-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.deploy.yml
129 lines (118 loc) · 3.69 KB
/
docker-compose.deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
version: "3"
services:
sme-public-profile-client:
image: "${CLIENT_IMAGE}"
environment:
PUBLIC_VAR_CLIENT_ENV: "${CLIENT_ENV}"
PUBLIC_VAR_GOOGLE_ANALYTICS_ID: "${CLIENT_GOOGLE_ANALYTICS_ID}"
NODE_ENV: production
ports:
- target: 3000
x-aws-protocol: http
deploy:
replicas: ${REQUIRED_INSTANCES}
sector-average-service:
image: "${SECTOR_AVERAGE_SERVICE_IMAGE}"
environment:
NODE_ENV: production
STAGE: "${STAGE}"
NO_COLOR: "y"
ALLOW_CORS_ANY_ORIGIN: "${BACKENDS_ALLOW_CORS_ANY_ORIGIN}"
ports:
- target: 3003
x-aws-protocol: http
secrets:
- sector-average-service
deploy:
replicas: ${REQUIRED_INSTANCES}
secrets:
sector-average-service:
name: "${SECTOR_AVERAGE_SERVICE_SECRET}"
external: true
x-aws-cloudformation:
Resources:
# Disable the default listeners and port 3000 ingress rule
Smepublicprofileclient3000Listener:
Sectoraverageservice3003Listener:
Default3000Ingress:
# Specify the subnets for the load balancer
LoadBalancer:
Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
Properties:
Subnets:
- ${AWS_VPC_PUBLIC_SUBNET_0}
- ${AWS_VPC_PUBLIC_SUBNET_1}
- ${AWS_VPC_PUBLIC_SUBNET_2}
# Update the CloudFormation resource dependencies; the services should
# all depend on the shared application load balancer defined below.
SectoraverageserviceService:
Type: "AWS::ECS::Service"
DependsOn:
- SmePublicProfileListener443
Properties:
NetworkConfiguration:
AwsvpcConfiguration:
Subnets:
- ${AWS_VPC_PUBLIC_SUBNET_0}
- ${AWS_VPC_PUBLIC_SUBNET_1}
- ${AWS_VPC_PUBLIC_SUBNET_2}
SmepublicprofileclientService:
Type: "AWS::ECS::Service"
DependsOn:
- SmePublicProfileListener443
Properties:
NetworkConfiguration:
AwsvpcConfiguration:
Subnets:
- ${AWS_VPC_PUBLIC_SUBNET_0}
- ${AWS_VPC_PUBLIC_SUBNET_1}
- ${AWS_VPC_PUBLIC_SUBNET_2}
# Redirect HTTP to HTTPS
# Doc: https://aws.amazon.com/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/
SmePublicProfileListener80:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
LoadBalancerArn:
Ref: LoadBalancer
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
StatusCode: HTTP_301
Protocol: HTTP
Port: 80
# Define a custom application load balancer to serve HTTPS with path based
# routing to individual backend services.
SmePublicProfileListener443:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
LoadBalancerArn:
Ref: LoadBalancer
# Default route to the web server.
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: Smepublicprofileclient3000TargetGroup
Certificates:
- CertificateArn: "${AWS_CERTIFICATE}"
Protocol: HTTPS
Port: 443
# Route path /api/sector/* to the sector-average-service.
RouteSectorApiRule:
Type: "AWS::ElasticLoadBalancingV2::ListenerRule"
DependsOn:
- SmePublicProfileListener443
Properties:
ListenerArn:
Ref: SmePublicProfileListener443
Priority: 1
Conditions:
- Field: path-pattern
Values:
- "/api/sector/*"
Actions:
- Type: forward
TargetGroupArn:
Ref: Sectoraverageservice3003TargetGroup
x-aws-vpc: "${AWS_VPC}"