AWSTemplateFormatVersion: 2010-09-09Description: Hasura VPCParameters:

1. AWSTemplateFormatVersion: 2010-09-09
2. Description: Hasura VPC
3.  
4. Parameters:
5. VPC:
6. Description: VPC
7. Type: AWS::EC2::VPC::Id
8.  
9. Subnets:
10. Description: 'Subnet IDs'
11. Type: List<AWS::EC2::Subnet::Id>
12.  
13. ELBSecurityGroup:
14. Description: 'Security Group for ELB'
15. Type: AWS::EC2::SecurityGroup::Id
16.  
17.  
18. DbConnectionString:
19. Description: Connection string for RDS (postgres://user:password@endpoint:port/db)
20. NoEcho: 'true'
21. Type: String
22. ################# Hasura ECS
23. # Important: Follow the CPU + memory combination rules laid out here:
24. # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html
25. Cpu:
26. Type: String
27. Description: The CPU units for the container. Must adhere to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html.
28. Default: 256
29. AllowedValues:
30. - 256
31. - 512
32. - 1024
33.  
34. Memory:
35. Description: The memory reservation for the container. Must adhere to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html
36. Type: Number
37. Default: 512
38. AllowedValues:
39. - 512
40. - 1024
41. - 2048
42. - 4096
43.  
44. HasuraVersion:
45. Type: String
46. Default: v1.0.0-beta.6
47. AllowedValues:
48. - v1.0.0-beta.4
49. - v1.0.0-beta.5
50. - v1.0.0-beta.6
51.  
52. MinCapacity:
53. Type: Number
54. Default: 1
55. Description: "Minimum Capacity"
56.  
57. DesiredCount:
58. Type: Number
59. Default: 1
60. Description: "Desired Capacity"
61.  
62. MaxCapacity:
63. Type: Number
64. Default: 2
65. Description: "Maximum Capacity"
66.  
67.  
68. Resources:
69. ################# Hasura ECS
70. # ECS Resources
71. ECSCluster:
72. Type: AWS::ECS::Cluster
73.  
74. LoadBalancer:
75. Type: AWS::ElasticLoadBalancingV2::LoadBalancer
76. Properties:
77. Scheme: internet-facing
78. #Scheme: internal
79. LoadBalancerAttributes:
80. - Key: idle_timeout.timeout_seconds
81. Value: '30'
82. Subnets:
83. - !Select [ 0, !Ref Subnets ]
84. - !Select [ 1, !Ref Subnets ]
85. SecurityGroups: [!Ref ELBSecurityGroup]
86.  
87. HasuraTargetGroup:
88. Type: AWS::ElasticLoadBalancingV2::TargetGroup
89. Properties:
90. HealthCheckIntervalSeconds: 10
91. HealthCheckPath: /
92. HealthCheckProtocol: HTTP
93. Matcher:
94. HttpCode: '302'
95. HealthCheckTimeoutSeconds: 5
96. HealthyThresholdCount: 2
97. Name: !Join ['-', [!Ref 'AWS::StackName', 'hasura']]
98. Port: 8080
99. Protocol: HTTP
100. UnhealthyThresholdCount: 2
101. VpcId: !Ref 'VPC'
102. TargetType: 'ip'
103.  
104. LoadBalancerListener:
105. Type: AWS::ElasticLoadBalancingV2::Listener
106. Properties:
107. DefaultActions:
108. - TargetGroupArn: !Ref 'HasuraTargetGroup'
109. Type: 'forward'
110. LoadBalancerArn: !Ref LoadBalancer
111. Port: 8080
112. Protocol: HTTP
113.  
114. HasuraLogs:
115. Type: "AWS::Logs::LogGroup"
116. Properties:
117. LogGroupName: !Ref 'AWS::StackName'
118. RetentionInDays: 7
119.  
120. TaskDefinition:
121. Type: AWS::ECS::TaskDefinition
122. Properties:
123. Cpu: !Ref Cpu
124. Memory: !Ref Memory
125. RequiresCompatibilities:
126. - FARGATE
127. Family: hasura
128. NetworkMode: awsvpc
129. ExecutionRoleArn: !Ref ECSTaskExecutionRole
130. TaskRoleArn: !Ref ECSTaskExecutionRole
131. ContainerDefinitions:
132. - Name: hasura-container
133. Essential: true
134. Image: !Join [ ':', [ 'hasura/graphql-engine', !Ref HasuraVersion ] ]
135. PortMappings:
136. - ContainerPort: 8080
137. Environment:
138. - Name: HASURA_GRAPHQL_DATABASE_URL
139. # Value: !Join [ '', ['postgres://', !Ref DatabaseUsername, ':', !Ref DatabasePassword, '@', !GetAtt DatabaseCluster.Endpoint.Address, ':', '5432', '/', !Ref DatabaseName ] ]
140. Value: !Ref DbConnectionString
141. - Name: HASURA_GRAPHQL_ENABLE_CONSOLE
142. Value: 'true'
143. - Name: HASURA_GRAPHQL_ENABLED_LOG_TYPES
144. Value: 'startup, http-log, query-log'
145. Ulimits:
146. - Name: nofile
147. HardLimit: 1000000
148. SoftLimit: 1000000
149. LogConfiguration:
150. LogDriver: awslogs
151. Options:
152. awslogs-group: !Ref 'AWS::StackName'
153. awslogs-region: !Ref AWS::Region
154. awslogs-stream-prefix: 'hasura-pmdm'
155.  
156. HasuraService:
157. Type: AWS::ECS::Service
158. DependsOn: LoadBalancerListener
159. Properties:
160. Cluster: !Ref ECSCluster
161. ServiceName: Hasura
162. LaunchType: FARGATE
163. DesiredCount: !Ref DesiredCount
164. DeploymentConfiguration:
165. MaximumPercent: 200
166. MinimumHealthyPercent: 50
167. TaskDefinition: !Ref TaskDefinition
168. LoadBalancers:
169. - ContainerName: hasura-container
170. ContainerPort: 8080
171. TargetGroupArn: !Ref HasuraTargetGroup
172. NetworkConfiguration:
173. AwsvpcConfiguration:
174. AssignPublicIp: ENABLED
175. SecurityGroups:
176. - !Ref ELBSecurityGroup
177. Subnets:
178. - !Select [ 0, !Ref Subnets ]
179. - !Select [ 1, !Ref Subnets ]
180.  
181. HasuraServiceAutoScalingTarget:
182. Type: AWS::ApplicationAutoScaling::ScalableTarget
183. Properties:
184. MaxCapacity: !Ref MaxCapacity
185. MinCapacity: !Ref MinCapacity
186. ResourceId:
187. Fn::Join:
188. - "/"
189. - - service
190. - !Ref ECSCluster
191. - !GetAtt [HasuraService, Name]
192. RoleARN: !GetAtt ServiceAutoScaleRole.Arn
193. ScalableDimension: ecs:service:DesiredCount
194. ServiceNamespace: ecs
195.  
196. ServiceAutoScaleRole:
197. Type: AWS::IAM::Role
198. Properties:
199. AssumeRolePolicyDocument:
200. Statement:
201. - Effect: Allow
202. Principal:
203. Service: [application-autoscaling.amazonaws.com]
204. Action: ['sts:AssumeRole']
205. Path: /
206. Policies:
207. - PolicyName: ecs-service
208. PolicyDocument:
209. Statement:
210. - Effect: Allow
211. Action: ['ecs:DescribeServices', 'ecs:UpdateService', 'cloudwatch:DescribeAlarms']
212. Resource: '*'
213.  
214. TargetTrackingCPUPolicy:
215. Type: AWS::ApplicationAutoScaling::ScalingPolicy
216. Properties:
217. PolicyName: Fargate-TTScalingPolicy
218. PolicyType: TargetTrackingScaling
219. ScalingTargetId:
220. Ref: HasuraServiceAutoScalingTarget
221. #ScalableDimension: ecs:service:DesiredCount
222. #ServiceNamespace: ecs
223. TargetTrackingScalingPolicyConfiguration:
224. TargetValue: 25.0
225. ScaleInCooldown: 30
226. ScaleOutCooldown: 30
227. PredefinedMetricSpecification:
228. PredefinedMetricType: ECSServiceAverageMemoryUtilization
229.  
230. # This is a role which is used by the ECS tasks themselves.
231. ECSTaskExecutionRole:
232. Type: AWS::IAM::Role
233. Properties:
234. AssumeRolePolicyDocument:
235. Statement:
236. - Effect: Allow
237. Principal:
238. Service: [ecs-tasks.amazonaws.com]
239. Action: ['sts:AssumeRole']
240. Path: /
241. Policies:
242. - PolicyName: AmazonECSTaskExecutionRolePolicy
243. PolicyDocument:
244. Statement:
245. - Effect: Allow
246. Action:
247. # Allow the ECS Tasks to download images from ECR
248. - 'ecr:GetAuthorizationToken'
249. - 'ecr:BatchCheckLayerAvailability'
250. - 'ecr:GetDownloadUrlForLayer'
251. - 'ecr:BatchGetImage'
252.  
253. # Allow the ECS tasks to upload logs to CloudWatch
254. - 'logs:CreateLogStream'
255. - 'logs:PutLogEvents'
256. - 'logs:PutLogEventsBatch'
257. Resource: '*'
258.  
259. Outputs:
260. ClusterName:
261. Description: The name of the ECS cluster
262. Value: !Ref 'ECSCluster'
263. Export:
264. Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ClusterName' ] ]
265.  
266. ELBUrl:
267. Description: The url of the external load balancer
268. Value: !Join ['', ['http://', !GetAtt 'LoadBalancer.DNSName']]
269. Export:
270. Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ExternalUrl' ] ]
271.  
272. ECSTaskExecutionRole:
273. Description: The ARN of the ECS role
274. Value: !GetAtt 'ECSTaskExecutionRole.Arn'
275. Export:
276. Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ECSTaskExecutionRole' ] ]
277.  
278. PublicListener:
279. Description: The ARN of the public load balancer's Listener
280. Value: !Ref LoadBalancerListener
281. Export:
282. Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicListener' ] ]