AWSTemplateFormatVersion: '2010-09-09'
Description: Live Streaming Proxy

Parameters:
  VpcID:
    Type: AWS::EC2::VPC::Id
    Description: VPC Id
  PublicSubnet1ID:
    Type: AWS::EC2::Subnet::Id
    Description: Public Subnet Id for the first Availability Zone
  PublicSubnet2ID:
    Type: AWS::EC2::Subnet::Id
    Description: Public Subnet Id for the second Availability Zone
  DesiredCount:
    Type: Number
    Default: '1'
    Description: Desired task count
  Version:
    Type: String
    Description: Service version
    Default: '1.0.9'
  ContainerPort:
    Type: String
    Description: Container Port
    Default: 1935
  TemplateRegion:
    Description: Region for the Quick Start assets. This string can include
      numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
      or end with a hyphen (-).
    Type: String

Conditions:
  UsingDefaultRegion: !Equals [!Ref TemplateRegion, 'cn-north-1']

Resources:
  # Log Group
  CloudWatchLogsGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Ref AWS::StackName
      RetentionInDays: 365

  # Task Role
  TaskRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ecs-task-${AWS::StackName}-${AWS::Region}
      Path: /
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
            Effect: Allow
            Principal:
              Service:
                - ecs-tasks.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub ecs-service-${AWS::StackName}-${AWS::Region}
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - '*'
                Resource:
                  - '*'
    Metadata:
      cfn_nag:
        rules_to_suppress:
          - id: F3
            reason: ecs:listTasks does not support resource level permissions.
          - id: F38
            reason: ecs:listTasks does not support resource level permissions.

  # A role needed by ECS
  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ecs-execution-${AWS::StackName}-${AWS::Region}
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - !Sub
          - 'arn:${Region}:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
          - Region: !If [ UsingDefaultRegion, 'aws-cn', 'aws' ]

  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: 'video-streaming-proxy'
      TaskRoleArn: !GetAtt TaskRole.Arn
      ExecutionRoleArn: !GetAtt ExecutionRole.Arn
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      # 256 (.25 vCPU) - Available memory values: 0.5GB, 1GB, 2GB
      # 512 (.5 vCPU) - Available memory values: 1GB, 2GB, 3GB, 4GB
      # 1024 (1 vCPU) - Available memory values: 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB
      # 2048 (2 vCPU) - Available memory values: Between 4GB and 16GB in 1GB increments
      # 4096 (4 vCPU) - Available memory values: Between 8GB and 30GB in 1GB increments
      Cpu: '512'
      # 0.5GB, 1GB, 2GB - Available cpu values: 256 (.25 vCPU)
      # 1GB, 2GB, 3GB, 4GB - Available cpu values: 512 (.5 vCPU)
      # 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB - Available cpu values: 1024 (1 vCPU)
      # Between 4GB and 16GB in 1GB increments - Available cpu values: 2048 (2 vCPU)
      # Between 8GB and 30GB in 1GB increments - Available cpu values: 4096 (4 vCPU)
      Memory: 1GB
      ContainerDefinitions:
        - Name: 'video-streaming-proxy'
          Image: "public.ecr.aws/l6z1v6o9/video-streaming-proxy"
          PortMappings:
            - ContainerPort: !Ref ContainerPort
          Environment:
            - Name: AWS_REGION
              Value: !Ref AWS::Region
            - Name: ENV
              Value: 'production'
            - Name: NODE_ENV
              Value: 'production'
            - Name: AWS_ACCOUNT_ID
              Value: !Ref AWS::AccountId
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref AWS::StackName
              awslogs-region: !Ref AWS::Region
              awslogs-stream-prefix: ecs

  Service:
    Type: AWS::ECS::Service
    Properties:
      ServiceName: 'video-streaming-proxy'
      Cluster:
        Fn::ImportValue: 'ECS-ECSCluster'
      DesiredCount: !Ref DesiredCount
      TaskDefinition: !Ref TaskDefinition
      LaunchType: FARGATE
      PlatformVersion: 1.4.0
      NetworkConfiguration: 
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          Subnets:
            - !Ref PublicSubnet1ID
            - !Ref PublicSubnet2ID
          SecurityGroups:
            - Fn::ImportValue: 'SecurityGroup-ProxyContainerSecurityGroup'

Outputs:
  Service:
    Value: !Ref 'Service'
    Export:
      Name: !Sub '${AWS::StackName}-Service'
  TaskDefinition:
    Value: !Ref 'TaskDefinition'
    Export:
      Name: !Sub '${AWS::StackName}-TaskDefinition'
  CloudWatchLogsGroup:
    Value: !Ref 'CloudWatchLogsGroup'
    Export:
      Name: !Sub '${AWS::StackName}-CloudWatchLogsGroup'