forked from prebid/prebid-js-build-generator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service.yaml
367 lines (359 loc) · 11.7 KB
/
service.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy a service on AWS ECS, hosted in a public subnet and accessible via a public Application Load Balancer.
Parameters:
NetworkStackName:
Type: String
Default: prebid-network-prod
Description: The name of the parent networking stack that you created. Necessary
to locate and reference resources created by that stack.
ECSAMI:
Description: AMI ID
Type: AWS::EC2::Image::Id
# Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
# Default: /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id
InstanceType:
Description: EC2 instance type
Type: String
Default: t2.medium
AllowedValues: [t2.micro, t2.small, t2.medium, t2.large, m3.medium, m3.large,
m3.xlarge, m3.2xlarge, m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge,
c4.large, c4.xlarge, c4.2xlarge, c4.4xlarge, c4.8xlarge, c3.large, c3.xlarge,
c3.2xlarge, c3.4xlarge, c3.8xlarge, r3.large, r3.xlarge, r3.2xlarge, r3.4xlarge,
r3.8xlarge, i2.xlarge, i2.2xlarge, i2.4xlarge, i2.8xlarge]
ConstraintDescription: Instance type for container instances.
EcsInstanceRole:
Type: String
Default: ecsInstanceRole
Description: An IAM role to give the container instances
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH access to the ECS instances
ApiContainerName:
Type: String
Default: api
Description: A name for the API container
BuilderContainerName:
Type: String
Default: builder
Description: A name for the builder container
ApiImageUrl:
Type: String
Default: prebid/pbjs-bundle-service-api:latest
Description: The url of a docker image that contains the API application process that
will handle the traffic for this service
BuilderImageUrl:
Type: String
Default: prebid/pbjs-bundle-service-builder:latest
Description: The url of a docker image that contains the builder application process that
will pre-build PBJS tags
ApiContainerPort:
Type: Number
Default: 3000
Description: What port number the application inside the docker container is binding to
ApiContainerCpu:
Type: Number
Default: 1024
AllowedValues:
- 256
- 512
- 1024
- 2048
- 4096
Description: How much CPU to give the container. 1024 is 1 CPU
BuilderContainerCpu:
Type: Number
Default: 1024
AllowedValues:
- 256
- 512
- 1024
- 2048
- 4096
Description: How much CPU to give the container. 1024 is 1 CPU
ApiContainerMemory:
Type: Number
Default: 512
AllowedValues:
- 512
- 1024
- 2048
- 3072
- 4096
- 5120
- 6144
- 7168
- 8192
- 16384
Description: How much memory in megabytes to give the container
BuilderContainerMemory:
Type: Number
Default: 3072
AllowedValues:
- 512
- 1024
- 2048
- 3072
- 4096
- 5120
- 6144
- 7168
- 8192
- 16384
Description: How much memory in megabytes to give the container
DesiredCount:
Type: Number
Default: 1
Description: How many copies of the service task to run
TaskExecutionRole:
Type: String
Default: ecsTaskExecutionRole
Description: An IAM role to give the tasks for pulling and container images and publishing container logs to Amazon
CloudWatch
LoadBalancerCertificateId:
Type: String
Default: ''
Description: Id of the pre-uploaded (or pre-requested) SSL certificate from ACM (Amazon Certificate Manager).
That is, it is a last part of the Certificate ARN, for example "arn:aws:acm:us-east-1:123456789123:certificate/>this_is_the_id<"
Conditions:
HasLoadBalancerCertificateId: !Not [!Equals [!Ref LoadBalancerCertificateId, '']]
Resources:
# Auto scaling group
LaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
LaunchConfigurationName: !Join ['-', [!Ref 'AWS::StackName', 'lc2']]
ImageId: !Ref ECSAMI
KeyName: !Ref KeyName
InstanceType: !Ref InstanceType
IamInstanceProfile: !Ref EcsInstanceRole
SecurityGroups:
- !Ref InstanceSecurityGroup
UserData:
Fn::Base64: !Sub
- |
#!/bin/bash
# Set any ECS agent configuration options
echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config
echo 'ECS_INSTANCE_ATTRIBUTES={"app":"pbjs-bundle-service"}' >> /etc/ecs/ecs.config
- ECSCluster:
Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'ClusterName']]
AutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: !Join ['-', [!Ref 'AWS::StackName', 'asg']]
LaunchConfigurationName: !Ref LaunchConfig
DesiredCapacity: !Ref DesiredCount
MinSize: !Ref DesiredCount
MaxSize: 4
VPCZoneIdentifier:
- Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'PublicSubnetOne']]
- Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'PublicSubnetTwo']]
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SSH access to instances of auto-scaling group
VpcId:
Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'VPCId']]
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
# Load Balancer
ALBSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Access to the public facing load balancer
VpcId:
Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'VPCId']]
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
FromPort: 80
ToPort: 80
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
FromPort: 443
ToPort: 443
ALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: '60'
Subnets:
- Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'PublicSubnetOne']]
- Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'PublicSubnetTwo']]
SecurityGroups: [!Ref 'ALBSG']
Tags:
- Key: 'Name'
Value: !Join ['-', [!Ref 'AWS::StackName', 'alb']]
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckPath: /health
HealthCheckProtocol: HTTP
Name: !Join ['-', [!Ref 'AWS::StackName', 'tg']]
Port: 80
Protocol: HTTP
TargetType: ip
VpcId:
Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'VPCId']]
HttpListener:
Type: AWS::ElasticLoadBalancingV2::Listener
DependsOn:
- ALB
- TargetGroup
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref TargetGroup
LoadBalancerArn: !Ref ALB
Port: 80
Protocol: HTTP
HttpsListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Condition: HasLoadBalancerCertificateId
DependsOn:
- ALB
- TargetGroup
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref TargetGroup
LoadBalancerArn: !Ref ALB
Port: 443
Protocol: HTTPS
Certificates:
- CertificateArn: !Join ['', [ !Sub 'arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/', !Ref LoadBalancerCertificateId]]
# Security Group for ECS Tasks
ECSContainerSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Access to the ECS containers
VpcId:
Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'VPCId']]
ECSContainerSGIngressFromALB:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Ingress from the ALB
GroupId: !Ref ECSContainerSG
IpProtocol: -1
SourceSecurityGroupId: !Ref ALBSG
# Task definition
TaskCloudWatchLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Join ['', ['/ecs/', !Join ['-', [!Ref 'AWS::StackName', 'task-def']]]]
RetentionInDays: 365
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Join ['-', [!Ref 'AWS::StackName', 'task-def']]
NetworkMode: awsvpc
RequiresCompatibilities:
- EC2
ExecutionRoleArn: !Join ['', [ !Sub 'arn:aws:iam::${AWS::AccountId}:role/', !Ref 'TaskExecutionRole']]
ContainerDefinitions:
- Name: !Ref 'ApiContainerName'
Essential: true
Cpu: !Ref 'ApiContainerCpu'
Memory: !Ref 'ApiContainerMemory'
Image: !Ref 'ApiImageUrl'
PortMappings:
- ContainerPort: !Ref 'ApiContainerPort'
MountPoints:
- SourceVolume: build-cache-volume
ContainerPath: /app/prebid.js
LinuxParameters:
InitProcessEnabled: true
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref 'TaskCloudWatchLogGroup'
awslogs-region: !Ref 'AWS::Region'
awslogs-stream-prefix: 'ecs'
- Name: !Ref 'BuilderContainerName'
Essential: true
Cpu: !Ref 'BuilderContainerCpu'
Memory: !Ref 'BuilderContainerMemory'
Image: !Ref 'BuilderImageUrl'
Environment:
- Name: NUMBER_OF_PREVIOUS_VERSIONS
Value: 20
MountPoints:
- SourceVolume: build-cache-volume
ContainerPath: /app/prebid.js
LinuxParameters:
InitProcessEnabled: true
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref 'TaskCloudWatchLogGroup'
awslogs-region: !Ref 'AWS::Region'
awslogs-stream-prefix: 'ecs'
Volumes:
- Name: build-cache-volume
Host:
SourcePath: /app/prebid.js
# Service
Service:
Type: AWS::ECS::Service
DependsOn:
- HttpListener
Properties:
ServiceName: !Join ['-', [!Ref 'AWS::StackName', 'service']]
Cluster:
Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'ClusterName']]
LaunchType: EC2
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
DesiredCount: !Ref 'DesiredCount'
NetworkConfiguration:
AwsvpcConfiguration:
SecurityGroups:
- !Ref ECSContainerSG
Subnets:
- Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'PrivateSubnetOne']]
- Fn::ImportValue:
!Join [':', [!Ref 'NetworkStackName', 'PrivateSubnetTwo']]
TaskDefinition: !Ref 'TaskDefinition'
LoadBalancers:
- ContainerName: !Ref 'ApiContainerName'
ContainerPort: !Ref 'ApiContainerPort'
TargetGroupArn: !Ref TargetGroup
PlacementConstraints:
- Type: memberOf
Expression: attribute:app == pbjs-bundle-service
PlacementStrategies:
- Type: spread
Field: attribute:ecs.availability-zone
- Type: spread
Field: instanceId
Outputs:
ExternalUrl:
Description: The url of the load balancer
Value: !Join ['', ['http://', !GetAtt 'ALB.DNSName']]
TaskLogGroupName:
Description: The name of the Task CloudWatch Log Group
Value: !Ref TaskCloudWatchLogGroup
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'TaskLogGroupName' ] ]
TaskLogGroupArn:
Description: The ARN of the Task CloudWatch Log Group
Value: !GetAtt TaskCloudWatchLogGroup.Arn
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'TaskLogGroupArn' ] ]