AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Resources: ########################################################################## # API GATEWAY ROLE WITH PERMISSIONS TO INVOKE BATCH # ########################################################################## ApiGatewayBatchRole: Type: AWS::IAM::Role Properties: Path: !Join ["", ["/", !Ref "AWS::StackName", "/"]] AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Sid: AllowApiGatewayServiceToAssumeRole Effect: Allow Action: - 'sts:AssumeRole' Principal: Service: - apigateway.amazonaws.com Policies: - PolicyName: AWSBatchSubmitJob PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'batch:SubmitJob' Resource: - !Ref JobQueue - !Join - '' - - 'arn:' - !Ref AWS::Partition - ':batch:' - !Ref AWS::Region - ':' - !Ref AWS::AccountId - ':job-definition/' - !Select [0, !Split [":", !Select [1, !Split ['/', !Ref JobDefinition]]]] ########################################################################## # REST API GATEWAY # ########################################################################## apiGateway: Type: AWS::ApiGateway::RestApi Properties: EndpointConfiguration: Types: - REGIONAL Name: !Sub ${AWS::StackName}-api ########################################################################## # API GATEWAY METHOD # ########################################################################## apiGatewayRootMethod: Type: AWS::ApiGateway::Method Properties: AuthorizationType: NONE HttpMethod: POST MethodResponses: - StatusCode: 200 ResponseModels: application/json: Empty - StatusCode: 403 ResponseModels: application/json: Error Integration: IntegrationHttpMethod: POST Type: AWS Credentials: !GetAtt ApiGatewayBatchRole.Arn Uri: !Sub arn:aws:apigateway:${AWS::Region}:batch:path//v1/submitjob PassthroughBehavior: WHEN_NO_TEMPLATES RequestTemplates: application/json: !Sub | #set($inputRoot = $input.path('$')) { "jobName": "$inputRoot.jobName", "jobQueue": "$inputRoot.jobQueue", "jobDefinition": "$inputRoot.jobDefinition" } IntegrationResponses: - StatusCode: 200 ResponseTemplates: application/json: !Sub - |- { "message": "Successfully submitted the batch job" } - {} - SelectionPattern: 403 StatusCode: 403 ResponseTemplates: application/json: !Sub - |- #set($errorRoot = $input.path('$')) { "message": "$errorRoot" } - {} ResourceId: !GetAtt apiGateway.RootResourceId RestApiId: !Ref apiGateway ########################################################################## # API GATEWAY DEPLOYMENT # ########################################################################## apiGatewayDeployment: Type: AWS::ApiGateway::Deployment DependsOn: - apiGatewayRootMethod Properties: RestApiId: !Ref apiGateway StageName: 'dev' ########################################################################## # This creates VPC with subnets and single Batch Job Queue # ########################################################################## VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: 10.0.0.0/16 InternetGateway: Type: 'AWS::EC2::InternetGateway' RouteTable: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC VPCGatewayAttachment: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway SecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: EC2 Security Group for instances launched in the VPC by Batch VpcId: !Ref VPC Subnet: Type: 'AWS::EC2::Subnet' Properties: CidrBlock: 10.0.0.0/24 VpcId: !Ref VPC MapPublicIpOnLaunch: 'True' Route: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref RouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway SubnetRouteTableAssociation: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: RouteTableId: !Ref RouteTable SubnetId: !Ref Subnet BatchServiceRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: batch.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole' IamInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Roles: - !Ref EcsInstanceRole EcsInstanceRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2008-10-17 Statement: - Sid: '' Effect: Allow Principal: Service: ec2.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - >- arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role JobDefinition: Type: 'AWS::Batch::JobDefinition' Properties: Type: container ContainerProperties: Image: !Join - '' - - 137112412989.dkr.ecr. - !Ref 'AWS::Region' - '.amazonaws.com/amazonlinux:latest' Vcpus: 2 Memory: 2000 Command: - echo - Hello world RetryStrategy: Attempts: 1 JobQueue: Type: 'AWS::Batch::JobQueue' Properties: Priority: 1 ComputeEnvironmentOrder: - Order: 1 ComputeEnvironment: !Ref ComputeEnvironment ComputeEnvironment: Type: 'AWS::Batch::ComputeEnvironment' Properties: Type: MANAGED ComputeResources: Type: EC2 MinvCpus: 0 DesiredvCpus: 0 MaxvCpus: 64 InstanceTypes: - optimal Subnets: - !Ref Subnet SecurityGroupIds: - !Ref SecurityGroup InstanceRole: !Ref IamInstanceProfile ServiceRole: !Ref BatchServiceRole Outputs: JobQueueName: Value: !Select [1, !Split ['/', !Ref JobQueue]] JobDefinitionName: Value: !Select [0, !Split [":", !Select [1, !Split ['/', !Ref JobDefinition]]]] ApiEndpoint: Description: "API Gateway endpoint URL for Prod stage for Product api" Value: !Sub "https://${apiGateway}.execute-api.${AWS::Region}.amazonaws.com/dev/"