Move load balancing to seperate stack

This commit is contained in:
Layla 2019-11-10 20:55:35 -05:00
parent de3a8b7ce9
commit 51e49baa2d
2 changed files with 256 additions and 202 deletions
cloudformation/nakama

View File

@ -0,0 +1,240 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: Nakama load balancing stack
Parameters:
environment:
Type: String
Description: Name of the environment
Default: production
release:
Type: String
Description: Name of the release name of the stack version to use.
Default: production
AllowedValues: ['develop', 'production']
ConstraintDescription: "Must be a possible release version."
PublicSubnets:
Description: The public subnets for the ALB to run in.
Type: String
PortalCertificate:
Description: Arn of AWS Certificate
Type: String
VpcId:
Description: ID of the VPC
Type: AWS::EC2::VPC::Id
Resources:
#-- Network Load Balancer --#
PublicNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Type: network
LoadBalancerAttributes:
- Key: deletion_protection.enabled
Value: false
Scheme: internet-facing
Subnets: !Split [",", !Ref PublicSubnets]
Tags:
- Key: Name
Value: !Sub "Nakama-${environment}-NLB"
- Key: environment
Value: !Ref environment
# Target group for HTTP api
HttpApiTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 7350
Protocol: TCP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-http-${release}'
# Listener for HTTP
HttpApiNlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref HttpApiTargetGroup
LoadBalancerArn: !Ref PublicNLB
Port: 7350
Protocol: TCP
# Target group for gRPC API
GRpcApiTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 7349
Protocol: TCP_UDP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-GRpc-${release}'
# Listener for gRPC API
GRpcNlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref GRpcApiTargetGroup
LoadBalancerArn: !Ref PublicNLB
Port: 7349
Protocol: TCP_UDP
# Target group for gRPC embeded console
GRpcEApiTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 7348
Protocol: TCP_UDP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-GRpc-${release}'
# Listener for gRPC embeded console
GRpcENlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref GRpcEApiTargetGroup
LoadBalancerArn: !Ref PublicNLB
Port: 7348
Protocol: TCP_UDP
#-- Application Load Balancer --#
PublicALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Type: application
LoadBalancerAttributes:
- Key: deletion_protection.enabled
Value: false
- Key: idle_timeout.timeout_seconds
Value: 60
Scheme: internet-facing
SecurityGroups:
- !Ref AlbSecurityGroup
Subnets: !Split [",", !Ref PublicSubnets]
Tags:
- Key: Name
Value: !Sub "Nakama-${environment}-ALB"
- Key: environment
Value: !Ref environment
AlbSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: ECS Allowed Ports
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "443"
ToPort: "443"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
# Target group for admin portal port
AdminPortalTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 30
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 15
HealthyThresholdCount: 2
UnhealthyThresholdCount: 2
Matcher:
HttpCode: '200'
HealthCheckPath: '/'
Port: 7351
Protocol: HTTP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-${release}'
# HTTPS for Admin Portal
AdminPortalAlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
Certificates:
- CertificateArn: !Ref PortalCertificate
DefaultActions:
- Type: forward
TargetGroupArn: !Ref AdminPortalTargetGroup
LoadBalancerArn: !Ref PublicALB
Port: 443
Protocol: HTTPS
# Redirect HTTP -> HTTPS
AdminPortalRedirectAlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
Host: '#{host}'
Path: '/#{path}'
Query: '#{query}'
StatusCode: HTTP_301
LoadBalancerArn: !Ref PublicALB
Port: 80
Protocol: HTTP
Outputs:
AdminPortalTargetGroup:
Description: ""
Value: !Ref AdminPortalTargetGroup
HttpApiTargetGroup:
Description: ""
Value: !Ref HttpApiTargetGroup
GRpcApiTargetGroup:
Description: ""
Value: !Ref GRpcApiTargetGroup
GRpcEApiTargetGroup:
Description: ""
Value: !Ref GRpcEApiTargetGroup
PublicNlbDnsName:
Description: ""
Value: !GetAtt PublicNLB.DNSName
PublicAlbDnsName:
Description: ""
Value: !GetAtt PublicALB.DNSName

View File

@ -126,8 +126,8 @@ Resources:
environment: !Ref environment environment: !Ref environment
Domain: !Ref Domain Domain: !Ref Domain
SubDomain: !Ref SubDomain SubDomain: !Ref SubDomain
NakamaDns: !GetAtt PublicNLB.DNSName NakamaDns: !GetAtt LoadBalancing.Outputs.PublicNlbDnsName
AdminDns: !GetAtt PublicALB.DNSName AdminDns: !GetAtt LoadBalancing.Outputs.PublicAlbDnsName
#---------- #----------
@ -151,202 +151,16 @@ Resources:
#----------------- #-----------------
# Load Balancing # Load Balancing
#----------------- #-----------------
LoadBalancing:
#-- Network Load Balancer --# Type: AWS::CloudFormation::Stack
PublicNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties: Properties:
Type: network TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/${release}/cloudformation/nakama/load_balancing.yaml'
LoadBalancerAttributes: Parameters:
- Key: deletion_protection.enabled environment: !Ref environment
Value: false release: !Ref release
Scheme: internet-facing
Subnets: !Split [",", !Ref PublicSubnets]
Tags:
- Key: Name
Value: !Sub "Nakama-${environment}-NLB"
- Key: environment
Value: !Ref environment
# Target group for HTTP api
HttpApiTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 7350
Protocol: TCP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-http-${release}'
# Listener for HTTP
HttpApiNlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref HttpApiTargetGroup
LoadBalancerArn: !Ref PublicNLB
Port: 7350
Protocol: TCP
# Target group for gRPC API
GRpcApiTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 7349
Protocol: TCP_UDP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-GRpc-${release}'
# Listener for gRPC API
GRpcNlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref GRpcApiTargetGroup
LoadBalancerArn: !Ref PublicNLB
Port: 7349
Protocol: TCP_UDP
# Target group for gRPC embeded console
GRpcEApiTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 7348
Protocol: TCP_UDP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-GRpc-${release}'
# Listener for gRPC embeded console
GRpcENlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref GRpcEApiTargetGroup
LoadBalancerArn: !Ref PublicNLB
Port: 7348
Protocol: TCP_UDP
#-- Application Load Balancer --#
PublicALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Type: application
LoadBalancerAttributes:
- Key: deletion_protection.enabled
Value: false
- Key: idle_timeout.timeout_seconds
Value: 60
Scheme: internet-facing
SecurityGroups:
- !Ref AlbSecurityGroup
Subnets: !Split [",", !Ref PublicSubnets]
Tags:
- Key: Name
Value: !Sub "Nakama-${environment}-ALB"
- Key: environment
Value: !Ref environment
AlbSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: ECS Allowed Ports
VpcId: !Ref VpcId VpcId: !Ref VpcId
SecurityGroupIngress: PublicSubnets: !Ref PublicSubnets
- IpProtocol: icmp PortalCertificate: !Ref PortalCertificate
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "443"
ToPort: "443"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
# Target group for admin portal port
AdminPortalTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 30
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 15
HealthyThresholdCount: 2
UnhealthyThresholdCount: 2
Matcher:
HttpCode: '200'
HealthCheckPath: '/'
Port: 7351
Protocol: HTTP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
VpcId: !Ref 'VpcId'
Tags:
- Key: Name
Value: !Sub 'nakama-${release}'
# HTTPS for Admin Portal
AdminPortalAlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
Certificates:
- CertificateArn: !Ref PortalCertificate
DefaultActions:
- Type: forward
TargetGroupArn: !Ref AdminPortalTargetGroup
LoadBalancerArn: !Ref PublicALB
Port: 443
Protocol: HTTPS
# Redirect HTTP -> HTTPS
AdminPortalRedirectAlbListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
Host: '#{host}'
Path: '/#{path}'
Query: '#{query}'
StatusCode: HTTP_301
LoadBalancerArn: !Ref PublicALB
Port: 80
Protocol: HTTP
#------------------- #-------------------
# ECS Task & Service # ECS Task & Service
@ -364,7 +178,7 @@ Resources:
NakamaPasswordOverride: !Ref NakamaPasswordOverride NakamaPasswordOverride: !Ref NakamaPasswordOverride
EcsService: EcsService:
DependsOn: AdminPortalAlbListener DependsOn: LoadBalancing
Type: AWS::ECS::Service Type: AWS::ECS::Service
Properties: Properties:
Cluster: !Ref EcsCluster Cluster: !Ref EcsCluster
@ -373,13 +187,13 @@ Resources:
LoadBalancers: LoadBalancers:
- ContainerName: "nakama" - ContainerName: "nakama"
ContainerPort: 7351 ContainerPort: 7351
TargetGroupArn: !Ref AdminPortalTargetGroup TargetGroupArn: !GetAtt LoadBalancing.Outputs.AdminPortalTargetGroup
- ContainerName: "nakama" - ContainerName: "nakama"
ContainerPort: 7350 ContainerPort: 7350
TargetGroupArn: !Ref HttpApiTargetGroup TargetGroupArn: !GetAtt LoadBalancing.Outputs.HttpApiTargetGroup
- ContainerName: "nakama" - ContainerName: "nakama"
ContainerPort: 7349 ContainerPort: 7349
TargetGroupArn: !Ref GRpcApiTargetGroup TargetGroupArn: !GetAtt LoadBalancing.Outputs.GRpcApiTargetGroup
- ContainerName: "nakama" - ContainerName: "nakama"
ContainerPort: 7348 ContainerPort: 7348
TargetGroupArn: !Ref GRpcEApiTargetGroup TargetGroupArn: !GetAtt LoadBalancing.Outputs.GRpcEApiTargetGroup