aws/ecs_service.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"DockerImgSrc": {
"Type": "String",
"Description": "Docker image source",
"Default": "docker.io/kleinchang/efcsydney-roster"
},
"NodeEnv": {
"Type": "String",
"Description": "NODE_ENV=?",
"Default": "qa"
},
"S3ConfBucketName": {
"Type": "String",
"Description": "The S3 Bucket Name which store configure files. ",
"Default": "efc-sydney-qa"
}
},
"Resources": {
"CloudwatchLogsGroup": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"LogGroupName": {
"Fn::Join": [
"-", [
"ECSLogGroup",
{
"Ref": "AWS::StackName"
}
]
]
},
"RetentionInDays": 14
}
},
"ECSServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [
"ecs.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}]
},
"Path": "/",
"ManagedPolicyArns": [],
"Policies": [{
"PolicyName": "ecs-service",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets",
"ec2:Describe*",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": "*"
}]
}
}]
}
},
"ECSSTaskRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [
"ecs.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}]
},
"Path": "/",
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
"arn:aws:iam::aws:policy/CloudWatchActionsEC2Access",
"arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess",
"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
"arn:aws:iam::aws:policy/AmazonRDSFullAccess"
],
"Policies": [{
"PolicyName": "ecs-task",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"ec2:Describe*",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": "*"
}]
}
},
{
"PolicyName": "get-parameter",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"ssm:DescribeParameters",
"ssm:GetParameterHistory",
"ssm:DescribeDocumentParameters",
"ssm:GetParametersByPath",
"ssm:GetParameters",
"ssm:GetParameter"
],
"Resource": "*"
}]
}
}
]
}
},
"ECSTaskDef": {
"Type": "AWS::ECS::TaskDefinition",
"Properties": {
"NetworkMode": "bridge",
"Family": {
"Fn::Join": [
"", [{
"Ref": "AWS::StackName"
},
"-task"
]
]
},
"Volumes": [
{
"Name": "log",
"Host": {
"SourcePath": "/var/log/roster"
}
},
{
"Name": "db-backup",
"Host": {
"SourcePath": "/var/log/backup"
}
}
],
"ContainerDefinitions": [{
"Name": "efcRosterContainer",
"Cpu": "256",
"Memory": "256",
"Essential": "true",
"Image": {
"Ref": "DockerImgSrc"
},
"Environment": [{
"Name": "NODE_ENV",
"Value": {
"Ref": "NodeEnv"
}
},
{
"Name": "S3_BUCKET",
"Value": {
"Ref": "S3ConfBucketName"
}
}
],
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": {
"Ref": "CloudwatchLogsGroup"
},
"awslogs-region": {
"Ref": "AWS::Region"
},
"awslogs-stream-prefix": "efcContainerLog"
}
},
"PortMappings": [{
"ContainerPort": 3002,
"HostPort": 0
},
{
"ContainerPort": 3001,
"HostPort": 0
}
],
"MountPoints": [
{
"ContainerPath": "/opt/efcsydney-roster/log",
"SourceVolume": "log",
"ReadOnly": false
},
{
"ContainerPath": "/opt/backup",
"SourceVolume": "db-backup",
"ReadOnly": false
}
]
}],
"TaskRoleArn": {
"Ref": "ECSSTaskRole"
}
}
},
"ECSServiceHTTPS": {
"Type": "AWS::ECS::Service",
"Properties": {
"ServiceName": "Service-Roster",
"Cluster": {
"Fn::ImportValue": {
"Fn::Sub": "ECSCluster"
}
},
"DesiredCount": "1",
"LoadBalancers": [{
"ContainerName": "efcRosterContainer",
"ContainerPort": "3002",
"TargetGroupArn": {
"Fn::ImportValue": {
"Fn::Sub": "ALB-TargetGroup-HTTPS"
}
}
}],
"Role": {
"Ref": "ECSServiceRole"
},
"TaskDefinition": {
"Ref": "ECSTaskDef"
}
}
}
}
}