mcalavera81 · March 20, 2021 16:23
diff --git a/Fargate EFS Stack b/Fargate EFS Stack
 import * as ec2 from '@aws-cdk/aws-ec2';
 import {DockerImageAsset} from '@aws-cdk/aws-ecr-assets';
 import * as ecs from "@aws-cdk/aws-ecs";
 import {FargatePlatformVersion} from "@aws-cdk/aws-ecs";
 import * as ecs_patterns from '@aws-cdk/aws-ecs-patterns';
 import * as efs from "@aws-cdk/aws-efs";
 import {AccessPoint} from "@aws-cdk/aws-efs";
 import {RetentionDays} from "@aws-cdk/aws-logs";
 import * as route53 from '@aws-cdk/aws-route53';
 import * as cdk from "@aws-cdk/core";
 import {Duration} from "@aws-cdk/core";
 import * as path from 'path';

 export class FargateEfsStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const vpc = ec2.Vpc.fromLookup(this, 'MyVpc', {vpcId: <VPC_ID>});
    const ecsCluster = new ecs.Cluster(this, 'DefaultEcsCluster', {vpc: vpc});

    const hostedZone = route53.HostedZone.fromLookup(this, 'Zone', {domainName: "<DOMAIN_NAME>"});

    const sg = new ec2.SecurityGroup(this, 'SG', {vpc: vpc, allowAllOutbound: false})
    sg.addIngressRule(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(2049), 'efs')

    const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', {
      vpc: vpc,
      encrypted: true,
      performanceMode: efs.PerformanceMode.GENERAL_PURPOSE,
      securityGroup: sg,
      removalPolicy: cdk.RemovalPolicy.DESTROY
    });

    /********************** Access Point **************************/

    const efsAccessPoint = new AccessPoint(this, 'AccessPoint', {
      fileSystem: fileSystem,
      posixUser: {gid: '1000', uid: '1000'},
      createAcl: {
        ownerGid: '1000',
        ownerUid: '1000',
        permissions: '755'
      },
      path: '/mappings'
    })

    /******************************************/
    /********************** Task Definition **************************/

    const taskDef = new ecs.FargateTaskDefinition(this, "MyTaskDefinition", {
      memoryLimitMiB: 1024*10,
      cpu: 2048,
    });

    taskDef.addVolume({
      name: "mappings",
      efsVolumeConfiguration: {
        fileSystemId: fileSystem.fileSystemId,
        transitEncryption: "ENABLED",
        authorizationConfig: {
          accessPointId: efsAccessPoint.accessPointId,
          iam: "ENABLED"
        },
      }
    })
    const asset = new DockerImageAsset(this, 'MyBuildImage', {
      directory: path.join(path.dirname(require.main!.filename), '../lib','dockerContext'),
    });

    ecs.ContainerImage.fromAsset('', {repositoryName: "", exclude: []})
    const containerDef = new ecs.ContainerDefinition(this, "MyContainerDefinition", {
      // image: ecs.ContainerImage.fromRegistry("nginx"),
      image: ecs.ContainerImage.fromDockerImageAsset(asset),
      taskDefinition: taskDef,
      logging: new ecs.AwsLogDriver({
        streamPrefix: "myapp", logRetention: RetentionDays.THREE_DAYS})
      //logging: ecs.LogDrivers.awsLogs({ streamPrefix: 'EventDemo' })
    });


    containerDef.addMountPoints({containerPath: "/mappings", readOnly: false, sourceVolume: "mappings"})

    containerDef.addPortMappings({
      containerPort: 8080,
    });
    /*************************************************************/


    /********************** ALB Fargate **************************/
    const albFargateService = new ecs_patterns.ApplicationLoadBalancedFargateService(this, 'MyService', {
      cluster: ecsCluster,
      taskDefinition: taskDef,
      desiredCount: 1,
      domainName: "fargate-efs-cdk.ocdev.io",
      domainZone: hostedZone,
      platformVersion: FargatePlatformVersion.VERSION1_4,
      healthCheckGracePeriod: Duration.minutes(15), // This should be somewhat lower!
      // publicLoadBalancer: false
    });

    // const scalableTarget = albFargateService.service.autoScaleTaskCount({
    //   minCapacity: 1,
    //   maxCapacity: 5,
    // });
    //
    // const targetResponseTime = new cloudwatch.Metric({
    //   namespace: 'AWS/ApplicationELB',
    //   metricName: 'TargetResponseTime',
    //   dimensions:{
    //     LoadBalancer: albFargateService.loadBalancer.loadBalancerFullName
    //   },
    //
    // });
    //
    // scalableTarget.scaleOnMetric('ScaleToLatency', {
    //   metric: targetResponseTime,
    //   scalingSteps: [
    //     { upper: 10, change: -1 },
    //     { lower: 50, change: +1 },
    //     { lower: 70, change: +3 },
    //   ],
    //
    //   // Change this to AdjustmentType.PERCENT_CHANGE_IN_CAPACITY to interpret the
    //   // 'change' numbers before as percentages instead of capacity counts.
    //   adjustmentType: autoscaling.AdjustmentType.CHANGE_IN_CAPACITY,
    // });

    // const namespace = new servicediscovery.HttpNamespace(stack, 'MyNamespace', {
    //   name: 'covfefe',
    // });
    //
    // const service1 = namespace.createService('NonIpService', {
    //   description: 'service registering non-ip instances',
    // });
    //
    // Cloud Map Namespace
    // const namespace = new servicediscovery.PrivateDnsNamespace(stack, 'MyNamespace', {
    //   name: 'mydomain.com',
    //   vpc,
    // });
    //
    // const cloudMapService = namespace.createService('MyCloudMapService', {
    //   dnsRecordType: servicediscovery.DnsRecordType.A,
    //   dnsTtlSec: 300,
    //   customHealthCheck: {
    //     failureThreshold = 1
    //   }
    // });
    //
    // ecsService.enableServiceDiscovery(
    //     dnsRecordType: servicediscovery.DnsRecordType.A,
    //     dnsTtlSec: 300,
    //     customHealthCheck: {
    //   failureThreshold = 1
    // }
    //
    // cluster.addNamespace({ name: "foo.com" })

    albFargateService.targetGroup.configureHealthCheck({
      healthyHttpCodes: "200-499",
    })

    albFargateService.targetGroup.setAttribute('deregistration_delay.timeout_seconds', '30');

    // Override Platform version (until Latest = 1.4.0)
    // const albFargateServiceResource = albFargateService.service.node.findChild('Service') as ecs.CfnService;
    // albFargateServiceResource.addPropertyOverride('PlatformVersion', '1.4.0')

    // Allow access to EFS from Fargate ECS
    fileSystem.connections.allowDefaultPortFrom(albFargateService.service.connections);
    // albFargateService.service.connections.allowFrom(fileSystem, ec2.Port.tcp(2049));
    // albFargateService.service.connections.allowTo(fileSystem, ec2.Port.tcp(2049));
    /*************************************************************/


  }
 }
	import * as ec2 from '@aws-cdk/aws-ec2';
	import {DockerImageAsset} from '@aws-cdk/aws-ecr-assets';
	import * as ecs from "@aws-cdk/aws-ecs";
	import {FargatePlatformVersion} from "@aws-cdk/aws-ecs";
	import * as ecs_patterns from '@aws-cdk/aws-ecs-patterns';
	import * as efs from "@aws-cdk/aws-efs";
	import {AccessPoint} from "@aws-cdk/aws-efs";
	import {RetentionDays} from "@aws-cdk/aws-logs";
	import * as route53 from '@aws-cdk/aws-route53';
	import * as cdk from "@aws-cdk/core";
	import {Duration} from "@aws-cdk/core";
	import * as path from 'path';

	export class FargateEfsStack extends cdk.Stack {
	constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
	super(scope, id, props);

	const vpc = ec2.Vpc.fromLookup(this, 'MyVpc', {vpcId: <VPC_ID>});
	const ecsCluster = new ecs.Cluster(this, 'DefaultEcsCluster', {vpc: vpc});

	const hostedZone = route53.HostedZone.fromLookup(this, 'Zone', {domainName: "<DOMAIN_NAME>"});

	const sg = new ec2.SecurityGroup(this, 'SG', {vpc: vpc, allowAllOutbound: false})
	sg.addIngressRule(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(2049), 'efs')

	const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', {
	vpc: vpc,
	encrypted: true,
	performanceMode: efs.PerformanceMode.GENERAL_PURPOSE,
	securityGroup: sg,
	removalPolicy: cdk.RemovalPolicy.DESTROY
	});

	/******************** Access Point ************************/

	const efsAccessPoint = new AccessPoint(this, 'AccessPoint', {
	fileSystem: fileSystem,
	posixUser: {gid: '1000', uid: '1000'},
	createAcl: {
	ownerGid: '1000',
	ownerUid: '1000',
	permissions: '755'
	},
	path: '/mappings'
	})

	/******************************************/
	/******************** Task Definition ************************/

	const taskDef = new ecs.FargateTaskDefinition(this, "MyTaskDefinition", {
	memoryLimitMiB: 1024*10,
	cpu: 2048,
	});

	taskDef.addVolume({
	name: "mappings",
	efsVolumeConfiguration: {
	fileSystemId: fileSystem.fileSystemId,
	transitEncryption: "ENABLED",
	authorizationConfig: {
	accessPointId: efsAccessPoint.accessPointId,
	iam: "ENABLED"
	},
	}
	})
	const asset = new DockerImageAsset(this, 'MyBuildImage', {
	directory: path.join(path.dirname(require.main!.filename), '../lib','dockerContext'),
	});

	ecs.ContainerImage.fromAsset('', {repositoryName: "", exclude: []})
	const containerDef = new ecs.ContainerDefinition(this, "MyContainerDefinition", {
	// image: ecs.ContainerImage.fromRegistry("nginx"),
	image: ecs.ContainerImage.fromDockerImageAsset(asset),
	taskDefinition: taskDef,
	logging: new ecs.AwsLogDriver({
	streamPrefix: "myapp", logRetention: RetentionDays.THREE_DAYS})
	//logging: ecs.LogDrivers.awsLogs({ streamPrefix: 'EventDemo' })
	});


	containerDef.addMountPoints({containerPath: "/mappings", readOnly: false, sourceVolume: "mappings"})

	containerDef.addPortMappings({
	containerPort: 8080,
	});
	/*************************************************************/


	/******************** ALB Fargate ************************/
	const albFargateService = new ecs_patterns.ApplicationLoadBalancedFargateService(this, 'MyService', {
	cluster: ecsCluster,
	taskDefinition: taskDef,
	desiredCount: 1,
	domainName: "fargate-efs-cdk.ocdev.io",
	domainZone: hostedZone,
	platformVersion: FargatePlatformVersion.VERSION1_4,
	healthCheckGracePeriod: Duration.minutes(15), // This should be somewhat lower!
	// publicLoadBalancer: false
	});

	// const scalableTarget = albFargateService.service.autoScaleTaskCount({
	// minCapacity: 1,
	// maxCapacity: 5,
	// });
	//
	// const targetResponseTime = new cloudwatch.Metric({
	// namespace: 'AWS/ApplicationELB',
	// metricName: 'TargetResponseTime',
	// dimensions:{
	// LoadBalancer: albFargateService.loadBalancer.loadBalancerFullName
	// },
	//
	// });
	//
	// scalableTarget.scaleOnMetric('ScaleToLatency', {
	// metric: targetResponseTime,
	// scalingSteps: [
	// { upper: 10, change: -1 },
	// { lower: 50, change: +1 },
	// { lower: 70, change: +3 },
	// ],
	//
	// // Change this to AdjustmentType.PERCENT_CHANGE_IN_CAPACITY to interpret the
	// // 'change' numbers before as percentages instead of capacity counts.
	// adjustmentType: autoscaling.AdjustmentType.CHANGE_IN_CAPACITY,
	// });

	// const namespace = new servicediscovery.HttpNamespace(stack, 'MyNamespace', {
	// name: 'covfefe',
	// });
	//
	// const service1 = namespace.createService('NonIpService', {
	// description: 'service registering non-ip instances',
	// });
	//
	// Cloud Map Namespace
	// const namespace = new servicediscovery.PrivateDnsNamespace(stack, 'MyNamespace', {
	// name: 'mydomain.com',
	// vpc,
	// });
	//
	// const cloudMapService = namespace.createService('MyCloudMapService', {
	// dnsRecordType: servicediscovery.DnsRecordType.A,
	// dnsTtlSec: 300,
	// customHealthCheck: {
	// failureThreshold = 1
	// }
	// });
	//
	// ecsService.enableServiceDiscovery(
	// dnsRecordType: servicediscovery.DnsRecordType.A,
	// dnsTtlSec: 300,
	// customHealthCheck: {
	// failureThreshold = 1
	// }
	//
	// cluster.addNamespace({ name: "foo.com" })

	albFargateService.targetGroup.configureHealthCheck({
	healthyHttpCodes: "200-499",
	})

	albFargateService.targetGroup.setAttribute('deregistration_delay.timeout_seconds', '30');

	// Override Platform version (until Latest = 1.4.0)
	// const albFargateServiceResource = albFargateService.service.node.findChild('Service') as ecs.CfnService;
	// albFargateServiceResource.addPropertyOverride('PlatformVersion', '1.4.0')

	// Allow access to EFS from Fargate ECS
	fileSystem.connections.allowDefaultPortFrom(albFargateService.service.connections);
	// albFargateService.service.connections.allowFrom(fileSystem, ec2.Port.tcp(2049));
	// albFargateService.service.connections.allowTo(fileSystem, ec2.Port.tcp(2049));
	/*************************************************************/


	}
	}