aws/env-prisma.cf.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: The Prisma task and service definitions for ECS
Parameters:
ApplicationName:
Type: String
Description: The name of the application
AllowedPattern: ^[a-z0-9\-]*$
EnvironmentName:
Type: String
Description: The name of the application environment
AllowedPattern: ^[a-z0-9\-]*$
PrismaServicePort:
Type: Number
Description: The port that the Prisma service will be listening on
Resources:
PrismaManagementAPISecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Sub prisma-management-api-secret-${ApplicationName}-${EnvironmentName}
GenerateSecretString:
PasswordLength: 32
ExcludePunctuation: true
PrismaServiceAPISecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Sub prisma-service-api-secret-${ApplicationName}-${EnvironmentName}
GenerateSecretString:
PasswordLength: 32
ExcludePunctuation: true
LogGroup:
Type: "AWS::Logs::LogGroup"
Properties:
LogGroupName: !Sub ${ApplicationName}-${EnvironmentName}-prisma
RetentionInDays: 14
TaskDefinition:
Type: "AWS::ECS::TaskDefinition"
Properties:
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
Family: !Sub ${ApplicationName}-${EnvironmentName}-prisma
Cpu: "1024"
Memory: "2048"
ExecutionRoleArn:
Fn::ImportValue: !Sub ${ApplicationName}-ECSTaskExecutionRole
TaskRoleArn:
Fn::ImportValue: !Sub ${ApplicationName}-ECSTaskExecutionRole
Tags:
- Key: Name
Value: !Sub ${ApplicationName}-${EnvironmentName}
ContainerDefinitions:
- Name: "prisma"
Image: "prismagraphql/prisma:1.34"
PortMappings:
- ContainerPort: !Ref PrismaServicePort
Ulimits:
- Name: nofile
HardLimit: 1000000
SoftLimit: 1000000
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref LogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: prisma
Environment:
- Name: PRISMA_CONFIG
Value:
Fn::Sub:
- |
port: ${PrismaServicePort}
managementApiSecret: '{{resolve:secretsmanager:${PrismaManagementAPISecret}:SecretString}}'
databases:
default:
connector: postgres
host: ${DBAddress}
port: ${DBPort}
user: '{{resolve:secretsmanager:${DBInstanceCredentials}:SecretString:username}}'
password: '{{resolve:secretsmanager:${DBInstanceCredentials}:SecretString:password}}'
migrations: true
- PrismaManagementAPISecret: !Ref PrismaManagementAPISecret
DBAddress:
Fn::ImportValue: !Sub ${ApplicationName}-${EnvironmentName}-DBAddress
DBPort:
Fn::ImportValue: !Sub ${ApplicationName}-${EnvironmentName}-DBPort
DBInstanceCredentials:
Fn::ImportValue: !Sub ${ApplicationName}-${EnvironmentName}-DBInstanceCredentials
- Name: JAVA_OPTS
Value: -Xmx1350m
Service:
Type: AWS::ECS::Service
Properties:
LaunchType: FARGATE
TaskDefinition: !Ref TaskDefinition
Cluster:
Fn::ImportValue:
!Sub ${ApplicationName}-${EnvironmentName}-ECSCluster
DesiredCount: 1
LoadBalancers:
- ContainerName: prisma
ContainerPort: !Ref PrismaServicePort
TargetGroupArn:
Fn::ImportValue:
!Sub ${ApplicationName}-${EnvironmentName}-PrismaTargetGroup
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
Subnets:
- Fn::ImportValue:
!Sub ${ApplicationName}-PrivateSubnet01
- Fn::ImportValue:
!Sub ${ApplicationName}-PrivateSubnet02
SecurityGroups:
- Fn::ImportValue:
!Sub ${ApplicationName}-ServiceSG
ServiceRegistries:
- RegistryArn: !GetAtt DiscoveryServiceEntry.Arn
ContainerName: prisma
ContainerPort: !Ref PrismaServicePort
DiscoveryServiceEntry:
Type: AWS::ServiceDiscovery::Service
Properties:
Description: Discovery service entry for the service
DnsConfig:
RoutingPolicy: MULTIVALUE
DnsRecords:
- TTL: 60
Type: A
- TTL: 60
Type: SRV
HealthCheckCustomConfig:
FailureThreshold: 1
Name: prisma
NamespaceId:
Fn::ImportValue:
!Sub ${ApplicationName}-${EnvironmentName}-PrivateNamespace
Outputs:
PrismaServiceArn:
Description: The ARN of the Prisma service
Value: !Ref Service
Export:
Name: !Sub ${ApplicationName}-${EnvironmentName}-PrismaServiceArn
PrismaManagementAPISecretDELETE:
Description: The ARN of the secret used to access the Prisma management API
Value: !Ref PrismaManagementAPISecret
Export:
Name: !Sub ${ApplicationName}-${EnvironmentName}-PrismaManagementAPISecret
PrismaManagementAPISecretArn:
Description: The ARN of the secret used to access the Prisma management API
Value: !Ref PrismaManagementAPISecret
Export:
Name: !Sub ${ApplicationName}-${EnvironmentName}-PrismaManagementAPISecretArn
PrismaServiceAPISecretDELETE:
Description: The ARN of the secret used to access the Prisma service API
Value: !Ref PrismaServiceAPISecret
Export:
Name: !Sub ${ApplicationName}-${EnvironmentName}-PrismaServiceAPISecret
PrismaServiceAPISecretArn:
Description: The ARN of the secret used to access the Prisma service API
Value: !Ref PrismaServiceAPISecret
Export:
Name: !Sub ${ApplicationName}-${EnvironmentName}-PrismaServiceAPISecretArn