From c8db67893ca93b01e764fbde2402049b7e381abe Mon Sep 17 00:00:00 2001 From: Joseph Manley Date: Sat, 11 Apr 2020 16:46:21 -0400 Subject: [PATCH] Initial cluster Actions debug Actions debug Actions debug Actions debug Actions debug Actions debug Actions debug IAM Actions debug Actions debug Actions debug Actions debug Added instance profile Unfortunate, but necessary, DependsOn Added instance profile Base --- .github/workflows/deploy_environment.yml | 38 +++++++ .github/workflows/push_develop.yml | 25 ----- README.md | 4 +- cloudformation/cluster/ec2.yaml | 0 cloudformation/cluster/efs.yaml | 0 cloudformation/cluster/top.yaml | 126 +++++++++++++++++++++++ 6 files changed, 167 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/deploy_environment.yml delete mode 100644 .github/workflows/push_develop.yml create mode 100644 cloudformation/cluster/ec2.yaml create mode 100644 cloudformation/cluster/efs.yaml create mode 100644 cloudformation/cluster/top.yaml diff --git a/.github/workflows/deploy_environment.yml b/.github/workflows/deploy_environment.yml new file mode 100644 index 0000000..98babd3 --- /dev/null +++ b/.github/workflows/deploy_environment.yml @@ -0,0 +1,38 @@ + +name: Deploy Environment + +on: + push: + branches: + - master + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v1 + - name: Ship to S3 + uses: jakejarvis/s3-sync-action@master + with: + args: --follow-symlinks --delete + env: + SOURCE_DIR: cloudformation + AWS_REGION: "us-east-1" + DEST_DIR: actions/cloudformation + AWS_S3_BUCKET: ${{ secrets.DEPLOY_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + - name: Deploy to AWS CloudFormation + uses: aws-actions/aws-cloudformation-github-deploy@v1 + with: + name: ecs-cluster + template: cloudformation/cluster/top.yaml + capabilities: "CAPABILITY_NAMED_IAM,CAPABILITY_IAM" + parameter-overrides: VpcId=${{ secrets.VPC_ID }},SubnetIds=${{ secrets.SUBNET_IDS }},Project=General,Environment=Main \ No newline at end of file diff --git a/.github/workflows/push_develop.yml b/.github/workflows/push_develop.yml deleted file mode 100644 index 319e8ed..0000000 --- a/.github/workflows/push_develop.yml +++ /dev/null @@ -1,25 +0,0 @@ - -name: Push Develop Release - -on: - push: - branches-ignore: - - develop - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v1 - - name: Ship to S3 - uses: jakejarvis/s3-sync-action@master - with: - args: --follow-symlinks --delete - env: - SOURCE_DIR: cloudformation - AWS_REGION: "us-east-1" - DEST_DIR: nakama/develop/cloudformation - AWS_S3_BUCKET: sumu-stacks - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} \ No newline at end of file diff --git a/README.md b/README.md index 343db2f..1c6ab25 100644 --- a/README.md +++ b/README.md @@ -1 +1,3 @@ -# aws-cluster-stack \ No newline at end of file +# aws-cluster-stack + +Creates an ECS cluster with all necessary infrastructure. diff --git a/cloudformation/cluster/ec2.yaml b/cloudformation/cluster/ec2.yaml new file mode 100644 index 0000000..e69de29 diff --git a/cloudformation/cluster/efs.yaml b/cloudformation/cluster/efs.yaml new file mode 100644 index 0000000..e69de29 diff --git a/cloudformation/cluster/top.yaml b/cloudformation/cluster/top.yaml new file mode 100644 index 0000000..90957be --- /dev/null +++ b/cloudformation/cluster/top.yaml @@ -0,0 +1,126 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: General use ECS Cluster +Parameters: + VpcId: + Type: AWS::EC2::VPC::Id + Description: The id of the VPC the cluster will be in + ConstraintDescription: VPC Id must begin with 'vpc-' + SubnetIds: + Type: List + Description: Comma seperated list of subnets for ECS instances to run in + Project: + Type: String + Description: Project used in naming in tagging to associate with cluster + Environment: + Type: String + Description: Environment used in naming and tagging to associate with cluster + +Resources: + EcsCluster: + Type: AWS::ECS::Cluster + Properties: + ClusterName: !Sub "${Project}-${Environment}" + + EcsInstanceRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - sts:AssumeRole + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Sid: '' + Description: IAM role for instances in ECS cluster + ManagedPolicyArns: + - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + RoleName: !Sub "${Project}-ecs-role-${Environment}" + Tags: + - Key: Environment + Value: !Ref Environment + - Key: Project + Value: !Ref Project + Path: / + + EcsRoleInstaceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + InstanceProfileName: !Sub "${Project}-ecs-instance-profile-${Environment}" + Path: / + Roles: + - !Ref EcsInstanceRole + + EcsSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: ECS Allowed Ports + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: icmp + FromPort: '-1' + ToPort: '-1' + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + SecurityGroupEgress: + - IpProtocol: icmp + FromPort: '-1' + ToPort: '-1' + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: '0' + ToPort: '65535' + CidrIp: 0.0.0.0/0 + + EcsInstanceLc: + Type: AWS::AutoScaling::LaunchConfiguration + Properties: + ImageId: ami-0f161e6034a6262d8 + InstanceType: t2.micro + AssociatePublicIpAddress: true + IamInstanceProfile: !Ref EcsRoleInstaceProfile + KeyName: !Ref AWS::NoValue + SecurityGroups: + - !Ref EcsSecurityGroup + BlockDeviceMappings: + - DeviceName: /dev/xvdcz + Ebs: + VolumeSize: 22 + VolumeType: gp2 + UserData: !Base64 + Fn::Sub: | + #!/bin/bash + echo ECS_CLUSTER=${EcsCluster} >> /etc/ecs/ecs.config; + echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config; + EcsInstanceAsg: + Type: AWS::AutoScaling::AutoScalingGroup + DependsOn: EcsCluster + Properties: + VPCZoneIdentifier: !Ref SubnetIds + LaunchConfigurationName: !Ref EcsInstanceLc + MinSize: 0 + MaxSize: 1 + DesiredCapacity: 1 + Tags: + - Key: Name + Value: !Sub "${Project}-ECS-ASG-${Environment}" + PropagateAtLaunch: 'true' + - Key: Environment + Value: !Sub Environment + PropagateAtLaunch: 'true' + - Key: Project + Value: !Sub Project + PropagateAtLaunch: 'true' \ No newline at end of file