Merge pull request #3 from josephbmanley/base/cluster

Add Basic Cluster

.github/workflows/deploy_environment.yml

@@ -0,0 +1,38 @@
+
+name: Deploy Environment
+
+on:
+  push:
+    branches:
+    - master
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v1
+    - name: Ship to S3
+      uses: jakejarvis/s3-sync-action@master
+      with:
+        args: --follow-symlinks --delete
+      env:
+        SOURCE_DIR: cloudformation
+        AWS_REGION: "us-east-1"
+        DEST_DIR: actions/cloudformation
+        AWS_S3_BUCKET: ${{ secrets.DEPLOY_BUCKET }}
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: Deploy to AWS CloudFormation
+      uses: aws-actions/aws-cloudformation-github-deploy@v1
+      with:
+        name: ecs-cluster
+        template: cloudformation/cluster/top.yaml
+        capabilities: "CAPABILITY_NAMED_IAM,CAPABILITY_IAM"
+        parameter-overrides: VpcId=${{ secrets.VPC_ID }},SubnetIds=${{ secrets.SUBNET_IDS }},Project=General,Environment=Main

.github/workflows/push_develop.yml

@@ -1,25 +0,0 @@
-
-name: Push Develop Release
-
-on:
-  push:
-    branches-ignore:
-      - develop
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout Repo
-      uses: actions/checkout@v1
-    - name: Ship to S3
-      uses: jakejarvis/s3-sync-action@master
-      with:
-        args: --follow-symlinks --delete
-      env:
-        SOURCE_DIR: cloudformation
-        AWS_REGION: "us-east-1"
-        DEST_DIR: nakama/develop/cloudformation
-        AWS_S3_BUCKET: sumu-stacks
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

README.md

@@ -1 +1,3 @@
-# aws-cluster-stack
+# aws-cluster-stack
+
+Creates an ECS cluster with all necessary infrastructure.

cloudformation/cluster/top.yaml

@@ -0,0 +1,126 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: General use ECS Cluster
+Parameters:
+  VpcId:
+    Type: AWS::EC2::VPC::Id
+    Description: The id of the VPC the cluster will be in
+    ConstraintDescription: VPC Id must begin with 'vpc-'
+  SubnetIds:
+    Type: List<AWS::EC2::Subnet::Id>
+    Description: Comma seperated list of subnets for ECS instances to run in
+  Project:
+    Type: String
+    Description: Project used in naming in tagging to associate with cluster
+  Environment:
+    Type: String
+    Description: Environment used in naming and tagging to associate with cluster
+
+Resources:
+  EcsCluster:
+    Type: AWS::ECS::Cluster
+    Properties: 
+      ClusterName: !Sub "${Project}-${Environment}"
+
+  EcsInstanceRole:
+      Type: AWS::IAM::Role
+      Properties:
+        AssumeRolePolicyDocument:
+          Version: '2012-10-17'
+          Statement:
+            - Action:
+                - sts:AssumeRole
+              Principal:
+                Service:
+                  - ec2.amazonaws.com 
+              Effect: Allow
+              Sid: ''
+        Description: IAM role for instances in ECS cluster
+        ManagedPolicyArns: 
+          - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+        RoleName: !Sub "${Project}-ecs-role-${Environment}"
+        Tags: 
+          - Key: Environment
+            Value: !Ref Environment
+          - Key: Project
+            Value: !Ref Project
+        Path: /
+
+  EcsRoleInstaceProfile:
+    Type: AWS::IAM::InstanceProfile
+    Properties: 
+      InstanceProfileName: !Sub "${Project}-ecs-instance-profile-${Environment}"
+      Path: /
+      Roles: 
+        - !Ref EcsInstanceRole
+
+  EcsSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: ECS Allowed Ports
+      VpcId: !Ref VpcId
+      SecurityGroupIngress:
+      - IpProtocol: icmp
+        FromPort: '-1'
+        ToPort: '-1'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: udp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+      - IpProtocol: icmp
+        FromPort: '-1'
+        ToPort: '-1'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: udp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+
+  EcsInstanceLc:
+    Type: AWS::AutoScaling::LaunchConfiguration
+    Properties:
+      ImageId: ami-0f161e6034a6262d8
+      InstanceType: t2.micro
+      AssociatePublicIpAddress: true
+      IamInstanceProfile: !Ref EcsRoleInstaceProfile
+      KeyName: !Ref AWS::NoValue
+      SecurityGroups:
+      - !Ref EcsSecurityGroup
+      BlockDeviceMappings:
+      - DeviceName: /dev/xvdcz
+        Ebs:
+          VolumeSize: 22
+          VolumeType: gp2
+      UserData: !Base64
+                Fn::Sub: |
+                    #!/bin/bash
+                    echo ECS_CLUSTER=${EcsCluster} >> /etc/ecs/ecs.config;
+                    echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config;
+  EcsInstanceAsg:
+    Type: AWS::AutoScaling::AutoScalingGroup
+    DependsOn: EcsCluster
+    Properties:
+        VPCZoneIdentifier: !Ref SubnetIds
+        LaunchConfigurationName: !Ref EcsInstanceLc
+        MinSize: 0
+        MaxSize: 1
+        DesiredCapacity: 1
+        Tags:
+        - Key: Name
+          Value: !Sub "${Project}-ECS-ASG-${Environment}"
+          PropagateAtLaunch: 'true'
+        - Key: Environment
+          Value: !Sub Environment
+          PropagateAtLaunch: 'true'
+        - Key: Project
+          Value: !Sub Project
+          PropagateAtLaunch: 'true'