--- AWSTemplateFormatVersion: 2010-09-09 Description: Environment for running ECS Deep Learning Workshop Mappings: CidrMappings: public-subnet-1: CIDR: 10.0.1.0/24 public-subnet-2: CIDR: 10.0.2.0/24 vpc: CIDR: 10.0.0.0/16 ECSAmi: ap-northeast-1: AMI: ami-0d5f884dada5562c6 ap-northeast-2: AMI: ami-0060ad36f655af38b ap-south-1: AMI: ami-056a07eb5b1d13734 ap-southeast-1: AMI: ami-065c0bd2832a70f9d ap-southeast-2: AMI: ami-0aa8b7a8042811ddf ca-central-1: AMI: ami-0d50dee936e241e7e eu-central-1: AMI: ami-03804565a6baf6d30 eu-west-1: AMI: ami-0dbcd2533bc72c3f6 eu-west-2: AMI: ami-005307409c5f6e76c eu-west-3: AMI: ami-024c0b7d07abc6526 sa-east-1: AMI: ami-0078e33a9103e1e58 us-east-1: AMI: ami-0254e5972ebcd132c us-east-2: AMI: ami-0a0d2004b44b9287c us-gov-west-1: AMI: ami-a842dcc9 us-west-1: AMI: ami-0de5608ca20c07aa2 us-west-2: AMI: ami-093381d21a4fc38d1 Outputs: awsRegionName: Description: The name of the AWS Region your template was launched in Value: Ref: AWS::Region cloudWatchLogsGroupName: Description: Name of the CloudWatch Logs Group Value: Ref: cloudWatchLogsGroup ecrRepositoryName: Description: The name of the ECR Repository Value: Ref: ecrRepository ecsClusterName: Description: The name of the ECS Cluster Value: Ref: ecsCluster inputBucketName: Description: The name of the input S3 Bucket Value: Ref: inputBucket outputBucketName: Description: The name of the output S3 Bucket Value: Ref: outputBucket spotFleetName: Description: The name of the Spot Fleet Value: Ref: spotFleet Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the EC2 instances Type: AWS::EC2::KeyPair::KeyName SourceCidr: Default: 0.0.0.0/0 Description: Optional - CIDR/IP range for instance ssh access - defaults to 0.0.0.0/0 Type: String Resources: attachGateway: DependsOn: - vpc - internetGateway Properties: InternetGatewayId: Ref: internetGateway VpcId: Ref: vpc Type: AWS::EC2::VPCGatewayAttachment cloudWatchLogsGroup: Properties: RetentionInDays: 7 Type: AWS::Logs::LogGroup ecrRepository: Type: AWS::ECR::Repository ecsCluster: Type: AWS::ECS::Cluster inputBucket: Type: AWS::S3::Bucket internetGateway: DependsOn: - vpc Type: AWS::EC2::InternetGateway outputBucket: Type: AWS::S3::Bucket predictTaskDefinition: Properties: ContainerDefinitions: - Command: - DATE=`date -Iseconds` && echo "running predict_imagenet.py $IMAGEURL" && /usr/local/bin/predict_imagenet.py $IMAGEURL | tee results && echo "results being written to s3://$OUTPUTBUCKET/predict_imagenet.results.$HOSTNAME.$DATE.txt" && aws s3 cp results s3://$OUTPUTBUCKET/predict_imagenet.results.$HOSTNAME.$DATE.txt && echo "Task complete!" EntryPoint: - /bin/bash - -c Environment: - Name: IMAGEURL Value: https://images-na.ssl-images-amazon.com/images/G/01/img15/pet-products/small-tiles/23695_pets_vertical_store_dogs_small_tile_8._CB312176604_.jpg - Name: OUTPUTBUCKET Value: Ref: outputBucket - Name: AWS_DEFAULT_REGION Value: Ref: AWS::Region Image: Fn::Join: - '' - - Ref: AWS::AccountId - .dkr.ecr. - Ref: AWS::Region - .amazonaws.com/ - Ref: ecrRepository - :latest LogConfiguration: LogDriver: awslogs Options: awslogs-group: Ref: cloudWatchLogsGroup awslogs-region: Ref: AWS::Region awslogs-stream-prefix: predict_imagenet Memory: '2048' Name: ecs-deep-learning-workshop Privileged: 'true' Type: AWS::ECS::TaskDefinition publicRoute: DependsOn: - publicRouteTable - attachGateway Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: internetGateway RouteTableId: Ref: publicRouteTable Type: AWS::EC2::Route publicRouteTable: DependsOn: - vpc - attachGateway Properties: Tags: - Key: Name Value: Public Route Table VpcId: Ref: vpc Type: AWS::EC2::RouteTable publicSubnet1: DependsOn: attachGateway Properties: AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: Ref: AWS::Region CidrBlock: Fn::FindInMap: - CidrMappings - public-subnet-1 - CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: Public Subnet 1 VpcId: Ref: vpc Type: AWS::EC2::Subnet publicSubnet1RouteTableAssociation: DependsOn: - publicRouteTable - publicSubnet1 - attachGateway Properties: RouteTableId: Ref: publicRouteTable SubnetId: Ref: publicSubnet1 Type: AWS::EC2::SubnetRouteTableAssociation publicSubnet2: DependsOn: attachGateway Properties: AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: Ref: AWS::Region CidrBlock: Fn::FindInMap: - CidrMappings - public-subnet-2 - CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: Public Subnet 2 VpcId: Ref: vpc Type: AWS::EC2::Subnet publicSubnet2RouteTableAssociation: DependsOn: - publicRouteTable - publicSubnet2 - attachGateway Properties: RouteTableId: Ref: publicRouteTable SubnetId: Ref: publicSubnet2 Type: AWS::EC2::SubnetRouteTableAssociation scalableTarget: DependsOn: - spotFleet - spotFleetAutoscaleRole Properties: MaxCapacity: 1 MinCapacity: 1 ResourceId: Fn::Join: - / - - spot-fleet-request - Ref: spotFleet RoleARN: Fn::GetAtt: - spotFleetAutoscaleRole - Arn ScalableDimension: ec2:spot-fleet-request:TargetCapacity ServiceNamespace: ec2 Type: AWS::ApplicationAutoScaling::ScalableTarget scalingPolicy: Properties: PolicyName: Fn::Join: - '-' - - Ref: AWS::StackName - StepPolicy PolicyType: StepScaling ScalingTargetId: Ref: scalableTarget StepScalingPolicyConfiguration: AdjustmentType: PercentChangeInCapacity Cooldown: 30 MetricAggregationType: Average StepAdjustments: - MetricIntervalLowerBound: 0 ScalingAdjustment: 100 Type: AWS::ApplicationAutoScaling::ScalingPolicy securityGroup: Properties: GroupDescription: Spot Fleet Instance Security Group SecurityGroupIngress: - CidrIp: Ref: SourceCidr FromPort: 22 IpProtocol: tcp ToPort: 22 - CidrIp: 0.0.0.0/0 FromPort: 80 IpProtocol: tcp ToPort: 80 VpcId: Ref: vpc Type: AWS::EC2::SecurityGroup spotFleet: DependsOn: - spotFleetRole - spotFleetInstanceProfile - ecsCluster Properties: SpotFleetRequestConfigData: AllocationStrategy: diversified IamFleetRole: Fn::GetAtt: - spotFleetRole - Arn LaunchSpecifications: - IamInstanceProfile: Arn: Fn::GetAtt: - spotFleetInstanceProfile - Arn ImageId: Fn::FindInMap: - ECSAmi - Ref: AWS::Region - AMI InstanceType: m4.large KeyName: Ref: KeyName Monitoring: Enabled: true SecurityGroups: - GroupId: Ref: securityGroup SubnetId: Fn::Join: - ',' - - Ref: publicSubnet1 - Ref: publicSubnet2 UserData: Fn::Base64: Fn::Sub: '#!/bin/bash -xe yum -y --security update yum -y update ecs-init service docker restart yum -y install aws-cli git emacs nano aws-cfn-bootstrap echo ECS_CLUSTER=${ecsCluster} >> /etc/ecs/ecs.config echo ECS_AVAILABLE_LOGGING_DRIVERS=[\"json-file\",\"awslogs\"] >> /etc/ecs/ecs.config su - ec2-user -c "aws configure set default.region ${AWS::Region}" mkdir /home/ec2-user/.docker cat << EOF > /home/ec2-user/.docker/config.json { "credsStore": "ecr-login" } EOF chown -R ec2-user. /home/ec2-user/.docker git clone https://github.com/awslabs/amazon-ecr-credential-helper.git cd amazon-ecr-credential-helper && make docker && cp bin/local/docker-credential-ecr-login /usr/local/bin/ INSTANCE_ID=$(curl 169.254.169.254/latest/meta-data/instance-id 2>/dev/null) /opt/aws/bin/cfn-signal -s true -i $INSTANCE_ID "${spotFleetWaitConditionHandle}" ' - IamInstanceProfile: Arn: Fn::GetAtt: - spotFleetInstanceProfile - Arn ImageId: Fn::FindInMap: - ECSAmi - Ref: AWS::Region - AMI InstanceType: m4.xlarge KeyName: Ref: KeyName Monitoring: Enabled: true SecurityGroups: - GroupId: Ref: securityGroup SubnetId: Fn::Join: - ',' - - Ref: publicSubnet1 - Ref: publicSubnet2 UserData: Fn::Base64: Fn::Sub: '#!/bin/bash -xe yum -y --security update yum -y update ecs-init service docker restart yum -y install aws-cli git emacs nano aws-cfn-bootstrap echo ECS_CLUSTER=${ecsCluster} >> /etc/ecs/ecs.config echo ECS_AVAILABLE_LOGGING_DRIVERS=[\"json-file\",\"awslogs\"] >> /etc/ecs/ecs.config su - ec2-user -c "aws configure set default.region ${AWS::Region}" mkdir /home/ec2-user/.docker cat << EOF > /home/ec2-user/.docker/config.json { "credsStore": "ecr-login" } EOF chown -R ec2-user. /home/ec2-user/.docker git clone https://github.com/awslabs/amazon-ecr-credential-helper.git cd amazon-ecr-credential-helper && make docker && cp bin/local/docker-credential-ecr-login /usr/local/bin/ INSTANCE_ID=$(curl 169.254.169.254/latest/meta-data/instance-id 2>/dev/null) /opt/aws/bin/cfn-signal -s true -i $INSTANCE_ID "${spotFleetWaitConditionHandle}" ' - IamInstanceProfile: Arn: Fn::GetAtt: - spotFleetInstanceProfile - Arn ImageId: Fn::FindInMap: - ECSAmi - Ref: AWS::Region - AMI InstanceType: c4.large KeyName: Ref: KeyName Monitoring: Enabled: true SecurityGroups: - GroupId: Ref: securityGroup SubnetId: Fn::Join: - ',' - - Ref: publicSubnet1 - Ref: publicSubnet2 UserData: Fn::Base64: Fn::Sub: '#!/bin/bash -xe yum -y --security update yum -y update ecs-init service docker restart yum -y install aws-cli git emacs nano aws-cfn-bootstrap echo ECS_CLUSTER=${ecsCluster} >> /etc/ecs/ecs.config echo ECS_AVAILABLE_LOGGING_DRIVERS=[\"json-file\",\"awslogs\"] >> /etc/ecs/ecs.config su - ec2-user -c "aws configure set default.region ${AWS::Region}" mkdir /home/ec2-user/.docker cat << EOF > /home/ec2-user/.docker/config.json { "credsStore": "ecr-login" } EOF chown -R ec2-user. /home/ec2-user/.docker git clone https://github.com/awslabs/amazon-ecr-credential-helper.git cd amazon-ecr-credential-helper && make docker && cp bin/local/docker-credential-ecr-login /usr/local/bin/ INSTANCE_ID=$(curl 169.254.169.254/latest/meta-data/instance-id 2>/dev/null) /opt/aws/bin/cfn-signal -s true -i $INSTANCE_ID "${spotFleetWaitConditionHandle}" ' - IamInstanceProfile: Arn: Fn::GetAtt: - spotFleetInstanceProfile - Arn ImageId: Fn::FindInMap: - ECSAmi - Ref: AWS::Region - AMI InstanceType: c4.xlarge KeyName: Ref: KeyName Monitoring: Enabled: true SecurityGroups: - GroupId: Ref: securityGroup SubnetId: Fn::Join: - ',' - - Ref: publicSubnet1 - Ref: publicSubnet2 UserData: Fn::Base64: Fn::Sub: '#!/bin/bash -xe yum -y --security update yum -y update ecs-init service docker restart yum -y install aws-cli git emacs nano aws-cfn-bootstrap echo ECS_CLUSTER=${ecsCluster} >> /etc/ecs/ecs.config echo ECS_AVAILABLE_LOGGING_DRIVERS=[\"json-file\",\"awslogs\"] >> /etc/ecs/ecs.config su - ec2-user -c "aws configure set default.region ${AWS::Region}" mkdir /home/ec2-user/.docker cat << EOF > /home/ec2-user/.docker/config.json { "credsStore": "ecr-login" } EOF chown -R ec2-user. /home/ec2-user/.docker git clone https://github.com/awslabs/amazon-ecr-credential-helper.git cd amazon-ecr-credential-helper && make docker && cp bin/local/docker-credential-ecr-login /usr/local/bin/ INSTANCE_ID=$(curl 169.254.169.254/latest/meta-data/instance-id 2>/dev/null) /opt/aws/bin/cfn-signal -s true -i $INSTANCE_ID "${spotFleetWaitConditionHandle}" ' - IamInstanceProfile: Arn: Fn::GetAtt: - spotFleetInstanceProfile - Arn ImageId: Fn::FindInMap: - ECSAmi - Ref: AWS::Region - AMI InstanceType: r3.large KeyName: Ref: KeyName Monitoring: Enabled: true SecurityGroups: - GroupId: Ref: securityGroup SubnetId: Fn::Join: - ',' - - Ref: publicSubnet1 - Ref: publicSubnet2 UserData: Fn::Base64: Fn::Sub: '#!/bin/bash -xe yum -y --security update yum -y update ecs-init service docker restart yum -y install aws-cli git emacs nano aws-cfn-bootstrap echo ECS_CLUSTER=${ecsCluster} >> /etc/ecs/ecs.config echo ECS_AVAILABLE_LOGGING_DRIVERS=[\"json-file\",\"awslogs\"] >> /etc/ecs/ecs.config su - ec2-user -c "aws configure set default.region ${AWS::Region}" mkdir /home/ec2-user/.docker cat << EOF > /home/ec2-user/.docker/config.json { "credsStore": "ecr-login" } EOF chown -R ec2-user. /home/ec2-user/.docker git clone https://github.com/awslabs/amazon-ecr-credential-helper.git cd amazon-ecr-credential-helper && make docker && cp bin/local/docker-credential-ecr-login /usr/local/bin/ INSTANCE_ID=$(curl 169.254.169.254/latest/meta-data/instance-id 2>/dev/null) /opt/aws/bin/cfn-signal -s true -i $INSTANCE_ID "${spotFleetWaitConditionHandle}" ' - IamInstanceProfile: Arn: Fn::GetAtt: - spotFleetInstanceProfile - Arn ImageId: Fn::FindInMap: - ECSAmi - Ref: AWS::Region - AMI InstanceType: r3.xlarge KeyName: Ref: KeyName Monitoring: Enabled: true SecurityGroups: - GroupId: Ref: securityGroup SubnetId: Fn::Join: - ',' - - Ref: publicSubnet1 - Ref: publicSubnet2 UserData: Fn::Base64: Fn::Sub: '#!/bin/bash -xe yum -y --security update yum -y update ecs-init service docker restart yum -y install aws-cli git emacs nano aws-cfn-bootstrap echo ECS_CLUSTER=${ecsCluster} >> /etc/ecs/ecs.config echo ECS_AVAILABLE_LOGGING_DRIVERS=[\"json-file\",\"awslogs\"] >> /etc/ecs/ecs.config su - ec2-user -c "aws configure set default.region ${AWS::Region}" mkdir /home/ec2-user/.docker cat << EOF > /home/ec2-user/.docker/config.json { "credsStore": "ecr-login" } EOF chown -R ec2-user. /home/ec2-user/.docker git clone https://github.com/awslabs/amazon-ecr-credential-helper.git cd amazon-ecr-credential-helper && make docker && cp bin/local/docker-credential-ecr-login /usr/local/bin/ INSTANCE_ID=$(curl 169.254.169.254/latest/meta-data/instance-id 2>/dev/null) /opt/aws/bin/cfn-signal -s true -i $INSTANCE_ID "${spotFleetWaitConditionHandle}" ' TargetCapacity: 1 TerminateInstancesWithExpiration: true Type: AWS::EC2::SpotFleet spotFleetAutoscaleRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - application-autoscaling.amazonaws.com Version: 2012-10-17 ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole Path: / Type: AWS::IAM::Role spotFleetInstanceProfile: DependsOn: - spotFleetInstanceRole Properties: Path: / Roles: - Ref: spotFleetInstanceRole Type: AWS::IAM::InstanceProfile spotFleetInstanceRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - ec2.amazonaws.com Version: 2012-10-17 ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role Path: / Policies: - PolicyDocument: Statement: - Action: s3:ListBucket Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:s3:::' - Ref: outputBucket - Action: - s3:PutObject - s3:GetObject - s3:DeleteObject Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:s3:::' - Ref: outputBucket - /* - Action: - ecr:DescribeRepositories - ecr:ListImages - ecr:InitiateLayerUpload - ecr:UploadLayerPart - ecr:CompleteLayerUpload - ecr:PutImage Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:ecr:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - :repository/ - Ref: ecrRepository Version: '2012-10-17' PolicyName: Fn::Join: - '-' - - Ref: AWS::StackName - ecs-deep-learning-workshop-role Type: AWS::IAM::Role spotFleetRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - spotfleet.amazonaws.com Version: 2012-10-17 ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole Path: / Type: AWS::IAM::Role spotFleetWaitCondition: DependsOn: spotFleetWaitConditionHandle Properties: Count: 1 Handle: Ref: spotFleetWaitConditionHandle Timeout: 900 Type: AWS::CloudFormation::WaitCondition spotFleetWaitConditionHandle: Type: AWS::CloudFormation::WaitConditionHandle vpc: Properties: CidrBlock: Fn::FindInMap: - CidrMappings - vpc - CIDR EnableDnsHostnames: true EnableDnsSupport: true Tags: - Key: Name Value: VPC for ECS Deep Learning Workshop Type: AWS::EC2::VPC ...