aodhan-domhnaill · October 29, 2020 01:28
diff --git a/etcd.template.yml b/etcd.template.yml
 AWSTemplateFormatVersion: '2010-09-09'

 Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true

  Namespace:
    Type: 'AWS::ServiceDiscovery::PrivateDnsNamespace'
    Properties:
      Description: ETCD SRV Namespace
      Vpc: !Ref VPC
      Name: etcd.local

  LogGroup:
    Type: 'AWS::Logs::LogGroup'
    Properties:
      RetentionInDays: 14

  ServiceDiscovery:
    Type: 'AWS::ServiceDiscovery::Service'
    Properties:
      Description: !Ref 'AWS::StackName'
      DnsConfig:
        DnsRecords:
        - Type: A
          TTL: 30
        - Type: SRV
          TTL: 30
        NamespaceId: !Ref Namespace
        RoutingPolicy: MULTIVALUE
      HealthCheckCustomConfig:
        FailureThreshold: 1
      Name: _etcd-server._tcp

  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'

  TaskRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service: 'ecs-tasks.amazonaws.com'
          Action: 'sts:AssumeRole'
  
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: !Ref 'AWS::StackName'
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      Cpu: '256'
      Memory: '0.5GB'
      ExecutionRoleArn: !Ref ExecutionRole
      TaskRoleArn: !Ref TaskRole
      ContainerDefinitions:
        - Name: etcd
          Image: quay.io/coreos/etcd:v2.3.8
          PortMappings:
            - ContainerPort: 2379
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Ref AWS::Region
              awslogs-group: !Ref LogGroup
              awslogs-stream-prefix: ecs
          Command: ["--name", "etcd0",
                    "--discovery-srv", "etcd.local",
                    "--initial-advertise-peer-urls", "http://0.0.0.0:2380",
                    "--initial-cluster-token", "etcd-cluster-1",
                    "--initial-cluster-state", "new",
                    "--advertise-client-urls", "http://0.0.0.0:2379",
                    "--listen-client-urls", "http://0.0.0.0:2379",
                    "--listen-peer-urls", "http://0.0.0.0:2380"]

  ServiceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: !Sub '${AWS::StackName}-service'
      VpcId: !Ref VPC
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 2379
        ToPort: 2379
        CidrIp: 10.0.0.0/24

  Subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: VPC
      CidrBlock: 10.0.0.0/24
      MapPublicIpOnLaunch: true

  InternetGateway:
    Type: AWS::EC2::InternetGateway

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC

  Route:
    Type: AWS::EC2::Route
    DependsOn: 
      - InternetGateway
      - AttachGateway
    Properties:
       RouteTableId: !Ref RouteTable
       DestinationCidrBlock: 0.0.0.0/0
       GatewayId: !Ref InternetGateway

  SubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref Subnet
      RouteTableId: !Ref RouteTable

  Cluster:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: etcd
      CapacityProviders:
        - FARGATE
        - FARGATE_SPOT
      DefaultCapacityProviderStrategy:
        - CapacityProvider: FARGATE
          Weight: 1
        - CapacityProvider: FARGATE_SPOT
          Weight: 1


  Service:
    Type: 'AWS::ECS::Service'
    Properties:
      Cluster: !Ref Cluster
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 100
      DesiredCount: 3
      LaunchType: FARGATE
      ServiceRegistries:
      - ContainerName: etcd
        ContainerPort: 2379
        RegistryArn: !GetAtt 'ServiceDiscovery.Arn'
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          SecurityGroups:
            - !Ref ServiceSecurityGroup
          Subnets:
            - !Ref Subnet
      TaskDefinition: !Ref TaskDefinition
	AWSTemplateFormatVersion: '2010-09-09'

	Resources:
	VPC:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: 10.0.0.0/16
	EnableDnsSupport: true
	EnableDnsHostnames: true

	Namespace:
	Type: 'AWS::ServiceDiscovery::PrivateDnsNamespace'
	Properties:
	Description: ETCD SRV Namespace
	Vpc: !Ref VPC
	Name: etcd.local

	LogGroup:
	Type: 'AWS::Logs::LogGroup'
	Properties:
	RetentionInDays: 14

	ServiceDiscovery:
	Type: 'AWS::ServiceDiscovery::Service'
	Properties:
	Description: !Ref 'AWS::StackName'
	DnsConfig:
	DnsRecords:
	- Type: A
	TTL: 30
	- Type: SRV
	TTL: 30
	NamespaceId: !Ref Namespace
	RoutingPolicy: MULTIVALUE
	HealthCheckCustomConfig:
	FailureThreshold: 1
	Name: _etcd-server._tcp

	ExecutionRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Statement:
	- Effect: Allow
	Principal:
	Service: ecs-tasks.amazonaws.com
	Action: 'sts:AssumeRole'
	ManagedPolicyArns:
	- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'

	TaskRole:
	Type: 'AWS::IAM::Role'
	Properties:
	AssumeRolePolicyDocument:
	Statement:
	- Effect: Allow
	Principal:
	Service: 'ecs-tasks.amazonaws.com'
	Action: 'sts:AssumeRole'

	TaskDefinition:
	Type: AWS::ECS::TaskDefinition
	Properties:
	Family: !Ref 'AWS::StackName'
	NetworkMode: awsvpc
	RequiresCompatibilities:
	- FARGATE
	Cpu: '256'
	Memory: '0.5GB'
	ExecutionRoleArn: !Ref ExecutionRole
	TaskRoleArn: !Ref TaskRole
	ContainerDefinitions:
	- Name: etcd
	Image: quay.io/coreos/etcd:v2.3.8
	PortMappings:
	- ContainerPort: 2379
	LogConfiguration:
	LogDriver: awslogs
	Options:
	awslogs-region: !Ref AWS::Region
	awslogs-group: !Ref LogGroup
	awslogs-stream-prefix: ecs
	Command: ["--name", "etcd0",
	"--discovery-srv", "etcd.local",
	"--initial-advertise-peer-urls", "http://0.0.0.0:2380",
	"--initial-cluster-token", "etcd-cluster-1",
	"--initial-cluster-state", "new",
	"--advertise-client-urls", "http://0.0.0.0:2379",
	"--listen-client-urls", "http://0.0.0.0:2379",
	"--listen-peer-urls", "http://0.0.0.0:2380"]

	ServiceSecurityGroup:
	Type: 'AWS::EC2::SecurityGroup'
	Properties:
	GroupDescription: !Sub '${AWS::StackName}-service'
	VpcId: !Ref VPC
	SecurityGroupIngress:
	- IpProtocol: tcp
	FromPort: 2379
	ToPort: 2379
	CidrIp: 10.0.0.0/24

	Subnet:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId:
	Ref: VPC
	CidrBlock: 10.0.0.0/24
	MapPublicIpOnLaunch: true

	InternetGateway:
	Type: AWS::EC2::InternetGateway

	AttachGateway:
	Type: AWS::EC2::VPCGatewayAttachment
	Properties:
	VpcId: !Ref VPC
	InternetGatewayId: !Ref InternetGateway

	RouteTable:
	Type: AWS::EC2::RouteTable
	Properties:
	VpcId: !Ref VPC

	Route:
	Type: AWS::EC2::Route
	DependsOn:
	- InternetGateway
	- AttachGateway
	Properties:
	RouteTableId: !Ref RouteTable
	DestinationCidrBlock: 0.0.0.0/0
	GatewayId: !Ref InternetGateway

	SubnetRouteTableAssociation:
	Type: AWS::EC2::SubnetRouteTableAssociation
	Properties:
	SubnetId: !Ref Subnet
	RouteTableId: !Ref RouteTable

	Cluster:
	Type: 'AWS::ECS::Cluster'
	Properties:
	ClusterName: etcd
	CapacityProviders:
	- FARGATE
	- FARGATE_SPOT
	DefaultCapacityProviderStrategy:
	- CapacityProvider: FARGATE
	Weight: 1
	- CapacityProvider: FARGATE_SPOT
	Weight: 1


	Service:
	Type: 'AWS::ECS::Service'
	Properties:
	Cluster: !Ref Cluster
	DeploymentConfiguration:
	MaximumPercent: 200
	MinimumHealthyPercent: 100
	DesiredCount: 3
	LaunchType: FARGATE
	ServiceRegistries:
	- ContainerName: etcd
	ContainerPort: 2379
	RegistryArn: !GetAtt 'ServiceDiscovery.Arn'
	NetworkConfiguration:
	AwsvpcConfiguration:
	AssignPublicIp: ENABLED
	SecurityGroups:
	- !Ref ServiceSecurityGroup
	Subnets:
	- !Ref Subnet
	TaskDefinition: !Ref TaskDefinition