Description: > This is an example of a long running ECS service that serves a JSON API of products. Parameters: VPC: Description: The VPC that the ECS cluster is deployed to Type: AWS::EC2::VPC::Id Cluster: Description: Please provide the ECS Cluster ID that this service should run on Type: String DesiredCount: Description: How many instances of this task should we run across our cluster? Type: Number Default: 2 Listener: Description: The Application Load Balancer listener to register with Type: String Path: Description: The path to register with the Application Load Balancer Type: String Default: /products Resources: Service: Type: AWS::ECS::Service DependsOn: ListenerRule Properties: Cluster: !Ref Cluster Role: !Ref ServiceRole DesiredCount: !Ref DesiredCount TaskDefinition: !Ref TaskDefinition LoadBalancers: - ContainerName: "product-service" ContainerPort: 8001 TargetGroupArn: !Ref TargetGroup TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: product-service ContainerDefinitions: - Name: product-service Essential: true Image: 275396840892.dkr.ecr.us-east-1.amazonaws.com/ecs-refarch-cloudformation/product-service:1.0.0 Memory: 128 PortMappings: - ContainerPort: 8001 LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref AWS::StackName awslogs-region: !Ref AWS::Region CloudWatchLogsGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Ref AWS::StackName RetentionInDays: 365 TargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: VpcId: !Ref VPC Port: 80 Protocol: HTTP Matcher: HttpCode: 200-299 HealthCheckIntervalSeconds: 10 HealthCheckPath: /products HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 2 ListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule Properties: ListenerArn: !Ref Listener Priority: 2 Conditions: - Field: path-pattern Values: - !Ref Path Actions: - TargetGroupArn: !Ref TargetGroup Type: forward # This IAM Role grants the service access to register/unregister with the # Application Load Balancer (ALB). It is based on the default documented here: # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_IAM_role.html ServiceRole: Type: AWS::IAM::Role Properties: RoleName: !Sub ecs-service-${AWS::StackName} Path: / AssumeRolePolicyDocument: | { "Statement": [{ "Effect": "Allow", "Principal": { "Service": [ "ecs.amazonaws.com" ]}, "Action": [ "sts:AssumeRole" ] }] } Policies: - PolicyName: !Sub ecs-service-${AWS::StackName} PolicyDocument: { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterTargets" ], "Resource": "*" }] }