Description: > This template deploys an ECS cluster to the provided VPC and subnets using an Auto Scaling Group Parameters: EnvironmentName: Description: An environment name that will be prefixed to resource names Type: String InstanceType: Description: Which instance type should we use to build the ECS cluster? Type: String Default: c4.large ClusterSize: Description: How many ECS hosts do you want to initially deploy? Type: Number Default: 4 VPC: Description: Choose which VPC this ECS cluster should be deployed to Type: AWS::EC2::VPC::Id Subnets: Description: Choose which subnets this ECS cluster should be deployed to Type: List SecurityGroup: Description: Select the Security Group to use for the ECS cluster hosts Type: AWS::EC2::SecurityGroup::Id Mappings: # These are the latest ECS optimized AMIs as of [DATE]: # # Windows_Server-2016-English-Full-ECS_Optimized-2017.11.24 # ECS agent: # Docker: 17.06.2-ee-5 # ecs-init: # # You can find the latest available on this page of our documentation: # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html # (note the AMI identifier is region specific) AWSRegionToAMI: us-west-2: AMI: ami-a68e39de us-west-1: AMI: ami-e5686b85 us-east-2: AMI: ami-6b9db60e us-east-1: AMI: ami-ec346f96 eu-west-2: AMI: ami-29574c4d eu-west-1: AMI: ami-48eb7931 eu-central-1: AMI: ami-ee30a281 ca-central-1: AMI: ami-1e91147a ap-southeast-2: AMI: ami-252fd247 ap-southeast-1: AMI: ami-a6fa89da ap-northeast-2: AMI: ami-0e63c360 ap-northeast-1: AMI: ami-bf3ca4d9 Resources: ECSCluster: Type: AWS::ECS::Cluster Properties: ClusterName: !Ref EnvironmentName ECSAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: !Ref Subnets LaunchConfigurationName: !Ref ECSLaunchConfiguration MinSize: !Ref ClusterSize MaxSize: !Ref ClusterSize DesiredCapacity: !Ref ClusterSize Tags: - Key: Name Value: !Sub ${EnvironmentName} ECS host PropagateAtLaunch: 'true' CreationPolicy: ResourceSignal: Timeout: PT15M UpdatePolicy: AutoScalingRollingUpdate: MinInstancesInService: '1' MaxBatchSize: '1' PauseTime: PT20M WaitOnResourceSignals: 'true' ECSLaunchConfiguration: Type: AWS::AutoScaling::LaunchConfiguration Properties: ImageId: !FindInMap [AWSRegionToAMI, !Ref "AWS::Region", AMI] InstanceType: !Ref InstanceType SecurityGroups: - !Ref SecurityGroup IamInstanceProfile: !Ref ECSInstanceProfile #Need to someone to check this section. Was unable to find a good example in YAML for bootstrapping an instance. UserData: !Base64 Fn::Join: - '' - - ' Metadata: AWS::CloudFormation::Init: config: commands: 01_import_powershell_module: command: !Sub powershell.exe -Command Import-Module ECSTools 02_add_instance_to_cluster: command: !Sub powershell.exe -Command Initialize-ECSAgent -Cluster ${ECSCluster} -EnableTaskIAMRole files: c:\cfn\cfn-hup.conf: content: !Join ['', ['[main] ', stack=, !Ref 'AWS::StackId', ' ', region=, !Ref 'AWS::Region', ' ']] c:\cfn\hooks.d\cfn-auto-reloader.conf: content: !Join ['', ['[cfn-auto-reloader-hook] ', 'triggers=post.update ', 'path=Resources.ECSLaunchConfiguration.Metadata.AWS::CloudFormation::Init ', 'action=cfn-init.exe -v -s ', !Ref 'AWS::StackId', ' -r ECSLaunchConfiguration', ' --region ', !Ref 'AWS::Region', ' ']] services: windows: cfn-hup: enabled: 'true' ensureRunning: 'true' files: - c:\cfn\cfn-hup.conf - c:\etc\cfn\hooks.d\cfn-auto-reloader.conf # This IAM Role is attached to all of the ECS hosts. It is based on the default role # published here: # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html # # You can add other IAM policy statements here to allow access from your ECS hosts # to other AWS services. Please note that this role will be used by ALL containers # running on the ECS host. ECSRole: Type: AWS::IAM::Role Properties: Path: / RoleName: !Sub ${EnvironmentName}-ECSRole-${AWS::Region} AssumeRolePolicyDocument: | { "Statement": [{ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" } }] } Policies: - PolicyName: ecs-service PolicyDocument: | { "Statement": [{ "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", "ecs:Poll", "ecs:RegisterContainerInstance", "ecs:StartTelemetrySession", "ecs:Submit*", "logs:CreateLogStream", "logs:PutLogEvents", "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecr:GetAuthorizationToken" ], "Resource": "*" }] } ECSInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref ECSRole Outputs: Cluster: Description: A reference to the ECS cluster Value: !Ref ECSCluster