# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 Resources: VPC: Type: AWS::EC2::VPC Metadata: 'aws:copilot:description': 'Virtual private cloud on 2 availability zones to control network boundaries.' Properties: CidrBlock: 10.0.0.0/16 EnableDnsHostnames: true EnableDnsSupport: true InstanceTenancy: default Tags: - Key: Name Value: !Sub 'copilot-${AppName}-${EnvironmentName}' PublicRouteTable: Type: AWS::EC2::RouteTable Metadata: 'aws:copilot:description': 'Routing table for services to talk with each other.' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub 'copilot-${AppName}-${EnvironmentName}' DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: InternetGatewayAttachment Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway InternetGateway: Type: AWS::EC2::InternetGateway Metadata: 'aws:copilot:description': 'Internet gateway to connect the network to the internet.' Properties: Tags: - Key: Name Value: !Sub 'copilot-${AppName}-${EnvironmentName}' PublicSubnet1: Type: AWS::EC2::Subnet Metadata: 'aws:copilot:description': 'A public subnet in your first AZ for internet facing services.' Properties: CidrBlock: 10.0.0.0/24 VpcId: !Ref VPC AvailabilityZone: !Select [ 0, !GetAZs '' ] MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub 'copilot-${AppName}-${EnvironmentName}-pub0' PublicSubnet2: Type: AWS::EC2::Subnet Metadata: 'aws:copilot:description': 'A public subnet in your second AZ for internet facing services.' Properties: CidrBlock: 10.0.1.0/24 VpcId: !Ref VPC AvailabilityZone: !Select [ 1, !GetAZs '' ] MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub 'copilot-${AppName}-${EnvironmentName}-pub1' # Creates a service discovery namespace with the form: # {svc}.{appname}.local ServiceDiscoveryNamespace: Type: AWS::ServiceDiscovery::PrivateDnsNamespace Properties: Name: !Sub ${AppName}.local Vpc: !Ref VPC Cluster: Type: AWS::ECS::Cluster Metadata: 'aws:copilot:description': 'An ECS Cluster to hold your services.' Properties: CapacityProviders: ['FARGATE', 'FARGATE_SPOT'] # Only accept requests coming from the public ALB or other containers in the same security group. EnvironmentSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: !Join ['', [!Ref AppName, '-', !Ref EnvironmentName, EnvironmentSecurityGroup]] VpcId: !Ref VPC Tags: - Key: Name Value: !Sub 'copilot-${AppName}-${EnvironmentName}-env' PublicLoadBalancer: Metadata: 'aws:copilot:description': 'An application load balancer to distribute traffic to your Load Balanced Web Services.' Condition: CreateALB Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Scheme: internet-facing SecurityGroups: [ !GetAtt PublicLoadBalancerSecurityGroup.GroupId ] Subnets: [ !Ref PublicSubnet1, !Ref PublicSubnet2, ] Type: application # Assign a dummy target group that with no real services as targets, so that we can create # the listeners for the services. DefaultHTTPTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Condition: CreateALB Properties: # Check if your application is healthy within 20 = 10*2 seconds, compared to 2.5 mins = 30*5 seconds. HealthCheckIntervalSeconds: 10 # Default is 30. HealthyThresholdCount: 2 # Default is 5. HealthCheckTimeoutSeconds: 5 Port: 80 Protocol: HTTP TargetGroupAttributes: - Key: deregistration_delay.timeout_seconds Value: 60 TargetType: ip VpcId: !Ref VPC # Adds records for this environment's hostedzone # into the application's hostedzone. This lets this # environment own the DNS of the it's subdomain. DelegateDNSAction: Condition: DelegateDNS Type: Custom::DNSDelegationFunction DependsOn: - DNSDelegationFunction - EnvironmentHostedZone Properties: ServiceToken: !GetAtt DNSDelegationFunction.Arn DomainName: !Sub ${AppName}.${AppDNSName} SubdomainName: !Sub ${EnvironmentName}.${AppName}.${AppDNSName} NameServers: !GetAtt EnvironmentHostedZone.NameServers RootDNSRole: !Ref AppDNSDelegationRole