlight Description: Scalelite Task Execution Role ARN Value: !GetAtt BBBGreenlightTaskExecutionRole.Arn BBBApplicationBaseSecret: Description: The Big Blue Button Application Base Secret Value: !Ref BBBApplicationBaseSecret BBBLoadbalancerSecret: Description: The Big Blue Button Load Balancer Secret Value: !Ref BBBLoadbalancerSecret BBBAutoscalingRole: Description: Role for the Autoscaling Instances Value: !Ref BBBAutoscalingRole BBBPublicCertificate: Description: SSL Cert for the Frontend Condition: BBBACMNewCert Value: !Ref BBBPublicCertificate BBBFrontendALB: Condition: BBBGreenlight Description: Frontend Application Load Balancer Value: !Ref BBBFrontendALB BBBFrontendALBListener: Condition: BBBGreenlight Description: Frontend Application Load Balancer Listener Value: !Ref BBBFrontendALBListener BBBFrontendALBListenerHTTP2HTTPS: Condition: BBBGreenlight Description: Frontend Application Load Balancer Listener HTTP Redirect Value: !Ref BBBFrontendALBListenerHTTP2HTTPS BBBFrontendTG: Condition: BBBGreenlight Description: Frontend Application Load Balancer Target Group Value: !Ref BBBFrontendTG BBBFrontendALBDNS: Condition: BBBGreenlight Description: Frontend Application Load Balancer DNS Record Value: !Ref BBBFrontendALBDNS BBBScaleliteALBDNSName: Description: Scalelite Application Load Balancer DNS Record Value: !Ref BBBScaleliteALBDNSName BBBScaleliteALB: Description: Scalelite Application Load Balancer Value: !Ref BBBScaleliteALB BBBScaleliteALBListener: Description: Scalelite Application Load Balancer Listener Value: !Ref BBBScaleliteALBListener BBBScaleliteTG: Description: Scalelite Application Load Balancer Target Group Value: !Ref BBBScaleliteTG BBBgreenlightTaskdefinition: Condition: BBBGreenlight Description: Frontend Task Definition Value: !Ref BBBgreenlightTaskdefinition BBBgreenlightService: Condition: BBBGreenlight Description: Frontend Service Value: !Ref BBBgreenlightService BBBScaleliteTaskdefinition: Description: Scalelite Task Definition Value: !Ref BBBScaleliteTaskdefinition BBBScaleliteService: Description: Scalelite Service Value: !Ref BBBScaleliteService