-
Notifications
You must be signed in to change notification settings - Fork 0
/
__main__.py
149 lines (137 loc) · 5.09 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
"""An AWS Python Pulumi program - ECS Cluster with Fargate"""
import pulumi
import pulumi_aws as aws
import json
cluster = aws.ecs.Cluster("my-cluster") # Create an ECS cluster
vpc = aws.ec2.get_vpc(default=True) # Get the default VPC
vpc_subnets = aws.ec2.get_subnet_ids(
vpc_id=vpc.id) # Get the default VPC subnets
group = aws.ec2.SecurityGroup(
"web-security-group", # Create a security group for our cluster
vpc_id=vpc.id, # Use the default VPC
description="Enable HTTP access", # Set a description
ingress=[
{
"protocol": "icmp",
"from_port": 8,
"to_port": 0,
"cidr_blocks": ["0.0.0.0/0"],
},
{
"protocol": "tcp",
"from_port": 80,
"to_port": 80,
"cidr_blocks": ["0.0.0.0/0"],
},
],
egress=[
{
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": ["0.0.0.0/0"]
}
]
)
# Load Balancer config
alb = aws.lb.LoadBalancer(
"app-lb", # Create a load balancer for our cluster
internal=False, # Create an internet-facing load balancer
security_groups=[group.id], # Add the security group to the load balancer
subnets=vpc_subnets.ids, # Add the subnets to the load balancer
load_balancer_type="application" # Set the load balancer type
)
# Target Group config
atg = aws.lb.TargetGroup(
"app-tg", # Create a target group
port=80, # Port 80 for traffic
protocol="HTTP", # HTTP traffic
target_type="ip", # IP addresses as targets
vpc_id=vpc.id # Use the default VPC
)
# Listener config
awl = aws.lb.Listener(
"web-listener", # Create a listener for our load balancer
load_balancer_arn=alb.arn, # Reference the load balancer ARN
port=80, # Traffic from port 80
default_actions=[{ # Default action is to route traffic to the target group
"type": "forward",
"target_group_arn": atg.arn
}]
)
# Task Execution Role config
role = aws.iam.Role(
"task-execution-role", # Create a task execution role
assume_role_policy=json.dumps({
"Version": "2008-10-17",
"Statement": [{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
})
)
# Attach a policy to the role
rpa = aws.iam.RolePolicyAttachment(
"task-execution-policy", # Attach a policy to the role
role=role.name, # Reference the role name
# Use an AWS managed policy
policy_arn="arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
)
# Task Definition config
task_definition = aws.ecs.TaskDefinition(
"app-task", # Create a task definition
family="fargate-app-task", # Set a name for the task definition
cpu="256", # 256 CPU units
memory="512", # 512MB of memory
network_mode="awsvpc", # Use the awsvpc network mode
requires_compatibilities=["FARGATE"], # Use the Fargate launch type
execution_role_arn=role.arn, # Use the task execution role
container_definitions=json.dumps([{
"name": "app", # Set a name for the container
"image": "nginx", # Use the latest stable Alpine image
# "image": "nginx:stable-alpine3.17", # Use the latest stable Alpine image
"portMappings": [{ # Map port 80 in the container to port 80 on the host
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}],
# "essential": True, # This container is essential to the task
# "memory": 512, # 512MB of memory for the container
# "cpu": 256, # 256 CPU units for the container
# "logConfiguration": { # Configure logging
# "logDriver": "awslogs",
# "options": {
# "awslogs-group": "ecs-tasks", # Create a log group
# "awslogs-region": aws.config.region, # Use the region
# "awslogs-stream-prefix": "app" # Set a prefix for the log streams
# }
# }
}])
)
# Service config
service = aws.ecs.Service(
"app-svc", # Create a service
cluster=cluster.arn, # Add the cluster ARN
desired_count=3, # Number of tasks to run (3 instances)
launch_type="FARGATE", # Use the Fargate launch type
task_definition=task_definition.arn, # Add the task definition ARN
network_configuration={ # Use the network configuration
"subnets": vpc_subnets.ids, # Add the subnets to the network configuration
"assign_public_ip": True, # Assign a public IP address to the task
# Add the security group to the network configuration
"security_groups": [group.id]
},
load_balancers=[{ # Add the load balancer to the service
"target_group_arn": atg.arn, # Add the target group ARN
"container_name": "app", # Add the container name
"container_port": 80 # Add the container port
}],
# Wait for the listener to be created
opts=pulumi.ResourceOptions(depends_on=[awl])
)
# Export the URL
pulumi.export("url", alb.dns_name)