Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Resources:
- Vpc8378EB38:
- Type: AWS::EC2::VPC
- Properties:
- CidrBlock: 10.0.0.0/16
- EnableDnsHostnames: true
- EnableDnsSupport: true
- InstanceTenancy: default
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/Resource
- VpcPublicSubnet1Subnet5C2D37C4:
- Type: AWS::EC2::Subnet
- Properties:
- CidrBlock: 10.0.0.0/18
- VpcId:
- Ref: Vpc8378EB38
- AvailabilityZone: eu-central-1a
- MapPublicIpOnLaunch: true
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PublicSubnet1
- - Key: aws-cdk:subnet-name
- Value: Public
- - Key: aws-cdk:subnet-type
- Value: Public
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet1/Subnet
- VpcPublicSubnet1RouteTable6C95E38E:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId:
- Ref: Vpc8378EB38
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PublicSubnet1
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet1/RouteTable
- VpcPublicSubnet1RouteTableAssociation97140677:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId:
- Ref: VpcPublicSubnet1RouteTable6C95E38E
- SubnetId:
- Ref: VpcPublicSubnet1Subnet5C2D37C4
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet1/RouteTableAssociation
- VpcPublicSubnet1DefaultRoute3DA9E72A:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId:
- Ref: VpcPublicSubnet1RouteTable6C95E38E
- DestinationCidrBlock: 0.0.0.0/0
- GatewayId:
- Ref: VpcIGWD7BA715C
- DependsOn:
- - VpcVPCGWBF912B6E
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet1/DefaultRoute
- VpcPublicSubnet1EIPD7E02669:
- Type: AWS::EC2::EIP
- Properties:
- Domain: vpc
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet1/EIP
- VpcPublicSubnet1NATGateway4D7517AA:
- Type: AWS::EC2::NatGateway
- Properties:
- AllocationId:
- Fn::GetAtt:
- - VpcPublicSubnet1EIPD7E02669
- - AllocationId
- SubnetId:
- Ref: VpcPublicSubnet1Subnet5C2D37C4
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PublicSubnet1
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet1/NATGateway
- VpcPublicSubnet2Subnet691E08A3:
- Type: AWS::EC2::Subnet
- Properties:
- CidrBlock: 10.0.64.0/18
- VpcId:
- Ref: Vpc8378EB38
- AvailabilityZone: eu-central-1b
- MapPublicIpOnLaunch: true
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PublicSubnet2
- - Key: aws-cdk:subnet-name
- Value: Public
- - Key: aws-cdk:subnet-type
- Value: Public
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet2/Subnet
- VpcPublicSubnet2RouteTable94F7E489:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId:
- Ref: Vpc8378EB38
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PublicSubnet2
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet2/RouteTable
- VpcPublicSubnet2RouteTableAssociationDD5762D8:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId:
- Ref: VpcPublicSubnet2RouteTable94F7E489
- SubnetId:
- Ref: VpcPublicSubnet2Subnet691E08A3
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet2/RouteTableAssociation
- VpcPublicSubnet2DefaultRoute97F91067:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId:
- Ref: VpcPublicSubnet2RouteTable94F7E489
- DestinationCidrBlock: 0.0.0.0/0
- GatewayId:
- Ref: VpcIGWD7BA715C
- DependsOn:
- - VpcVPCGWBF912B6E
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet2/DefaultRoute
- VpcPublicSubnet2EIP3C605A87:
- Type: AWS::EC2::EIP
- Properties:
- Domain: vpc
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet2/EIP
- VpcPublicSubnet2NATGateway9182C01D:
- Type: AWS::EC2::NatGateway
- Properties:
- AllocationId:
- Fn::GetAtt:
- - VpcPublicSubnet2EIP3C605A87
- - AllocationId
- SubnetId:
- Ref: VpcPublicSubnet2Subnet691E08A3
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PublicSubnet2
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PublicSubnet2/NATGateway
- VpcPrivateSubnet1Subnet536B997A:
- Type: AWS::EC2::Subnet
- Properties:
- CidrBlock: 10.0.128.0/18
- VpcId:
- Ref: Vpc8378EB38
- AvailabilityZone: eu-central-1a
- MapPublicIpOnLaunch: false
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PrivateSubnet1
- - Key: aws-cdk:subnet-name
- Value: Private
- - Key: aws-cdk:subnet-type
- Value: Private
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet1/Subnet
- VpcPrivateSubnet1RouteTableB2C5B500:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId:
- Ref: Vpc8378EB38
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PrivateSubnet1
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet1/RouteTable
- VpcPrivateSubnet1RouteTableAssociation70C59FA6:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId:
- Ref: VpcPrivateSubnet1RouteTableB2C5B500
- SubnetId:
- Ref: VpcPrivateSubnet1Subnet536B997A
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet1/RouteTableAssociation
- VpcPrivateSubnet1DefaultRouteBE02A9ED:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId:
- Ref: VpcPrivateSubnet1RouteTableB2C5B500
- DestinationCidrBlock: 0.0.0.0/0
- NatGatewayId:
- Ref: VpcPublicSubnet1NATGateway4D7517AA
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet1/DefaultRoute
- VpcPrivateSubnet2Subnet3788AAA1:
- Type: AWS::EC2::Subnet
- Properties:
- CidrBlock: 10.0.192.0/18
- VpcId:
- Ref: Vpc8378EB38
- AvailabilityZone: eu-central-1b
- MapPublicIpOnLaunch: false
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PrivateSubnet2
- - Key: aws-cdk:subnet-name
- Value: Private
- - Key: aws-cdk:subnet-type
- Value: Private
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet2/Subnet
- VpcPrivateSubnet2RouteTableA678073B:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId:
- Ref: Vpc8378EB38
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc/PrivateSubnet2
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet2/RouteTable
- VpcPrivateSubnet2RouteTableAssociationA89CAD56:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId:
- Ref: VpcPrivateSubnet2RouteTableA678073B
- SubnetId:
- Ref: VpcPrivateSubnet2Subnet3788AAA1
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet2/RouteTableAssociation
- VpcPrivateSubnet2DefaultRoute060D2087:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId:
- Ref: VpcPrivateSubnet2RouteTableA678073B
- DestinationCidrBlock: 0.0.0.0/0
- NatGatewayId:
- Ref: VpcPublicSubnet2NATGateway9182C01D
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/PrivateSubnet2/DefaultRoute
- VpcIGWD7BA715C:
- Type: AWS::EC2::InternetGateway
- Properties:
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/Vpc
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/IGW
- VpcVPCGWBF912B6E:
- Type: AWS::EC2::VPCGatewayAttachment
- Properties:
- VpcId:
- Ref: Vpc8378EB38
- InternetGatewayId:
- Ref: VpcIGWD7BA715C
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/Vpc/VPCGW
- EcsCluster97242B84:
- Type: AWS::ECS::Cluster
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/Resource
- EcsClusterDefaultAutoScalingGroupInstanceSecurityGroup912E1231:
- Type: AWS::EC2::SecurityGroup
- Properties:
- GroupDescription: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/InstanceSecurityGroup
- SecurityGroupEgress:
- - CidrIp: 0.0.0.0/0
- Description: Allow all outbound traffic by default
- IpProtocol: "-1"
- SecurityGroupIngress:
- - CidrIp: 0.0.0.0/0
- Description: from 0.0.0.0/0:22
- FromPort: 22
- IpProtocol: tcp
- ToPort: 22
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup
- VpcId:
- Ref: Vpc8378EB38
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/InstanceSecurityGroup/Resource
- EcsClusterDefaultAutoScalingGroupInstanceSecurityGroupfromawsecsintegecsLBSecurityGroup7DA9012980B2BB1AA6:
- Type: AWS::EC2::SecurityGroupIngress
- Properties:
- IpProtocol: tcp
- Description: Load balancer to target
- FromPort: 80
- GroupId:
- Fn::GetAtt:
- - EcsClusterDefaultAutoScalingGroupInstanceSecurityGroup912E1231
- - GroupId
- SourceSecurityGroupId:
- Fn::GetAtt:
- - LBSecurityGroup8A41EA2B
- - GroupId
- ToPort: 80
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/InstanceSecurityGroup/from
- awsecsintegecsLBSecurityGroup7DA90129:80
- EcsClusterDefaultAutoScalingGroupInstanceRole3C026863:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: sts:AssumeRole
- Effect: Allow
- Principal:
- Service:
- Fn::Join:
- - ""
- - - ec2.
- - Ref: AWS::URLSuffix
- Version: "2012-10-17"
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/InstanceRole/Resource
- EcsClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy04DC6C80:
- Type: AWS::IAM::Policy
- Properties:
- PolicyDocument:
- Statement:
- - Action:
- - ecs:CreateCluster
- - ecs:DeregisterContainerInstance
- - ecs:DiscoverPollEndpoint
- - ecs:Poll
- - ecs:RegisterContainerInstance
- - ecs:StartTelemetrySession
- - ecs:Submit*
- - ecr:GetAuthorizationToken
- - logs:CreateLogStream
- - logs:PutLogEvents
- Effect: Allow
- Resource: "*"
- Version: "2012-10-17"
- PolicyName: EcsClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy04DC6C80
- Roles:
- - Ref: EcsClusterDefaultAutoScalingGroupInstanceRole3C026863
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/InstanceRole/DefaultPolicy/Resource
- EcsClusterDefaultAutoScalingGroupInstanceProfile2CE606B3:
- Type: AWS::IAM::InstanceProfile
- Properties:
- Roles:
- - Ref: EcsClusterDefaultAutoScalingGroupInstanceRole3C026863
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/InstanceProfile
- EcsClusterDefaultAutoScalingGroupLaunchConfigB7E376C1:
- Type: AWS::AutoScaling::LaunchConfiguration
- Properties:
- ImageId: ami-042ae7188819e7e9b
- InstanceType: t2.micro
- AssociatePublicIpAddress: true
- IamInstanceProfile:
- Ref: EcsClusterDefaultAutoScalingGroupInstanceProfile2CE606B3
- KeyName: cloudbooks
- SecurityGroups:
- - Fn::GetAtt:
- - EcsClusterDefaultAutoScalingGroupInstanceSecurityGroup912E1231
- - GroupId
- UserData:
- Fn::Base64:
- Fn::Join:
- - ""
- - - |-
- #!/bin/bash
- echo ECS_CLUSTER=
- - Ref: EcsCluster97242B84
- - >-2
- >> /etc/ecs/ecs.config
- sudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP
- sudo service iptables save
- echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config
- DependsOn:
- - EcsClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy04DC6C80
- - EcsClusterDefaultAutoScalingGroupInstanceRole3C026863
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/LaunchConfig
- EcsClusterDefaultAutoScalingGroupASGC1A785DB:
- Type: AWS::AutoScaling::AutoScalingGroup
- Properties:
- MaxSize: "2"
- MinSize: "1"
- DesiredCapacity: "2"
- LaunchConfigurationName:
- Ref: EcsClusterDefaultAutoScalingGroupLaunchConfigB7E376C1
- Tags:
- - Key: Name
- PropagateAtLaunch: true
- Value: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup
- VPCZoneIdentifier:
- - Ref: VpcPrivateSubnet1Subnet536B997A
- - Ref: VpcPrivateSubnet2Subnet3788AAA1
- UpdatePolicy:
- AutoScalingReplacingUpdate:
- WillReplace: true
- AutoScalingScheduledAction:
- IgnoreUnmodifiedGroupSizeProperties: true
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/ASG
- EcsClusterDefaultAutoScalingGroupDrainECSHookTopicC705BD25:
- Type: AWS::SNS::Topic
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/DrainECSHook/Topic/Resource
- EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole94543EDA:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: sts:AssumeRole
- Effect: Allow
- Principal:
- Service:
- Fn::Join:
- - ""
- - - lambda.
- - Ref: AWS::URLSuffix
- Version: "2012-10-17"
- ManagedPolicyArns:
- - Fn::Join:
- - ""
- - - "arn:"
- - Ref: AWS::Partition
- - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/Resource
- EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicyA45BF396:
- Type: AWS::IAM::Policy
- Properties:
- PolicyDocument:
- Statement:
- - Action:
- - autoscaling:CompleteLifecycleAction
- - ec2:DescribeInstances
- - ec2:DescribeInstanceAttribute
- - ec2:DescribeInstanceStatus
- - ec2:DescribeHosts
- Effect: Allow
- Resource: "*"
- - Action:
- - ecs:ListContainerInstances
- - ecs:SubmitContainerStateChange
- - ecs:SubmitTaskStateChange
- - ecs:DescribeContainerInstances
- - ecs:UpdateContainerInstancesState
- - ecs:ListTasks
- - ecs:DescribeTasks
- Effect: Allow
- Resource: "*"
- Version: "2012-10-17"
- PolicyName: EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicyA45BF396
- Roles:
- - Ref: EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole94543EDA
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/DefaultPolicy/Resource
- EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionE17A5F5E:
- Type: AWS::Lambda::Function
- Properties:
- Code:
- ZipFile: >
- import boto3, json, os, time
- ecs = boto3.client('ecs')
- autoscaling = boto3.client('autoscaling')
- def lambda_handler(event, context):
- print(json.dumps(event))
- cluster = os.environ['CLUSTER']
- snsTopicArn = event['Records'][0]['Sns']['TopicArn']
- lifecycle_event = json.loads(event['Records'][0]['Sns']['Message'])
- instance_id = lifecycle_event.get('EC2InstanceId')
- if not instance_id:
- print('Got event without EC2InstanceId: %s', json.dumps(event))
- return
- instance_arn = container_instance_arn(cluster, instance_id)
- print('Instance %s has container instance ARN %s' % (lifecycle_event['EC2InstanceId'], instance_arn))
- if not instance_arn:
- return
- while has_tasks(cluster, instance_arn):
- time.sleep(10)
- try:
- print('Terminating instance %s' % instance_id)
- autoscaling.complete_lifecycle_action(
- LifecycleActionResult='CONTINUE',
- **pick(lifecycle_event, 'LifecycleHookName', 'LifecycleActionToken', 'AutoScalingGroupName'))
- except Exception as e:
- # Lifecycle action may have already completed.
- print(str(e))
- def container_instance_arn(cluster, instance_id):
- """Turn an instance ID into a container instance ARN."""
- arns = ecs.list_container_instances(cluster=cluster, filter='ec2InstanceId==' + instance_id)['containerInstanceArns']
- if not arns:
- return None
- return arns[0]
- def has_tasks(cluster, instance_arn):
- """Return True if the instance is running tasks for the given cluster."""
- instances = ecs.describe_container_instances(cluster=cluster, containerInstances=[instance_arn])['containerInstances']
- if not instances:
- return False
- instance = instances[0]
- if instance['status'] == 'ACTIVE':
- # Start draining, then try again later
- set_container_instance_to_draining(cluster, instance_arn)
- return True
- tasks = instance['runningTasksCount'] + instance['pendingTasksCount']
- print('Instance %s has %s tasks' % (instance_arn, tasks))
- return tasks > 0
- def set_container_instance_to_draining(cluster, instance_arn):
- ecs.update_container_instances_state(
- cluster=cluster,
- containerInstances=[instance_arn], status='DRAINING')
- def pick(dct, *keys):
- """Pick a subset of a dict."""
- return {k: v for k, v in dct.items() if k in keys}
- Handler: index.lambda_handler
- Role:
- Fn::GetAtt:
- - EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole94543EDA
- - Arn
- Runtime: python3.6
- Environment:
- Variables:
- CLUSTER:
- Ref: EcsCluster97242B84
- Tags:
- - Key: Name
- Value: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup
- Timeout: 310
- DependsOn:
- - EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicyA45BF396
- - EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole94543EDA
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/DrainECSHook/Function/Resource
- EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionTopicSubscriptionDA5F8A10:
- Type: AWS::SNS::Subscription
- Properties:
- Protocol: lambda
- TopicArn:
- Ref: EcsClusterDefaultAutoScalingGroupDrainECSHookTopicC705BD25
- Endpoint:
- Fn::GetAtt:
- - EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionE17A5F5E
- - Arn
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/DrainECSHook/Function/TopicSubscription/Resource
- EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionTopicE6B1EBA6:
- Type: AWS::Lambda::Permission
- Properties:
- Action: lambda:InvokeFunction
- FunctionName:
- Ref: EcsClusterDefaultAutoScalingGroupDrainECSHookFunctionE17A5F5E
- Principal: sns.amazonaws.com
- SourceArn:
- Ref: EcsClusterDefaultAutoScalingGroupDrainECSHookTopicC705BD25
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/DrainECSHook/Function/Topic
- EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: sts:AssumeRole
- Effect: Allow
- Principal:
- Service:
- Fn::Join:
- - ""
- - - autoscaling.
- - Ref: AWS::URLSuffix
- Version: "2012-10-17"
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/Resource
- EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicy75002F88:
- Type: AWS::IAM::Policy
- Properties:
- PolicyDocument:
- Statement:
- - Action: sns:Publish
- Effect: Allow
- Resource:
- Ref: EcsClusterDefaultAutoScalingGroupDrainECSHookTopicC705BD25
- Version: "2012-10-17"
- PolicyName: EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicy75002F88
- Roles:
- - Ref: EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/DefaultPolicy/Resource
- EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029:
- Type: AWS::AutoScaling::LifecycleHook
- Properties:
- AutoScalingGroupName:
- Ref: EcsClusterDefaultAutoScalingGroupASGC1A785DB
- LifecycleTransition: autoscaling:EC2_INSTANCE_TERMINATING
- DefaultResult: CONTINUE
- HeartbeatTimeout: 300
- NotificationTargetARN:
- Ref: EcsClusterDefaultAutoScalingGroupDrainECSHookTopicC705BD25
- RoleARN:
- Fn::GetAtt:
- - EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B
- - Arn
- DependsOn:
- - EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicy75002F88
- - EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Resource
- appTaskTaskRoleD00D4FED:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: sts:AssumeRole
- Effect: Allow
- Principal:
- Service:
- Fn::Join:
- - ""
- - - ecs-tasks.
- - Ref: AWS::URLSuffix
- Version: "2012-10-17"
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/appTask/TaskRole/Resource
- appTask4D3BE904:
- Type: AWS::ECS::TaskDefinition
- Properties:
- ContainerDefinitions:
- - Essential: true
- Image:
- Fn::Join:
- - ""
- - - Fn::Select:
- - 4
- - Fn::Split:
- - ":"
- - Fn::Join:
- - ""
- - - "arn:"
- - Ref: AWS::Partition
- - ":ecr:"
- - Ref: AWS::Region
- - ":"
- - Ref: AWS::AccountId
- - :repository/nula
- - .dkr.ecr.
- - Fn::Select:
- - 3
- - Fn::Split:
- - ":"
- - Fn::Join:
- - ""
- - - "arn:"
- - Ref: AWS::Partition
- - ":ecr:"
- - Ref: AWS::Region
- - ":"
- - Ref: AWS::AccountId
- - :repository/nula
- - .amazonaws.com/nula:latest
- Links: []
- LinuxParameters:
- Capabilities:
- Add: []
- Drop: []
- Devices: []
- Tmpfs: []
- Memory: 256
- MountPoints: []
- Name: cloudbooks_app
- PortMappings:
- - ContainerPort: 80
- HostPort: 80
- Protocol: tcp
- Ulimits: []
- VolumesFrom: []
- ExecutionRoleArn:
- Fn::GetAtt:
- - appTaskExecutionRoleE02FDB1B
- - Arn
- Family: awsecsintegecsappTask199176EE
- NetworkMode: bridge
- PlacementConstraints: []
- RequiresCompatibilities:
- - EC2
- TaskRoleArn:
- Fn::GetAtt:
- - appTaskTaskRoleD00D4FED
- - Arn
- Volumes: []
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/appTask/Resource
- appTaskExecutionRoleE02FDB1B:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: sts:AssumeRole
- Effect: Allow
- Principal:
- Service:
- Fn::Join:
- - ""
- - - ecs-tasks.
- - Ref: AWS::URLSuffix
- Version: "2012-10-17"
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/appTask/ExecutionRole/Resource
- appTaskExecutionRoleDefaultPolicy6FBD12BC:
- Type: AWS::IAM::Policy
- Properties:
- PolicyDocument:
- Statement:
- - Action:
- - ecr:BatchCheckLayerAvailability
- - ecr:GetDownloadUrlForLayer
- - ecr:BatchGetImage
- Effect: Allow
- Resource:
- Fn::Join:
- - ""
- - - "arn:"
- - Ref: AWS::Partition
- - ":ecr:"
- - Ref: AWS::Region
- - ":"
- - Ref: AWS::AccountId
- - :repository/nula
- - Action:
- - ecr:GetAuthorizationToken
- - logs:CreateLogStream
- - logs:PutLogEvents
- Effect: Allow
- Resource: "*"
- Version: "2012-10-17"
- PolicyName: appTaskExecutionRoleDefaultPolicy6FBD12BC
- Roles:
- - Ref: appTaskExecutionRoleE02FDB1B
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/appTask/ExecutionRole/DefaultPolicy/Resource
- workerTaskDefTaskRole4F762C8C:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: sts:AssumeRole
- Effect: Allow
- Principal:
- Service:
- Fn::Join:
- - ""
- - - ecs-tasks.
- - Ref: AWS::URLSuffix
- Version: "2012-10-17"
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/workerTaskDef/TaskRole/Resource
- workerTaskDefE7B18110:
- Type: AWS::ECS::TaskDefinition
- Properties:
- ContainerDefinitions:
- - EntryPoint:
- - /usr/bin/supervisord
- - -n
- - -c
- - /etc/supervisord.conf
- Environment:
- - Name: SUPER_CMD
- Value: php /var/www/html/artisan queue:work --sleep=5 --tries=1 --daemon
- Essential: true
- Image:
- Fn::Join:
- - ""
- - - Fn::Select:
- - 4
- - Fn::Split:
- - ":"
- - Fn::Join:
- - ""
- - - "arn:"
- - Ref: AWS::Partition
- - ":ecr:"
- - Ref: AWS::Region
- - ":"
- - Ref: AWS::AccountId
- - :repository/nula
- - .dkr.ecr.
- - Fn::Select:
- - 3
- - Fn::Split:
- - ":"
- - Fn::Join:
- - ""
- - - "arn:"
- - Ref: AWS::Partition
- - ":ecr:"
- - Ref: AWS::Region
- - ":"
- - Ref: AWS::AccountId
- - :repository/nula
- - .amazonaws.com/nula:latest
- Links: []
- LinuxParameters:
- Capabilities:
- Add: []
- Drop: []
- Devices: []
- Tmpfs: []
- Memory: 256
- MountPoints: []
- Name: cloudbooks_worker1
- PortMappings:
- - ContainerPort: 80
- HostPort: 80
- Protocol: tcp
- Ulimits: []
- VolumesFrom: []
- ExecutionRoleArn:
- Fn::GetAtt:
- - workerTaskDefExecutionRole8DB2FD3C
- - Arn
- Family: awsecsintegecsworkerTaskDef9FBFFB39
- NetworkMode: bridge
- PlacementConstraints: []
- RequiresCompatibilities:
- - EC2
- TaskRoleArn:
- Fn::GetAtt:
- - workerTaskDefTaskRole4F762C8C
- - Arn
- Volumes: []
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/workerTaskDef/Resource
- workerTaskDefExecutionRole8DB2FD3C:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: sts:AssumeRole
- Effect: Allow
- Principal:
- Service:
- Fn::Join:
- - ""
- - - ecs-tasks.
- - Ref: AWS::URLSuffix
- Version: "2012-10-17"
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/workerTaskDef/ExecutionRole/Resource
- workerTaskDefExecutionRoleDefaultPolicyE16223F3:
- Type: AWS::IAM::Policy
- Properties:
- PolicyDocument:
- Statement:
- - Action:
- - ecr:BatchCheckLayerAvailability
- - ecr:GetDownloadUrlForLayer
- - ecr:BatchGetImage
- Effect: Allow
- Resource:
- Fn::Join:
- - ""
- - - "arn:"
- - Ref: AWS::Partition
- - ":ecr:"
- - Ref: AWS::Region
- - ":"
- - Ref: AWS::AccountId
- - :repository/nula
- - Action:
- - ecr:GetAuthorizationToken
- - logs:CreateLogStream
- - logs:PutLogEvents
- Effect: Allow
- Resource: "*"
- Version: "2012-10-17"
- PolicyName: workerTaskDefExecutionRoleDefaultPolicyE16223F3
- Roles:
- - Ref: workerTaskDefExecutionRole8DB2FD3C
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/workerTaskDef/ExecutionRole/DefaultPolicy/Resource
- appServiceD08846AF:
- Type: AWS::ECS::Service
- Properties:
- TaskDefinition:
- Ref: appTask4D3BE904
- Cluster:
- Ref: EcsCluster97242B84
- DeploymentConfiguration:
- MaximumPercent: 200
- MinimumHealthyPercent: 50
- DesiredCount: 1
- LaunchType: EC2
- LoadBalancers:
- - ContainerName: cloudbooks_app
- ContainerPort: 80
- TargetGroupArn:
- Ref: LBPublicListenerECSGroupD6A32205
- PlacementConstraints: []
- PlacementStrategies: []
- SchedulingStrategy: REPLICA
- DependsOn:
- - LBPublicListenerECSGroupD6A32205
- - LBPublicListener6E1F3D94
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/appService/Service
- workerServiceA67555CE:
- Type: AWS::ECS::Service
- Properties:
- TaskDefinition:
- Ref: workerTaskDefE7B18110
- Cluster:
- Ref: EcsCluster97242B84
- DeploymentConfiguration:
- MaximumPercent: 200
- MinimumHealthyPercent: 50
- DesiredCount: 1
- LaunchType: EC2
- LoadBalancers: []
- PlacementConstraints: []
- PlacementStrategies:
- - Field: attribute:ecs.availability-zone
- Type: spread
- SchedulingStrategy: REPLICA
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/workerService/Service
- LB8A12904C:
- Type: AWS::ElasticLoadBalancingV2::LoadBalancer
- Properties:
- LoadBalancerAttributes: []
- Scheme: internet-facing
- SecurityGroups:
- - Fn::GetAtt:
- - LBSecurityGroup8A41EA2B
- - GroupId
- Subnets:
- - Ref: VpcPublicSubnet1Subnet5C2D37C4
- - Ref: VpcPublicSubnet2Subnet691E08A3
- Type: application
- DependsOn:
- - VpcPublicSubnet1DefaultRoute3DA9E72A
- - VpcPublicSubnet2DefaultRoute97F91067
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/LB/Resource
- LBSecurityGroup8A41EA2B:
- Type: AWS::EC2::SecurityGroup
- Properties:
- GroupDescription: Automatically created Security Group for ELB awsecsintegecsLB84BFA683
- SecurityGroupEgress: []
- SecurityGroupIngress:
- - CidrIp: 0.0.0.0/0
- Description: Allow from anyone on port 80
- FromPort: 80
- IpProtocol: tcp
- ToPort: 80
- VpcId:
- Ref: Vpc8378EB38
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/LB/SecurityGroup/Resource
- LBSecurityGrouptoawsecsintegecsEcsClusterDefaultAutoScalingGroupInstanceSecurityGroupE311641080C26A06F0:
- Type: AWS::EC2::SecurityGroupEgress
- Properties:
- GroupId:
- Fn::GetAtt:
- - LBSecurityGroup8A41EA2B
- - GroupId
- IpProtocol: tcp
- Description: Load balancer to target
- DestinationSecurityGroupId:
- Fn::GetAtt:
- - EcsClusterDefaultAutoScalingGroupInstanceSecurityGroup912E1231
- - GroupId
- FromPort: 80
- ToPort: 80
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/LB/SecurityGroup/to
- awsecsintegecsEcsClusterDefaultAutoScalingGroupInstanceSecurityGroupE3116410:80
- LBPublicListener6E1F3D94:
- Type: AWS::ElasticLoadBalancingV2::Listener
- Properties:
- DefaultActions:
- - TargetGroupArn:
- Ref: LBPublicListenerECSGroupD6A32205
- Type: forward
- LoadBalancerArn:
- Ref: LB8A12904C
- Port: 80
- Protocol: HTTP
- Certificates: []
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/LB/PublicListener/Resource
- LBPublicListenerECSGroupD6A32205:
- Type: AWS::ElasticLoadBalancingV2::TargetGroup
- Properties:
- HealthCheckIntervalSeconds: 60
- HealthCheckPath: /
- HealthCheckTimeoutSeconds: 5
- Port: 80
- Protocol: HTTP
- TargetGroupAttributes: []
- Targets: []
- TargetType: instance
- VpcId:
- Ref: Vpc8378EB38
- Metadata:
- aws:cdk:path: aws-ecs-integ-ecs/LB/PublicListener/ECSGroup/Resource
- CDKMetadata:
- Type: AWS::CDK::Metadata
- Properties:
- Modules: aws-cdk=0.26.0,@aws-cdk/assets=0.26.0,@aws-cdk/assets-docker=0.26.0,@aws-cdk/aws-applicationautoscaling=0.26.0,@aws-cdk/aws-autoscaling=0.26.0,@aws-cdk/aws-autoscaling-common=0.26.0,@aws-cdk/aws-certificatemanager=0.26.0,@aws-cdk/aws-cloudformation=0.26.0,@aws-cdk/aws-cloudwatch=0.26.0,@aws-cdk/aws-codedeploy-api=0.26.0,@aws-cdk/aws-codepipeline-api=0.26.0,@aws-cdk/aws-ec2=0.26.0,@aws-cdk/aws-ecr=0.26.0,@aws-cdk/aws-ecs=0.26.0,@aws-cdk/aws-elasticloadbalancingv2=0.26.0,@aws-cdk/aws-events=0.26.0,@aws-cdk/aws-iam=0.26.0,@aws-cdk/aws-kms=0.26.0,@aws-cdk/aws-lambda=0.26.0,@aws-cdk/aws-logs=0.26.0,@aws-cdk/aws-route53=0.26.0,@aws-cdk/aws-s3=0.26.0,@aws-cdk/aws-s3-notifications=0.26.0,@aws-cdk/aws-sns=0.26.0,@aws-cdk/aws-sqs=0.26.0,@aws-cdk/cdk=0.26.0,@aws-cdk/cx-api=0.26.0,@aws-cdk/region-info=0.26.0,jsii-runtime=node.js/v11.11.0
- Outputs:
- LoadBalancerDNS:
- Value:
- Fn::GetAtt:
- - LB8A12904C
- - DNSName
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement