SHARE
TWEET

Untitled

a guest Oct 14th, 2019 110 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Resources:
  2.   LogstashBucket:
  3.     Type: AWS::S3::Bucket
  4.     Properties:
  5.       BucketName: !Ref S3BucketName
  6.       BucketEncryption:
  7.         ServerSideEncryptionConfiguration:
  8.           -
  9.             ServerSideEncryptionByDefault:
  10.               SSEAlgorithm: AES256
  11.       PublicAccessBlockConfiguration:
  12.         BlockPublicAcls: true
  13.         BlockPublicPolicy: true
  14.         IgnorePublicAcls: true
  15.         RestrictPublicBuckets: true
  16.       AccessControl: Private
  17.   LogstashBucketPolicyPut:
  18.     Type: AWS::S3::BucketPolicy
  19.     Properties:
  20.       Bucket: !Ref LogstashBucket
  21.       PolicyDocument:
  22.         Statement:
  23.        -
  24.           Effect: "Allow"
  25.           # Only allow container services to put files to this bucket, despite the bucket being private.
  26.           Principal:
  27.             Service:
  28.               - "ecs-tasks.amazonaws.com"
  29.           Action: "s3:PutObject"
  30.           Resource:
  31.             Fn::Join:
  32.             - ""
  33.             -   - "arn:aws:s3:::"
  34.                 - !Ref LogstashBucket
  35.                 - "/*"  
  36.           #Condition: ArnEquals: !GetAtt LogstashTaskDef.Arn  
  37.   LogstashPolicyPutToS3:
  38.     Type: AWS::IAM::ManagedPolicy
  39.     Properties:
  40.       ManagedPolicyName: "LogstashPolicyPutToS3"
  41.       PolicyDocument:
  42.         Version: "2012-10-17"
  43.         Statement:
  44.         -
  45.           Effect: "Allow"
  46.           Action: "s3:PutObject"
  47.           Resource: !GetAtt LogstashBucket.Arn    
  48.   LogstashRolePutToS3:
  49.     Type: AWS::IAM::Role
  50.     Properties:
  51.       AssumeRolePolicyDocument:
  52.         Version: "2012-10-17"
  53.         Statement:
  54.          -
  55.             Effect: "Allow"
  56.             Principal:
  57.               Service:
  58.                 - "ecs-tasks.amazonaws.com"
  59.             Action: "sts:AssumeRole"
  60.       ManagedPolicyArns:
  61.         - !Ref LogstashPolicyPutToS3
  62.       RoleName: "LogstashRolePutToS3"
  63. LogstashTaskDef:
  64.     Type: AWS::ECS::TaskDefinition
  65.     Properties:
  66.       NetworkMode: awsvpc
  67.       RequiresCompatibilities:
  68.         - FARGATE
  69.       Cpu: !Ref ContainerCPU
  70.       Memory: !Ref ContainerMemory  
  71.       ExecutionRoleArn: !Ref RoleECSExecution                                      
  72.       TaskRoleArn: !Ref LogstashRolePutToS3
  73.       ContainerDefinitions:
  74.         -
  75.           Name: !Ref LogstashContainerName
  76.           Image: !Ref ImageUrl
  77.           PortMappings:
  78.            -
  79.               ContainerPort: !Ref SyslogInputPort
  80.               HostPort: !Ref SyslogInputPort
  81.           LogConfiguration:
  82.             LogDriver: awslogs
  83.             Options:
  84.               awslogs-region: !Ref AWS::Region
  85.               awslogs-group: !Ref LogGroup
  86.               awslogs-stream-prefix: ecs
  87.           Environment:
  88.             - Name: S3_BUCKET_BUCKETNAME
  89.               Value: !Ref S3BucketName
  90.             - Name: S3_BUCKET_CANNED_ACL
  91.               Value: !Ref S3BucketCannedACL
  92.             - Name: SYSLOG_INPUT_PORT
  93.               Value: !Ref SyslogInputPort
  94.             - Name: S3_BUCKET_REGION
  95.               Value: !Ref S3BucketRegion
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top