kfs_nexus_backup_ecs.yaml
---

Kuali Nexus Repository Manager CloudFormation Deployment

This CloudFormation template will build an ECS stack to support the Kuali team's Nexus repository manager that is backed by EFS for the related data storage.

AWSTemplateFormatVersion: '2010-09-09' Description: Kuali Nexus Storage Backup ECS

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters: AppSlug: MinLength: '3' Type: String Description: Short application slug, ie 'kfs'. Lowercase letters, numbers and dashes only AllowedPattern: "[a-z0-9-]*" KeyName: Description: Amazon EC2 Key Pair Type: AWS::EC2::KeyPair::KeyName Default: "kfs-development-environments-keypair" DockerImage: Description: 'Docker Image, i.e.: kuali/nexus-storage-backup:ua-release-1.0-DATE' Default: 397167497055.dkr.ecr.us-west-2.amazonaws.com/kuali/nexus-storage-backup:ua-release-1.0-YYYY-MM-DD Type: String S3Bucket: Description: 'Storage Backup S3 Bucket Name' Default: "kfs-nexus-repo-storage-backup" Type: String BackupPath: Description: 'Nexus Repo Storage Path' Default: "/sonatype-work" Type: String EFSStackName: MinLength: '2' Type: String Description: Name of the EFS CloudFormation Stack Default: kuali-nexus-efs NexusStackName: MinLength: '2' Type: String Description: Name of the Nexus CloudFormation Stack Default: kfs-nexus HostedZoneName: MinLength: '3' Type: String Description: 'Name of Route53 Hosted Zone: ie ''aws.arizona.edu''' Default: "ua-uits-kuali-nonprod.arizona.edu" SSLCertARN: Description: Application SSL Certificate ARN Type: String Default: "arn:aws:acm:us-west-2:397167497055:certificate/9a4ee0ac-1031-41c5-9457-0181eab28f7b" TagService: Description: Refers to the application (Uaccess Learning, Uaccess Employee, Uaccess Student) Type: String Default: "UAccess Financials" TagApplication: Description: The specific application of this resource Type: String Default: "build" TagEnvironment: Description: Type of environment that is using this resource, such as 'dev', 'tst', 'prd'. Type: String Default: "dev" TagContactNetid: Description: NetID of person most familiar with resource Type: String Default: "fischerm" TagAccountNumber: Description: Identifies the financial system account number Type: String Default: "1192620" TagSubAccount: Description: Financial system subaccount number for the service utilizing this resource Type: String Default: "12AWS" TagTicketNumber: Description: Jira Ticket Number Type: String Default: "FIN-239"

Metadata

Metadata is mostly for organizing and presenting Parameters in a better way when using CloudFormation in the AWS Web UI.

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Application Information Parameters: - AppSlug - Label: default: Instance Settings Parameters: - KeyName - S3Bucket - BackupPath - Label: default: Application Settings Parameters: - DockerImage - EFSStackName - NexusStackName - Label: default: Tags Parameters: - TagService - TagApplication - TagName - TagEnvironment - TagContactNetid - TagAccountNumber - TagSubAccount - TagTicketNumber

Resources

These are all of the actual AWS resources created for this application.

Resources:

Need to create a LogGroup in order for the ECS service to log details of the build If this does not exist the ECS Service will not come up

EcsLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub "${AppSlug}-nexusbackup-lg" RetentionInDays: 30

ECS Task Definition

EcsTask: Type: "AWS::ECS::TaskDefinition" Properties: Family: !Sub "${AppSlug}-NEXUS-BACKUP" NetworkMode: "bridge"

See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html

ContainerDefinitions: - Name: !Sub "${AppSlug}-NEXUS-BACKUP" Essential: "true" Image: !Ref DockerImage PortMappings: - HostPort: "0" ContainerPort: "8081" Protocol: "tcp" Hostname: !Sub "${AppSlug}-nexus-storage-backup" Cpu: "400" MemoryReservation: "300" Privileged: "true" Environment: - Name: "EFS_MOUNTS" Value: Fn::Sub: - "${EFSID}.efs.${AWS::Region}.amazonaws.com:/=/sonatype-work" - EFSID: Fn::ImportValue: !Sub "${EFSStackName}-fs-id" - Name: "BackupSourcePath" Value: !Sub "${BackupPath}" - Name: "BackupS3BucketURI" Value: !Sub "s3://${S3Bucket}" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: !Ref "AWS::Region" awslogs-stream-prefix: "KUALI-NEXUS-BACKUP"

ECS Service Role

Used for ECS task and integration with CloudWatch events

EcsServiceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - events.amazonaws.com Action: - sts:AssumeRole Path: "/" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole

ECS Task Start Schedule

Defines starting a task at 08:00 UTC / 01:00 Arizona in order to do the backup

EcsTaskStartSchedule: Type: AWS::Events::Rule Properties: Description: "Nexus S3 Backup" ScheduleExpression: "cron(0 08 * * ? *)" State: "ENABLED" Targets: - Arn: Fn::ImportValue: !Sub "${NexusStackName}-ecsclusterarn" RoleArn: !GetAtt EcsServiceRole.Arn Id: KUALI1 EcsParameters: TaskCount: 1 TaskDefinitionArn: !Ref EcsTask