Move load balancing to seperate stack

cloudformation/nakama/load_balancing.yaml

@@ -0,0 +1,240 @@
+
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Nakama load balancing stack
+Parameters:
+  environment:
+    Type: String
+    Description: Name of the environment
+    Default: production
+  release:
+    Type: String
+    Description: Name of the release name of the stack version to use.
+    Default: production
+    AllowedValues: ['develop', 'production']
+    ConstraintDescription: "Must be a possible release version."
+  PublicSubnets:
+    Description: The public subnets for the ALB to run in.
+    Type: String
+  PortalCertificate:
+    Description: Arn of AWS Certificate
+    Type: String
+  VpcId:
+    Description: ID of the VPC
+    Type: AWS::EC2::VPC::Id
+
+Resources:
+
+  #-- Network Load Balancer --#
+  PublicNLB:
+    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Properties:
+      Type: network
+      LoadBalancerAttributes:
+        - Key: deletion_protection.enabled
+          Value: false
+      Scheme: internet-facing
+      Subnets: !Split [",", !Ref PublicSubnets]
+      Tags:
+        - Key: Name
+          Value: !Sub "Nakama-${environment}-NLB"
+        - Key: environment
+          Value: !Ref environment
+
+  # Target group for HTTP api
+  HttpApiTargetGroup:
+    Type: AWS::ElasticLoadBalancingV2::TargetGroup
+    Properties:
+      Port: 7350
+      Protocol: TCP
+      TargetGroupAttributes:
+        - Key: deregistration_delay.timeout_seconds
+          Value: '20'
+      VpcId: !Ref 'VpcId'
+      Tags:
+        - Key: Name
+          Value: !Sub 'nakama-http-${release}'
+
+  # Listener for HTTP
+  HttpApiNlbListener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      DefaultActions:
+        - Type: forward
+          TargetGroupArn: !Ref HttpApiTargetGroup
+      LoadBalancerArn: !Ref PublicNLB
+      Port: 7350
+      Protocol: TCP
+
+  # Target group for gRPC API
+  GRpcApiTargetGroup:
+    Type: AWS::ElasticLoadBalancingV2::TargetGroup
+    Properties:
+      Port: 7349
+      Protocol: TCP_UDP
+      TargetGroupAttributes:
+        - Key: deregistration_delay.timeout_seconds
+          Value: '20'
+      VpcId: !Ref 'VpcId'
+      Tags:
+        - Key: Name
+          Value: !Sub 'nakama-GRpc-${release}'
+
+  # Listener for gRPC API
+  GRpcNlbListener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      DefaultActions:
+        - Type: forward
+          TargetGroupArn: !Ref GRpcApiTargetGroup
+      LoadBalancerArn: !Ref PublicNLB
+      Port: 7349
+      Protocol: TCP_UDP
+
+  # Target group for gRPC embeded console
+  GRpcEApiTargetGroup:
+    Type: AWS::ElasticLoadBalancingV2::TargetGroup
+    Properties:
+      Port: 7348
+      Protocol: TCP_UDP
+      TargetGroupAttributes:
+        - Key: deregistration_delay.timeout_seconds
+          Value: '20'
+      VpcId: !Ref 'VpcId'
+      Tags:
+        - Key: Name
+          Value: !Sub 'nakama-GRpc-${release}'
+
+  # Listener for gRPC embeded console
+  GRpcENlbListener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      DefaultActions:
+        - Type: forward
+          TargetGroupArn: !Ref GRpcEApiTargetGroup
+      LoadBalancerArn: !Ref PublicNLB
+      Port: 7348
+      Protocol: TCP_UDP
+
+  #-- Application Load Balancer --#
+  PublicALB:
+    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Properties:
+      Type: application
+      LoadBalancerAttributes:
+        - Key: deletion_protection.enabled
+          Value: false
+        - Key: idle_timeout.timeout_seconds
+          Value: 60
+      Scheme: internet-facing
+      SecurityGroups:
+        - !Ref AlbSecurityGroup
+      Subnets: !Split [",", !Ref PublicSubnets]
+      Tags:
+        - Key: Name
+          Value: !Sub "Nakama-${environment}-ALB"
+        - Key: environment
+          Value: !Ref environment
+
+  AlbSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: ECS Allowed Ports
+      VpcId: !Ref VpcId
+      SecurityGroupIngress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "443"
+          ToPort: "443"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "80"
+          ToPort: "80"
+          CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "0"
+          ToPort: "65535"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: udp
+          FromPort: "0"
+          ToPort: "65535"
+          CidrIp: 0.0.0.0/0
+
+  # Target group for admin portal port
+  AdminPortalTargetGroup:
+    Type: AWS::ElasticLoadBalancingV2::TargetGroup
+    Properties:
+      HealthCheckIntervalSeconds: 30
+      HealthCheckProtocol: HTTP
+      HealthCheckTimeoutSeconds: 15
+      HealthyThresholdCount: 2
+      UnhealthyThresholdCount: 2
+      Matcher:
+        HttpCode: '200'
+      HealthCheckPath: '/'
+      Port: 7351
+      Protocol: HTTP
+      TargetGroupAttributes:
+        - Key: deregistration_delay.timeout_seconds
+          Value: '20'
+      VpcId: !Ref 'VpcId'
+      Tags:
+        - Key: Name
+          Value: !Sub 'nakama-${release}'
+
+  # HTTPS for Admin Portal
+  AdminPortalAlbListener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      Certificates:
+        - CertificateArn: !Ref PortalCertificate
+      DefaultActions:
+        - Type: forward
+          TargetGroupArn: !Ref AdminPortalTargetGroup
+      LoadBalancerArn: !Ref PublicALB
+      Port: 443
+      Protocol: HTTPS
+
+  # Redirect HTTP -> HTTPS
+  AdminPortalRedirectAlbListener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      DefaultActions:
+      - Type: redirect
+        RedirectConfig:
+          Protocol: HTTPS
+          Port: 443
+          Host: '#{host}'
+          Path: '/#{path}'
+          Query: '#{query}'
+          StatusCode: HTTP_301
+      LoadBalancerArn: !Ref PublicALB
+      Port: 80
+      Protocol: HTTP
+
+Outputs:
+  AdminPortalTargetGroup:
+    Description: ""
+    Value: !Ref AdminPortalTargetGroup
+  HttpApiTargetGroup:
+    Description: ""
+    Value: !Ref HttpApiTargetGroup
+  GRpcApiTargetGroup:
+    Description: ""
+    Value: !Ref GRpcApiTargetGroup
+  GRpcEApiTargetGroup:
+    Description: ""
+    Value: !Ref GRpcEApiTargetGroup
+  PublicNlbDnsName:
+    Description: ""
+    Value: !GetAtt PublicNLB.DNSName
+  PublicAlbDnsName:
+    Description: ""
+    Value: !GetAtt PublicALB.DNSName

cloudformation/nakama/top.yaml

@@ -126,8 +126,8 @@ Resources:
         environment: !Ref environment
         Domain: !Ref Domain
         SubDomain: !Ref SubDomain
-        NakamaDns: !GetAtt PublicNLB.DNSName
-        AdminDns: !GetAtt PublicALB.DNSName
+        NakamaDns: !GetAtt LoadBalancing.Outputs.PublicNlbDnsName
+        AdminDns: !GetAtt LoadBalancing.Outputs.PublicAlbDnsName
 
 
   #----------
@@ -151,202 +151,16 @@ Resources:
   #-----------------
   # Load Balancing 
   #-----------------
-
-  #-- Network Load Balancer --#
-  PublicNLB:
-    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+  LoadBalancing:
+    Type: AWS::CloudFormation::Stack
     Properties:
-      Type: network
-      LoadBalancerAttributes:
-        - Key: deletion_protection.enabled
-          Value: false
-      Scheme: internet-facing
-      Subnets: !Split [",", !Ref PublicSubnets]
-      Tags:
-        - Key: Name
-          Value: !Sub "Nakama-${environment}-NLB"
-        - Key: environment
-          Value: !Ref environment
-
-  # Target group for HTTP api
-  HttpApiTargetGroup:
-    Type: AWS::ElasticLoadBalancingV2::TargetGroup
-    Properties:
-      Port: 7350
-      Protocol: TCP
-      TargetGroupAttributes:
-        - Key: deregistration_delay.timeout_seconds
-          Value: '20'
-      VpcId: !Ref 'VpcId'
-      Tags:
-        - Key: Name
-          Value: !Sub 'nakama-http-${release}'
-
-  # Listener for HTTP
-  HttpApiNlbListener:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Properties:
-      DefaultActions:
-        - Type: forward
-          TargetGroupArn: !Ref HttpApiTargetGroup
-      LoadBalancerArn: !Ref PublicNLB
-      Port: 7350
-      Protocol: TCP
-
-  # Target group for gRPC API
-  GRpcApiTargetGroup:
-    Type: AWS::ElasticLoadBalancingV2::TargetGroup
-    Properties:
-      Port: 7349
-      Protocol: TCP_UDP
-      TargetGroupAttributes:
-        - Key: deregistration_delay.timeout_seconds
-          Value: '20'
-      VpcId: !Ref 'VpcId'
-      Tags:
-        - Key: Name
-          Value: !Sub 'nakama-GRpc-${release}'
-
-  # Listener for gRPC API
-  GRpcNlbListener:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Properties:
-      DefaultActions:
-        - Type: forward
-          TargetGroupArn: !Ref GRpcApiTargetGroup
-      LoadBalancerArn: !Ref PublicNLB
-      Port: 7349
-      Protocol: TCP_UDP
-
-  # Target group for gRPC embeded console
-  GRpcEApiTargetGroup:
-    Type: AWS::ElasticLoadBalancingV2::TargetGroup
-    Properties:
-      Port: 7348
-      Protocol: TCP_UDP
-      TargetGroupAttributes:
-        - Key: deregistration_delay.timeout_seconds
-          Value: '20'
-      VpcId: !Ref 'VpcId'
-      Tags:
-        - Key: Name
-          Value: !Sub 'nakama-GRpc-${release}'
-
-  # Listener for gRPC embeded console
-  GRpcENlbListener:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Properties:
-      DefaultActions:
-        - Type: forward
-          TargetGroupArn: !Ref GRpcEApiTargetGroup
-      LoadBalancerArn: !Ref PublicNLB
-      Port: 7348
-      Protocol: TCP_UDP
-
-  #-- Application Load Balancer --#
-  PublicALB:
-    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
-    Properties:
-      Type: application
-      LoadBalancerAttributes:
-        - Key: deletion_protection.enabled
-          Value: false
-        - Key: idle_timeout.timeout_seconds
-          Value: 60
-      Scheme: internet-facing
-      SecurityGroups:
-        - !Ref AlbSecurityGroup
-      Subnets: !Split [",", !Ref PublicSubnets]
-      Tags:
-        - Key: Name
-          Value: !Sub "Nakama-${environment}-ALB"
-        - Key: environment
-          Value: !Ref environment
-
-  AlbSecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupDescription: ECS Allowed Ports
-      VpcId: !Ref VpcId
-      SecurityGroupIngress:
-        - IpProtocol: icmp
-          FromPort: "-1"
-          ToPort: "-1"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "443"
-          ToPort: "443"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "80"
-          ToPort: "80"
-          CidrIp: 0.0.0.0/0
-      SecurityGroupEgress:
-        - IpProtocol: icmp
-          FromPort: "-1"
-          ToPort: "-1"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "0"
-          ToPort: "65535"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: udp
-          FromPort: "0"
-          ToPort: "65535"
-          CidrIp: 0.0.0.0/0
-
-  # Target group for admin portal port
-  AdminPortalTargetGroup:
-    Type: AWS::ElasticLoadBalancingV2::TargetGroup
-    Properties:
-      HealthCheckIntervalSeconds: 30
-      HealthCheckProtocol: HTTP
-      HealthCheckTimeoutSeconds: 15
-      HealthyThresholdCount: 2
-      UnhealthyThresholdCount: 2
-      Matcher:
-        HttpCode: '200'
-      HealthCheckPath: '/'
-      Port: 7351
-      Protocol: HTTP
-      TargetGroupAttributes:
-        - Key: deregistration_delay.timeout_seconds
-          Value: '20'
-      VpcId: !Ref 'VpcId'
-      Tags:
-        - Key: Name
-          Value: !Sub 'nakama-${release}'
-
-  # HTTPS for Admin Portal
-  AdminPortalAlbListener:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Properties:
-      Certificates:
-        - CertificateArn: !Ref PortalCertificate
-      DefaultActions:
-        - Type: forward
-          TargetGroupArn: !Ref AdminPortalTargetGroup
-      LoadBalancerArn: !Ref PublicALB
-      Port: 443
-      Protocol: HTTPS
-
-  # Redirect HTTP -> HTTPS
-  AdminPortalRedirectAlbListener:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Properties:
-      DefaultActions:
-      - Type: redirect
-        RedirectConfig:
-          Protocol: HTTPS
-          Port: 443
-          Host: '#{host}'
-          Path: '/#{path}'
-          Query: '#{query}'
-          StatusCode: HTTP_301
-      LoadBalancerArn: !Ref PublicALB
-      Port: 80
-      Protocol: HTTP
-      
+      TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/${release}/cloudformation/nakama/load_balancing.yaml'
+      Parameters:
+        environment: !Ref environment
+        release: !Ref release
+        VpcId: !Ref VpcId
+        PublicSubnets: !Ref PublicSubnets
+        PortalCertificate: !Ref PortalCertificate
 
   #-------------------
   # ECS Task & Service
@@ -364,7 +178,7 @@ Resources:
         NakamaPasswordOverride: !Ref NakamaPasswordOverride
 
   EcsService:
-    DependsOn: AdminPortalAlbListener
+    DependsOn: LoadBalancing
     Type: AWS::ECS::Service
     Properties:
       Cluster: !Ref EcsCluster
@@ -373,13 +187,13 @@ Resources:
       LoadBalancers:  
         - ContainerName: "nakama"
           ContainerPort: 7351
-          TargetGroupArn: !Ref AdminPortalTargetGroup
+          TargetGroupArn: !GetAtt LoadBalancing.Outputs.AdminPortalTargetGroup
         - ContainerName: "nakama"
           ContainerPort: 7350
-          TargetGroupArn: !Ref HttpApiTargetGroup
+          TargetGroupArn: !GetAtt LoadBalancing.Outputs.HttpApiTargetGroup
         - ContainerName: "nakama"
           ContainerPort: 7349
-          TargetGroupArn: !Ref GRpcApiTargetGroup
+          TargetGroupArn: !GetAtt LoadBalancing.Outputs.GRpcApiTargetGroup
         - ContainerName: "nakama"
           ContainerPort: 7348
-          TargetGroupArn: !Ref GRpcEApiTargetGroup
+          TargetGroupArn: !GetAtt LoadBalancing.Outputs.GRpcEApiTargetGroup