-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yml
224 lines (202 loc) · 5.88 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
---
AWSTemplateFormatVersion: "2010-09-09"
Description: "AWS CloudFormation Template to run the LaunchDarkly Relay with Fargate"
Parameters:
Stage:
Description: name of stage, e.g. dev, test, staging, prod
Type: String
Default: dev
ApiKey:
Description: LaunchDarkly SDK key
Type: String
MinLength: 36 # should be sdk-{36 chars}
TableNameParamNamePrefix:
Description: |
Prefix the name of the SSM parameter used to store the DynamoDB table name.
For example, a prefix of "/Foo" will create an SSM param named "/Foo/LaunchDarklyRelay/TableName"
Type: String
Default: ""
Resources:
Table:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: namespace
AttributeType: S
- AttributeName: key
AttributeType: S
BillingMode: PAY_PER_REQUEST
KeySchema:
- AttributeName: namespace
KeyType: HASH
- AttributeName: key
KeyType: RANGE
TableNameParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "${TableNameParamNamePrefix}/LaunchDarklyRelay/TableName"
Type: String
Value: !Ref Table
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Ref AWS::StackName
TaskRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: RootPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:*Item
Resource: !GetAtt "Table.Arn"
# the role ECS uses to start tasks
TaskExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns: # use the managed policy (mirrors what the console does)
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
TaskRoleArn: !GetAtt "TaskRole.Arn"
ExecutionRoleArn: !GetAtt "TaskExecutionRole.Arn"
RequiresCompatibilities:
- FARGATE
NetworkMode: awsvpc
Family: !Ref AWS::StackName
Cpu: "512"
Memory: "1024"
ContainerDefinitions:
- Name: ld-relay
Image: launchdarkly/ld-relay:v5
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref LogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: ecs
PortMappings:
- HostPort: 8030
Protocol: tcp
ContainerPort: 8030
Cpu: 512
MemoryReservation: 1024
Environment:
- Name: DYNAMODB_TABLE
Value: !Ref Table
- Name: EXIT_ON_ERROR
Value: "true"
- Name: USE_DYNAMODB
Value: "true"
- Name: LD_ENV_production
Value: !Ref ApiKey
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/ecs/${AWS::StackName}"
RetentionInDays: 7
Service:
Type: AWS::ECS::Service
Properties:
Cluster: !GetAtt "Cluster.Arn"
DesiredCount: 1 # should only need one instance of the relay at a time
LaunchType: FARGATE
TaskDefinition: !Ref TaskDefinition
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
SecurityGroups:
- !Ref ServiceSecurityGroup
Subnets:
- !Ref SubnetAz
ServiceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Security group for the LaunchDarkly Relay"
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 8030
ToPort: 8030
CidrIp: 0.0.0.0/0
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/24
EnableDnsSupport: "true"
EnableDnsHostnames: "true"
Tags:
- Key: Name
Value: !Join [" ", [ECS, !Ref Cluster, "-", VPC]]
- Key: Description
Value: Created for LaunchDarkly Relay cluster
SubnetAz:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: !Join [" ", [ECS, !Ref Cluster, "-", Subnet]]
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Join [" ", [ECS, !Ref Cluster, "-", InternetGateway]]
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
RouteViaIgw:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Join [" ", [ECS, !Ref Cluster, "-", RouteTable]]
PublicRouteViaIgw:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref RouteViaIgw
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetAz
RouteTableId: !Ref RouteViaIgw
Outputs:
TableName:
Description: "DynamoDB table."
Value: !Ref Table
Cluster:
Description: "Fargate cluster."
Value: !Ref Cluster
TaskRole:
Description: "Task role (used by the relay)."
Value: !Ref TaskRole
TaskExecutionRole:
Description: "Task execution role (used by ECS)."
Value: !Ref TaskExecutionRole