stax-examples 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 24633f07dfc8e723207c73df66cc4177a4d7013f6f2d41349ce1cf8baeed28ad
-  data.tar.gz: 47dda42ed26b9555691b1ea2abdfcee2d6c42cd808cd668c1fe753f23017bf07
+  metadata.gz: 7b7c15dadab8652e60a5f1e02e5c7647e641ce7106102d04fefc431e002533cb
+  data.tar.gz: 5ec47106c462682025eea3d5e3e9164a5bcfef2c50609f4019d3b78229b22949
 SHA512:
-  metadata.gz: 07c517ecf8372a860bd62e66e0299bcea8684fa7cce6ea5e9ba5918bd3d24314953058d63e8bff6a1f7e3e8efb478d0ea5ece0570cff2670fe22842f7de1d0d5
-  data.tar.gz: 36a6fee26fc2421707121f4b9b45440cadc3e45184d072329312db9de295ceb20166875a55df04be8f915baea63dbe08e24fae4680e322a8680d6f29f6429cf3
+  metadata.gz: 1847b17bb92ada44372d98794bcd271fcc9d5d27a53ccef38cd82751cc891bbb840ccf72f2fe2debf429ebff5c043cbc1c3a775946de8ef457bd5d1bd96986be
+  data.tar.gz: f188684046b8fc61d5b3fad44c30a4c37817bc1c5317948bdd1ba1ca23e83b8fd019527a4429031718d7925397f51cc422062a0acef2670e507134ab7ee72d08

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    stax-examples (0.0.2)
+    stax-examples (0.0.3)
 
 GEM
   remote: https://rubygems.org/

data/Staxfile

@@ -2,3 +2,4 @@
 stack :vpc
 stack :app
 stack :dynamo, include: %w[DynamoDB]
+stack :app, import: :vpc, include: %w[Ecs Alb Logs]

data/lib/generators/dynamo/dynamo_generator.rb

@@ -1,7 +1,7 @@
 module Stax
   module Generators
     class DynamoGenerator < Base
-      desc 'dynamo generator.'
+      desc 'Add dynamo table to new or existing stack'
 
       class_option :stack, type: :string, default: nil, desc: 'stack to install table'
 
@@ -54,22 +54,6 @@ module Stax
         "#{basename} generate #{command_name} TABLENAME"
       end
 
-      # see https://www.rubydoc.info/github/wycats/thor/Thor/Actions for methods
-
-      # def create_file
-      #   create_file(filename) do
-      #     content
-      #   end
-      # end
-
-      # def create_template
-      #   template(src, dest)
-      # end
-
-      # def create_dir
-      #   empty_directory(path)
-      # end
-
     end
   end
 end

data/lib/generators/fargate/fargate_generator.rb

@@ -0,0 +1,39 @@
+module Stax
+  module Generators
+    class FargateGenerator < Base
+      desc 'Create basic ECS Fargate service'
+
+      class_option :stack, type: :string, default: nil, desc: 'stack to install'
+
+      source_root File.expand_path('templates', __dir__)
+
+      attr_accessor :stack, :vpc, :vpcid, :subnetids
+
+      def check_args
+        usage! unless args.empty?
+      end
+
+      def ask_for_options
+        @stack     = options[:stack] || ask('stack to use or create?', default: 'app')
+        @vpc       = ask('vpc stack to connect?', default: 'vpc')
+        @vpcid     = ask("vpc export to import from stack #{vpc}?", default: 'VpcId')
+        @subnetids = ask("subnet export to import from stack #{vpc}?", default: 'SubnetIds')
+      end
+
+      def add_to_staxfile
+        append_to_file 'Staxfile', "stack :#{stack}, import: :#{vpc}, include: %w[Ecs Alb Logs]\n"
+      end
+
+      def add_templates
+        directory '.', 'cf'
+      end
+
+      private
+
+      def self.banner(*args)
+        "#{basename} generate #{command_name}"
+      end
+
+    end
+  end
+end

data/lib/generators/fargate/templates/%stack%.rb.tt

@@ -0,0 +1,19 @@
+description 'fargate stack'
+
+## VPC stack
+parameter :vpc, type: :String
+
+## DNS domain for route53
+# parameter :domain, type: :String, default: 'example.com'
+
+include_template(
+  '<%= stack %>/iam_role_exec.rb',
+  '<%= stack %>/iam_role_task.rb',
+  '<%= stack %>/log_group.rb',
+  '<%= stack %>/security_groups.rb',
+  '<%= stack %>/alb.rb',
+  '<%= stack %>/ecs_cluster.rb',
+  '<%= stack %>/ecs_task.rb',
+  '<%= stack %>/ecs_service.rb',
+  '<%= stack %>/route53.rb',
+)

data/lib/generators/fargate/templates/%stack%/alb.rb.tt

@@ -0,0 +1,59 @@
+resource :Alb, 'AWS::ElasticLoadBalancingV2::LoadBalancer', DependsOn: [:SgAlb, :SgWeb] do
+  subnets Fn::split(',', Fn::import_value(Fn::sub('${<%= vpc %>}-<%= subnetids %>')))
+  security_groups [
+    Fn::ref(:SgAlb),
+    Fn::ref(:SgWeb),
+  ]
+  tag :Name, Fn::ref('AWS::StackName')
+end
+
+resource :AlbTg, 'AWS::ElasticLoadBalancingV2::TargetGroup', DependsOn: :Alb do
+  port 3000                     # container port to connect
+  protocol :HTTP
+  health_check_path '/status'
+  health_check_port 'traffic-port'
+  health_check_protocol :HTTP
+  health_check_interval_seconds 15
+  health_check_timeout_seconds 5
+  healthy_threshold_count 2
+  unhealthy_threshold_count 2
+  target_group_attributes [
+    { Key: 'deregistration_delay.timeout_seconds', Value: 10 }
+  ]
+  vpc_id Fn::import_value(Fn::sub('${<%= vpc %>}-<%= vpcid %>'))
+  target_type :ip
+end
+
+## listen to HTTP on port 80
+resource :Alb80, 'AWS::ElasticLoadBalancingV2::Listener', DependsOn: [:Alb, :AlbTg] do
+  load_balancer_arn Fn::ref(:Alb)
+  port 80
+  protocol :HTTP
+  default_actions [ {Type: :forward, TargetGroupArn: Fn::ref(:AlbTg)} ]
+end
+
+## listen to HTTPS on port 443
+# resource :Alb443, 'AWS::ElasticLoadBalancingV2::Listener', DependsOn: [:Alb, :AlbTg] do
+#   load_balancer_arn Fn::ref(:Alb)
+#   port 443
+#   protocol :HTTPS
+#   ## default cert for requests
+#   certificates [
+#     { CertificateArn: Fn::sub('arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/FIXME') }
+#   ]
+#   ssl_policy 'ELBSecurityPolicy-TLS-1-2-2017-01'
+#   default_actions [ {Type: :forward, TargetGroupArn: Fn::ref(:AlbTg)} ]
+# end
+
+## add extra certs
+# resource :AlbCert, 'AWS::ElasticLoadBalancingV2::ListenerCertificate', DependsOn: :Alb443 do
+#   listener_arn Fn::ref(:Alb443)
+#   certificates [
+#     { CertificateArn: Fn::sub('arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/FIXME') }
+#   ]
+# end
+
+output :AlbArn,        Fn::ref(:Alb), export: Fn::sub('${AWS::StackName}-AlbArn')
+output :AlbName,       Fn::get_att(:Alb, :LoadBalancerName)
+output :AlbDnsName,    Fn::get_att(:Alb, :DNSName)
+output :AlbHostedZone, Fn::get_att(:Alb, :CanonicalHostedZoneID)

data/lib/generators/fargate/templates/%stack%/ecs_cluster.rb.tt

@@ -0,0 +1,5 @@
+resource :EcsCluster, 'AWS::ECS::Cluster' do
+  cluster_name Fn::ref('AWS::StackName')
+end
+
+output :EcsCluster, Fn::ref(:EcsCluster), export: Fn::sub('${AWS::StackName}-EcsCluster')

data/lib/generators/fargate/templates/%stack%/ecs_service.rb.tt

@@ -0,0 +1,31 @@
+## cfer way to check if stack exists
+@stack_exists = !client.stack_cache(client.name).empty?
+
+resource :EcsService, 'AWS::ECS::Service', DependsOn: [:EcsCluster, :EcsTask, :SgWeb, :AlbTg] do
+  cluster Fn::ref(:EcsCluster)
+  deployment_configuration do
+    minimum_healthy_percent 75
+    maximum_percent 200
+  end
+  desired_count(0) unless @stack_exists # 0 on create, preserve value on update
+  launch_type :FARGATE
+  network_configuration do
+    awsvpc_configuration do
+      subnets Fn::split(',', Fn::import_value(Fn::sub('${<%= vpc %>}-<%= subnetids %>')))
+      assign_public_ip :ENABLED
+      security_groups [
+        Fn::ref(:SgWeb)
+      ]
+    end
+  end
+  task_definition Fn::ref(:EcsTask)
+  load_balancers [
+    {
+      ContainerName: :app,
+      ContainerPort: 3000,
+      TargetGroupArn: Fn::ref(:AlbTg),
+    }
+  ]
+end
+
+output :EcsService, Fn::ref(:EcsService), export: Fn::sub('${AWS::StackName}-EcsService')

data/lib/generators/fargate/templates/%stack%/ecs_task.rb.tt

@@ -0,0 +1,31 @@
+resource :EcsTask, 'AWS::ECS::TaskDefinition', DependsOn: [:IamRoleExec, :IamRoleTask, :LogGroup] do
+  cpu 512 # 256 512 1024 2048 4096
+  memory '1GB' # 2-8 times cpu
+  requires_compatibilities [:FARGATE]
+  execution_role_arn Fn::get_att(:IamRoleExec, :Arn)
+  task_role_arn Fn::get_att(:IamRoleTask, :Arn)
+  network_mode :awsvpc
+  container_definitions [
+    {
+      Name: :app,
+      Image: Fn::sub('${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/app:latest'), # FIXME
+      MemoryReservation: 512,
+      # Environment: [
+      # { Name: :STACK_NAME, Value: Fn::ref('AWS::StackName') },
+      # ],
+      PortMappings: [
+        { ContainerPort: 3000 }
+      ],
+      LogConfiguration: {
+        LogDriver: :awslogs,
+        Options: {
+          'awslogs-group'         => Fn::ref(:LogGroup),
+          'awslogs-region'        => Fn::ref('AWS::Region'),
+          'awslogs-stream-prefix' => Fn::ref('AWS::StackName'),
+        }
+      }
+    }
+  ]
+end
+
+output :EcsTask, Fn::ref(:EcsTask)

data/lib/generators/fargate/templates/%stack%/iam_role_exec.rb.tt

@@ -0,0 +1,19 @@
+## permissions needed for ECS agent on Fargate to pull image and exec container
+resource :IamRoleExec, 'AWS::IAM::Role' do
+  path '/'
+  assume_role_policy_document(
+    Version: '2012-10-17',
+    Statement: [
+      {
+        Effect: :Allow,
+        Principal: {
+          Service: 'ecs-tasks.amazonaws.com'
+        },
+        Action: 'sts:AssumeRole'
+      }
+    ]
+  )
+  managed_policy_arns [
+    'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
+  ]
+end

data/lib/generators/fargate/templates/%stack%/iam_role_task.rb.tt

@@ -0,0 +1,18 @@
+## permissions needed for running container
+resource :IamRoleTask, 'AWS::IAM::Role' do
+  path '/'
+  assume_role_policy_document(
+    Version: '2012-10-17',
+    Statement: [
+      {
+        Effect: :Allow,
+        Principal: {
+          Service: 'ecs-tasks.amazonaws.com'
+        },
+        Action: 'sts:AssumeRole'
+      }
+    ]
+  )
+  # managed_policy_arns []
+  # policies []
+end

data/lib/generators/fargate/templates/%stack%/log_group.rb.tt

@@ -0,0 +1,7 @@
+## destination for container logs
+resource :LogGroup, 'AWS::Logs::LogGroup' do
+  log_group_name Fn::sub('/${AWS::StackName}')
+  # retention_in_days 90
+end
+
+output :LogGroup, Fn::ref(:LogGroup)

data/lib/generators/fargate/templates/%stack%/route53.rb.tt

@@ -0,0 +1,16 @@
+# resource :R53, 'AWS::Route53::RecordSetGroup' do
+#   hosted_zone_name Fn::sub('${domain}.')
+#   comment Fn::ref('AWS::StackName')
+#   record_sets [
+#     {
+#       Name: Fn::sub('${AWS::StackName}.${domain}'),
+#       Type: :A,
+#       AliasTarget: {
+#         HostedZoneId: Fn::get_att(:Alb, :CanonicalHostedZoneID),
+#         DNSName:      Fn::get_att(:Alb, :DNSName),
+#       }
+#     }
+#   ]
+# end
+
+# output :DnsRecord, Fn::sub('${AWS::StackName}.${domain}')

data/lib/generators/fargate/templates/%stack%/security_groups.rb.tt

@@ -0,0 +1,32 @@
+## security group for http from internet to ALB
+resource :SgAlb, 'AWS::EC2::SecurityGroup' do
+  group_description 'HTTP access to ALB from internet'
+  vpc_id Fn::import_value(Fn::sub('${<%= vpc %>}-<%= vpcid %>'))
+  security_group_ingress [
+    { CidrIp: '0.0.0.0/0', IpProtocol: :tcp, FromPort: 80,  ToPort: 80 },
+    { CidrIp: '0.0.0.0/0', IpProtocol: :tcp, FromPort: 443, ToPort: 443 },
+  ]
+  security_group_egress [
+    { CidrIp: '0.0.0.0/0', IpProtocol: '-1', FromPort: 0, ToPort: 0 }
+  ]
+  tag :Name, Fn::ref('AWS::StackName')
+end
+
+## security group for http from ALB to containers
+resource :SgWeb, 'AWS::EC2::SecurityGroup' do
+  group_description 'HTTP access from ALB to containers'
+  vpc_id Fn::import_value(Fn::sub('${<%= vpc %>}-<%= vpcid %>'))
+  security_group_egress [
+    { CidrIp: '0.0.0.0/0', IpProtocol: '-1', FromPort: 0, ToPort: 0 }
+  ]
+  tag :Name, Fn::ref('AWS::StackName')
+end
+
+## separate resource so we can point sg to itself
+resource :SgWebIngress, 'AWS::EC2::SecurityGroupIngress', DependsOn: :SgWeb do
+  group_id Fn::ref(:SgWeb)
+  ip_protocol :tcp
+  from_port 0
+  to_port 65535
+  source_security_group_id Fn::ref(:SgWeb)
+end

data/lib/stax/examples/version.rb

@@ -1,5 +1,5 @@
 module Stax
   module Examples
-    VERSION = '0.0.3'
+    VERSION = '0.0.4'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stax-examples
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Richard Lister
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-07 00:00:00.000000000 Z
+date: 2018-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -82,6 +82,17 @@ files:
 - Staxfile
 - lib/generators/dynamo/dynamo_generator.rb
 - lib/generators/dynamo/templates/dyn.rb.tt
+- lib/generators/fargate/fargate_generator.rb
+- lib/generators/fargate/templates/%stack%.rb.tt
+- lib/generators/fargate/templates/%stack%/alb.rb.tt
+- lib/generators/fargate/templates/%stack%/ecs_cluster.rb.tt
+- lib/generators/fargate/templates/%stack%/ecs_service.rb.tt
+- lib/generators/fargate/templates/%stack%/ecs_task.rb.tt
+- lib/generators/fargate/templates/%stack%/iam_role_exec.rb.tt
+- lib/generators/fargate/templates/%stack%/iam_role_task.rb.tt
+- lib/generators/fargate/templates/%stack%/log_group.rb.tt
+- lib/generators/fargate/templates/%stack%/route53.rb.tt
+- lib/generators/fargate/templates/%stack%/security_groups.rb.tt
 - lib/generators/vpc/templates/%stack_name%.rb.tt
 - lib/generators/vpc/templates/%stack_name%/endpoints.rb
 - lib/generators/vpc/templates/%stack_name%/subnets.rb.tt