Last active
January 31, 2019 16:01
-
-
Save li0nel/1e63a84ed1583372c85f2c8324c2e615 to your computer and use it in GitHub Desktop.
CloudFormation stack for the web service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Service: | |
| Type: AWS::ECS::Service | |
| DependsOn: | |
| - ListenerRuleHTTPS | |
| Properties: | |
| Cluster: !Ref Cluster | |
| Role: !Ref ServiceRole | |
| DesiredCount: !Ref DesiredCount | |
| TaskDefinition: !Ref TaskDefinition | |
| LoadBalancers: | |
| - ContainerName: nginx | |
| ContainerPort: 80 | |
| TargetGroupArn: !Ref TargetGroup | |
| ServiceRedirect: | |
| Type: AWS::ECS::Service | |
| DependsOn: | |
| - ListenerRuleHTTP | |
| Properties: | |
| Cluster: !Ref Cluster | |
| Role: !Ref ServiceRole | |
| DesiredCount: 1 | |
| TaskDefinition: !Ref TaskDefinitionRedirectHTTPtoHTTPS | |
| LoadBalancers: | |
| - ContainerName: nginx-to-https | |
| ContainerPort: 80 | |
| TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP | |
| TaskDefinitionRedirectHTTPtoHTTPS: | |
| Type: AWS::ECS::TaskDefinition | |
| Properties: | |
| Family: nginx-to-https | |
| ContainerDefinitions: | |
| - Name: nginx-to-https | |
| Essential: true | |
| Image: getlionel/nginx-to-https | |
| Memory: 128 | |
| PortMappings: | |
| - ContainerPort: 80 | |
| TaskDefinition: | |
| Type: AWS::ECS::TaskDefinition | |
| Properties: | |
| Family: laravel-nginx | |
| ContainerDefinitions: | |
| - Name: nginx | |
| Essential: true | |
| Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "nginx" ] ] ] ] | |
| Memory: 128 | |
| PortMappings: | |
| - ContainerPort: 80 | |
| Links: | |
| - app | |
| LogConfiguration: | |
| LogDriver: awslogs | |
| Options: | |
| awslogs-group: !Ref AWS::StackName | |
| awslogs-region: !Ref AWS::Region | |
| - Name: app | |
| Essential: true | |
| Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "laravel" ] ] ] ] | |
| Memory: 256 | |
| LogConfiguration: | |
| LogDriver: awslogs | |
| Options: | |
| awslogs-group: !Ref AWS::StackName | |
| awslogs-region: !Ref AWS::Region | |
| Environment: | |
| - Name: APP_NAME | |
| Value: Laravel | |
| - Name: APP_ENV | |
| Value: production | |
| - Name: APP_DEBUG | |
| Value: false | |
| - Name: APP_LOG_LEVEL | |
| Value: error | |
| - Name: APP_KEY | |
| Value: base64:h2ASblVGbCXbC1buJ8KToZkKIEY69GSiutkAeGo77B0= | |
| - Name: APP_URL | |
| Value: !Ref APPURL | |
| - Name: DB_CONNECTION | |
| Value: !Ref DBCONNECTION | |
| - Name: DB_HOST | |
| Value: !Ref DBHOST | |
| - Name: DB_PORT | |
| Value: !Ref DBPORT | |
| - Name: DB_DATABASE | |
| Value: !Ref DBDATABASE | |
| - Name: DB_USERNAME | |
| Value: !Ref DBUSERNAME | |
| - Name: DB_PASSWORD | |
| Value: !Ref DBPASSWORD | |
| - Name: CACHE_DRIVER | |
| Value: file | |
| - Name: SESSION_DRIVER | |
| Value: database | |
| - Name: MAIL_DRIVER | |
| Value: !Ref MAILDRIVER | |
| - Name: MAIL_HOST | |
| Value: !Ref MAILHOST | |
| - Name: MAIL_PORT | |
| Value: !Ref MAILPORT | |
| - Name: MAIL_USERNAME | |
| Value: !Ref MAILUSERNAME | |
| - Name: MAIL_PASSWORD | |
| Value: !Ref MAILPASSWORD | |
| - Name: MAIL_FROM_ADDRESS | |
| Value: !Ref MAILFROMADDRESS | |
| - Name: MAIL_FROM_NAME | |
| Value: !Ref MAILFROMNAME | |
| # - Name: ELASTICSEARCH_HOST | |
| # Value: !Ref ELASTICSEARCHHOST | |
| # - Name: ELASTICSEARCH_PORT | |
| # Value: !Ref ELASTICSEARCHPORT | |
| - Name: FILESYSTEM_DRIVER | |
| Value: !Ref FILESYSTEMDRIVER | |
| - Name: AWS_REGION | |
| Value: !Sub ${AWS::Region} | |
| - Name: AWS_BUCKET | |
| Value: !Ref AWSBUCKET | |
| CloudWatchLogsGroup: | |
| Type: AWS::Logs::LogGroup | |
| Properties: | |
| LogGroupName: !Ref AWS::StackName | |
| RetentionInDays: 365 | |
| TargetGroup: | |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| Port: 80 | |
| Protocol: HTTP | |
| Matcher: | |
| HttpCode: 200-301 | |
| HealthCheckIntervalSeconds: 10 | |
| HealthCheckPath: / | |
| HealthCheckProtocol: HTTP | |
| HealthCheckTimeoutSeconds: 5 | |
| HealthyThresholdCount: 2 | |
| TargetGroupRedirectHTTPSToHTTP: | |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| Port: 80 | |
| Protocol: HTTP | |
| Matcher: | |
| HttpCode: 200-301 | |
| HealthCheckIntervalSeconds: 10 | |
| HealthCheckPath: / | |
| HealthCheckProtocol: HTTP | |
| HealthCheckTimeoutSeconds: 5 | |
| HealthyThresholdCount: 2 | |
| ListenerRuleHTTP: | |
| Type: AWS::ElasticLoadBalancingV2::ListenerRule | |
| Properties: | |
| ListenerArn: !Ref ListenerHTTP | |
| Priority: 1 | |
| Conditions: | |
| - Field: path-pattern | |
| Values: | |
| - !Ref Path | |
| Actions: | |
| - TargetGroupArn: !Ref TargetGroupRedirectHTTPSToHTTP | |
| Type: forward | |
| ListenerRuleHTTPS: | |
| Type: AWS::ElasticLoadBalancingV2::ListenerRule | |
| Properties: | |
| ListenerArn: !Ref ListenerHTTPS | |
| Priority: 1 | |
| Conditions: | |
| - Field: path-pattern | |
| Values: | |
| - !Ref Path | |
| Actions: | |
| - TargetGroupArn: !Ref TargetGroup | |
| Type: forward | |
| # This IAM Role grants the service access to register/unregister with the | |
| # Application Load Balancer (ALB). It is based on the default documented here: | |
| # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_IAM_role.html | |
| ServiceRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: !Sub ecs-service-${AWS::StackName} | |
| Path: / | |
| AssumeRolePolicyDocument: | | |
| { | |
| "Statement": [{ | |
| "Effect": "Allow", | |
| "Principal": { "Service": [ "ecs.amazonaws.com" ]}, | |
| "Action": [ "sts:AssumeRole" ] | |
| }] | |
| } | |
| Policies: | |
| - PolicyName: !Sub ecs-service-${AWS::StackName} | |
| PolicyDocument: | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [{ | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:AuthorizeSecurityGroupIngress", | |
| "ec2:Describe*", | |
| "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
| "elasticloadbalancing:Describe*", | |
| "elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
| "elasticloadbalancing:DeregisterTargets", | |
| "elasticloadbalancing:DescribeTargetGroups", | |
| "elasticloadbalancing:DescribeTargetHealth", | |
| "elasticloadbalancing:RegisterTargets" | |
| ], | |
| "Resource": "*" | |
| }] | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment