Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- AWSTemplateFormatVersion: 2010-09-09
- Description: Hasura VPC
- Parameters:
- VPC:
- Description: VPC
- Type: AWS::EC2::VPC::Id
- Subnets:
- Description: 'Subnet IDs'
- Type: List<AWS::EC2::Subnet::Id>
- ELBSecurityGroup:
- Description: 'Security Group for ELB'
- Type: AWS::EC2::SecurityGroup::Id
- DbConnectionString:
- Description: Connection string for RDS (postgres://user:password@endpoint:port/db)
- NoEcho: 'true'
- Type: String
- ################# Hasura ECS
- # Important: Follow the CPU + memory combination rules laid out here:
- # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html
- Cpu:
- Type: String
- Description: The CPU units for the container. Must adhere to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html.
- Default: 256
- AllowedValues:
- - 256
- - 512
- - 1024
- Memory:
- Description: The memory reservation for the container. Must adhere to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html
- Type: Number
- Default: 512
- AllowedValues:
- - 512
- - 1024
- - 2048
- - 4096
- HasuraVersion:
- Type: String
- Default: v1.0.0-beta.6
- AllowedValues:
- - v1.0.0-beta.4
- - v1.0.0-beta.5
- - v1.0.0-beta.6
- MinCapacity:
- Type: Number
- Default: 1
- Description: "Minimum Capacity"
- DesiredCount:
- Type: Number
- Default: 1
- Description: "Desired Capacity"
- MaxCapacity:
- Type: Number
- Default: 2
- Description: "Maximum Capacity"
- Resources:
- ################# Hasura ECS
- # ECS Resources
- ECSCluster:
- Type: AWS::ECS::Cluster
- LoadBalancer:
- Type: AWS::ElasticLoadBalancingV2::LoadBalancer
- Properties:
- Scheme: internet-facing
- #Scheme: internal
- LoadBalancerAttributes:
- - Key: idle_timeout.timeout_seconds
- Value: '30'
- Subnets:
- - !Select [ 0, !Ref Subnets ]
- - !Select [ 1, !Ref Subnets ]
- SecurityGroups: [!Ref ELBSecurityGroup]
- HasuraTargetGroup:
- Type: AWS::ElasticLoadBalancingV2::TargetGroup
- Properties:
- HealthCheckIntervalSeconds: 10
- HealthCheckPath: /
- HealthCheckProtocol: HTTP
- Matcher:
- HttpCode: '302'
- HealthCheckTimeoutSeconds: 5
- HealthyThresholdCount: 2
- Name: !Join ['-', [!Ref 'AWS::StackName', 'hasura']]
- Port: 8080
- Protocol: HTTP
- UnhealthyThresholdCount: 2
- VpcId: !Ref 'VPC'
- TargetType: 'ip'
- LoadBalancerListener:
- Type: AWS::ElasticLoadBalancingV2::Listener
- Properties:
- DefaultActions:
- - TargetGroupArn: !Ref 'HasuraTargetGroup'
- Type: 'forward'
- LoadBalancerArn: !Ref LoadBalancer
- Port: 8080
- Protocol: HTTP
- HasuraLogs:
- Type: "AWS::Logs::LogGroup"
- Properties:
- LogGroupName: !Ref 'AWS::StackName'
- RetentionInDays: 7
- TaskDefinition:
- Type: AWS::ECS::TaskDefinition
- Properties:
- Cpu: !Ref Cpu
- Memory: !Ref Memory
- RequiresCompatibilities:
- - FARGATE
- Family: hasura
- NetworkMode: awsvpc
- ExecutionRoleArn: !Ref ECSTaskExecutionRole
- TaskRoleArn: !Ref ECSTaskExecutionRole
- ContainerDefinitions:
- - Name: hasura-container
- Essential: true
- Image: !Join [ ':', [ 'hasura/graphql-engine', !Ref HasuraVersion ] ]
- PortMappings:
- - ContainerPort: 8080
- Environment:
- - Name: HASURA_GRAPHQL_DATABASE_URL
- # Value: !Join [ '', ['postgres://', !Ref DatabaseUsername, ':', !Ref DatabasePassword, '@', !GetAtt DatabaseCluster.Endpoint.Address, ':', '5432', '/', !Ref DatabaseName ] ]
- Value: !Ref DbConnectionString
- - Name: HASURA_GRAPHQL_ENABLE_CONSOLE
- Value: 'true'
- - Name: HASURA_GRAPHQL_ENABLED_LOG_TYPES
- Value: 'startup, http-log, query-log'
- Ulimits:
- - Name: nofile
- HardLimit: 1000000
- SoftLimit: 1000000
- LogConfiguration:
- LogDriver: awslogs
- Options:
- awslogs-group: !Ref 'AWS::StackName'
- awslogs-region: !Ref AWS::Region
- awslogs-stream-prefix: 'hasura-pmdm'
- HasuraService:
- Type: AWS::ECS::Service
- DependsOn: LoadBalancerListener
- Properties:
- Cluster: !Ref ECSCluster
- ServiceName: Hasura
- LaunchType: FARGATE
- DesiredCount: !Ref DesiredCount
- DeploymentConfiguration:
- MaximumPercent: 200
- MinimumHealthyPercent: 50
- TaskDefinition: !Ref TaskDefinition
- LoadBalancers:
- - ContainerName: hasura-container
- ContainerPort: 8080
- TargetGroupArn: !Ref HasuraTargetGroup
- NetworkConfiguration:
- AwsvpcConfiguration:
- AssignPublicIp: ENABLED
- SecurityGroups:
- - !Ref ELBSecurityGroup
- Subnets:
- - !Select [ 0, !Ref Subnets ]
- - !Select [ 1, !Ref Subnets ]
- HasuraServiceAutoScalingTarget:
- Type: AWS::ApplicationAutoScaling::ScalableTarget
- Properties:
- MaxCapacity: !Ref MaxCapacity
- MinCapacity: !Ref MinCapacity
- ResourceId:
- Fn::Join:
- - "/"
- - - service
- - !Ref ECSCluster
- - !GetAtt [HasuraService, Name]
- RoleARN: !GetAtt ServiceAutoScaleRole.Arn
- ScalableDimension: ecs:service:DesiredCount
- ServiceNamespace: ecs
- ServiceAutoScaleRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Effect: Allow
- Principal:
- Service: [application-autoscaling.amazonaws.com]
- Action: ['sts:AssumeRole']
- Path: /
- Policies:
- - PolicyName: ecs-service
- PolicyDocument:
- Statement:
- - Effect: Allow
- Action: ['ecs:DescribeServices', 'ecs:UpdateService', 'cloudwatch:DescribeAlarms']
- Resource: '*'
- TargetTrackingCPUPolicy:
- Type: AWS::ApplicationAutoScaling::ScalingPolicy
- Properties:
- PolicyName: Fargate-TTScalingPolicy
- PolicyType: TargetTrackingScaling
- ScalingTargetId:
- Ref: HasuraServiceAutoScalingTarget
- #ScalableDimension: ecs:service:DesiredCount
- #ServiceNamespace: ecs
- TargetTrackingScalingPolicyConfiguration:
- TargetValue: 25.0
- ScaleInCooldown: 30
- ScaleOutCooldown: 30
- PredefinedMetricSpecification:
- PredefinedMetricType: ECSServiceAverageMemoryUtilization
- # This is a role which is used by the ECS tasks themselves.
- ECSTaskExecutionRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Effect: Allow
- Principal:
- Service: [ecs-tasks.amazonaws.com]
- Action: ['sts:AssumeRole']
- Path: /
- Policies:
- - PolicyName: AmazonECSTaskExecutionRolePolicy
- PolicyDocument:
- Statement:
- - Effect: Allow
- Action:
- # Allow the ECS Tasks to download images from ECR
- - 'ecr:GetAuthorizationToken'
- - 'ecr:BatchCheckLayerAvailability'
- - 'ecr:GetDownloadUrlForLayer'
- - 'ecr:BatchGetImage'
- # Allow the ECS tasks to upload logs to CloudWatch
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- - 'logs:PutLogEventsBatch'
- Resource: '*'
- Outputs:
- ClusterName:
- Description: The name of the ECS cluster
- Value: !Ref 'ECSCluster'
- Export:
- Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ClusterName' ] ]
- ELBUrl:
- Description: The url of the external load balancer
- Value: !Join ['', ['http://', !GetAtt 'LoadBalancer.DNSName']]
- Export:
- Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ExternalUrl' ] ]
- ECSTaskExecutionRole:
- Description: The ARN of the ECS role
- Value: !GetAtt 'ECSTaskExecutionRole.Arn'
- Export:
- Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ECSTaskExecutionRole' ] ]
- PublicListener:
- Description: The ARN of the public load balancer's Listener
- Value: !Ref LoadBalancerListener
- Export:
- Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicListener' ] ]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement