Description: > This is an example of a long running ECS service that needs to connect to another ECS service (product-service) via it's load balancer. We use environment variables to pass the URL of the product-service to this one's container(s). Parameters: VPC: Description: The VPC that the ECS cluster is deployed to Type: AWS::EC2::VPC::Id Cluster: Description: Please provide the ECS Cluster ID that this service should run on Type: String DesiredCount: Description: How many instances of this task should we run across our cluster? Type: Number Default: 2 ProductServiceUrl: Description: The URL of the Product Service (used to fetch product information) Type: String Listener: Description: The Application Load Balancer listener to register with Type: String Path: Description: The path to register with the Application Load Balancer Type: String Default: / Resources: Service: Type: AWS::ECS::Service DependsOn: ListenerRule Properties: Cluster: !Ref Cluster Role: !Ref ServiceRole DesiredCount: !Ref DesiredCount TaskDefinition: !Ref TaskDefinition LoadBalancers: - ContainerName: "website-service" ContainerPort: 8000 TargetGroupArn: !Ref TargetGroup TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: website-service ContainerDefinitions: - Name: website-service Essential: true Image: 275396840892.dkr.ecr.us-east-1.amazonaws.com/ecs-refarch-cloudformation/website-service:1.0.0 Memory: 128 Environment: - Name: PRODUCT_SERVICE_URL Value: !Ref ProductServiceUrl PortMappings: - ContainerPort: 8000 LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref AWS::StackName awslogs-region: !Ref AWS::Region CloudWatchLogsGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Ref AWS::StackName RetentionInDays: 365 TargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: VpcId: !Ref VPC Port: 80 Protocol: HTTP Matcher: HttpCode: 200-299 HealthCheckIntervalSeconds: 10 HealthCheckPath: / HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 2 ListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule Properties: ListenerArn: !Ref Listener Priority: 1 Conditions: - Field: path-pattern Values: - !Ref Path Actions: - TargetGroupArn: !Ref TargetGroup Type: forward # This IAM Role grants the service access to register/unregister with the # Application Load Balancer (ALB). It is based on the default documented here: # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_IAM_role.html ServiceRole: Type: AWS::IAM::Role Properties: RoleName: !Sub ecs-service-${AWS::StackName} Path: / AssumeRolePolicyDocument: | { "Statement": [{ "Effect": "Allow", "Principal": { "Service": [ "ecs.amazonaws.com" ]}, "Action": [ "sts:AssumeRole" ] }] } Policies: - PolicyName: !Sub ecs-service-${AWS::StackName} PolicyDocument: { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterTargets" ], "Resource": "*" }] }