Initial cluster

Actions debug Actions debug Actions debug Actions debug Actions debug Actions debug Actions debug IAM Actions debug Actions debug Actions debug Actions debug Added instance profile Unfortunate, but necessary, DependsOn Added instance profile Base
2025-07-14 19:43:55 +02:00 · 2020-04-11 16:46:21 -04:00
parent 0eb338c1b2
commit c8db67893c
6 changed files with 167 additions and 26 deletions
--- a/.github/workflows/deploy_environment.yml
+++ b/.github/workflows/deploy_environment.yml
@ -0,0 +1,38 @@
+
+name: Deploy Environment
+
+on:
+  push:
+    branches:
+    - master
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v1
+    - name: Ship to S3
+      uses: jakejarvis/s3-sync-action@master
+      with:
+        args: --follow-symlinks --delete
+      env:
+        SOURCE_DIR: cloudformation
+        AWS_REGION: "us-east-1"
+        DEST_DIR: actions/cloudformation
+        AWS_S3_BUCKET: ${{ secrets.DEPLOY_BUCKET }}
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: Deploy to AWS CloudFormation
+      uses: aws-actions/aws-cloudformation-github-deploy@v1
+      with:
+        name: ecs-cluster
+        template: cloudformation/cluster/top.yaml
+        capabilities: "CAPABILITY_NAMED_IAM,CAPABILITY_IAM"
+        parameter-overrides: VpcId=${{ secrets.VPC_ID }},SubnetIds=${{ secrets.SUBNET_IDS }},Project=General,Environment=Main
--- a/.github/workflows/push_develop.yml
+++ b/.github/workflows/push_develop.yml
@ -1,25 +0,0 @@
-
-name: Push Develop Release
-
-on:
-  push:
-    branches-ignore:
-      - develop
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout Repo
-      uses: actions/checkout@v1
-    - name: Ship to S3
-      uses: jakejarvis/s3-sync-action@master
-      with:
-        args: --follow-symlinks --delete
-      env:
-        SOURCE_DIR: cloudformation
-        AWS_REGION: "us-east-1"
-        DEST_DIR: nakama/develop/cloudformation
-        AWS_S3_BUCKET: sumu-stacks
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
--- a/README.md
+++ b/README.md
@ -1 +1,3 @@
-# aws-cluster-stack
+# aws-cluster-stack
+
+Creates an ECS cluster with all necessary infrastructure.
--- a/cloudformation/cluster/ec2.yaml
+++ b/cloudformation/cluster/ec2.yaml
--- a/cloudformation/cluster/efs.yaml
+++ b/cloudformation/cluster/efs.yaml
--- a/cloudformation/cluster/top.yaml
+++ b/cloudformation/cluster/top.yaml
@ -0,0 +1,126 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: General use ECS Cluster
+Parameters:
+  VpcId:
+    Type: AWS::EC2::VPC::Id
+    Description: The id of the VPC the cluster will be in
+    ConstraintDescription: VPC Id must begin with 'vpc-'
+  SubnetIds:
+    Type: List<AWS::EC2::Subnet::Id>
+    Description: Comma seperated list of subnets for ECS instances to run in
+  Project:
+    Type: String
+    Description: Project used in naming in tagging to associate with cluster
+  Environment:
+    Type: String
+    Description: Environment used in naming and tagging to associate with cluster
+
+Resources:
+  EcsCluster:
+    Type: AWS::ECS::Cluster
+    Properties: 
+      ClusterName: !Sub "${Project}-${Environment}"
+
+  EcsInstanceRole:
+      Type: AWS::IAM::Role
+      Properties:
+        AssumeRolePolicyDocument:
+          Version: '2012-10-17'
+          Statement:
+            - Action:
+                - sts:AssumeRole
+              Principal:
+                Service:
+                  - ec2.amazonaws.com 
+              Effect: Allow
+              Sid: ''
+        Description: IAM role for instances in ECS cluster
+        ManagedPolicyArns: 
+          - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+        RoleName: !Sub "${Project}-ecs-role-${Environment}"
+        Tags: 
+          - Key: Environment
+            Value: !Ref Environment
+          - Key: Project
+            Value: !Ref Project
+        Path: /
+
+  EcsRoleInstaceProfile:
+    Type: AWS::IAM::InstanceProfile
+    Properties: 
+      InstanceProfileName: !Sub "${Project}-ecs-instance-profile-${Environment}"
+      Path: /
+      Roles: 
+        - !Ref EcsInstanceRole
+
+  EcsSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: ECS Allowed Ports
+      VpcId: !Ref VpcId
+      SecurityGroupIngress:
+      - IpProtocol: icmp
+        FromPort: '-1'
+        ToPort: '-1'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: udp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+      - IpProtocol: icmp
+        FromPort: '-1'
+        ToPort: '-1'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: udp
+        FromPort: '0'
+        ToPort: '65535'
+        CidrIp: 0.0.0.0/0
+
+  EcsInstanceLc:
+    Type: AWS::AutoScaling::LaunchConfiguration
+    Properties:
+      ImageId: ami-0f161e6034a6262d8
+      InstanceType: t2.micro
+      AssociatePublicIpAddress: true
+      IamInstanceProfile: !Ref EcsRoleInstaceProfile
+      KeyName: !Ref AWS::NoValue
+      SecurityGroups:
+      - !Ref EcsSecurityGroup
+      BlockDeviceMappings:
+      - DeviceName: /dev/xvdcz
+        Ebs:
+          VolumeSize: 22
+          VolumeType: gp2
+      UserData: !Base64
+                Fn::Sub: |
+                    #!/bin/bash
+                    echo ECS_CLUSTER=${EcsCluster} >> /etc/ecs/ecs.config;
+                    echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config;
+  EcsInstanceAsg:
+    Type: AWS::AutoScaling::AutoScalingGroup
+    DependsOn: EcsCluster
+    Properties:
+        VPCZoneIdentifier: !Ref SubnetIds
+        LaunchConfigurationName: !Ref EcsInstanceLc
+        MinSize: 0
+        MaxSize: 1
+        DesiredCapacity: 1
+        Tags:
+        - Key: Name
+          Value: !Sub "${Project}-ECS-ASG-${Environment}"
+          PropagateAtLaunch: 'true'
+        - Key: Environment
+          Value: !Sub Environment
+          PropagateAtLaunch: 'true'
+        - Key: Project
+          Value: !Sub Project
+          PropagateAtLaunch: 'true'