1
0
mirror of https://github.com/ebosas/microservices.git synced 2025-08-24 20:08:55 +02:00

Edit ASG update policy

This commit is contained in:
ebosas
2021-11-15 10:34:10 +02:00
parent a3323052f4
commit 784de538f6
2 changed files with 15 additions and 495 deletions

View File

@@ -50,22 +50,22 @@ Resources:
DesiredCapacity: 1
CreationPolicy:
ResourceSignal:
Timeout: PT15M
Timeout: PT5M
UpdatePolicy:
AutoScalingReplacingUpdate:
WillReplace: true
# AutoScalingRollingUpdate:
# MinSuccessfulInstancesPercent: 100
# WaitOnResourceSignals: true
# PauseTime: PT5M
# SuspendProcesses:
# # Suspend everything except Launch and Terminate.
# - AddToLoadBalancer
# - AlarmNotification
# - AZRebalance
# - HealthCheck
# - ReplaceUnhealthy
# - ScheduledActions
# AutoScalingReplacingUpdate:
# WillReplace: true
AutoScalingRollingUpdate:
MinSuccessfulInstancesPercent: 100
WaitOnResourceSignals: true
PauseTime: PT5M
SuspendProcesses:
# Suspend everything except Launch and Terminate.
- AddToLoadBalancer
- AlarmNotification
- AZRebalance
- HealthCheck
- ReplaceUnhealthy
- ScheduledActions
ContainerInstances:
Type: AWS::AutoScaling::LaunchConfiguration
@@ -214,11 +214,6 @@ Resources:
#-----------------------------------------------------------------------------#
# Role for ECS
#
# This is an IAM role which authorizes ECS to manage resources on your
# account on your behalf, such as updating your load balancer with the
# details of where your containers are, so that traffic can reach your
# containers.
#-----------------------------------------------------------------------------#
ECSRole:
Type: AWS::IAM::Role

View File

@@ -1,475 +0,0 @@
Parameters:
GitHubRepo:
Type: String
GitHubBranch:
Type: String
GitHubToken:
Type: String
NoEcho: true
GitHubUser:
Type: String
EnvironmentName:
Type: String
Default: production
LaunchType:
Type: String
Default: Fargate
AllowedValues: [Fargate, EC2]
# Conditions:
# Fargate: !Equals [ !Ref LaunchType, 'Fargate' ]
Resources:
#-----------------------------------------------------------------------------#
# Artifact Bucket
#-----------------------------------------------------------------------------#
ArtifactBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub microservices-infrastructure-${AWS::AccountId}
VersioningConfiguration:
Status: Enabled
#-----------------------------------------------------------------------------#
# Source Credentials (for CodeBuild)
#-----------------------------------------------------------------------------#
SourceCredentials:
Type: AWS::CodeBuild::SourceCredential
Properties:
Token: !Ref GitHubToken
ServerType: GITHUB
AuthType: PERSONAL_ACCESS_TOKEN
#-----------------------------------------------------------------------------#
# CodePipeline
#-----------------------------------------------------------------------------#
PipelineWebhook:
Type: AWS::CodePipeline::Webhook
Properties:
AuthenticationConfiguration:
SecretToken: !Ref GitHubToken
Filters:
- JsonPath: "$.ref"
MatchEquals: refs/heads/{Branch}
Authentication: GITHUB_HMAC
TargetPipeline: !Ref Pipeline
TargetAction: Source
TargetPipelineVersion: !GetAtt Pipeline.Version
RegisterWithThirdParty: false # only manual action
Pipeline:
Type: AWS::CodePipeline::Pipeline
# DependsOn:
# - SSMArtifactBucket
# - SSMCodePipelineServiceRoleArn
Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore:
Type: S3
Location: !Ref ArtifactBucket
Stages:
#-----------------------------------------------------------------------------#
# Source
#-----------------------------------------------------------------------------#
- Name: Source
Actions:
- Name: Source
Namespace: SourceVariables
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
Configuration:
Owner: !Ref GitHubUser
Repo: !Ref GitHubRepo
Branch: !Ref GitHubBranch
OAuthToken: !Ref GitHubToken
PollForSourceChanges: false
OutputArtifacts:
- Name: Source
RunOrder: 1
#-----------------------------------------------------------------------------#
# Infrastructure Resources
#-----------------------------------------------------------------------------#
- Name: Network_Resources
Actions:
- Name: Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Network
TemplatePath: Source::deployments/network.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
- Name: Base_Resources
Actions:
# Rabbit, Redis, and Postgres
- Name: Resources
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Resources
TemplatePath: Source::deployments/resources.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
# Application load balancer
- Name: Load_Balancer
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-LoadBalancer
TemplatePath: Source::deployments/alb.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
# ECS/Fargate cluster
- Name: Cluster
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Cluster
TemplatePath: Source::deployments/cluster.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}",
"LaunchType": "${LaunchType}"
}
InputArtifacts:
- Name: Source
# #-----------------------------------------------------------------------------#
# # Services
# #-----------------------------------------------------------------------------#
# - Name: Services
# Actions:
# - Name: Server
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Server-Service
# TemplatePath: Source::deployments/services/server.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub
# - |
# {
# "ServiceName": "server",
# "EnvironmentName": "${EnvironmentName}",
# "LaunchType": "${LaunchType}",
# "ImageUrl": "amazon/amazon-ecs-sample",
# "ContainerMemory": ${memory}
# }
# - memory: !If [ Fargate, 512, 230 ]
# InputArtifacts:
# - Name: Source
# - Name: Cache
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Cache-Service
# TemplatePath: Source::deployments/services/cache.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub
# - |
# {
# "ServiceName": "cache",
# "EnvironmentName": "${EnvironmentName}",
# "LaunchType": "${LaunchType}",
# "ImageUrl": "amazon/amazon-ecs-sample",
# "ContainerMemory": ${memory}
# }
# - memory: !If [ Fargate, 512, 230 ]
# InputArtifacts:
# - Name: Source
# - Name: Database
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Database-Service
# TemplatePath: Source::deployments/services/database.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub
# - |
# {
# "ServiceName": "database",
# "EnvironmentName": "${EnvironmentName}",
# "LaunchType": "${LaunchType}",
# "ImageUrl": "amazon/amazon-ecs-sample",
# "ContainerMemory": ${memory}
# }
# - memory: !If [ Fargate, 512, 230 ]
# InputArtifacts:
# - Name: Source
# #-----------------------------------------------------------------------------#
# # Service Pipelines
# #-----------------------------------------------------------------------------#
# - Name: Service_Pipelines
# Actions:
# - Name: Server
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Server-Pipeline
# TemplatePath: Source::deployments/service-pipeline.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "ServiceName": "server",
# "EnvironmentName": "${EnvironmentName}",
# "TriggerPattern": "\\[(BuildServer|BuildAll)\\]",
# "GitHubRepo": "${GitHubRepo}",
# "GitHubBranch": "${GitHubBranch}",
# "GitHubUser": "${GitHubUser}"
# }
# InputArtifacts:
# - Name: Source
# - Name: Cache
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Cache-Pipeline
# TemplatePath: Source::deployments/service-pipeline.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "ServiceName": "cache",
# "EnvironmentName": "${EnvironmentName}",
# "TriggerPattern": "\\[(BuildCache|BuildAll)\\]",
# "GitHubRepo": "${GitHubRepo}",
# "GitHubBranch": "${GitHubBranch}",
# "GitHubUser": "${GitHubUser}"
# }
# InputArtifacts:
# - Name: Source
# - Name: Database
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Database-Pipeline
# TemplatePath: Source::deployments/service-pipeline.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "ServiceName": "database",
# "EnvironmentName": "${EnvironmentName}",
# "TriggerPattern": "\\[(BuildDatabase|BuildAll)\\]",
# "GitHubRepo": "${GitHubRepo}",
# "GitHubBranch": "${GitHubBranch}",
# "GitHubUser": "${GitHubUser}"
# }
# InputArtifacts:
# - Name: Source
#-----------------------------------------------------------------------------#
# Roles for CodePipeline service
#-----------------------------------------------------------------------------#
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
# Allow codepipeline to put artifacts in the S3 bucket
# as well as get artifacts back out of it.
- Resource:
- !Sub arn:aws:s3:::${ArtifactBucket}*
Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetBucketVersioning
- s3:PutObjectAcl
# Allow codepipeline to build code builds
- Resource: "*"
Effect: Allow
Action:
- codebuild:StartBuild
- codebuild:BatchGetBuilds
- iam:PassRole
# Allow codepipeline to deploy cloudformation stacks
- Effect: Allow
Action:
- cloudformation:CreateChangeSet
- cloudformation:CreateStack
- cloudformation:CreateUploadBucket
- cloudformation:DeleteStack
- cloudformation:Describe*
- cloudformation:List*
- cloudformation:UpdateStack
- cloudformation:ValidateTemplate
- cloudformation:ExecuteChangeSet
Resource: "*"
# Allow codepipeline to get images from ECR
- Effect: Allow
Action:
- ecr:GetAuthorizationToken
- ecr:BatchCheckLayerAvailability
- ecr:GetDownloadUrlForLayer
- ecr:GetRepositoryPolicy
- ecr:DescribeRepositories
- ecr:ListImages
- ecr:DescribeImages
- ecr:BatchGetImage
- ecr:GetLifecyclePolicy
- ecr:GetLifecyclePolicyPreview
- ecr:ListTagsForResource
- ecr:DescribeImageScanFindings
Resource: "*"
# Allow codepipeline to deploy to ECS
- Effect: Allow
Action:
- ecs:DescribeServices
- ecs:DescribeTaskDefinition
- ecs:DescribeTasks
- ecs:ListTasks
- ecs:RegisterTaskDefinition
- ecs:UpdateService
Resource: "*"
# This role is passed by CodePipeline to CloudFormation to use
# when setting up resources in the pipeline
CloudFormationDeployRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: deploy-stack
PolicyDocument:
Statement:
- Effect: Allow
Action:
- iam:*
- ec2:*
- ecs:*
- elasticloadbalancing:*
- autoscaling:*
- elasticache:*
- logs:*
- application-autoscaling:*
- cloudwatch:*
- rds:*
- mq:*
# - secretsmanager:*
- ssm:*
- codebuild:*
- ecr:*
- codepipeline:*
- events:*
Resource: "*"
# #-----------------------------------------------------------------------------#
# # SSM Parameter Store
# #-----------------------------------------------------------------------------#
# SSMArtifactBucket:
# Type: AWS::SSM::Parameter
# Properties:
# Name: /Microservices/ArtifactBucket
# Type: String
# Value: !Ref ArtifactBucket
# SSMCodePipelineServiceRoleArn:
# Type: AWS::SSM::Parameter
# Properties:
# Name: /Microservices/CodePipelineServiceRoleArn
# Type: String
# Value: !GetAtt CodePipelineServiceRole.Arn
Outputs:
PipelineUrl:
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}