ufo 4.6.3 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/docs/_docs/extras/notification-arns.md +21 -0
- data/docs/_docs/helpers.md +6 -4
- data/docs/_docs/iam-roles.md +111 -0
- data/docs/_docs/secrets.md +112 -0
- data/docs/_docs/settings/cluster.md +7 -13
- data/docs/_includes/subnav.html +3 -0
- data/docs/_reference/ufo-deploy.md +1 -2
- data/docs/_reference/ufo-logs.md +1 -1
- data/docs/_reference/ufo-rollback.md +2 -0
- data/docs/_reference/ufo-ship.md +1 -2
- data/docs/_reference/ufo-ships.md +1 -2
- data/docs/_reference/ufo-tasks-build.md +1 -2
- data/lib/template/.secrets +3 -0
- data/lib/template/.ufo/settings.yml.tt +1 -0
- data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
- data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
- data/lib/template/.ufo/templates/fargate.json.erb +3 -0
- data/lib/template/.ufo/templates/main.json.erb +3 -0
- data/lib/template/.ufo/variables/base.rb.tt +1 -0
- data/lib/ufo.rb +2 -1
- data/lib/ufo/autoloader.rb +9 -0
- data/lib/ufo/cli.rb +3 -2
- data/lib/ufo/core.rb +1 -9
- data/lib/ufo/docker/cleaner.rb +1 -1
- data/lib/ufo/dsl.rb +6 -1
- data/lib/ufo/dsl/helper.rb +19 -37
- data/lib/ufo/dsl/helper/vars.rb +98 -0
- data/lib/ufo/dsl/outputter.rb +12 -9
- data/lib/ufo/log_group.rb +1 -0
- data/lib/ufo/role/builder.rb +66 -0
- data/lib/ufo/role/dsl.rb +21 -0
- data/lib/ufo/role/registry.rb +24 -0
- data/lib/ufo/rollback.rb +2 -1
- data/lib/ufo/setting/profile.rb +11 -7
- data/lib/ufo/setting/security_groups.rb +22 -0
- data/lib/ufo/settings.rb +20 -0
- data/lib/ufo/stack.rb +24 -24
- data/lib/ufo/stack/builder.rb +26 -0
- data/lib/ufo/stack/builder/base.rb +54 -0
- data/lib/ufo/stack/builder/conditions.rb +23 -0
- data/lib/ufo/stack/builder/outputs.rb +24 -0
- data/lib/ufo/stack/builder/parameters.rb +45 -0
- data/lib/ufo/stack/builder/resources.rb +20 -0
- data/lib/ufo/stack/builder/resources/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/dns.rb +17 -0
- data/lib/ufo/stack/builder/resources/ecs.rb +63 -0
- data/lib/ufo/stack/builder/resources/elb.rb +45 -0
- data/lib/ufo/stack/builder/resources/listener.rb +42 -0
- data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
- data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
- data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
- data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
- data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
- data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
- data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
- data/lib/ufo/stack/context.rb +41 -48
- data/lib/ufo/stack/custom_properties.rb +59 -0
- data/lib/ufo/stack/helper.rb +2 -5
- data/lib/ufo/stack/template_body.rb +13 -0
- data/lib/ufo/task.rb +2 -7
- data/lib/ufo/tasks.rb +1 -1
- data/lib/ufo/tasks/builder.rb +0 -1
- data/lib/ufo/template_scope.rb +1 -66
- data/lib/ufo/utils/squeezer.rb +24 -0
- data/lib/ufo/version.rb +1 -1
- data/spec/fixtures/iam_roles/task_role.rb +17 -0
- data/spec/lib/role/builder_spec.rb +67 -0
- data/spec/lib/role/dsl_spec.rb +12 -0
- data/ufo.gemspec +1 -0
- metadata +57 -3
- data/lib/cfn/stack.yml +0 -283
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ce5c8180b261636a61805a4abc5cbd3d556784f77dbf20ca0f2384d8ab50ae32
|
4
|
+
data.tar.gz: 9d6e1955bd7ca4b35b347c61986af5c92c916410a1d9b43b0d11a76e1dbd4fc3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 60ec0e82534f94e8daffbb9587f22753e4df92a77545ba4f220e0f9f3f1568a7dc0722f32e278f1853160ab477e80b0cfef8dbde6330c0b0af46a3e4695c8bc6
|
7
|
+
data.tar.gz: 4bb7540d47f271ea211b3ade315b6a69fe9d1ce23b2cf0cef82cf2ddb1905d849a6064a08aab07279e623073f985542f8396533aedde86fc0b78a39e99ca8bb0
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,20 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [5.0.0]
|
7
|
+
- #104 adjust logs default format to detailed
|
8
|
+
- #105 major rework: build cfn template with Ruby instead of ERB for new features
|
9
|
+
- #106 secrets support
|
10
|
+
- Codified iam_role support with .ufo/iam_roles files: custom and managed policy support. The ECS Task definition was moved into CloudFormation to support this.
|
11
|
+
- Allow per service security groups
|
12
|
+
- Conventional .ufo/settings cfn and network files based on ufo env
|
13
|
+
- Managed_security_groups_enabled=false setting.yml
|
14
|
+
- Project custom helper methods support
|
15
|
+
- Add image-override option for ufo ship
|
16
|
+
- Notification ARN stack cloudformation support for compliance reasons
|
17
|
+
- update cfn/default to use CamelCase. maintain backward compatibility with underscore. through encourage users to upgrade to CamelCase. There's less mental translation overhead.
|
18
|
+
- remove pretty option: always pretty
|
19
|
+
|
6
20
|
## [4.6.3]
|
7
21
|
- #101 improve ufo init help
|
8
22
|
|
@@ -0,0 +1,21 @@
|
|
1
|
+
---
|
2
|
+
title: Notification ARNs
|
3
|
+
categories: extras
|
4
|
+
nav_order: 99
|
5
|
+
---
|
6
|
+
|
7
|
+
You can specific notification arns for CloudFormation stack related events with [configs/settings.yml]({% link _docs/settings.md %}). This may be useful for compliance purposes.
|
8
|
+
|
9
|
+
## Example
|
10
|
+
|
11
|
+
configs/settings.yml
|
12
|
+
|
13
|
+
```yaml
|
14
|
+
base:
|
15
|
+
notification_arns:
|
16
|
+
- arn:aws:sns:us-west-2:112233445566:my-sns-topic1
|
17
|
+
```
|
18
|
+
|
19
|
+
This will set the `notification_arns` option as the CloudFormation stack created by `ufo ship`.
|
20
|
+
|
21
|
+
{% include prev_next.md %}
|
data/docs/_docs/helpers.md
CHANGED
@@ -9,10 +9,12 @@ For example, one of the helper methods provides the exposed port in the Dockerfi
|
|
9
9
|
|
10
10
|
Helper | Description
|
11
11
|
------------- | -------------
|
12
|
-
full\_image\_name
|
13
|
-
dockerfile\_port
|
14
|
-
env_vars(text)
|
15
|
-
env_file(path)
|
12
|
+
full\_image\_name | The full docker image name that ufo builds. The "base" portion of the docker image name is defined in `settings.yml`. For example, the base portion is `tongueroo/demo-ufo` and the full image name is `tongueroo/demo-ufo:ufo-[timestamp]-[sha]`. The base name does not include the generated Docker tag, which contains a timestamp and git sha of the project.
|
13
|
+
dockerfile\_port | Exposed port extracted from the Dockerfile of the project.
|
14
|
+
env_vars(text) | This method takes a block of text that contains the env values in `key=value` format and converts that block of text to the proper task definition JSON format.
|
15
|
+
env_file(path) | This method takes a `.env` file which contains a simple key-value list of environment variables and converts the list to the proper task definition JSON format.
|
16
|
+
secrets_vars(text) | This method takes a block of text that contains the secrets values in `key=value` format and converts that block of text to the proper task definition JSON format.
|
17
|
+
secrets_file(path) | This method takes a `.secrets` file which contains a simple key-value list of environment variables and converts the list to the proper task definition JSON format.
|
16
18
|
task_definition_name | The name of the task_definition. So if the code looks like this `task_definition "demo-web" do`, the task_definition_name is "demo-web".
|
17
19
|
|
18
20
|
To call the helper in task_definitions.rb you must add `helper.` in front. So `full_image_name` is called via `helper.full_image_name`.
|
@@ -0,0 +1,111 @@
|
|
1
|
+
---
|
2
|
+
title: Task Definition IAM Roles
|
3
|
+
---
|
4
|
+
|
5
|
+
## What are ECS IAM Roles?
|
6
|
+
|
7
|
+
For ECS Task Definitions, you can assign it 2 IAM roles: 1) taskRoleArn and 2) executionRoleArn. It's usually defined in the JSON structure like so:
|
8
|
+
|
9
|
+
```json
|
10
|
+
{
|
11
|
+
"family": "..",
|
12
|
+
"taskRoleArn": "...",
|
13
|
+
"executionRoleArn": "...",
|
14
|
+
"containerDefinitions": [
|
15
|
+
...
|
16
|
+
]
|
17
|
+
}
|
18
|
+
```
|
19
|
+
|
20
|
+
Here's a table that explains the difference between the 2 IAM roles.
|
21
|
+
|
22
|
+
Name | Purpose
|
23
|
+
--- | ---
|
24
|
+
taskRoleArn | This is the role that the ECS task itself uses. So this is what IAM permissions your application has access to. Think about it as the "container role".
|
25
|
+
executionRoleArn | This is the role that the EC2 instance host uses. This allows the EC2 instance to pull from the ECR registry. Think about it as the "host role".
|
26
|
+
|
27
|
+
## How to Assign IAM Roles with UFO
|
28
|
+
|
29
|
+
You can assign an IAM role to the ECS Task definition in ways:
|
30
|
+
|
31
|
+
1. IAM Role with Code (UFO Managed)
|
32
|
+
2. Precreated IAM Role
|
33
|
+
|
34
|
+
## IAM Role with Code (UFO Managed)
|
35
|
+
|
36
|
+
UFO can automatically create the IAM and assign it to the task definition. You create these files so UFO will know to create and manage the IAM roles.
|
37
|
+
|
38
|
+
.ufo/iam_roles/execution_role.rb
|
39
|
+
.ufo/iam_roles/task_role.rb
|
40
|
+
|
41
|
+
### Example 1
|
42
|
+
|
43
|
+
You then use a DSL to create the IAM roles. Here are examples:
|
44
|
+
|
45
|
+
.ufo/iam_roles/execution_role.rb
|
46
|
+
|
47
|
+
```ruby
|
48
|
+
managed_iam_policy("AmazonEC2ContainerRegistryReadOnly")
|
49
|
+
managed_iam_policy("AmazonSSMReadOnlyAccess")
|
50
|
+
managed_iam_policy("CloudWatchLogsFullAccess")
|
51
|
+
managed_iam_policy("SecretsManagerReadWrite")
|
52
|
+
managed_iam_policy("service-role/AmazonECSTaskExecutionRolePolicy")
|
53
|
+
```
|
54
|
+
|
55
|
+
.ufo/iam_roles/task_role.rb
|
56
|
+
|
57
|
+
```ruby
|
58
|
+
iam_policy("AmazonS3ReadOnlyAccess",
|
59
|
+
Action: [
|
60
|
+
"s3:Get*",
|
61
|
+
"s3:List*"
|
62
|
+
],
|
63
|
+
Effect: "Allow",
|
64
|
+
Resource: "*"
|
65
|
+
)
|
66
|
+
iam_policy("CloudwatchWrite",
|
67
|
+
Action: [
|
68
|
+
"cloudwatch:PutMetricData",
|
69
|
+
],
|
70
|
+
Effect: "Allow",
|
71
|
+
Resource: "*"
|
72
|
+
)
|
73
|
+
```
|
74
|
+
|
75
|
+
### Example 2
|
76
|
+
|
77
|
+
You can use the `managed_iam_policy` and `iam_policy` together. You can also group multiple statements in the `iam_policy` declaration.
|
78
|
+
|
79
|
+
.ufo/iam_roles/task_role.rb
|
80
|
+
|
81
|
+
```ruby
|
82
|
+
managed_iam_policy("AmazonSSMManagedInstanceCore")
|
83
|
+
|
84
|
+
iam_policy("custom-policy", [
|
85
|
+
{
|
86
|
+
Action: "ecs:UpdateContainerInstancesState",
|
87
|
+
Resource: "*",
|
88
|
+
Effect: "Allow"
|
89
|
+
},
|
90
|
+
{
|
91
|
+
Action: "sns:Publish",
|
92
|
+
Resource: "*",
|
93
|
+
Effect: "Allow"
|
94
|
+
}
|
95
|
+
])
|
96
|
+
```
|
97
|
+
|
98
|
+
## Pre-Created IAM Role
|
99
|
+
|
100
|
+
You can also assign the task definition `executionRoleArn` with pre-created IAM roles. It looks something like this in the `.ufo/templates/main.json.erb` file:
|
101
|
+
|
102
|
+
```json
|
103
|
+
{
|
104
|
+
"family": "<%= @family %>",
|
105
|
+
"taskRoleArn": "arn:aws:iam::112233445566:role/pre-created-iam-role",
|
106
|
+
"executionRoleArn": "arn:aws:iam::112233445566:role/pre-created-iam-role",
|
107
|
+
"containerDefinitions": [
|
108
|
+
...
|
109
|
+
]
|
110
|
+
}
|
111
|
+
```
|
@@ -0,0 +1,112 @@
|
|
1
|
+
---
|
2
|
+
title: Secrets
|
3
|
+
---
|
4
|
+
|
5
|
+
## What are Secrets?
|
6
|
+
|
7
|
+
[ECS supports injecting secrets or sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) into the the environment as variables. ECS handles the decryption the secrets go straight from AWS to the ECS task environment. It never passes through the machine calling `ufo ship` IE: your laptop, a deploy server, or CodeBuild, etc.
|
8
|
+
|
9
|
+
ECS supports 2 storage backends for secrets:
|
10
|
+
|
11
|
+
1. [Secrets Manager](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-envvar)
|
12
|
+
2. [Systems Manager Parameter Store](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html#secrets-envvar-parameters)
|
13
|
+
|
14
|
+
Here are both of the formats:
|
15
|
+
|
16
|
+
Secrets manager format:
|
17
|
+
|
18
|
+
```json
|
19
|
+
{
|
20
|
+
"containerDefinitions": [{
|
21
|
+
"secrets": [{
|
22
|
+
"name": "environment_variable_name",
|
23
|
+
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name-AbCdEf"
|
24
|
+
}]
|
25
|
+
}]
|
26
|
+
}
|
27
|
+
```
|
28
|
+
|
29
|
+
Parameter store format:
|
30
|
+
|
31
|
+
```json
|
32
|
+
{
|
33
|
+
"containerDefinitions": [{
|
34
|
+
"secrets": [{
|
35
|
+
"name": "environment_variable_name",
|
36
|
+
"valueFrom": "arn:aws:ssm:region:aws_account_id:parameter/parameter_name"
|
37
|
+
}]
|
38
|
+
}]
|
39
|
+
}
|
40
|
+
```
|
41
|
+
|
42
|
+
## UFO Support
|
43
|
+
|
44
|
+
Ufo supports both forms of secrets. You create a `.secrets` file and can reference it in the `.ufo/templates/main.json.erb`
|
45
|
+
|
46
|
+
```json
|
47
|
+
{
|
48
|
+
"family": "<%= @family %>",
|
49
|
+
# ...
|
50
|
+
<% if @secrets %>
|
51
|
+
"secrets": <%= helper.secrets_file(".secrets") %>,
|
52
|
+
<% end %>
|
53
|
+
}
|
54
|
+
```
|
55
|
+
|
56
|
+
The `.secrets` file is like an env file that will understand a secrets-smart format. Example:
|
57
|
+
|
58
|
+
NAME1=SSM:/my/parameter_name
|
59
|
+
NAME2=SECRETSMANAGER:/my/secret_name-AbCdEf
|
60
|
+
|
61
|
+
The `SSM:` and `SECRETSMANAGER:` prefix will be expanded to the full ARN. You can also just specify the full ARN.
|
62
|
+
|
63
|
+
NAME1=arn:aws:ssm:region:aws_account_id:parameter/my/parameter_name
|
64
|
+
NAME2=arn:aws:secretsmanager:region:aws_account_id:secret:my/secret_name-AbCdEf
|
65
|
+
|
66
|
+
In turn, this generates:
|
67
|
+
|
68
|
+
```json
|
69
|
+
{
|
70
|
+
"containerDefinitions": [{
|
71
|
+
"secrets": [
|
72
|
+
{
|
73
|
+
"name": "NAME1",
|
74
|
+
"valueFrom": "arn:aws:ssm:us-west-2:536766270177:parameter/demo/development/foo"
|
75
|
+
},
|
76
|
+
{
|
77
|
+
"name": "NAME2",
|
78
|
+
"valueFrom": "arn:aws:secretsmanager:us-west-2:536766270177:secret:/demo/development/my-secret-test-qRoJel"
|
79
|
+
}
|
80
|
+
]
|
81
|
+
}]
|
82
|
+
}
|
83
|
+
```
|
84
|
+
|
85
|
+
## Substitution
|
86
|
+
|
87
|
+
Ufo also does a simple substition on the value. For example, the `:UFO_ENV` is replaced with the actual value of `UFO_ENV=development`. Example:
|
88
|
+
|
89
|
+
NAME1=SSM:demo/:UFO_ENV/parameter_name
|
90
|
+
NAME2=SECRETSMANAGER:demo/:UFO_ENV/secret_name-AbCdEf
|
91
|
+
|
92
|
+
Expands to:
|
93
|
+
|
94
|
+
NAME1=arn:aws:ssm:region:aws_account_id:parameter/demo/development/parameter_name
|
95
|
+
NAME2=arn:aws:secretsmanager:region:aws_account_id:secret:/demo/development/secret_name-AbCdEf
|
96
|
+
|
97
|
+
## IAM Permission
|
98
|
+
|
99
|
+
If you're using secrets, you'll need to provide an IAM execution role so the EC2 instance has permission to read the secrets. Here's a starter example:
|
100
|
+
|
101
|
+
.ufo/iam_roles/execution_role.rb
|
102
|
+
|
103
|
+
```ruby
|
104
|
+
managed_iam_policy("AmazonEC2ContainerRegistryReadOnly")
|
105
|
+
managed_iam_policy("AmazonSSMReadOnlyAccess")
|
106
|
+
managed_iam_policy("CloudWatchLogsFullAccess")
|
107
|
+
managed_iam_policy("SecretsManagerReadWrite")
|
108
|
+
```
|
109
|
+
|
110
|
+
More info [ECS IAM Roles]({% link _docs/iam-roles.md %})
|
111
|
+
|
112
|
+
{% include prev_next.md %}
|
@@ -11,25 +11,19 @@ Normally, the ECS cluster defaults to whatever UFO_ENV is set to by [convention]
|
|
11
11
|
|
12
12
|
By default, these are all the same:
|
13
13
|
|
14
|
-
|
15
|
-
ufo ship demo-web
|
16
|
-
UFO_ENV=development ufo ship demo-web # same
|
17
|
-
UFO_ENV=development ufo ship demo-web --cluster development # same
|
18
|
-
```
|
14
|
+
ufo ship demo-web
|
15
|
+
UFO_ENV=development ufo ship demo-web # same
|
16
|
+
UFO_ENV=development ufo ship demo-web --cluster development # same
|
19
17
|
|
20
18
|
If you use a specific `UFO_ENV=production`, these are the same
|
21
19
|
|
22
|
-
|
23
|
-
UFO_ENV=production ufo ship demo-web
|
24
|
-
UFO_ENV=production ufo ship demo-web --cluster production # same
|
25
|
-
```
|
20
|
+
UFO_ENV=production ufo ship demo-web
|
21
|
+
UFO_ENV=production ufo ship demo-web --cluster production # same
|
26
22
|
|
27
23
|
Override the convention by explicitly specifying the `--cluster` option in the CLI.
|
28
24
|
|
29
|
-
|
30
|
-
ufo ship demo-web --cluster
|
31
|
-
UFO_ENV=production ufo ship demo-web --cluster production-cluster # override the cluster
|
32
|
-
```
|
25
|
+
ufo ship demo-web --cluster custom-cluster # override the cluster
|
26
|
+
UFO_ENV=production ufo ship demo-web --cluster production-cluster # override the cluster
|
33
27
|
|
34
28
|
The cavaet is that you must remember to specify `--cluster`. A wrapper `bin/deploy` script could be useful here.
|
35
29
|
|
data/docs/_includes/subnav.html
CHANGED
@@ -25,6 +25,8 @@
|
|
25
25
|
</li>
|
26
26
|
<li><a href="{% link _docs/variables.md %}">Shared Variables</a></li>
|
27
27
|
<li><a href="{% link _docs/helpers.md %}">Helpers</a></li>
|
28
|
+
<li><a href="{% link _docs/secrets.md %}">Secrets</a></li>
|
29
|
+
<li><a href="{% link _docs/iam-roles.md %}">IAM Roles</a></li>
|
28
30
|
<li><a href="{% link _docs/conventions.md %}">Conventions</a></li>
|
29
31
|
<li><a href="{% link _docs/ufo-logs.md %}">Ufo Logs</a></li>
|
30
32
|
<li><a href="{% link _docs/ufo-env.md %}">Ufo Env</a></li>
|
@@ -44,6 +46,7 @@
|
|
44
46
|
<li><a href="{% link _docs/extras/minimal-deploy-iam.md %}">Minimal Deploy IAM</a></li>
|
45
47
|
<li><a href="{% link _docs/extras/codebuild-iam-role.md %}">CodeBuild IAM Role</a></li>
|
46
48
|
<li><a href="{% link _docs/extras/dockerfile-erb.md %}">Dockerfile.erb</a></li>
|
49
|
+
<li><a href="{% link _docs/extras/notification-arns.md %}">Notification Arns</a></li>
|
47
50
|
</ul>
|
48
51
|
</li>
|
49
52
|
<li><a href="{% link _docs/upgrading.md %}">Upgrading</a>
|
@@ -58,13 +58,12 @@ A more detailed post is available here: [How to Create Unlimited Extra Environme
|
|
58
58
|
[--elb=ELB] # Decides to create elb, not create elb or use existing target group.
|
59
59
|
[--elb-eip-ids=one two three] # EIP Allocation ids to use for network load balancer.
|
60
60
|
[--elb-type=ELB_TYPE] # ELB type: application or network. Keep current deployed elb type when not specified.
|
61
|
-
[--pretty], [--no-pretty] # Pretty format the json for the task definitions
|
62
|
-
# Default: true
|
63
61
|
[--scheduling-strategy=SCHEDULING_STRATEGY] # Scheduling strategy to use for the service. IE: replica, daemon
|
64
62
|
[--stop-old-tasks], [--no-stop-old-tasks] # Stop old tasks as part of deployment to speed it up
|
65
63
|
[--task=TASK] # ECS task name, to override the task name convention.
|
66
64
|
[--wait], [--no-wait] # Wait for deployment to complete
|
67
65
|
# Default: true
|
66
|
+
[--image-override=IMAGE_OVERRIDE] # Override image in task definition for quick testing
|
68
67
|
[--register], [--no-register] # Register task definition
|
69
68
|
# Default: true
|
70
69
|
[--build], [--no-build] # Build task definition
|
data/docs/_reference/ufo-logs.md
CHANGED
@@ -30,7 +30,7 @@ If you have a current service name set.
|
|
30
30
|
# Default: true
|
31
31
|
[--since=SINCE] # From what time to begin displaying logs. By default, logs will be displayed starting from 1 minutes in the past. The value provided can be an ISO 8601 timestamp or a relative time.
|
32
32
|
[--format=FORMAT] # The format to display the logs. IE: detailed or short. With detailed, the log stream name is also shown.
|
33
|
-
# Default:
|
33
|
+
# Default: detailed
|
34
34
|
[--filter-pattern=FILTER_PATTERN] # The filter pattern to use. If not provided, all the events are matched
|
35
35
|
[--verbose], [--no-verbose]
|
36
36
|
[--mute], [--no-mute]
|
@@ -51,6 +51,8 @@ You only need to specify enough for a match to be found. Ufo searches the 30 mo
|
|
51
51
|
## Options
|
52
52
|
|
53
53
|
```
|
54
|
+
[--wait], [--no-wait] # Wait for deployment to complete
|
55
|
+
# Default: true
|
54
56
|
[--verbose], [--no-verbose]
|
55
57
|
[--mute], [--no-mute]
|
56
58
|
[--noop], [--no-noop]
|
data/docs/_reference/ufo-ship.md
CHANGED
@@ -115,13 +115,12 @@ You can change the scheduling strategy by explicitly specifying it. Otherwise,
|
|
115
115
|
[--elb=ELB] # Decides to create elb, not create elb or use existing target group.
|
116
116
|
[--elb-eip-ids=one two three] # EIP Allocation ids to use for network load balancer.
|
117
117
|
[--elb-type=ELB_TYPE] # ELB type: application or network. Keep current deployed elb type when not specified.
|
118
|
-
[--pretty], [--no-pretty] # Pretty format the json for the task definitions
|
119
|
-
# Default: true
|
120
118
|
[--scheduling-strategy=SCHEDULING_STRATEGY] # Scheduling strategy to use for the service. IE: replica, daemon
|
121
119
|
[--stop-old-tasks], [--no-stop-old-tasks] # Stop old tasks as part of deployment to speed it up
|
122
120
|
[--task=TASK] # ECS task name, to override the task name convention.
|
123
121
|
[--wait], [--no-wait] # Wait for deployment to complete
|
124
122
|
# Default: true
|
123
|
+
[--image-override=IMAGE_OVERRIDE] # Override image in task definition for quick testing
|
125
124
|
[--verbose], [--no-verbose]
|
126
125
|
[--mute], [--no-mute]
|
127
126
|
[--noop], [--no-noop]
|
@@ -55,12 +55,11 @@ Note: The `--task` option is not used with the `ufo ships` command.
|
|
55
55
|
[--elb=ELB] # Decides to create elb, not create elb or use existing target group.
|
56
56
|
[--elb-eip-ids=one two three] # EIP Allocation ids to use for network load balancer.
|
57
57
|
[--elb-type=ELB_TYPE] # ELB type: application or network. Keep current deployed elb type when not specified.
|
58
|
-
[--pretty], [--no-pretty] # Pretty format the json for the task definitions
|
59
|
-
# Default: true
|
60
58
|
[--scheduling-strategy=SCHEDULING_STRATEGY] # Scheduling strategy to use for the service. IE: replica, daemon
|
61
59
|
[--stop-old-tasks], [--no-stop-old-tasks] # Stop old tasks as part of deployment to speed it up
|
62
60
|
[--task=TASK] # ECS task name, to override the task name convention.
|
63
61
|
[--wait], [--no-wait] # Wait for deployment to complete
|
62
|
+
[--image-override=IMAGE_OVERRIDE] # Override image in task definition for quick testing
|
64
63
|
[--verbose], [--no-verbose]
|
65
64
|
[--mute], [--no-mute]
|
66
65
|
[--noop], [--no-noop]
|
@@ -173,7 +173,6 @@ If you need to modify the task definition template to suite your own needs it is
|
|
173
173
|
## Options
|
174
174
|
|
175
175
|
```
|
176
|
-
[--
|
177
|
-
# Default: true
|
176
|
+
[--image-override=IMAGE_OVERRIDE] # Override image in task definition for quick testing
|
178
177
|
```
|
179
178
|
|
@@ -13,6 +13,7 @@ base:
|
|
13
13
|
# replacment might not work. For example, adding and removing a load balancer.
|
14
14
|
# In these cases, you must delete the entire ecs service and recreate it.
|
15
15
|
stack_naming: append_env
|
16
|
+
auto_camelize: false # new default setting in ufo v5
|
16
17
|
|
17
18
|
development:
|
18
19
|
# cluster: development
|
@@ -3,38 +3,38 @@
|
|
3
3
|
# CloudFormation. These options are inserting into the generated template.
|
4
4
|
# More info: https://ufoships.com/docs/customize-cloudformation
|
5
5
|
|
6
|
-
|
7
|
-
|
6
|
+
Elb:
|
7
|
+
Scheme: internet-facing
|
8
8
|
|
9
9
|
# https://docs.aws.amazon.com/fr_fr/elasticloadbalancing/latest/APIReference/API_CreateTargetGroup.html
|
10
10
|
#
|
11
11
|
# When using SSL with network elb, the target group protocol is usually http still
|
12
12
|
# unless you also handle SSL termination at the app level.
|
13
|
-
|
14
|
-
|
15
|
-
#
|
13
|
+
TargetGroup:
|
14
|
+
Port: 80 # only used with ECS if awsvpc mode
|
15
|
+
# Protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP
|
16
16
|
# ufo sets defaults in cloudformation template
|
17
17
|
# application elb: HTTP
|
18
18
|
# network elb: TCP
|
19
19
|
# so we can keep this commented out, unless we need HTTPS at the app level
|
20
20
|
# Health check settings are supported by application load balancer only:
|
21
|
-
#
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
#
|
26
|
-
#
|
27
|
-
|
28
|
-
-
|
29
|
-
|
21
|
+
# HealthCheckPath: /up # health check
|
22
|
+
HealthCheckIntervalSeconds: 10 # default: 30. Network ELB can only take 10 or 30
|
23
|
+
HealthyThresholdCount: 2
|
24
|
+
UnhealthyThresholdCount: 2 # default: 10
|
25
|
+
# HealthCheckProtocol: HTTP # HTTP or HTTPS
|
26
|
+
# HealthCheckPort: traffic-port
|
27
|
+
TargetGroupAttributes:
|
28
|
+
- Key: deregistration_delay.timeout_seconds
|
29
|
+
Value: 10
|
30
30
|
|
31
31
|
# https://docs.aws.amazon.com/fr_fr/elasticloadbalancing/latest/APIReference/API_CreateListener.html
|
32
32
|
#
|
33
33
|
# This is the default listener and normally should listen to port 80.
|
34
|
-
|
35
|
-
|
34
|
+
Listener:
|
35
|
+
Port: 80
|
36
36
|
# For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocol is TCP.
|
37
|
-
#
|
37
|
+
# Protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP, TLS
|
38
38
|
# ufo sets these defaults:
|
39
39
|
# application elb: HTTP # unless port is 443
|
40
40
|
# application elb: HTTPS # if port is 443
|
@@ -43,8 +43,8 @@ listener:
|
|
43
43
|
# Can keep protocol commented out,
|
44
44
|
# unless need to override the defaults.
|
45
45
|
# If using the listener to handle SSL
|
46
|
-
#
|
47
|
-
# -
|
46
|
+
# Certificates:
|
47
|
+
# - CertificateArn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
|
48
48
|
|
49
49
|
# An optional second listener can be created.
|
50
50
|
# If HTTPS and SSL is required then the listener_ssl config is what you should use.
|
@@ -53,11 +53,11 @@ listener:
|
|
53
53
|
# to handle SSL termination.
|
54
54
|
#
|
55
55
|
# ufo creates an ssl listener when listener_ssl is set.
|
56
|
-
#
|
57
|
-
#
|
58
|
-
# #
|
59
|
-
# # -
|
60
|
-
# #
|
56
|
+
# ListenerSsl:
|
57
|
+
# Port: 443
|
58
|
+
# # Certificates:
|
59
|
+
# # - CertificateArn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
|
60
|
+
# # Protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP, TLS
|
61
61
|
# # ufo handles setting the defaults:
|
62
62
|
# # application elb: HTTPS
|
63
63
|
# # network elb: TLS
|
@@ -66,7 +66,7 @@ listener:
|
|
66
66
|
# Note, the route53 record set for the domain name must already exist.
|
67
67
|
# The {stack_name} variable gets replaced with the name of the CloudFormation stack name.
|
68
68
|
# Example: {stack_name} => demo-web
|
69
|
-
#
|
70
|
-
#
|
71
|
-
#
|
69
|
+
# Dns:
|
70
|
+
# Name: "{stack_name}.yourdomain."
|
71
|
+
# HostedZoneName: yourdomain. # dont forget the trailing period
|
72
72
|
# TTL: '60' # ttl has special upcase casing
|