Created
December 11, 2020 02:46
-
-
Save Burning-Chai/52b257f857979445bc462547d5fb81e3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: Create environment for AWS Fargate. | |
| Parameters: | |
| ProjectCode: | |
| Type: String | |
| VPCCIDR: | |
| Type: String | |
| Default: "10.1.0.0/16" | |
| Front01SubnetCIDR: | |
| Type: String | |
| Default: "10.1.10.0/24" | |
| Front02SubnetCIDR: | |
| Type: String | |
| Default: "10.1.20.0/24" | |
| Front03SubnetCIDR: | |
| Type: String | |
| Default: "10.1.30.0/24" | |
| Back01SubnetCIDR: | |
| Type: String | |
| Default: "10.1.110.0/24" | |
| Back02SubnetCIDR: | |
| Type: String | |
| Default: "10.1.120.0/24" | |
| Back03SubnetCIDR: | |
| Type: String | |
| Default: "10.1.130.0/24" | |
| ECSTaskCPUUnit: | |
| AllowedValues: [ 256, 512, 1024, 2048, 4096 ] | |
| Type: String | |
| Default: "256" # (0.25CPU) | |
| ECSTaskMemory: | |
| AllowedValues: [ 256, 512, 1024, 2048, 4096 ] | |
| Type: String | |
| Default: "512" # (0.5GB) | |
| ECSImageName: | |
| Type: String | |
| Description: "xxxxxxxxxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/xxxxxxxxx:vvvvv" | |
| ECSTaskDesiredCount: | |
| Type: Number | |
| Default: 1 | |
| ContainerPort: | |
| Type: Number | |
| Default: 3000 | |
| Resources: | |
| VPC: | |
| Type: "AWS::EC2::VPC" | |
| Properties: | |
| CidrBlock: !Ref VPCCIDR | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| InstanceTenancy: default | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-vpc" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| InternetGateway: | |
| Type: "AWS::EC2::InternetGateway" | |
| Properties: | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-igw" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| InternetGatewayAttachment: | |
| Type: "AWS::EC2::VPCGatewayAttachment" | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref VPC | |
| Front01Subnet: | |
| Type: "AWS::EC2::Subnet" | |
| Properties: | |
| AvailabilityZone: "ap-northeast-1a" | |
| CidrBlock: !Ref Front01SubnetCIDR | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-front01-subnet" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Front02Subnet: | |
| Type: "AWS::EC2::Subnet" | |
| Properties: | |
| AvailabilityZone: "ap-northeast-1c" | |
| CidrBlock: !Ref Front02SubnetCIDR | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-front02-subnet" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Front03Subnet: | |
| Type: "AWS::EC2::Subnet" | |
| Properties: | |
| AvailabilityZone: "ap-northeast-1d" | |
| CidrBlock: !Ref Front03SubnetCIDR | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-front03-subnet" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back01Subnet: | |
| Type: "AWS::EC2::Subnet" | |
| Properties: | |
| AvailabilityZone: "ap-northeast-1a" | |
| CidrBlock: !Ref Back01SubnetCIDR | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back01-subnet" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back02Subnet: | |
| Type: "AWS::EC2::Subnet" | |
| Properties: | |
| AvailabilityZone: "ap-northeast-1c" | |
| CidrBlock: !Ref Back02SubnetCIDR | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back02-subnet" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back03Subnet: | |
| Type: "AWS::EC2::Subnet" | |
| Properties: | |
| AvailabilityZone: "ap-northeast-1d" | |
| CidrBlock: !Ref Back03SubnetCIDR | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back03-subnet" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Front01RouteTable: | |
| Type: "AWS::EC2::RouteTable" | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-front01-rtb" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Front01Route: | |
| Type: "AWS::EC2::Route" | |
| Properties: | |
| RouteTableId: !Ref Front01RouteTable | |
| DestinationCidrBlock: "0.0.0.0/0" | |
| GatewayId: !Ref InternetGateway | |
| Front01SubnetRouteTableAssociation: | |
| Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| Properties: | |
| SubnetId: !Ref Front01Subnet | |
| RouteTableId: !Ref Front01RouteTable | |
| Front02RouteTable: | |
| Type: "AWS::EC2::RouteTable" | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-front02-rtb" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Front02Route: | |
| Type: "AWS::EC2::Route" | |
| Properties: | |
| RouteTableId: !Ref Front02RouteTable | |
| DestinationCidrBlock: "0.0.0.0/0" | |
| GatewayId: !Ref InternetGateway | |
| Front02SubnetRouteTableAssociation: | |
| Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| Properties: | |
| SubnetId: !Ref Front02Subnet | |
| RouteTableId: !Ref Front02RouteTable | |
| Front03RouteTable: | |
| Type: "AWS::EC2::RouteTable" | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-front03-rtb" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Front03Route: | |
| Type: "AWS::EC2::Route" | |
| Properties: | |
| RouteTableId: !Ref Front03RouteTable | |
| DestinationCidrBlock: "0.0.0.0/0" | |
| GatewayId: !Ref InternetGateway | |
| Front03SubnetRouteTableAssociation: | |
| Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| Properties: | |
| SubnetId: !Ref Front03Subnet | |
| RouteTableId: !Ref Front03RouteTable | |
| Back01NatGatewayElasticIP: | |
| Type: "AWS::EC2::EIP" | |
| Properties: | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back01-nat-eip" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back01NatGateway: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt Back01NatGatewayElasticIP.AllocationId | |
| SubnetId: !Ref Front01Subnet | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back01-nat" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back01RouteTable: | |
| Type: "AWS::EC2::RouteTable" | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back01-rtb" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back01Route: | |
| Type: "AWS::EC2::Route" | |
| Properties: | |
| RouteTableId: !Ref Back01RouteTable | |
| DestinationCidrBlock: "0.0.0.0/0" | |
| NatGatewayId: !Ref Back01NatGateway | |
| Back01SubnetRouteTableAssociation: | |
| Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| Properties: | |
| SubnetId: !Ref Back01Subnet | |
| RouteTableId: !Ref Back01RouteTable | |
| Back02NatGatewayElasticIP: | |
| Type: "AWS::EC2::EIP" | |
| Properties: | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back02-nat-eip" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back02NatGateway: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt Back02NatGatewayElasticIP.AllocationId | |
| SubnetId: !Ref Front02Subnet | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back02-nat" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back02RouteTable: | |
| Type: "AWS::EC2::RouteTable" | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back02-rtb" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back02Route: | |
| Type: "AWS::EC2::Route" | |
| Properties: | |
| RouteTableId: !Ref Back02RouteTable | |
| DestinationCidrBlock: "0.0.0.0/0" | |
| NatGatewayId: !Ref Back02NatGateway | |
| Back02SubnetRouteTableAssociation: | |
| Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| Properties: | |
| SubnetId: !Ref Back02Subnet | |
| RouteTableId: !Ref Back02RouteTable | |
| Back03NatGatewayElasticIP: | |
| Type: "AWS::EC2::EIP" | |
| Properties: | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back03-nat-eip" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back03NatGateway: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt Back03NatGatewayElasticIP.AllocationId | |
| SubnetId: !Ref Front03Subnet | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back03-nat" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back03RouteTable: | |
| Type: "AWS::EC2::RouteTable" | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-back03-rtb" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Back03Route: | |
| Type: "AWS::EC2::Route" | |
| Properties: | |
| RouteTableId: !Ref Back03RouteTable | |
| DestinationCidrBlock: "0.0.0.0/0" | |
| NatGatewayId: !Ref Back03NatGateway | |
| Back03SubnetRouteTableAssociation: | |
| Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| Properties: | |
| SubnetId: !Ref Back03Subnet | |
| RouteTableId: !Ref Back03RouteTable | |
| SecurityGroupALB: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupName: !Sub "${ProjectCode}-alb-sg" | |
| GroupDescription: "for alb" | |
| SecurityGroupIngress: | |
| - | |
| IpProtocol: tcp | |
| FromPort: 80 | |
| ToPort: 80 | |
| CidrIp: '0.0.0.0/0' | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-alb-sg" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| SecurityGroupFargate: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupName: !Sub "${ProjectCode}-fargate-sg" | |
| GroupDescription: "for fargate" | |
| SecurityGroupIngress: | |
| - | |
| IpProtocol: tcp | |
| FromPort: !Ref ContainerPort | |
| ToPort: !Ref ContainerPort | |
| CidrIp: '0.0.0.0/0' | |
| VpcId: !Ref VPC | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-fargate-sg" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| ApplicationElasticLoadBalancer: | |
| Type: "AWS::ElasticLoadBalancingV2::LoadBalancer" | |
| Properties: | |
| IpAddressType: "ipv4" | |
| Name: !Sub "${ProjectCode}-alb" | |
| Scheme: "internet-facing" | |
| SecurityGroups: | |
| - !Ref SecurityGroupALB | |
| Subnets: | |
| - !Ref Front01Subnet | |
| - !Ref Front02Subnet | |
| - !Ref Front03Subnet | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-alb" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| Type: "application" | |
| TargetGroup: | |
| Type: "AWS::ElasticLoadBalancingV2::TargetGroup" | |
| Properties: | |
| VpcId: !Ref VPC | |
| Name: !Sub "${ProjectCode}-elb-tg" | |
| Protocol: HTTP | |
| Port: 80 | |
| TargetType: ip | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-elb-tg" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| ApplicationElasticLoadBalancerListener: | |
| Type: "AWS::ElasticLoadBalancingV2::Listener" | |
| Properties: | |
| DefaultActions: | |
| - | |
| TargetGroupArn: !Ref TargetGroup | |
| Type: forward | |
| LoadBalancerArn: !Ref ApplicationElasticLoadBalancer | |
| Port: 80 | |
| Protocol: HTTP | |
| ECSCluster: | |
| Type: "AWS::ECS::Cluster" | |
| Properties: | |
| ClusterName: !Sub "${ProjectCode}-ecs-cluster" | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-ecs-cluster" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| ECSLogGroup: | |
| Type: "AWS::Logs::LogGroup" | |
| Properties: | |
| LogGroupName: !Sub "/ecs/logs/${ProjectCode}-ecs-log-group" | |
| ECSTaskExecutionRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: !Sub "${ProjectCode}-ECSTaskExecutionRolePolicy" | |
| Path: / | |
| AssumeRolePolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: ecs-tasks.amazonaws.com | |
| Action: sts:AssumeRole | |
| ManagedPolicyArns: | |
| - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-ECSTaskExecutionRolePolicy" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| ECSTaskDefinition: | |
| Type: "AWS::ECS::TaskDefinition" | |
| Properties: | |
| Cpu: !Ref ECSTaskCPUUnit | |
| ExecutionRoleArn: !Ref ECSTaskExecutionRole | |
| Family: !Sub "${ProjectCode}-ecs-task" | |
| Memory: !Ref ECSTaskMemory | |
| NetworkMode: awsvpc | |
| RequiresCompatibilities: | |
| - FARGATE | |
| ContainerDefinitions: | |
| - | |
| Name: !Sub "${ProjectCode}-ecs-container" | |
| Image: !Ref ECSImageName | |
| LogConfiguration: | |
| LogDriver: awslogs | |
| Options: | |
| awslogs-group: !Ref ECSLogGroup | |
| awslogs-region: !Ref "AWS::Region" | |
| awslogs-stream-prefix: "ecs" | |
| MemoryReservation: 128 | |
| PortMappings: | |
| - | |
| HostPort: !Ref ContainerPort | |
| Protocol: tcp | |
| ContainerPort: !Ref ContainerPort | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-ecs-task" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| ECSService: | |
| Type: "AWS::ECS::Service" | |
| DependsOn: ApplicationElasticLoadBalancerListener | |
| Properties: | |
| Cluster: !Ref ECSCluster | |
| DesiredCount: !Ref ECSTaskDesiredCount | |
| LaunchType: FARGATE | |
| LoadBalancers: | |
| - | |
| TargetGroupArn: !Ref TargetGroup | |
| ContainerPort: 3000 | |
| ContainerName: !Sub "${ProjectCode}-ecs-container" | |
| NetworkConfiguration: | |
| AwsvpcConfiguration: | |
| AssignPublicIp: "DISABLED" | |
| SecurityGroups: | |
| - !Ref SecurityGroupFargate | |
| Subnets: | |
| - !Ref Back01Subnet | |
| - !Ref Back02Subnet | |
| - !Ref Back03Subnet | |
| ServiceName: !Sub "${ProjectCode}-ecs-service" | |
| TaskDefinition: !Ref ECSTaskDefinition | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Sub "${ProjectCode}-ecs-service" | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode | |
| ResourceGroups: | |
| Type: "AWS::ResourceGroups::Group" | |
| Properties: | |
| Name: !Ref ProjectCode | |
| ResourceQuery: | |
| Query: | |
| TagFilters: | |
| - | |
| Key: "ResourceGroupName" | |
| Values: | |
| - !Ref ProjectCode | |
| Type: "TAG_FILTERS_1_0" | |
| Tags: | |
| - | |
| Key: Name | |
| Value: !Ref ProjectCode | |
| - | |
| Key: ResourceGroupName | |
| Value: !Ref ProjectCode |
Author
Burning-Chai
commented
Dec 11, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment