Fargate support (3rd iteration) (#249)

[New Template] fargate/cluster - Fargate cluster [New Template] fargate/service-dedicated-alb - Fargate service that runs on a Fargate cluster based on fargate/cluster.yaml and uses a dedicated ALB [Improvement] ecs/cluster - Optional support for ALB access logging and idle timeout [Improvement] ecs/service-dedicated-alb - Optional support for ALB access logging and idle timeout [Improvement] ecs/service-dedicated-alb - Added parameters to control Cpu, Memory, AutoScaling, and HealthCheckGracePeriod [Improvement] ecs/service-cluster-alb - Added parameters to control Cpu, Memory, AutoScaling, and HealthCheckGracePeriod
widdix · Jan 8, 2019 · 935d24a · 935d24a
1 parent b4502de
commit 935d24a
Show file tree

Hide file tree

Showing 13 changed files with 1,255 additions and 135 deletions.
diff --git a/docs/ecs.md b/docs/ecs.md
@@ -29,8 +29,9 @@ This template describes a fault tolerant and scalable ECS cluster on AWS. The cl
 ## Dependencies
 * `vpc/vpc-*azs.yaml` (**required**)
 * `vpc/vpc-*-bastion.yaml` (recommended)
-* `security/auth-proxy-*.yaml`
 * `operations/alert.yaml` (recommended)
+* `security/auth-proxy-*.yaml`
+* `state/s3.yaml`
 * `state/client-sg.yaml`
 
 # ECS service
@@ -61,6 +62,7 @@ This template describes a fault tolerant and scalable ECS service that uses the
 ### Dependencies
 * `ecs/cluster.yaml` (**required**)
 * `operations/alert.yaml` (recommended)
+* `vpc/zone-*.yaml`
 
 ## Using a dedicated load balancer for the service
 This template describes a fault tolerant and scalable ECS service that uses a dedicated load balancer for the service.
@@ -82,3 +84,6 @@ This template describes a fault tolerant and scalable ECS service that uses a de
 * `vpc/vpc-*azs.yaml` (**required**)
 * `ecs/cluster.yaml` (**required**)
 * `operations/alert.yaml` (recommended)
+* `security/auth-proxy-*.yaml`
+* `vpc/zone-*.yaml`
+* `state/s3.yaml*`
diff --git a/docs/fargate.md b/docs/fargate.md
@@ -0,0 +1,50 @@
+<iframe src="https://ghbtns.com/github-btn.html?user=widdix&repo=aws-cf-templates&type=star&count=true&size=large" frameborder="0" scrolling="0" width="160px" height="30px"></iframe>
+
+> **New**: Manage Free Templates for AWS CloudFormation with the [widdix CLI](./cli/)
+
+[Fargate](https://aws.amazon.com/fargate/) runs highly scalable containers scheduled by the [EC2 Container Service (ECS)](https://aws.amazon.com/ecs/). To run an application on Fargate you need the following components:
+
+* Docker image published to [Docker Hub](https://hub.docker.com/) or [EC2 Container Registry (ECR)](https://aws.amazon.com/ecr/)
+* Fargate cluster
+* Fargate service
+
+We provide you templates for the Fargate cluster and the service. You need to publish the Docker image.
+
+# Fargate cluster
+This template describes a fault tolerant and scalable Fargate cluster on AWS.
+
+## Installation Guide
+1. This templates depends on our [`vpc-*azs.yaml`](./vpc/) template. [![Launch Stack](./img/launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=vpc-2azs&templateURL=https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/__VERSION__/vpc/vpc-2azs.yaml)
+1. [![Launch Stack](./img/launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=fargate-cluster&templateURL=https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/__VERSION__/fargate/cluster.yaml)
+1. Click **Next** to proceed with the next step of the wizard.
+1. Specify a name and all parameters for the stack.
+1. Click **Next** to proceed with the next step of the wizard.
+1. Click **Next** to skip the **Options** step of the wizard.
+1. Check the **I acknowledge that this template might cause AWS CloudFormation to create IAM resources.** checkbox.
+1. Click **Create** to start the creation of the stack.
+1. Wait until the stack reaches the state **CREATE_COMPLETE**
+
+# Fargate service
+This template describes a fault tolerant and scalable Fargate service on AWS. The service scales based on CPU utilization.
+
+> The image needs to expose port 80 or the `AWS::ECS::TaskDefinition` needs to be adjusted!
+
+### Installation Guide
+1. This templates depends on our [`cluster.yaml`](./fargate/) template. [![Launch Stack](./img/launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=fargate-cluster&templateURL=https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/__VERSION__/fargate/cluster.yaml)
+1. [![Launch Stack](./img/launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=fargate-service&templateURL=https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/__VERSION__/fargate/service-dedicated-alb.yaml)
+1. Click **Next** to proceed with the next step of the wizard.
+1. Specify a name and all parameters for the stack.
+1. Click **Next** to proceed with the next step of the wizard.
+1. Click **Next** to skip the **Options** step of the wizard.
+1. Check the **I acknowledge that this template might cause AWS CloudFormation to create IAM resources.** checkbox.
+1. Click **Create** to start the creation of the stack.
+1. Wait until the stack reaches the state **CREATE_COMPLETE**
+
+### Dependencies
+* `vpc/vpc-*azs.yaml` (**required**)
+* `fargate/cluster.yaml` (**required**)
+* `operations/alert.yaml` (recommended)
+* `security/auth-proxy-*.yaml`
+* `vpc/zone-*.yaml`
+* `state/s3.yaml*`
+* `state/client-sg.yaml`
diff --git a/docs/index.md b/docs/index.md
@@ -27,6 +27,7 @@ Choose from our template catalog:
 
 * [Elastic Compute Cloud (EC2)](./ec2/)
 * [EC2 Container Service (ECS)](./ecs/)
+* [Fargate](./fargate/)
 * [Jenkins ](./jenkins/)
 * [Operations](./operations/)
 * [Security](./security/)

diff --git a/ecs/cluster.yaml b/ecs/cluster.yaml
@@ -24,6 +24,7 @@ Metadata:
       - ParentSSHBastionStack
       - ParentAuthProxyStack
       - ParentAlertStack
+      - ParentS3Stack
       - ParentClientStack1
       - ParentClientStack2
       - ParentClientStack3
@@ -38,6 +39,7 @@ Metadata:
       Parameters:
       - LoadBalancerScheme
       - LoadBalancerCertificateArn
+      - LoadBalancerIdleTimeout
     - Label:
         default: 'Cluster Parameters'
       Parameters:
@@ -71,6 +73,10 @@ Parameters:
     Description: 'Optional but recommended stack name of parent alert stack based on operations/alert.yaml template.'
     Type: String
     Default: ''
+  ParentS3Stack:
+    Description: 'Optional stack name of parent s3 stack based on state/s3.yaml template (with Access set to ElbAccessLogWrite) to store access logs.'
+    Type: String
+    Default: ''
   ParentClientStack1:
     Description: 'Optional stack name of parent Client Security Group stack based on state/client-sg.yaml template to allow network access from the cluster to whatever uses the client security group.'
     Type: String
@@ -119,6 +125,12 @@ Parameters:
     Description: 'Optional Amazon Resource Name (ARN) of the certificate to associate with the load balancer.'
     Type: String
     Default: ''
+  LoadBalancerIdleTimeout:
+    Description: 'The idle timeout value, in seconds.'
+    Type: Number
+    Default: 60
+    MinValue: 1
+    MaxValue: 4000
   InstanceType:
     Description: 'The instance type of the EC2 instances of the ECS cluster.'
     Type: String
@@ -218,6 +230,7 @@ Conditions:
   HasAuthProxySecurityGroupAndLoadBalancerCertificateArn: !And [!Condition HasAuthProxySecurityGroup, !Condition HasLoadBalancerCertificateArn]
   HasNotAuthProxySecurityGroupAndLoadBalancerCertificateArn: !And [!Condition HasNotAuthProxySecurityGroup, !Condition HasLoadBalancerCertificateArn]
   HasAlertTopic: !Not [!Equals [!Ref ParentAlertStack, '']]
+  HasS3Bucket: !Not [!Equals [!Ref ParentS3Stack, '']]
   HasClientSecurityGroup1: !Not [!Equals [!Ref ParentClientStack1, '']]
   HasClientSecurityGroup2: !Not [!Equals [!Ref ParentClientStack2, '']]
   HasClientSecurityGroup3: !Not [!Equals [!Ref ParentClientStack3, '']]
@@ -430,8 +443,6 @@ Resources:
       Dimensions:
       - Name: LoadBalancer
         Value: !GetAtt 'LoadBalancer.LoadBalancerFullName'
-      - Name: TargetGroup
-        Value: !GetAtt 'DefaultTargetGroup.TargetGroupFullName'
   HTTPCodeTarget5XXTooHighAlarm:
     Condition: HasAlertTopic
     Type: 'AWS::CloudWatch::Alarm'
@@ -468,8 +479,6 @@ Resources:
       Dimensions:
       - Name: LoadBalancer
         Value: !GetAtt 'LoadBalancer.LoadBalancerFullName'
-      - Name: TargetGroup
-        Value: !GetAtt 'DefaultTargetGroup.TargetGroupFullName'
   TargetConnectionErrorCountTooHighAlarm:
     Condition: HasAlertTopic
     Type: 'AWS::CloudWatch::Alarm'
@@ -492,6 +501,15 @@ Resources:
   LoadBalancer: # not monitored, but DefaultTargetGroup is monitored!
     Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
     Properties:
+      LoadBalancerAttributes:
+      - Key: 'idle_timeout.timeout_seconds'
+        Value: !Ref LoadBalancerIdleTimeout
+      - Key: 'routing.http2.enabled'
+        Value: 'true'
+      - Key: 'access_logs.s3.enabled'
+        Value: !If [HasS3Bucket, 'true', 'false']
+      - !If [HasS3Bucket, {Key: 'access_logs.s3.prefix', Value: !Ref 'AWS::StackName'}, !Ref 'AWS::NoValue']
+      - !If [HasS3Bucket, {Key: 'access_logs.s3.bucket', Value: {'Fn::ImportValue': !Sub '${ParentS3Stack}-BucketName'}}, !Ref 'AWS::NoValue']
       Scheme: !Ref LoadBalancerScheme
       SecurityGroups:
       - !Ref ALBSecurityGroup