ufo 4.6.1 → 5.0.2

data/lib/cfn/stack.yml

@@ -1,283 +0,0 @@
-Description: "Ufo ECS stack <%= @stack_name %>"
-Parameters:
-  # required
-  Vpc:
-    Description: Existing vpc id
-    Type: AWS::EC2::VPC::Id
-  ElbSubnets:
-    Description: Existing subnet ids for ELB
-    Type: List<AWS::EC2::Subnet::Id>
-  EcsSubnets:
-    Description: Existing subnet ids for ECS
-    Type: List<AWS::EC2::Subnet::Id>
-  EcsSecurityGroups:
-    Description: Existing ecs security group ids
-    Type: String
-    Default: ''
-  ElbSecurityGroups:
-    Description: Existing elb security group ids. List with commas.
-    Type: String
-    Default: ''
-
-  ElbTargetGroup:
-    Description: Existing target group
-    Type: String
-    Default: '' # when blank the automatically created TargetGroup is used
-  CreateElb:
-    Description: Create elb
-    Type: String
-    Default: true
-  EcsDesiredCount:
-    Description: Ecs desired count
-    Type: String
-    Default: 1
-  EcsTaskDefinition:
-    Description: Ecs task definition arn
-    Type: String
-
-  # Using to keep state
-  ElbEipIds:
-    Description: ELB EIP Allocation ids to use for network load balancer
-    Type: String
-    Default: ''
-  EcsSchedulingStrategy:
-    Description: The scheduling strategy to use for the service
-    Type: String
-    Default: 'REPLICA'
-Conditions:
-  CreateElbIsTrue: !Equals [ !Ref CreateElb, true ]
-  ElbTargetGroupIsBlank: !Equals [ !Ref ElbTargetGroup, '' ]
-  CreateTargetGroupIsTrue: !And
-  - !Condition CreateElbIsTrue
-  - !Condition ElbTargetGroupIsBlank
-  ElbSecurityGroupsIsBlank: !Equals [ !Ref ElbSecurityGroups, '' ]
-  EcsSecurityGroupsIsBlank: !Equals [ !Ref EcsSecurityGroups, '' ]
-  EcsDesiredCountIsBlank: !Equals [ !Ref EcsDesiredCount, '' ]
-Resources:
-  Elb:
-    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
-    Condition: CreateElbIsTrue
-    Properties:
-<% if ENV['UFO_FORCE_ELB'] -%>
-# Error: SetSubnets is not supported for load balancers of type 'network'
-# Happens: When changing subnets for an ELB
-# Solution: Rename the ELB to force a replacement of it
-<% random = (0...3).map { (65 + rand(26)).chr }.join.downcase %>
-      Name: <%= "#{@stack_name}-#{random}" %>
-<% end -%>
-      Type: <%= @elb_type %>
-      Tags:
-      - Key: Name
-        Value: <%= @stack_name %>
-<% if @elb_type == "application" -%>
-      # Add additional extra security groups if parameters set
-      SecurityGroups: !Split
-        - ','
-        - !If
-          - ElbSecurityGroupsIsBlank
-          - !Ref ElbSecurityGroup
-          - !Join [',', [!Ref ElbSecurityGroups, !Ref ElbSecurityGroup]]
-<% end -%>
-<% if @elb_type == "network" && @subnet_mappings && !@subnet_mappings.empty? -%>
-      SubnetMappings:
-<% @subnet_mappings.each do |allocation_id, subnet_id| -%>
-        - AllocationId: <%= allocation_id %>
-          SubnetId: <%= subnet_id %>
-<% end -%>
-<% else -%>
-      Subnets: !Ref ElbSubnets
-<% end -%>
-<%= custom_properties(:Elb) %>
-
-  TargetGroup:
-    Type: AWS::ElasticLoadBalancingV2::TargetGroup
-    Condition: CreateTargetGroupIsTrue
-    Properties:
-      VpcId: !Ref Vpc
-      Tags:
-      - Key: Name
-        Value: <%= @stack_name %>
-<% if ENV['UFO_FORCE_TARGET_GROUP'] -%>
-# When adding and removing EIPs
-# Error: TargetGroup cannot be associated with more than one load balancer
-# Solution: https://forums.aws.amazon.com/thread.jspa?threadID=254544
-# Note: we truncate the stack name because target group names can be only 32 chars long
-      Name: !Join
-      - '-'
-      - - <%= @stack_name[0..-6] %>
-        - !Select [ 2, !Split [ '-', !GetAtt Elb.LoadBalancerName]]
-<% end -%>
-      Protocol: <%= @default_target_group_protocol %>
-<% if @container[:network_mode] == "awsvpc" -%>
-      TargetType: ip
-<% end -%>
-<% if @elb_type == "network" && @network_mode == "awsvpc" -%>
-      # target groups with network load balancers need to check the container
-      # port dirtectly and will be using
-      HealthCheckPort: <%= @container[:port] %>
-<% end -%>
-<%= custom_properties(:TargetGroup) %>
-
-  Listener:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Condition: CreateElbIsTrue
-    Properties:
-      DefaultActions:
-      - Type: forward
-        TargetGroupArn:
-          !If [ElbTargetGroupIsBlank, !Ref TargetGroup, !Ref ElbTargetGroup]
-      LoadBalancerArn: !Ref Elb
-      Protocol: <%= @default_listener_protocol %>
-<%= custom_properties(:Listener) %>
-
-<% if @create_listener_ssl -%>
-  ListenerSsl:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Condition: CreateElbIsTrue
-    Properties:
-      DefaultActions:
-      - Type: forward
-        TargetGroupArn:
-          !If [ElbTargetGroupIsBlank, !Ref TargetGroup, !Ref ElbTargetGroup]
-      LoadBalancerArn: !Ref Elb
-      Protocol: <%= @default_listener_ssl_protocol %>
-<%= custom_properties(:ListenerSsl) %>
-<% end -%>
-
-<% if @elb_type == "application" -%>
-  ElbSecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Condition: CreateElbIsTrue
-    Properties:
-      GroupDescription: Allow http to client host
-      VpcId: !Ref Vpc
-      SecurityGroupIngress:
-      - IpProtocol: tcp
-        FromPort: '<%= cfn[:listener][:port] %>'
-        ToPort: '<%= cfn[:listener][:port] %>'
-        CidrIp: 0.0.0.0/0
-<% if @create_listener_ssl -%>
-      - IpProtocol: tcp
-        FromPort: '<%= cfn[:listener_ssl][:port] %>'
-        ToPort: '<%= cfn[:listener_ssl][:port] %>'
-        CidrIp: 0.0.0.0/0
-<% end -%>
-      SecurityGroupEgress:
-      - IpProtocol: tcp
-        FromPort: '0'
-        ToPort: '65535'
-        CidrIp: 0.0.0.0/0
-      Tags:
-      - Key: Name
-        Value: <%= @stack_name %>-elb
-<%= custom_properties(:ElbSecurityGroup) %>
-<% end -%>
-
-  Ecs:
-    Type: AWS::ECS::Service
-<% if @create_elb -%>
-    DependsOn: Listener
-<% end -%>
-    Properties:
-      Cluster: <%= @cluster %>
-      DesiredCount: !If
-      - EcsDesiredCountIsBlank
-      - !Ref AWS::NoValue
-      - !Ref EcsDesiredCount
-      TaskDefinition: !Ref EcsTaskDefinition
-<% if pretty_name? -%>
-      ServiceName: <%= @stack_name %>
-<% end -%>
-<% if @container[:fargate] -%>
-      LaunchType: FARGATE
-<% end -%>
-<% if @container[:network_mode] == "awsvpc" -%>
-      NetworkConfiguration:
-        AwsvpcConfiguration:
-          Subnets: !Ref EcsSubnets # required
-          SecurityGroups: !Split
-            - ','
-            - !If
-              - EcsSecurityGroupsIsBlank
-              - !Ref EcsSecurityGroup
-              - !Join [',', [!Ref EcsSecurityGroups, !Ref EcsSecurityGroup]]
-<% if @container[:fargate] -%>
-          AssignPublicIp: ENABLED # Works with fargate but doesnt seem to work with non-fargate
-<% end -%>
-<% end -%>
-      # Default to port 80 to get template to validate.  For worker processes
-      # there is no actual port used.
-      LoadBalancers: !If
-      - CreateTargetGroupIsTrue
-      - - ContainerName: <%= @container[:name] %>
-          ContainerPort: <%= @container[:port] || 80 %>
-          TargetGroupArn: !Ref TargetGroup
-      - !If
-        - ElbTargetGroupIsBlank
-        - []
-        - - ContainerName: <%= @container[:name] %>
-            ContainerPort: <%= @container[:port] || 80 %>
-            TargetGroupArn: !Ref ElbTargetGroup
-      SchedulingStrategy: !Ref EcsSchedulingStrategy
-<%= custom_properties(:Ecs) %>
-
-  EcsSecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupDescription: Allow http to client host
-      VpcId: !Ref Vpc
-<% if @elb_type == "network" -%>
-      SecurityGroupIngress:
-      - IpProtocol: tcp
-        FromPort: '<%= @container[:port] %>'
-        ToPort: '<%= @container[:port] %>'
-        CidrIp: 0.0.0.0/0
-        Description: docker ephemeral port range for network elb
-<% end -%>
-      # Outbound access: instance needs access to internet to pull down image
-      # or else get CannotPullContainerError
-      SecurityGroupEgress:
-      - IpProtocol: "-1"
-        CidrIp: 0.0.0.0/0
-        Description: outbound traffic
-      Tags:
-      - Key: Name
-        Value: <%= @stack_name %>
-<%= custom_properties(:EcsSecurityGroup) %>
-
-<% if @elb_type == "application" -%>
-  # Allow all traffic from ELB SG to ECS SG
-  EcsSecurityGroupRule:
-    Type: AWS::EC2::SecurityGroupIngress
-    Condition: CreateElbIsTrue
-    Properties:
-      IpProtocol: tcp
-      FromPort: '0'
-      ToPort: '65535'
-      SourceSecurityGroupId: !GetAtt ElbSecurityGroup.GroupId
-      GroupId: !GetAtt EcsSecurityGroup.GroupId
-      Description: application elb access to ecs
-<%= custom_properties(:EcsSecurityGroupRule) %>
-<% end -%>
-<% if @create_route53 -%>
-  Dns:
-    Type: AWS::Route53::RecordSet
-    Properties:
-      Comment: cname to load balancer
-      Type: CNAME
-      TTL: '60' # ttl has special casing
-      ResourceRecords:
-      - !GetAtt Elb.DNSName
-<%= custom_properties(:Dns) %>
-<% end -%>
-
-Outputs:
-  ElbDns:
-    Description: Elb Dns
-    Condition: CreateElbIsTrue
-    Value: !GetAtt Elb.DNSName
-<% if @create_route53 -%>
-  Route53Dns:
-    Description: Route53 Dns
-    Value: !Ref Dns
-<% end -%>