---
Parameters:
EnvironmentName:
Type: String
Description: Environment name that joins all the stacks
AppMeshMeshName:
Type: String
Description: Name of mesh
EnvoyImageName:
Type: String
Description: The image to use for the Envoy container
ColorTellerImageName:
Description: The name for the color teller image
Type: String
Resources:
ColorTellerServiceDiscoveryRecord:
Type: 'AWS::ServiceDiscovery::Service'
Properties:
Name: "colorteller"
DnsConfig:
NamespaceId:
'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceDiscoveryNamespace"
DnsRecords:
- Type: A
TTL: 300
HealthCheckCustomConfig:
FailureThreshold: 1
ColorTellerTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
RequiresCompatibilities:
- 'FARGATE'
Family: 'colorteller'
NetworkMode: 'awsvpc'
Cpu: 256
Memory: 512
TaskRoleArn:
'Fn::ImportValue': !Sub "${EnvironmentName}:TaskIamRoleArn"
ExecutionRoleArn:
'Fn::ImportValue': !Sub "${EnvironmentName}:TaskExecutionIamRoleArn"
ProxyConfiguration:
Type: 'APPMESH'
ContainerName: 'envoy'
ProxyConfigurationProperties:
- Name: 'IgnoredUID'
Value: '1337'
- Name: 'ProxyIngressPort'
Value: '15000'
- Name: 'ProxyEgressPort'
Value: '15001'
- Name: 'AppPorts'
Value: '9080'
- Name: 'EgressIgnoredIPs'
Value: '169.254.170.2,169.254.169.254'
ContainerDefinitions:
- Name: 'app'
Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ColorTellerImageName}'
Essential: true
DependsOn:
- ContainerName: 'envoy'
Condition: 'HEALTHY'
LogConfiguration:
LogDriver: 'awslogs'
Options:
awslogs-group:
Fn::ImportValue: !Sub "${EnvironmentName}:ECSServiceLogGroup"
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: 'colorteller'
PortMappings:
- ContainerPort: 9080
Protocol: 'http'
Environment:
- Name: 'PORT'
Value: 9080
- Name: 'COLOR'
Value: 'yellow'
- Name: envoy
Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${EnvoyImageName}'
Essential: true
User: '1337'
Ulimits:
- Name: "nofile"
HardLimit: 15000
SoftLimit: 15000
PortMappings:
- ContainerPort: 9901
Protocol: 'tcp'
HealthCheck:
Command:
- 'CMD-SHELL'
- 'curl -s http://localhost:9901/server_info | grep state | grep -q LIVE'
Interval: 5
Timeout: 2
Retries: 3
LogConfiguration:
LogDriver: 'awslogs'
Options:
awslogs-group:
Fn::ImportValue: !Sub "${EnvironmentName}:ECSServiceLogGroup"
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: 'colorteller'
Environment:
- Name: 'APPMESH_RESOURCE_ARN'
Value: !Sub 'mesh/${AppMeshMeshName}/virtualNode/colorteller-vn'
- Name: CERTIFICATE_NAME
Value: 'colorteller'
ColorTellerService:
Type: 'AWS::ECS::Service'
Properties:
Cluster:
'Fn::ImportValue': !Sub "${EnvironmentName}:ECSCluster"
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
DesiredCount: 1
LaunchType: FARGATE
ServiceRegistries:
- RegistryArn:
'Fn::GetAtt': ColorTellerServiceDiscoveryRecord.Arn
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- 'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceSecurityGroup"
Subnets:
- 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet1"
- 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet2"
TaskDefinition: { Ref: ColorTellerTaskDefinition }
PublicLoadBalancerSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Access to the public facing load balancer
VpcId:
'Fn::ImportValue': !Sub "${EnvironmentName}:VPC"
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
FromPort: 80
ToPort: 80
GatewayServiceDiscoveryRecord:
Type: 'AWS::ServiceDiscovery::Service'
Properties:
Name: "gateway"
DnsConfig:
NamespaceId:
'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceDiscoveryNamespace"
DnsRecords:
- Type: A
TTL: 300
HealthCheckCustomConfig:
FailureThreshold: 1
GatewayTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
RequiresCompatibilities:
- 'FARGATE'
Family: 'gateway'
NetworkMode: 'awsvpc'
Cpu: 256
Memory: 512
TaskRoleArn:
'Fn::ImportValue': !Sub "${EnvironmentName}:TaskIamRoleArn"
ExecutionRoleArn:
'Fn::ImportValue': !Sub "${EnvironmentName}:TaskExecutionIamRoleArn"
ContainerDefinitions:
- Name: envoy
Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${EnvoyImageName}'
Essential: true
User: '1337'
Ulimits:
- Name: "nofile"
HardLimit: 15000
SoftLimit: 15000
PortMappings:
- ContainerPort: 9080
Protocol: 'tcp'
- ContainerPort: 9901
Protocol: 'tcp'
HealthCheck:
Command:
- 'CMD-SHELL'
- 'curl -s http://localhost:9901/server_info | grep state | grep -q LIVE'
Interval: 5
Timeout: 2
Retries: 3
LogConfiguration:
LogDriver: 'awslogs'
Options:
awslogs-group:
Fn::ImportValue: !Sub "${EnvironmentName}:ECSServiceLogGroup"
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: 'gateway'
Environment:
- Name: 'APPMESH_RESOURCE_ARN'
Value: !Sub 'mesh/${AppMeshMeshName}/virtualGateway/gateway-vgw'
- Name: CERTIFICATE_NAME
Value: 'gateway'
- Name: ENVOY_LOG_LEVEL
Value: 'debug'
GatewayService:
Type: 'AWS::ECS::Service'
DependsOn:
- PublicLoadBalancerListener
Properties:
Cluster:
'Fn::ImportValue': !Sub "${EnvironmentName}:ECSCluster"
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
DesiredCount: 1
LaunchType: FARGATE
ServiceRegistries:
- RegistryArn:
'Fn::GetAtt': GatewayServiceDiscoveryRecord.Arn
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- 'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceSecurityGroup"
Subnets:
- 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet1"
- 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet2"
LoadBalancers:
- ContainerName: envoy
ContainerPort: 9080
TargetGroupArn: !Ref WebTargetGroup
TaskDefinition: { Ref: GatewayTaskDefinition }
# public NLB for gateway
PublicLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Type: network
Subnets:
- { 'Fn::ImportValue': !Sub "${EnvironmentName}:PublicSubnet1" }
- { 'Fn::ImportValue': !Sub "${EnvironmentName}:PublicSubnet2" }
WebTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
DependsOn:
- PublicLoadBalancer
Properties:
Protocol: TCP
TargetType: ip
Name: !Sub "${EnvironmentName}-web2"
Port: 80
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: 120
VpcId:
'Fn::ImportValue': !Sub "${EnvironmentName}:VPC"
PublicLoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref WebTargetGroup
Type: 'forward'
LoadBalancerArn: !Ref 'PublicLoadBalancer'
Port: 80
Protocol: TCP
Outputs:
ColorAppEndpoint:
Description: Public endpoint for Color App service
Value: !Join ['', ['http://', !GetAtt 'PublicLoadBalancer.DNSName']]