AWSTemplateFormatVersion: "2010-09-09" Description: Creates Task Definitions for Blue and Green Tasks. Parameters: BlueImage: Type: String Default: nginx Resources: EcsService: Type: AWS::ECS::Service Properties: Cluster: !ImportValue EcsBGSampleStack:EcsCluster ServiceName: AwesomeApiService DesiredCount: 2 DeploymentConfiguration: MaximumPercent: 200 MinimumHealthyPercent: 100 SchedulingStrategy: REPLICA DeploymentController: Type: EXTERNAL ServiceLogGroup: Type: AWS::Logs::LogGroup BlueTaskDefinition: Type: AWS::ECS::TaskDefinition Properties: ContainerDefinitions: - Essential: true Image: !Ref BlueImage LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref ServiceLogGroup awslogs-stream-prefix: Service awslogs-region: us-east-1 Name: awesome-api PortMappings: - ContainerPort: !ImportValue EcsBGSampleStack:AppListenPort Protocol: tcp Cpu: "256" ExecutionRoleArn: !GetAtt TaskExecutionRole.Arn Family: BlueTaskDefinition Memory: "512" NetworkMode: awsvpc RequiresCompatibilities: - FARGATE TaskRoleArn: !GetAtt TaskRole.Arn # Roles: TaskRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Version: "2012-10-17" TaskExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Version: "2012-10-17" TaskExecutionRolePolicy: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - ecr:GetAuthorizationToken - ecr:BatchCheckLayerAvailability - ecr:GetDownloadUrlForLayer - ecr:GetRepositoryPolicy - ecr:DescribeRepositories - ecr:ListImages - ecr:DescribeImages - ecr:BatchGetImage - ecr:GetLifecyclePolicy - ecr:GetLifecyclePolicyPreview - ecr:ListTagsForResource - ecr:DescribeImageScanFindings Effect: Allow Resource: "*" - Action: ecr:GetAuthorizationToken Effect: Allow Resource: "*" - Action: - logs:CreateLogStream - logs:PutLogEvents Effect: Allow Resource: "*" Version: "2012-10-17" PolicyName: !Sub ${AWS::StackName}-ServiceTaskExecutionRolePolicy Roles: - !Ref TaskExecutionRole BlueTaskSet: Type: AWS::ECS::TaskSet Properties: Cluster: !ImportValue EcsBGSampleStack:EcsCluster Service: !Ref EcsService Scale: Unit: PERCENT Value: 100 TaskDefinition: !Ref BlueTaskDefinition LaunchType: FARGATE LoadBalancers: - ContainerName: awesome-api ContainerPort: !ImportValue EcsBGSampleStack:AppListenPort TargetGroupArn: !ImportValue EcsBGSampleStack:BlueServiceTargetGroup NetworkConfiguration: AwsvpcConfiguration: SecurityGroups: - !ImportValue EcsBGSampleStack:ServiceSecurityGroupId Subnets: Fn::Split: - "," - !ImportValue EcsBGSampleStack:StackPrivateSubnets PrimaryTaskSet: Type: AWS::ECS::PrimaryTaskSet Properties: Cluster: !ImportValue EcsBGSampleStack:EcsCluster Service: !Ref EcsService TaskSetId: !GetAtt BlueTaskSet.Id Outputs: BlueTaskDefinition: Description: A reference to the blue task definition. Value: !Ref BlueTaskDefinition EcsService: Description: The ECS service. Value: !Ref EcsService BlueTaskSet: Description: The active stack set. Value: !Ref BlueTaskSet PrimaryTaskSet: Description: The primary stack set id. Value: !Ref PrimaryTaskSet