ufo 4.6.3 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/docs/_docs/extras/notification-arns.md +21 -0
- data/docs/_docs/helpers.md +6 -4
- data/docs/_docs/iam-roles.md +111 -0
- data/docs/_docs/secrets.md +112 -0
- data/docs/_docs/settings/cluster.md +7 -13
- data/docs/_includes/subnav.html +3 -0
- data/docs/_reference/ufo-deploy.md +1 -2
- data/docs/_reference/ufo-logs.md +1 -1
- data/docs/_reference/ufo-rollback.md +2 -0
- data/docs/_reference/ufo-ship.md +1 -2
- data/docs/_reference/ufo-ships.md +1 -2
- data/docs/_reference/ufo-tasks-build.md +1 -2
- data/lib/template/.secrets +3 -0
- data/lib/template/.ufo/settings.yml.tt +1 -0
- data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
- data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
- data/lib/template/.ufo/templates/fargate.json.erb +3 -0
- data/lib/template/.ufo/templates/main.json.erb +3 -0
- data/lib/template/.ufo/variables/base.rb.tt +1 -0
- data/lib/ufo.rb +2 -1
- data/lib/ufo/autoloader.rb +9 -0
- data/lib/ufo/cli.rb +3 -2
- data/lib/ufo/core.rb +1 -9
- data/lib/ufo/docker/cleaner.rb +1 -1
- data/lib/ufo/dsl.rb +6 -1
- data/lib/ufo/dsl/helper.rb +19 -37
- data/lib/ufo/dsl/helper/vars.rb +98 -0
- data/lib/ufo/dsl/outputter.rb +12 -9
- data/lib/ufo/log_group.rb +1 -0
- data/lib/ufo/role/builder.rb +66 -0
- data/lib/ufo/role/dsl.rb +21 -0
- data/lib/ufo/role/registry.rb +24 -0
- data/lib/ufo/rollback.rb +2 -1
- data/lib/ufo/setting/profile.rb +11 -7
- data/lib/ufo/setting/security_groups.rb +22 -0
- data/lib/ufo/settings.rb +20 -0
- data/lib/ufo/stack.rb +24 -24
- data/lib/ufo/stack/builder.rb +26 -0
- data/lib/ufo/stack/builder/base.rb +54 -0
- data/lib/ufo/stack/builder/conditions.rb +23 -0
- data/lib/ufo/stack/builder/outputs.rb +24 -0
- data/lib/ufo/stack/builder/parameters.rb +45 -0
- data/lib/ufo/stack/builder/resources.rb +20 -0
- data/lib/ufo/stack/builder/resources/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/dns.rb +17 -0
- data/lib/ufo/stack/builder/resources/ecs.rb +63 -0
- data/lib/ufo/stack/builder/resources/elb.rb +45 -0
- data/lib/ufo/stack/builder/resources/listener.rb +42 -0
- data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
- data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
- data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
- data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
- data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
- data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
- data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
- data/lib/ufo/stack/context.rb +41 -48
- data/lib/ufo/stack/custom_properties.rb +59 -0
- data/lib/ufo/stack/helper.rb +2 -5
- data/lib/ufo/stack/template_body.rb +13 -0
- data/lib/ufo/task.rb +2 -7
- data/lib/ufo/tasks.rb +1 -1
- data/lib/ufo/tasks/builder.rb +0 -1
- data/lib/ufo/template_scope.rb +1 -66
- data/lib/ufo/utils/squeezer.rb +24 -0
- data/lib/ufo/version.rb +1 -1
- data/spec/fixtures/iam_roles/task_role.rb +17 -0
- data/spec/lib/role/builder_spec.rb +67 -0
- data/spec/lib/role/dsl_spec.rb +12 -0
- data/ufo.gemspec +1 -0
- metadata +57 -3
- data/lib/cfn/stack.yml +0 -283
@@ -0,0 +1,12 @@
|
|
1
|
+
describe Ufo::Role::DSL do
|
2
|
+
let(:dsl) { described_class.new(path) }
|
3
|
+
let(:path) { "spec/fixtures/iam_roles/task_role.rb" }
|
4
|
+
|
5
|
+
context "evaluate" do
|
6
|
+
it "registers policies from role DSL" do
|
7
|
+
dsl.evaluate
|
8
|
+
expect(Ufo::Role::Registry.policies).not_to be_empty
|
9
|
+
expect(Ufo::Role::Registry.managed_policies).not_to be_empty
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/ufo.gemspec
CHANGED
@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_dependency "aws-sdk-ecr"
|
27
27
|
spec.add_dependency "aws-sdk-ecs"
|
28
28
|
spec.add_dependency "aws-sdk-elasticloadbalancingv2"
|
29
|
+
spec.add_dependency "aws_data"
|
29
30
|
spec.add_dependency "rainbow"
|
30
31
|
spec.add_dependency "deep_merge"
|
31
32
|
spec.add_dependency "memoist"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ufo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 5.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-05-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-logs
|
@@ -122,6 +122,20 @@ dependencies:
|
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: aws_data
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
125
139
|
- !ruby/object:Gem::Dependency
|
126
140
|
name: rainbow
|
127
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -337,6 +351,7 @@ files:
|
|
337
351
|
- docs/_docs/extras/ecs-network-mode.md
|
338
352
|
- docs/_docs/extras/load-balancer.md
|
339
353
|
- docs/_docs/extras/minimal-deploy-iam.md
|
354
|
+
- docs/_docs/extras/notification-arns.md
|
340
355
|
- docs/_docs/extras/redirection-support.md
|
341
356
|
- docs/_docs/extras/route53-support.md
|
342
357
|
- docs/_docs/extras/security-groups.md
|
@@ -344,6 +359,7 @@ files:
|
|
344
359
|
- docs/_docs/faq.md
|
345
360
|
- docs/_docs/fargate.md
|
346
361
|
- docs/_docs/helpers.md
|
362
|
+
- docs/_docs/iam-roles.md
|
347
363
|
- docs/_docs/install.md
|
348
364
|
- docs/_docs/more/auto-completion.md
|
349
365
|
- docs/_docs/more/automated-cleanup.md
|
@@ -355,6 +371,7 @@ files:
|
|
355
371
|
- docs/_docs/more/why-cloudformation.md
|
356
372
|
- docs/_docs/next-steps.md
|
357
373
|
- docs/_docs/quick-start-ec2.md
|
374
|
+
- docs/_docs/secrets.md
|
358
375
|
- docs/_docs/settings.md
|
359
376
|
- docs/_docs/settings/aws_profile.md
|
360
377
|
- docs/_docs/settings/cfn.md
|
@@ -493,8 +510,8 @@ files:
|
|
493
510
|
- docs/utils/test-aws-api-access.rb
|
494
511
|
- docs/utils/update-cert-chains.sh
|
495
512
|
- exe/ufo
|
496
|
-
- lib/cfn/stack.yml
|
497
513
|
- lib/template/.env
|
514
|
+
- lib/template/.secrets
|
498
515
|
- lib/template/.ufo/params.yml.tt
|
499
516
|
- lib/template/.ufo/settings.yml.tt
|
500
517
|
- lib/template/.ufo/settings/cfn/default.yml.tt
|
@@ -535,6 +552,7 @@ files:
|
|
535
552
|
- lib/ufo/docker/variables.rb
|
536
553
|
- lib/ufo/dsl.rb
|
537
554
|
- lib/ufo/dsl/helper.rb
|
555
|
+
- lib/ufo/dsl/helper/vars.rb
|
538
556
|
- lib/ufo/dsl/outputter.rb
|
539
557
|
- lib/ufo/dsl/task_definition.rb
|
540
558
|
- lib/ufo/ecr/auth.rb
|
@@ -586,16 +604,45 @@ files:
|
|
586
604
|
- lib/ufo/ps.rb
|
587
605
|
- lib/ufo/ps/task.rb
|
588
606
|
- lib/ufo/releases.rb
|
607
|
+
- lib/ufo/role/builder.rb
|
608
|
+
- lib/ufo/role/dsl.rb
|
609
|
+
- lib/ufo/role/registry.rb
|
589
610
|
- lib/ufo/rollback.rb
|
590
611
|
- lib/ufo/scale.rb
|
591
612
|
- lib/ufo/sequence.rb
|
592
613
|
- lib/ufo/setting.rb
|
593
614
|
- lib/ufo/setting/profile.rb
|
615
|
+
- lib/ufo/setting/security_groups.rb
|
616
|
+
- lib/ufo/settings.rb
|
594
617
|
- lib/ufo/ship.rb
|
595
618
|
- lib/ufo/stack.rb
|
619
|
+
- lib/ufo/stack/builder.rb
|
620
|
+
- lib/ufo/stack/builder/base.rb
|
621
|
+
- lib/ufo/stack/builder/conditions.rb
|
622
|
+
- lib/ufo/stack/builder/outputs.rb
|
623
|
+
- lib/ufo/stack/builder/parameters.rb
|
624
|
+
- lib/ufo/stack/builder/resources.rb
|
625
|
+
- lib/ufo/stack/builder/resources/base.rb
|
626
|
+
- lib/ufo/stack/builder/resources/dns.rb
|
627
|
+
- lib/ufo/stack/builder/resources/ecs.rb
|
628
|
+
- lib/ufo/stack/builder/resources/elb.rb
|
629
|
+
- lib/ufo/stack/builder/resources/listener.rb
|
630
|
+
- lib/ufo/stack/builder/resources/listener_ssl.rb
|
631
|
+
- lib/ufo/stack/builder/resources/roles/base.rb
|
632
|
+
- lib/ufo/stack/builder/resources/roles/execution_role.rb
|
633
|
+
- lib/ufo/stack/builder/resources/roles/task_role.rb
|
634
|
+
- lib/ufo/stack/builder/resources/security_group/base.rb
|
635
|
+
- lib/ufo/stack/builder/resources/security_group/ecs.rb
|
636
|
+
- lib/ufo/stack/builder/resources/security_group/ecs_rule.rb
|
637
|
+
- lib/ufo/stack/builder/resources/security_group/elb.rb
|
638
|
+
- lib/ufo/stack/builder/resources/target_group.rb
|
639
|
+
- lib/ufo/stack/builder/resources/task_definition.rb
|
640
|
+
- lib/ufo/stack/builder/resources/task_definition/reconstructor.rb
|
596
641
|
- lib/ufo/stack/context.rb
|
642
|
+
- lib/ufo/stack/custom_properties.rb
|
597
643
|
- lib/ufo/stack/helper.rb
|
598
644
|
- lib/ufo/stack/status.rb
|
645
|
+
- lib/ufo/stack/template_body.rb
|
599
646
|
- lib/ufo/status.rb
|
600
647
|
- lib/ufo/stop.rb
|
601
648
|
- lib/ufo/task.rb
|
@@ -610,6 +657,7 @@ files:
|
|
610
657
|
- lib/ufo/upgrade/upgrade4.rb
|
611
658
|
- lib/ufo/upgrade/upgrade43to45.rb
|
612
659
|
- lib/ufo/util.rb
|
660
|
+
- lib/ufo/utils/squeezer.rb
|
613
661
|
- lib/ufo/version.rb
|
614
662
|
- spec/fixtures/apps/describe_services.json
|
615
663
|
- spec/fixtures/cfn/stack-events-complete.json
|
@@ -621,6 +669,7 @@ files:
|
|
621
669
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
622
670
|
- spec/fixtures/home_existing/.aws/config
|
623
671
|
- spec/fixtures/home_existing/.docker/config.json
|
672
|
+
- spec/fixtures/iam_roles/task_role.rb
|
624
673
|
- spec/fixtures/mocks/logs/awslogs.json
|
625
674
|
- spec/fixtures/mocks/logs/no-awslogs.json
|
626
675
|
- spec/fixtures/ps/describe_tasks.json
|
@@ -634,6 +683,8 @@ files:
|
|
634
683
|
- spec/lib/logs_spec.rb
|
635
684
|
- spec/lib/ps_spec.rb
|
636
685
|
- spec/lib/register_spec.rb
|
686
|
+
- spec/lib/role/builder_spec.rb
|
687
|
+
- spec/lib/role/dsl_spec.rb
|
637
688
|
- spec/lib/setting_spec.rb
|
638
689
|
- spec/lib/ship_spec.rb
|
639
690
|
- spec/lib/stack/status_spec.rb
|
@@ -675,6 +726,7 @@ test_files:
|
|
675
726
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
676
727
|
- spec/fixtures/home_existing/.aws/config
|
677
728
|
- spec/fixtures/home_existing/.docker/config.json
|
729
|
+
- spec/fixtures/iam_roles/task_role.rb
|
678
730
|
- spec/fixtures/mocks/logs/awslogs.json
|
679
731
|
- spec/fixtures/mocks/logs/no-awslogs.json
|
680
732
|
- spec/fixtures/ps/describe_tasks.json
|
@@ -688,6 +740,8 @@ test_files:
|
|
688
740
|
- spec/lib/logs_spec.rb
|
689
741
|
- spec/lib/ps_spec.rb
|
690
742
|
- spec/lib/register_spec.rb
|
743
|
+
- spec/lib/role/builder_spec.rb
|
744
|
+
- spec/lib/role/dsl_spec.rb
|
691
745
|
- spec/lib/setting_spec.rb
|
692
746
|
- spec/lib/ship_spec.rb
|
693
747
|
- spec/lib/stack/status_spec.rb
|
data/lib/cfn/stack.yml
DELETED
@@ -1,283 +0,0 @@
|
|
1
|
-
Description: "Ufo ECS stack <%= @stack_name %>"
|
2
|
-
Parameters:
|
3
|
-
# required
|
4
|
-
Vpc:
|
5
|
-
Description: Existing vpc id
|
6
|
-
Type: AWS::EC2::VPC::Id
|
7
|
-
ElbSubnets:
|
8
|
-
Description: Existing subnet ids for ELB
|
9
|
-
Type: List<AWS::EC2::Subnet::Id>
|
10
|
-
EcsSubnets:
|
11
|
-
Description: Existing subnet ids for ECS
|
12
|
-
Type: List<AWS::EC2::Subnet::Id>
|
13
|
-
EcsSecurityGroups:
|
14
|
-
Description: Existing ecs security group ids
|
15
|
-
Type: String
|
16
|
-
Default: ''
|
17
|
-
ElbSecurityGroups:
|
18
|
-
Description: Existing elb security group ids. List with commas.
|
19
|
-
Type: String
|
20
|
-
Default: ''
|
21
|
-
|
22
|
-
ElbTargetGroup:
|
23
|
-
Description: Existing target group
|
24
|
-
Type: String
|
25
|
-
Default: '' # when blank the automatically created TargetGroup is used
|
26
|
-
CreateElb:
|
27
|
-
Description: Create elb
|
28
|
-
Type: String
|
29
|
-
Default: true
|
30
|
-
EcsDesiredCount:
|
31
|
-
Description: Ecs desired count
|
32
|
-
Type: String
|
33
|
-
Default: 1
|
34
|
-
EcsTaskDefinition:
|
35
|
-
Description: Ecs task definition arn
|
36
|
-
Type: String
|
37
|
-
|
38
|
-
# Using to keep state
|
39
|
-
ElbEipIds:
|
40
|
-
Description: ELB EIP Allocation ids to use for network load balancer
|
41
|
-
Type: String
|
42
|
-
Default: ''
|
43
|
-
EcsSchedulingStrategy:
|
44
|
-
Description: The scheduling strategy to use for the service
|
45
|
-
Type: String
|
46
|
-
Default: 'REPLICA'
|
47
|
-
Conditions:
|
48
|
-
CreateElbIsTrue: !Equals [ !Ref CreateElb, true ]
|
49
|
-
ElbTargetGroupIsBlank: !Equals [ !Ref ElbTargetGroup, '' ]
|
50
|
-
CreateTargetGroupIsTrue: !And
|
51
|
-
- !Condition CreateElbIsTrue
|
52
|
-
- !Condition ElbTargetGroupIsBlank
|
53
|
-
ElbSecurityGroupsIsBlank: !Equals [ !Ref ElbSecurityGroups, '' ]
|
54
|
-
EcsSecurityGroupsIsBlank: !Equals [ !Ref EcsSecurityGroups, '' ]
|
55
|
-
EcsDesiredCountIsBlank: !Equals [ !Ref EcsDesiredCount, '' ]
|
56
|
-
Resources:
|
57
|
-
Elb:
|
58
|
-
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
|
59
|
-
Condition: CreateElbIsTrue
|
60
|
-
Properties:
|
61
|
-
<% if ENV['UFO_FORCE_ELB'] -%>
|
62
|
-
# Error: SetSubnets is not supported for load balancers of type 'network'
|
63
|
-
# Happens: When changing subnets for an ELB
|
64
|
-
# Solution: Rename the ELB to force a replacement of it
|
65
|
-
<% random = (0...3).map { (65 + rand(26)).chr }.join.downcase %>
|
66
|
-
Name: <%= "#{@stack_name}-#{random}" %>
|
67
|
-
<% end -%>
|
68
|
-
Type: <%= @elb_type %>
|
69
|
-
Tags:
|
70
|
-
- Key: Name
|
71
|
-
Value: <%= @stack_name %>
|
72
|
-
<% if @elb_type == "application" -%>
|
73
|
-
# Add additional extra security groups if parameters set
|
74
|
-
SecurityGroups: !Split
|
75
|
-
- ','
|
76
|
-
- !If
|
77
|
-
- ElbSecurityGroupsIsBlank
|
78
|
-
- !Ref ElbSecurityGroup
|
79
|
-
- !Join [',', [!Ref ElbSecurityGroups, !Ref ElbSecurityGroup]]
|
80
|
-
<% end -%>
|
81
|
-
<% if @elb_type == "network" && @subnet_mappings && !@subnet_mappings.empty? -%>
|
82
|
-
SubnetMappings:
|
83
|
-
<% @subnet_mappings.each do |allocation_id, subnet_id| -%>
|
84
|
-
- AllocationId: <%= allocation_id %>
|
85
|
-
SubnetId: <%= subnet_id %>
|
86
|
-
<% end -%>
|
87
|
-
<% else -%>
|
88
|
-
Subnets: !Ref ElbSubnets
|
89
|
-
<% end -%>
|
90
|
-
<%= custom_properties(:Elb) %>
|
91
|
-
|
92
|
-
TargetGroup:
|
93
|
-
Type: AWS::ElasticLoadBalancingV2::TargetGroup
|
94
|
-
Condition: CreateTargetGroupIsTrue
|
95
|
-
Properties:
|
96
|
-
VpcId: !Ref Vpc
|
97
|
-
Tags:
|
98
|
-
- Key: Name
|
99
|
-
Value: <%= @stack_name %>
|
100
|
-
<% if ENV['UFO_FORCE_TARGET_GROUP'] -%>
|
101
|
-
# When adding and removing EIPs
|
102
|
-
# Error: TargetGroup cannot be associated with more than one load balancer
|
103
|
-
# Solution: https://forums.aws.amazon.com/thread.jspa?threadID=254544
|
104
|
-
# Note: we truncate the stack name because target group names can be only 32 chars long
|
105
|
-
Name: !Join
|
106
|
-
- '-'
|
107
|
-
- - <%= @stack_name[0..-6] %>
|
108
|
-
- !Select [ 2, !Split [ '-', !GetAtt Elb.LoadBalancerName]]
|
109
|
-
<% end -%>
|
110
|
-
Protocol: <%= @default_target_group_protocol %>
|
111
|
-
<% if @container[:network_mode] == "awsvpc" -%>
|
112
|
-
TargetType: ip
|
113
|
-
<% end -%>
|
114
|
-
<% if @elb_type == "network" && @network_mode == "awsvpc" -%>
|
115
|
-
# target groups with network load balancers need to check the container
|
116
|
-
# port dirtectly and will be using
|
117
|
-
HealthCheckPort: <%= @container[:port] %>
|
118
|
-
<% end -%>
|
119
|
-
<%= custom_properties(:TargetGroup) %>
|
120
|
-
|
121
|
-
Listener:
|
122
|
-
Type: AWS::ElasticLoadBalancingV2::Listener
|
123
|
-
Condition: CreateElbIsTrue
|
124
|
-
Properties:
|
125
|
-
DefaultActions:
|
126
|
-
- Type: forward
|
127
|
-
TargetGroupArn:
|
128
|
-
!If [ElbTargetGroupIsBlank, !Ref TargetGroup, !Ref ElbTargetGroup]
|
129
|
-
LoadBalancerArn: !Ref Elb
|
130
|
-
Protocol: <%= @default_listener_protocol %>
|
131
|
-
<%= custom_properties(:Listener) %>
|
132
|
-
|
133
|
-
<% if @create_listener_ssl -%>
|
134
|
-
ListenerSsl:
|
135
|
-
Type: AWS::ElasticLoadBalancingV2::Listener
|
136
|
-
Condition: CreateElbIsTrue
|
137
|
-
Properties:
|
138
|
-
DefaultActions:
|
139
|
-
- Type: forward
|
140
|
-
TargetGroupArn:
|
141
|
-
!If [ElbTargetGroupIsBlank, !Ref TargetGroup, !Ref ElbTargetGroup]
|
142
|
-
LoadBalancerArn: !Ref Elb
|
143
|
-
Protocol: <%= @default_listener_ssl_protocol %>
|
144
|
-
<%= custom_properties(:ListenerSsl) %>
|
145
|
-
<% end -%>
|
146
|
-
|
147
|
-
<% if @elb_type == "application" -%>
|
148
|
-
ElbSecurityGroup:
|
149
|
-
Type: AWS::EC2::SecurityGroup
|
150
|
-
Condition: CreateElbIsTrue
|
151
|
-
Properties:
|
152
|
-
GroupDescription: Allow http to client host
|
153
|
-
VpcId: !Ref Vpc
|
154
|
-
SecurityGroupIngress:
|
155
|
-
- IpProtocol: tcp
|
156
|
-
FromPort: '<%= cfn[:listener][:port] %>'
|
157
|
-
ToPort: '<%= cfn[:listener][:port] %>'
|
158
|
-
CidrIp: 0.0.0.0/0
|
159
|
-
<% if @create_listener_ssl -%>
|
160
|
-
- IpProtocol: tcp
|
161
|
-
FromPort: '<%= cfn[:listener_ssl][:port] %>'
|
162
|
-
ToPort: '<%= cfn[:listener_ssl][:port] %>'
|
163
|
-
CidrIp: 0.0.0.0/0
|
164
|
-
<% end -%>
|
165
|
-
SecurityGroupEgress:
|
166
|
-
- IpProtocol: tcp
|
167
|
-
FromPort: '0'
|
168
|
-
ToPort: '65535'
|
169
|
-
CidrIp: 0.0.0.0/0
|
170
|
-
Tags:
|
171
|
-
- Key: Name
|
172
|
-
Value: <%= @stack_name %>-elb
|
173
|
-
<%= custom_properties(:ElbSecurityGroup) %>
|
174
|
-
<% end -%>
|
175
|
-
|
176
|
-
Ecs:
|
177
|
-
Type: AWS::ECS::Service
|
178
|
-
<% if @create_elb -%>
|
179
|
-
DependsOn: Listener
|
180
|
-
<% end -%>
|
181
|
-
Properties:
|
182
|
-
Cluster: <%= @cluster %>
|
183
|
-
DesiredCount: !If
|
184
|
-
- EcsDesiredCountIsBlank
|
185
|
-
- !Ref AWS::NoValue
|
186
|
-
- !Ref EcsDesiredCount
|
187
|
-
TaskDefinition: !Ref EcsTaskDefinition
|
188
|
-
<% if pretty_name? -%>
|
189
|
-
ServiceName: <%= @stack_name %>
|
190
|
-
<% end -%>
|
191
|
-
<% if @container[:fargate] -%>
|
192
|
-
LaunchType: FARGATE
|
193
|
-
<% end -%>
|
194
|
-
<% if @container[:network_mode] == "awsvpc" -%>
|
195
|
-
NetworkConfiguration:
|
196
|
-
AwsvpcConfiguration:
|
197
|
-
Subnets: !Ref EcsSubnets # required
|
198
|
-
SecurityGroups: !Split
|
199
|
-
- ','
|
200
|
-
- !If
|
201
|
-
- EcsSecurityGroupsIsBlank
|
202
|
-
- !Ref EcsSecurityGroup
|
203
|
-
- !Join [',', [!Ref EcsSecurityGroups, !Ref EcsSecurityGroup]]
|
204
|
-
<% if @container[:fargate] -%>
|
205
|
-
AssignPublicIp: ENABLED # Works with fargate but doesnt seem to work with non-fargate
|
206
|
-
<% end -%>
|
207
|
-
<% end -%>
|
208
|
-
# Default to port 80 to get template to validate. For worker processes
|
209
|
-
# there is no actual port used.
|
210
|
-
LoadBalancers: !If
|
211
|
-
- CreateTargetGroupIsTrue
|
212
|
-
- - ContainerName: <%= @container[:name] %>
|
213
|
-
ContainerPort: <%= @container[:port] || 80 %>
|
214
|
-
TargetGroupArn: !Ref TargetGroup
|
215
|
-
- !If
|
216
|
-
- ElbTargetGroupIsBlank
|
217
|
-
- []
|
218
|
-
- - ContainerName: <%= @container[:name] %>
|
219
|
-
ContainerPort: <%= @container[:port] || 80 %>
|
220
|
-
TargetGroupArn: !Ref ElbTargetGroup
|
221
|
-
SchedulingStrategy: !Ref EcsSchedulingStrategy
|
222
|
-
<%= custom_properties(:Ecs) %>
|
223
|
-
|
224
|
-
EcsSecurityGroup:
|
225
|
-
Type: AWS::EC2::SecurityGroup
|
226
|
-
Properties:
|
227
|
-
GroupDescription: Allow http to client host
|
228
|
-
VpcId: !Ref Vpc
|
229
|
-
<% if @elb_type == "network" -%>
|
230
|
-
SecurityGroupIngress:
|
231
|
-
- IpProtocol: tcp
|
232
|
-
FromPort: '<%= @container[:port] %>'
|
233
|
-
ToPort: '<%= @container[:port] %>'
|
234
|
-
CidrIp: 0.0.0.0/0
|
235
|
-
Description: docker ephemeral port range for network elb
|
236
|
-
<% end -%>
|
237
|
-
# Outbound access: instance needs access to internet to pull down image
|
238
|
-
# or else get CannotPullContainerError
|
239
|
-
SecurityGroupEgress:
|
240
|
-
- IpProtocol: "-1"
|
241
|
-
CidrIp: 0.0.0.0/0
|
242
|
-
Description: outbound traffic
|
243
|
-
Tags:
|
244
|
-
- Key: Name
|
245
|
-
Value: <%= @stack_name %>
|
246
|
-
<%= custom_properties(:EcsSecurityGroup) %>
|
247
|
-
|
248
|
-
<% if @elb_type == "application" -%>
|
249
|
-
# Allow all traffic from ELB SG to ECS SG
|
250
|
-
EcsSecurityGroupRule:
|
251
|
-
Type: AWS::EC2::SecurityGroupIngress
|
252
|
-
Condition: CreateElbIsTrue
|
253
|
-
Properties:
|
254
|
-
IpProtocol: tcp
|
255
|
-
FromPort: '0'
|
256
|
-
ToPort: '65535'
|
257
|
-
SourceSecurityGroupId: !GetAtt ElbSecurityGroup.GroupId
|
258
|
-
GroupId: !GetAtt EcsSecurityGroup.GroupId
|
259
|
-
Description: application elb access to ecs
|
260
|
-
<%= custom_properties(:EcsSecurityGroupRule) %>
|
261
|
-
<% end -%>
|
262
|
-
<% if @create_route53 -%>
|
263
|
-
Dns:
|
264
|
-
Type: AWS::Route53::RecordSet
|
265
|
-
Properties:
|
266
|
-
Comment: cname to load balancer
|
267
|
-
Type: CNAME
|
268
|
-
TTL: '60' # ttl has special casing
|
269
|
-
ResourceRecords:
|
270
|
-
- !GetAtt Elb.DNSName
|
271
|
-
<%= custom_properties(:Dns) %>
|
272
|
-
<% end -%>
|
273
|
-
|
274
|
-
Outputs:
|
275
|
-
ElbDns:
|
276
|
-
Description: Elb Dns
|
277
|
-
Condition: CreateElbIsTrue
|
278
|
-
Value: !GetAtt Elb.DNSName
|
279
|
-
<% if @create_route53 -%>
|
280
|
-
Route53Dns:
|
281
|
-
Description: Route53 Dns
|
282
|
-
Value: !Ref Dns
|
283
|
-
<% end -%>
|