dmd · September 27, 2022 16:13
diff --git a/gistfile1.txt b/gistfile1.txt
 AWSTemplateFormatVersion: 2010-09-09
 Description: >-
  AWS CloudFormation to create the batch job to run rapidtide-cloud,
  and IAM roles to allow it access to S3 and Secrets.
 Resources:
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.0.0.0/16
  InternetGateway:
    Type: 'AWS::EC2::InternetGateway'
  RouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
  VPCGatewayAttachment:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  SecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: EC2 Security Group for instances launched in the VPC by Batch
      VpcId: !Ref VPC
  Subnet:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: 10.0.0.0/24
      VpcId: !Ref VPC
      MapPublicIpOnLaunch: 'True'
  Route:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref RouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  SubnetRouteTableAssociation:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref RouteTable
      SubnetId: !Ref Subnet
  SecretsAndS3AccessRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: batch.amazonaws.com
            Action: 'sts:AssumeRole'
          - Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action: 'sts:AssumeRole'
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/SecretsManagerReadWrite'
        - 'arn:aws:iam::aws:policy/AmazonS3FullAccess'
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
  BatchServiceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: batch.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole'
  IamInstanceProfile:
    Type: 'AWS::IAM::InstanceProfile'
    Properties:
      Roles:
        - !Ref EcsInstanceRole
  EcsInstanceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2008-10-17
        Statement:
          - Sid: ''
            Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - >-
          arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
  JobDefinition:
    Type: 'AWS::Batch::JobDefinition'
    Properties:
      Type: container
      ContainerProperties:
        Image: public.ecr.aws/l0v4l2q2/rapidtide-cloud
        Vcpus: 2
        Memory: 2000
        Command:
          - /simple-cp-test
          - 100307
        Privileged: true
        JobRoleArn: !Ref SecretsAndS3AccessRole
      RetryStrategy:
        Attempts: 1
      Secret:
        Name: HCP_OPENACCESS_SECRET
        ValueFrom: arn:aws:secretsmanager:us-east-1:256268712194:secret:HCP_OPENACCESS-zSQVSQ
  JobQueue:
    Type: 'AWS::Batch::JobQueue'
    Properties:
      Priority: 1
      ComputeEnvironmentOrder:
        - Order: 1
          ComputeEnvironment: !Ref ComputeEnvironment
  ComputeEnvironment:
    Type: 'AWS::Batch::ComputeEnvironment'
    Properties:
      Type: MANAGED
      ComputeResources:
        Type: EC2
        MinvCpus: 0
        DesiredvCpus: 0
        MaxvCpus: 64
        InstanceTypes:
          - optimal
        Subnets:
          - !Ref Subnet
        SecurityGroupIds:
          - !Ref SecurityGroup
        InstanceRole: !Ref IamInstanceProfile
      ServiceRole: !Ref BatchServiceRole
 Outputs:
  ComputeEnvironmentArn:
    Value: !Ref ComputeEnvironment
  JobQueueArn:
    Value: !Ref JobQueue
  JobDefinitionArn:
    Value: !Ref JobDefinition
	AWSTemplateFormatVersion: 2010-09-09
	Description: >-
	AWS CloudFormation to create the batch job to run rapidtide-cloud,
	and IAM roles to allow it access to S3 and Secrets.
	Resources:
	VPC:
	Type: 'AWS::EC2::VPC'
	Properties:
	CidrBlock: 10.0.0.0/16
	InternetGateway:
	Type: 'AWS::EC2::InternetGateway'
	RouteTable:
	Type: 'AWS::EC2::RouteTable'
	Properties:
	VpcId: !Ref VPC
	VPCGatewayAttachment:
	Type: 'AWS::EC2::VPCGatewayAttachment'
	Properties:
	VpcId: !Ref VPC
	InternetGatewayId: !Ref InternetGateway
	SecurityGroup:
	Type: 'AWS::EC2::SecurityGroup'
	Properties:
	GroupDescription: EC2 Security Group for instances launched in the VPC by Batch
	VpcId: !Ref VPC
	Subnet:
	Type: 'AWS::EC2::Subnet'
	Properties:
	CidrBlock: 10.0.0.0/24
	VpcId: !Ref VPC
	MapPublicIpOnLaunch: 'True'
	Route:
	Type: 'AWS::EC2::Route'
	Properties:
	RouteTableId: !Ref RouteTable
	DestinationCidrBlock: 0.0.0.0/0
	GatewayId: !Ref InternetGateway
	SubnetRouteTableAssociation:
	Type: 'AWS::EC2::SubnetRouteTableAssociation'
	Properties:
	RouteTableId: !Ref RouteTable
	SubnetId: !Ref Subnet
	SecretsAndS3AccessRole:
	Type: 'AWS::IAM::Role'
	Properties:
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service: batch.amazonaws.com
	Action: 'sts:AssumeRole'
	- Effect: Allow
	Principal:
	Service: ec2.amazonaws.com
	Action: 'sts:AssumeRole'
	- Effect: Allow
	Principal:
	Service: ecs-tasks.amazonaws.com
	Action: 'sts:AssumeRole'
	ManagedPolicyArns:
	- 'arn:aws:iam::aws:policy/SecretsManagerReadWrite'
	- 'arn:aws:iam::aws:policy/AmazonS3FullAccess'
	- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
	BatchServiceRole:
	Type: 'AWS::IAM::Role'
	Properties:
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service: batch.amazonaws.com
	Action: 'sts:AssumeRole'
	ManagedPolicyArns:
	- 'arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole'
	IamInstanceProfile:
	Type: 'AWS::IAM::InstanceProfile'
	Properties:
	Roles:
	- !Ref EcsInstanceRole
	EcsInstanceRole:
	Type: 'AWS::IAM::Role'
	Properties:
	AssumeRolePolicyDocument:
	Version: 2008-10-17
	Statement:
	- Sid: ''
	Effect: Allow
	Principal:
	Service: ec2.amazonaws.com
	Action: 'sts:AssumeRole'
	ManagedPolicyArns:
	- >-
	arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
	JobDefinition:
	Type: 'AWS::Batch::JobDefinition'
	Properties:
	Type: container
	ContainerProperties:
	Image: public.ecr.aws/l0v4l2q2/rapidtide-cloud
	Vcpus: 2
	Memory: 2000
	Command:
	- /simple-cp-test
	- 100307
	Privileged: true
	JobRoleArn: !Ref SecretsAndS3AccessRole
	RetryStrategy:
	Attempts: 1
	Secret:
	Name: HCP_OPENACCESS_SECRET
	ValueFrom: arn:aws:secretsmanager:us-east-1:256268712194:secret:HCP_OPENACCESS-zSQVSQ
	JobQueue:
	Type: 'AWS::Batch::JobQueue'
	Properties:
	Priority: 1
	ComputeEnvironmentOrder:
	- Order: 1
	ComputeEnvironment: !Ref ComputeEnvironment
	ComputeEnvironment:
	Type: 'AWS::Batch::ComputeEnvironment'
	Properties:
	Type: MANAGED
	ComputeResources:
	Type: EC2
	MinvCpus: 0
	DesiredvCpus: 0
	MaxvCpus: 64
	InstanceTypes:
	- optimal
	Subnets:
	- !Ref Subnet
	SecurityGroupIds:
	- !Ref SecurityGroup
	InstanceRole: !Ref IamInstanceProfile
	ServiceRole: !Ref BatchServiceRole
	Outputs:
	ComputeEnvironmentArn:
	Value: !Ref ComputeEnvironment
	JobQueueArn:
	Value: !Ref JobQueue
	JobDefinitionArn:
	Value: !Ref JobDefinition