forked from aws-samples/ecs-refarch-cloudformation-windows
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ecs-windows-cluster.yaml
223 lines (200 loc) · 7.99 KB
/
ecs-windows-cluster.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
Description: >
This template deploys an ECS cluster to the provided VPC and subnets
using an Auto Scaling Group
Parameters:
EnvironmentName:
Description: An environment name that will be prefixed to resource names
Type: String
InstanceType:
Description: Which instance type should we use to build the ECS cluster?
Type: String
Default: c4.large
ClusterSize:
Description: How many ECS hosts do you want to initially deploy?
Type: Number
Default: 4
VPC:
Description: Choose which VPC this ECS cluster should be deployed to
Type: AWS::EC2::VPC::Id
Subnets:
Description: Choose which subnets this ECS cluster should be deployed to
Type: List<AWS::EC2::Subnet::Id>
SecurityGroup:
Description: Select the Security Group to use for the ECS cluster hosts
Type: AWS::EC2::SecurityGroup::Id
Mappings:
# These are the latest ECS optimized AMIs as of [DATE]:
#
# Windows_Server-2016-English-Full-ECS_Optimized-2017.11.24
# ECS agent:
# Docker: 17.06.2-ee-5
# ecs-init:
#
# You can find the latest available on this page of our documentation:
# http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html
# (note the AMI identifier is region specific)
AWSRegionToAMI:
us-west-2:
AMI: ami-a68e39de
us-west-1:
AMI: ami-e5686b85
us-east-2:
AMI: ami-6b9db60e
us-east-1:
AMI: ami-ec346f96
eu-west-2:
AMI: ami-29574c4d
eu-west-1:
AMI: ami-48eb7931
eu-central-1:
AMI: ami-ee30a281
ca-central-1:
AMI: ami-1e91147a
ap-southeast-2:
AMI: ami-252fd247
ap-southeast-1:
AMI: ami-a6fa89da
ap-northeast-2:
AMI: ami-0e63c360
ap-northeast-1:
AMI: ami-bf3ca4d9
Resources:
ECSCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Ref EnvironmentName
ECSAutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
VPCZoneIdentifier: !Ref Subnets
LaunchConfigurationName: !Ref ECSLaunchConfiguration
MinSize: !Ref ClusterSize
MaxSize: !Ref ClusterSize
DesiredCapacity: !Ref ClusterSize
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} ECS host
PropagateAtLaunch: 'true'
CreationPolicy:
ResourceSignal:
Timeout: PT15M
UpdatePolicy:
AutoScalingRollingUpdate:
MinInstancesInService: '1'
MaxBatchSize: '1'
PauseTime: PT20M
WaitOnResourceSignals: 'true'
ECSLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId: !FindInMap [AWSRegionToAMI, !Ref "AWS::Region", AMI]
InstanceType: !Ref InstanceType
SecurityGroups:
- !Ref SecurityGroup
IamInstanceProfile: !Ref ECSInstanceProfile
#Need to someone to check this section. Was unable to find a good example in YAML for bootstrapping an instance.
UserData: !Base64
Fn::Join:
- ''
- - '<script>
'
- 'cfn-init.exe -v -s '
- !Ref 'AWS::StackId'
- ' -r ECSLaunchConfiguration'
- ' --region '
- !Ref 'AWS::Region'
- '
'
- 'cfn-signal.exe -e %ERRORLEVEL% --stack '
- !Ref 'AWS::StackName'
- ' --resource ECSAutoScalingGroup '
- ' --region '
- !Ref 'AWS::Region'
- '
'
- </script>
Metadata:
AWS::CloudFormation::Init:
config:
commands:
01_import_powershell_module:
command: !Sub powershell.exe -Command Import-Module ECSTools
02_add_instance_to_cluster:
command: !Sub powershell.exe -Command Initialize-ECSAgent -Cluster ${ECSCluster} -EnableTaskIAMRole
files:
c:\cfn\cfn-hup.conf:
content: !Join ['', ['[main]
', stack=, !Ref 'AWS::StackId', '
', region=, !Ref 'AWS::Region', '
']]
c:\cfn\hooks.d\cfn-auto-reloader.conf:
content: !Join ['', ['[cfn-auto-reloader-hook]
', 'triggers=post.update
', 'path=Resources.ECSLaunchConfiguration.Metadata.AWS::CloudFormation::Init
', 'action=cfn-init.exe -v -s ', !Ref 'AWS::StackId', ' -r ECSLaunchConfiguration',
' --region ', !Ref 'AWS::Region', '
']]
services:
windows:
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- c:\cfn\cfn-hup.conf
- c:\etc\cfn\hooks.d\cfn-auto-reloader.conf
# This IAM Role is attached to all of the ECS hosts. It is based on the default role
# published here:
# http://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html
#
# You can add other IAM policy statements here to allow access from your ECS hosts
# to other AWS services. Please note that this role will be used by ALL containers
# running on the ECS host.
ECSRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: !Sub ${EnvironmentName}-ECSRole-${AWS::Region}
AssumeRolePolicyDocument: |
{
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}]
}
Policies:
- PolicyName: ecs-service
PolicyDocument: |
{
"Statement": [{
"Effect": "Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecs:Submit*",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}]
}
ECSInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref ECSRole
Outputs:
Cluster:
Description: A reference to the ECS cluster
Value: !Ref ECSCluster