diff --git a/.github/workflows/deploy_environment.yml b/.github/workflows/deploy_environment.yml new file mode 100644 index 0000000..98babd3 --- /dev/null +++ b/.github/workflows/deploy_environment.yml @@ -0,0 +1,38 @@ + +name: Deploy Environment + +on: + push: + branches: + - master + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v1 + - name: Ship to S3 + uses: jakejarvis/s3-sync-action@master + with: + args: --follow-symlinks --delete + env: + SOURCE_DIR: cloudformation + AWS_REGION: "us-east-1" + DEST_DIR: actions/cloudformation + AWS_S3_BUCKET: ${{ secrets.DEPLOY_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + - name: Deploy to AWS CloudFormation + uses: aws-actions/aws-cloudformation-github-deploy@v1 + with: + name: ecs-cluster + template: cloudformation/cluster/top.yaml + capabilities: "CAPABILITY_NAMED_IAM,CAPABILITY_IAM" + parameter-overrides: VpcId=${{ secrets.VPC_ID }},SubnetIds=${{ secrets.SUBNET_IDS }},Project=General,Environment=Main \ No newline at end of file diff --git a/.github/workflows/push_develop.yml b/.github/workflows/push_develop.yml deleted file mode 100644 index 319e8ed..0000000 --- a/.github/workflows/push_develop.yml +++ /dev/null @@ -1,25 +0,0 @@ - -name: Push Develop Release - -on: - push: - branches-ignore: - - develop - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v1 - - name: Ship to S3 - uses: jakejarvis/s3-sync-action@master - with: - args: --follow-symlinks --delete - env: - SOURCE_DIR: cloudformation - AWS_REGION: "us-east-1" - DEST_DIR: nakama/develop/cloudformation - AWS_S3_BUCKET: sumu-stacks - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} \ No newline at end of file diff --git a/README.md b/README.md index 343db2f..1c6ab25 100644 --- a/README.md +++ b/README.md @@ -1 +1,3 @@ -# aws-cluster-stack \ No newline at end of file +# aws-cluster-stack + +Creates an ECS cluster with all necessary infrastructure. diff --git a/cloudformation/cluster/ec2.yaml b/cloudformation/cluster/ec2.yaml new file mode 100644 index 0000000..e69de29 diff --git a/cloudformation/cluster/efs.yaml b/cloudformation/cluster/efs.yaml new file mode 100644 index 0000000..e69de29 diff --git a/cloudformation/cluster/top.yaml b/cloudformation/cluster/top.yaml new file mode 100644 index 0000000..90957be --- /dev/null +++ b/cloudformation/cluster/top.yaml @@ -0,0 +1,126 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: General use ECS Cluster +Parameters: + VpcId: + Type: AWS::EC2::VPC::Id + Description: The id of the VPC the cluster will be in + ConstraintDescription: VPC Id must begin with 'vpc-' + SubnetIds: + Type: List + Description: Comma seperated list of subnets for ECS instances to run in + Project: + Type: String + Description: Project used in naming in tagging to associate with cluster + Environment: + Type: String + Description: Environment used in naming and tagging to associate with cluster + +Resources: + EcsCluster: + Type: AWS::ECS::Cluster + Properties: + ClusterName: !Sub "${Project}-${Environment}" + + EcsInstanceRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - sts:AssumeRole + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Sid: '' + Description: IAM role for instances in ECS cluster + ManagedPolicyArns: + - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + RoleName: !Sub "${Project}-ecs-role-${Environment}" + Tags: + - Key: Environment + Value: !Ref Environment + - Key: Project + Value: !Ref Project + Path: / + + EcsRoleInstaceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + InstanceProfileName: !Sub "${Project}-ecs-instance-profile-${Environment}" + Path: / + Roles: + - !Ref EcsInstanceRole + + EcsSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: ECS Allowed Ports + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: icmp + FromPort: '-1' + ToPort: '-1' + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + SecurityGroupEgress: + - IpProtocol: icmp + FromPort: '-1' + ToPort: '-1' + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + + EcsInstanceLc: + Type: AWS::AutoScaling::LaunchConfiguration + Properties: + ImageId: ami-0f161e6034a6262d8 + InstanceType: t2.micro + AssociatePublicIpAddress: true + IamInstanceProfile: !Ref EcsRoleInstaceProfile + KeyName: !Ref AWS::NoValue + SecurityGroups: + - !Ref EcsSecurityGroup + BlockDeviceMappings: + - DeviceName: /dev/xvdcz + Ebs: + VolumeSize: 22 + VolumeType: gp2 + UserData: !Base64 + Fn::Sub: | + #!/bin/bash + echo ECS_CLUSTER=${EcsCluster} >> /etc/ecs/ecs.config; + echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config; + EcsInstanceAsg: + Type: AWS::AutoScaling::AutoScalingGroup + DependsOn: EcsCluster + Properties: + VPCZoneIdentifier: !Ref SubnetIds + LaunchConfigurationName: !Ref EcsInstanceLc + MinSize: 0 + MaxSize: 1 + DesiredCapacity: 1 + Tags: + - Key: Name + Value: !Sub "${Project}-ECS-ASG-${Environment}" + PropagateAtLaunch: 'true' + - Key: Environment + Value: !Sub Environment + PropagateAtLaunch: 'true' + - Key: Project + Value: !Sub Project + PropagateAtLaunch: 'true' \ No newline at end of file