--- AWSTemplateFormatVersion: '2010-09-09' Description: PeopleSoft Environment using Elastic Container Service (ECS) Parameters: SecurityGroupCloudFormationName: Description: CloudFormation Security Group Name Type: String Default: "PeopleSoftSG" PillarLowerCase: Description: Lower Case Environment Pillar Identifier (el, hr, or sa) Type: String Default: "el" EnvironmentLowerCase: Description: Loser Case Environment Identifier (dev, tst, stg, prd, etc.) Type: String Default: "dev" PillarUpperCase: Description: Upper Case Environment Pillar Identifier (EL, HR, or SA) Type: String Default: "EL" EnvironmentUpperCase: Description: Upper Case Environment Identifier (DEV, TST, STG, PRD, etc.) Type: String Default: "DEV" RunPostRefresh: Description: Y or N value, will indicate the Post Refresh script will need to be run Type: String Default: "N" #Need to pull this value in from an output from PeopleSoftSG CF Template HostedZoneName: Description: Hosted Zone Name Type: String Default: "ps-nonprod-aws.arizona.edu" AuthTokenDomain: Description: Auth Token Domain Type: String Default: "uaccess.arizona.edu" FQDNPrefix: Description: Full Qualified Domain Prefix (i.e. learning or el-sup) Type: String Default: "learning" WebELBListenerPolicyNames: Description: Web ELB Listener Policy Names Type: String Default: "ELBSecurityPolicy-2016-08" WebELBListenerSSLCertID: Description: Web ELB Listener SSL Certificate ID Type: String Default: "arn:aws:iam::415418166582:server-certificate/ps-nonprod-aws.arizona.edu_2016" WebDockerImage: Description: Web Instance Docker Image and Tag Type: String Default: "998687558142.dkr.ecr.us-west-2.amazonaws.com/eas-peoplesoft-web-dpk:CentOS6-PT85510" WebProfileName: Description: Web Instance Web Profile Name Type: String Default: "DEV" PsReportsDirecory: Description: Web Instance PS Reports Directory Type: String Default: "/u01/app/psreports" AppDockerImage: Description: App Instance Docker Image and Tag Type: String Default: "998687558142.dkr.ecr.us-west-2.amazonaws.com/eas-peoplesoft-app-batch-dpk:CentOS6-PT85510" AppOrBatch: Description: App or Batch or Both Type: String Default: "BOTH" AppTemplate: Description: App Server Template (small, medium, large, developer) Type: String Default: "small" AppOprId: Description: App OPRID used to start app/batch services Type: String Default: "UAZPRCS" PSAppOpridPw: Description: App OPRID Password used to start app/batch services Type: String NoEcho: 'true' AppBitBucketBranch: Description: App BitBucket Branch (devlopement, test, stage, or production) Type: String Default: "development" AppSesServer: Description: App SES Server Host Name Type: String Default: "sesdev.aws-pilots.arizona.edu" AppSesDefns: Description: App SES Definitions to include, a comma delimited list Type: String Default: "LS_LM_ACT_CI,LS_LM_LEARNING,LS_LM_OBJV,LS_LM_PRG,PTPORTALREGISTRY" #PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DBSnapshotID:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DBMultiAz:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DBInstanceClass:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DBStorageType:

TagService: Description: Refers to the application (Uaccess Learning, Uaccess Employee, Uaccess Student) Type: String Default: "Uaccess Learning" TagContactNetid: Description: NetID of person most familiar with resource Type: String Default: "kellehs" TagAccountNumber: Description: Identifies the financial system account number Type: String Default: "Human Resources Systems" TagSubAccount: Description: Identifies the financial system subaccount number Type: String Default: "Uaccess Learning" TagTicketNumber: Description: Jira Ticket Number Type: String Default: "CLOUD-15" #New ECS Parameters EcsImageId: Description: SSM Parameter store key for the latest ECS Optimized AMI ID Type: 'AWS::SSM::Parameter::Value<String>' Default: '/aws/service/ecs/optimized-ami/amazon-linux/recommended/image_id' AllowedValues: - '/aws/service/ecs/optimized-ami/amazon-linux/recommended/image_id' SetUpLikePrd: Description: If set to Y then will set up like a Production Environment Type: String Default: "N" PublicFacingELB: Description: If set to Y then the ELBV2 will be internet facing and public subnets will be used Type: String Default: "Y" Tls12: Description: Set to Y or N. Detrermines if TLS1.2 parameters will be invoked in the web and app Type: String Default: "Y" #MEM-18500 Obscure Data on post refresh step if this is set to Y ObscureOnRefresh: Description: Will be passed as a variable into the Docker Container on the app server, if Y obscure data on post refresh Type: String Default: "N" #PSAWS-51 Point in Time refresh logic PointInTimeRefresh: Description: Flag to indicate whether this is a Point in Time refresh, Y or N are the options Type: String Default: "N" #PSAWS-56 Point in Time refresh logic PsWebRequireDuo: Description: Flag to determine if Duo will be required Type: String Default: "N" #MEM-18660 make sender email for app server dynamic AppSenderEmail: Description: Email address that will be displayed when email is send from PeopleSoft Type: String Default: "peoplesoft@email.arizona.edu" #SAAWS-1 Flag to identify if the public website for student should be created CreatePublicSite: Description: Flag to identify if the public website for sutdent should be created Type: String Default: "N" #PSAWS-69 Preferred Availability Zone, needed to ensure DB and Batch servers are in the same AZ #PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #PreferredAz:

#PSAWS-69 Preferred Private Subnet, needed to ensure the dB and Batch servers are in the same AZ PreferredPrivateSubnet: Description: Preferred Private Subnet Type: String Default: "subnet-5a6a783e" #SAAWS-336 - parameters for public sites PubFQDNPrefix: Description: Public Full Qualified Domain Prefix (i.e. learning or el-sup) Type: String Default: "uaccess" PubAuthTokenDomain: Description: Public Site Auth Token Domain Type: String Default: "uaccess.arizona.edu" PubHostedZoneName: Description: Public Site Hosted Zone Name Type: String Default: "ps-pub-nonprod-aws.arizona.edu" PubWebELBListenerSSLCertID: Description: Public Site Web ELB Listener SSL Certificate ID Type: String Default: "arn:aws:iam::415418166582:server-certificate/ps-nonprod-aws.arizona.edu_2016" #SAAWS-350 new parameter to pass the INAS COBOL mak files that need to be executed. They will be space delemited InasMakFiles: Description: The INAS mak files that need to be run when a student app or batch server is brought online Type: String Default: "inasbl16.mak inasbl17.mak inasbl18.mak" #MEM-20427 - Additional parameters for WAP, IB, and Batch instance types WAPInstClass: Description: The instance type to be used for the Web/App/Process Scheduler server Type: String Default: "m5.large" WAPInstCount: Description: The instance count to be used for the Web/App/Process Scheduler server Type: String Default: "1" IBInstClass: Description: The instance type to be used for the Integration Broker (IB) Server Type: String Default: "m5.large" BATCHInstClass: Description: The instance type to be used for the Integration Broker (IB) Server Type: String Default: "m5.large" #Mappings Section #MEM-18675 going to increase the space on each docker container to 40G, #will we need to increase the space on the EC2 instance to handle that Mappings: ClusterType: wap: "VolumeSize": "100" batch: "VolumeSize": "50" ib: "VolumeSize": "100" TaskCpuMemory: "t3.large": "Cpu": "1.5 vCPU" "Memory": "7GB" "m5.large": "Cpu": "1.5 vCPU" "Memory": "7GB" "m5.xlarge": "Cpu": "3.5 vCPU" "Memory": "15GB" "m5.2xlarge": "Cpu": "7.5 vCPU" "Memory": "31GB" "r5.large": "Cpu": "1.5 vCPU" "Memory": "13GB" "r5.xlarge": "Cpu": "3.5 vCPU" "Memory": "31GB" "r5.2xlarge": "Cpu": "7.5 vCPU" "Memory": "61GB" #Next is the Conditions section, these will be used to build additional infrastructure for production Conditions: ThisIsProd: !Equals [!Ref "SetUpLikePrd", "Y"] ThisIsNotProd: !Or [ !Equals [!Ref "SetUpLikePrd", "N"], !Equals [!Ref "SetUpLikePrd", "T"] ] ThisIsDevEnv: !Equals [!Ref "EnvironmentUpperCase", "DEV"] ThisIsHRPillar: !Equals [!Ref "PillarUpperCase", "HR"] PublicELB: !Equals [!Ref "PublicFacingELB", "Y"] PrivateELB: !Equals [!Ref "PublicFacingELB", "N"] #SAAWS-1 Contition to build Public Site or not CreatePublicSiteYes: !Equals [!Ref "CreatePublicSite", "Y"] CreatePublicSiteNo: !Equals [!Ref "CreatePublicSite", "N"] #Resources for this CloudFormation Stack Resources:

EnvInstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: "/" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role #MEM-18475 added so we can call aws ssm getparameter from a container at runtime - arn:aws:iam::aws:policy/AmazonSSMFullAccess Policies: - PolicyName: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}-zabbix" PolicyDocument: Version: '2012-10-17' Statement: - Sid: StmtSsmParameterAccess Effect: Allow Action: - "ssm:GetParameters" Resource: - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/Zabbix*" - Sid: StmtKmsAccess Effect: Allow Action: - "kms:Decrypt" Resource: - !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/alias/aws/ssm"

EnvInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - !Ref EnvInstanceRole #Public App Load Balancer to sit in front of the ECS Cluster ECSLoadBalancerV2Pub: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Condition: "PublicELB" Properties: Name: !Sub "peoplesoft-${PillarLowerCase}${EnvironmentLowerCase}-ecs-elbv2" Scheme: "internet-facing" Subnets: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PubSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PubSubNet2" LoadBalancerAttributes: - Key: idle_timeout.timeout_seconds Value: '300' - Key: access_logs.s3.enabled Value: true - Key: access_logs.s3.bucket Value: edu.arizona.iso.elb.logs - Key: access_logs.s3.prefix Value: !Sub "ps${PillarLowerCase}-${EnvironmentLowerCase}-web" SecurityGroups: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebElbSg" Tags: - Key: service Value: !Ref "TagService" - Key: Name Value: !Sub "peoplesoft-${PillarLowerCase}${EnvironmentLowerCase}-web-elb" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" #Private App Load Balancer to sit in front of the ECS Cluster ECSLoadBalancerV2Priv: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Condition: "PrivateELB" Properties: Name: !Sub "peoplesoft-${PillarLowerCase}${EnvironmentLowerCase}-ecs-elbv2" Scheme: "internal" Subnets: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" LoadBalancerAttributes: - Key: idle_timeout.timeout_seconds Value: '300' - Key: access_logs.s3.enabled Value: true - Key: access_logs.s3.bucket Value: edu.arizona.iso.elb.logs - Key: access_logs.s3.prefix Value: !Sub "ps${PillarLowerCase}-${EnvironmentLowerCase}-web" SecurityGroups: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebElbSgPriv" Tags: - Key: service Value: !Ref "TagService" - Key: Name Value: !Sub "peoplesoft-${PillarLowerCase}${EnvironmentLowerCase}-web-elb" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" #ELB Target group for PIA EnvWebELBV2TGWAP: Type: "AWS::ElasticLoadBalancingV2::TargetGroup" Properties: Name: !Sub "${PillarLowerCase}${EnvironmentLowerCase}-web-elb-tg-wap" HealthCheckIntervalSeconds: "60" HealthCheckProtocol: "HTTP" HealthCheckTimeoutSeconds: "10" HealthyThresholdCount: "2" UnhealthyThresholdCount: "10" Matcher: HttpCode: "200-399" Port: 80 Protocol: "HTTP" TargetGroupAttributes: - Key: "deregistration_delay.timeout_seconds" Value: "300" - Key: "stickiness.enabled" Value: "true" - Key: "stickiness.type" Value: "lb_cookie" - Key: "stickiness.lb_cookie.duration_seconds" Value: "7200" VpcId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-VPCID" #HCM-12386 ELB Target group for Excel to CI traffic EnvWebELBV2TGExcelCI: Type: "AWS::ElasticLoadBalancingV2::TargetGroup" Properties: Name: !Sub "${PillarLowerCase}${EnvironmentLowerCase}-web-elb-tg-ExCI" HealthCheckIntervalSeconds: "60" HealthCheckProtocol: "HTTP" HealthCheckTimeoutSeconds: "10" HealthyThresholdCount: "2" UnhealthyThresholdCount: "10" Matcher: HttpCode: "200-399" Port: 8200 Protocol: "HTTP" TargetGroupAttributes: - Key: "deregistration_delay.timeout_seconds" Value: "300" - Key: "stickiness.enabled" Value: "true" - Key: "stickiness.type" Value: "lb_cookie" - Key: "stickiness.lb_cookie.duration_seconds" Value: "7200" VpcId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-VPCID" #ELB Target group for IB/ControlM ECS Service #Will only be created in production environments where IB will be #separated from normal online activity EnvWebELBV2TGIB: Type: "AWS::ElasticLoadBalancingV2::TargetGroup" Condition: "ThisIsProd" Properties: Name: !Sub "peoplesoft-${PillarLowerCase}${EnvironmentLowerCase}-web-elb-tg-ib" HealthCheckIntervalSeconds: "60" HealthCheckProtocol: "HTTP" HealthCheckTimeoutSeconds: "10" HealthyThresholdCount: "2" UnhealthyThresholdCount: "10" Matcher: HttpCode: "200-399" Port: 80 Protocol: "HTTP" TargetGroupAttributes: - Key: "deregistration_delay.timeout_seconds" Value: "300" - Key: "stickiness.enabled" Value: "true" - Key: "stickiness.type" Value: "lb_cookie" - Key: "stickiness.lb_cookie.duration_seconds" Value: "7200" VpcId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-VPCID" #ELB Listeners EnvWebELBListenerHTTP: Type: "AWS::ElasticLoadBalancingV2::Listener" Properties: DefaultActions: - Type: "forward" TargetGroupArn: !Ref "EnvWebELBV2TGWAP" LoadBalancerArn: !If ["PrivateELB",!Ref "ECSLoadBalancerV2Priv",!Ref "ECSLoadBalancerV2Pub"] Port: '80' Protocol: HTTP #SAAWS-336 need to add a public cert to the ELB if we are building a public site #If not, just need the one SSL Cert EnvWebELBListenerHTTPS: Type: "AWS::ElasticLoadBalancingV2::Listener" Properties: DefaultActions: - Type: "forward" TargetGroupArn: !Ref "EnvWebELBV2TGWAP" LoadBalancerArn: !If ["PrivateELB",!Ref "ECSLoadBalancerV2Priv",!Ref "ECSLoadBalancerV2Pub"] Port: '443' Protocol: HTTPS Certificates: - CertificateArn: !Ref "WebELBListenerSSLCertID" SslPolicy: !Ref "WebELBListenerPolicyNames" #HCM-12386 ELB Listener for Excel to CI EnvWebELBListenerExcelCI: Type: "AWS::ElasticLoadBalancingV2::Listener" Properties: DefaultActions: - Type: "forward" TargetGroupArn: !Ref "EnvWebELBV2TGExcelCI" LoadBalancerArn: !If ["PrivateELB",!Ref "ECSLoadBalancerV2Priv",!Ref "ECSLoadBalancerV2Pub"] Port: '8200' Protocol: HTTP #ELB Listener Rules for IB #Will only be used in production environments, all traffic will flow to the same target in non-prod ELBV2ListenerRuleIb: Type: AWS::ElasticLoadBalancingV2::ListenerRule Condition: "ThisIsProd" Properties: Actions: - Type: "forward" TargetGroupArn: !Ref EnvWebELBV2TGIB Conditions: - Field: "path-pattern" Values: - "*/PSIGW/*" ListenerArn: !Ref EnvWebELBListenerHTTPS Priority: 1 #Classic ELB for App server for ControlM and IB EnvAppLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: Scheme: "internal" ConnectionSettings: IdleTimeout: "3600" AccessLoggingPolicy: EmitInterval: '5' Enabled: 'true' S3BucketName: 'edu.arizona.iso.elb.logs' S3BucketPrefix: !Sub "ps${PillarLowerCase}-${EnvironmentLowerCase}-jolt" HealthCheck: HealthyThreshold: "2" Interval: "10" Target: "TCP:9000" Timeout: "5" UnhealthyThreshold: "8" Listeners: - LoadBalancerPort: "9000" Protocol: "TCP" InstancePort: "9000" InstanceProtocol: "TCP" - LoadBalancerPort: "9001" Protocol: "TCP" InstancePort: "9001" InstanceProtocol: "TCP" - LoadBalancerPort: "9002" Protocol: "TCP" InstancePort: "9002" InstanceProtocol: "TCP" - LoadBalancerPort: "9003" Protocol: "TCP" InstancePort: "9003" InstanceProtocol: "TCP" - LoadBalancerPort: "9004" Protocol: "TCP" InstancePort: "9004" InstanceProtocol: "TCP" - LoadBalancerPort: "9005" Protocol: "TCP" InstancePort: "9005" InstanceProtocol: "TCP" - LoadBalancerPort: "9006" Protocol: "TCP" InstancePort: "9006" InstanceProtocol: "TCP" - LoadBalancerPort: "9007" Protocol: "TCP" InstancePort: "9007" InstanceProtocol: "TCP" - LoadBalancerPort: "9008" Protocol: "TCP" InstancePort: "9008" InstanceProtocol: "TCP" - LoadBalancerPort: "9009" Protocol: "TCP" InstancePort: "9009" InstanceProtocol: "TCP" - LoadBalancerPort: "9010" Protocol: "TCP" InstancePort: "9010" InstanceProtocol: "TCP" - LoadBalancerPort: "9011" Protocol: "TCP" InstancePort: "9011" InstanceProtocol: "TCP" - LoadBalancerPort: "9012" Protocol: "TCP" InstancePort: "9012" InstanceProtocol: "TCP" - LoadBalancerPort: "9013" Protocol: "TCP" InstancePort: "9013" InstanceProtocol: "TCP" - LoadBalancerPort: "9014" Protocol: "TCP" InstancePort: "9014" InstanceProtocol: "TCP" - LoadBalancerPort: "9015" Protocol: "TCP" InstancePort: "9015" InstanceProtocol: "TCP" - LoadBalancerPort: "9016" Protocol: "TCP" InstancePort: "9016" InstanceProtocol: "TCP" - LoadBalancerPort: "9017" Protocol: "TCP" InstancePort: "9017" InstanceProtocol: "TCP" - LoadBalancerPort: "9018" Protocol: "TCP" InstancePort: "9018" InstanceProtocol: "TCP" - LoadBalancerPort: "9019" Protocol: "TCP" InstancePort: "9019" InstanceProtocol: "TCP" - LoadBalancerPort: "9020" Protocol: "TCP" InstancePort: "9020" InstanceProtocol: "TCP" - LoadBalancerPort: "9021" Protocol: "TCP" InstancePort: "9021" InstanceProtocol: "TCP" - LoadBalancerPort: "9022" Protocol: "TCP" InstancePort: "9022" InstanceProtocol: "TCP" - LoadBalancerPort: "9023" Protocol: "TCP" InstancePort: "9023" InstanceProtocol: "TCP" - LoadBalancerPort: "9024" Protocol: "TCP" InstancePort: "9024" InstanceProtocol: "TCP" - LoadBalancerPort: "9025" Protocol: "TCP" InstancePort: "9025" InstanceProtocol: "TCP" LoadBalancerName: !Sub "peoplesoft-${PillarLowerCase}${EnvironmentLowerCase}-app-elb" SecurityGroups: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppElbSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ControlmSg" Subnets: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" Tags: - Key: service Value: !Ref "TagService" - Key: Name Value: !Sub "peoplesoft-${PillarLowerCase}${EnvironmentLowerCase}-app-elb" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" #DNS Record for App ELB AppELBDnsRecord: Type: AWS::Route53::RecordSet Properties: HostedZoneName: !Sub "${HostedZoneName}." Name: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}-app.${HostedZoneName}." Type: CNAME TTL: '900' ResourceRecords: - !GetAtt EnvAppLoadBalancer.DNSName #Need to create a LogGroup in order for the ECS service to log details of the build #If this does not exist the ECS Service will not come up EcsLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}" #Switching to Launch Templates 11/29/2018 #Launch Config for the Auto Scaling Group for the ECS Cluster for Web/App Servers #In non-production enviornments this will house Web/App/Batch #In production environmets this will only house Web/App Batch will be stored in a differnt cluster EcsInstanceLt: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateName: !Sub "${AWS::StackName}-EcsInstanceLt" LaunchTemplateData: ImageId: !Ref EcsImageId #InstanceType: !FindInMap [ECSWAPInstanceType, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] #MEM-20427 reference the instance type passed via a parameter InstanceType: !Ref "WAPInstClass" #Not avaiable on Launch Template #AssociatePublicIpAddress: false IamInstanceProfile: Name: !Ref EnvInstanceProfile KeyName: "peoplesoft-keypair" SecurityGroupIds: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebSg" #- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

BlockDeviceMappings: - DeviceName: "/dev/xvdcz" Ebs: VolumeSize: !FindInMap [ClusterType, "wap", "VolumeSize"] VolumeType: "gp2" #Will add the Cluster Name into the /etc/ecs/ecs.config file so it will be matched to the cluster #Will also add logic to increase the root volume to 20G from 10G default #MEM-18675 increase docker containter root volume to 40G from 20G UserData: Fn::Base64: !Sub - | #cloud-boothook #!/bin/bash echo ECS_CLUSTER=${PillarUpperCase}${EnvironmentUpperCase} >> /etc/ecs/ecs.config cloud-init-per once docker_options echo 'OPTIONS="$OPTIONS --storage-opt dm.basesize=40G"' >> /etc/sysconfig/docker #PSAWS-48 Install the SSM agent so we can run ssm calls

yum install -y jq

region=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)

yum install -y https://amazon-ssm-$region.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm

INSTANCEID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) DD_HOSTNAME="${Hostname}-$INSTANCEID" DD_API_KEY=${Datadog_Key} bash -c "$(curl -L ${Datadog_Install_URL})"

yum install -y unzip python27-pip curl -O https://s3-us-west-2.amazonaws.com/ua-uits-ecs-public/zabbix/zabbix-agent-install.zip unzip zabbix-agent-install.zip cd zabbix ./install_zabbix_agent.sh "${Hostname}-$INSTANCEID" "aws-hr-${ProdOrNot}" - Datadog_Key: !ImportValue foundation-datadog-apikey Datadog_Install_URL: !ImportValue foundation-datadog-install-url Hostname: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}-app.${HostedZoneName}" ProdOrNot: !If [ThisIsProd,"prod","nonprod"] #New parameters for Launch Template InstanceInitiatedShutdownBehavior: "stop" EbsOptimized: "false" DisableApiTermination: "false" TagSpecifications: - ResourceType: "instance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" - ResourceType: "volume" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" #Switching to Launch Templates 11/29/2018 #If this is a production enviornment then create a Lauch Template for just the Batch servers EcsInstanceLtBatch: Type: AWS::EC2::LaunchTemplate #Only build this if this is production Condition: "ThisIsProd" Properties: LaunchTemplateName: !Sub "${AWS::StackName}-EcsInstanceLtBatch" LaunchTemplateData: ImageId: !Ref EcsImageId #InstanceType: !FindInMap [ECSBatchInstanceType, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] #MEM-20427 reference the instance type passed via a parameter InstanceType: !Ref "BATCHInstClass" #Not avaiable on Launch Template #AssociatePublicIpAddress: false IamInstanceProfile: Name: !Ref EnvInstanceProfile KeyName: peoplesoft-keypair SecurityGroupIds: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebSg" #- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

BlockDeviceMappings: #the docker metadata volume - DeviceName: "/dev/xvdcz" Ebs: VolumeSize: !FindInMap [ClusterType, "batch", "VolumeSize"] VolumeType: "gp2" #Will add the Cluster Name into the /etc/ecs/ecs.config file so it will be matched to the cluster #Will also add logic to increase the root volume to 20G from 10G default #MEM-18675 increase docker containter root volume to 40G from 20G UserData: Fn::Base64: !Sub - | #cloud-boothook #!/bin/bash echo ECS_CLUSTER=${PillarUpperCase}${EnvironmentUpperCase}-Batch >> /etc/ecs/ecs.config cloud-init-per once docker_options echo 'OPTIONS="$OPTIONS --storage-opt dm.basesize=40G"' >> /etc/sysconfig/docker #PSAWS-48 Install the SSM agent so we can run ssm calls

yum install -y jq

region=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)

yum install -y https://amazon-ssm-$region.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm

INSTANCEID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) DD_HOSTNAME="${Hostname}-$INSTANCEID" DD_API_KEY=${Datadog_Key} bash -c "$(curl -L ${Datadog_Install_URL})"

yum install -y unzip python27-pip curl -O https://s3-us-west-2.amazonaws.com/ua-uits-ecs-public/zabbix/zabbix-agent-install.zip unzip zabbix-agent-install.zip cd zabbix ./install_zabbix_agent.sh "${Hostname}-$INSTANCEID" "aws-hr-${ProdOrNot}" - Datadog_Key: !ImportValue foundation-datadog-apikey Datadog_Install_URL: !ImportValue foundation-datadog-install-url Hostname: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}-batch.${HostedZoneName}" ProdOrNot: !If [ThisIsProd,"prod","nonprod"] #New parameters for Launch Template InstanceInitiatedShutdownBehavior: "stop" EbsOptimized: "false" DisableApiTermination: "false" TagSpecifications: - ResourceType: "instance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" - ResourceType: "volume" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" #Switching to Launch Templates 11/29/2018 #If this is a production enviornment then create a Lauch Config for the ECS Cluster that will be Running IB EcsInstanceLtIb: Type: AWS::EC2::LaunchTemplate #Only build this if this is production Condition: "ThisIsProd" Properties: LaunchTemplateName: !Sub "${AWS::StackName}-EcsInstanceLtIb" LaunchTemplateData: ImageId: !Ref EcsImageId #InstanceType: !FindInMap [ECSIbInstanceType, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] #MEM-20427 reference the instance type passed via a parameter InstanceType: !Ref "IBInstClass" #Not avaiable on Launch Template #AssociatePublicIpAddress: false IamInstanceProfile: Name: !Ref EnvInstanceProfile KeyName: peoplesoft-keypair SecurityGroupIds: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebSg" #- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

BlockDeviceMappings: #the docker metadata volume - DeviceName: "/dev/xvdcz" Ebs: VolumeSize: !FindInMap [ClusterType, "ib", "VolumeSize"] VolumeType: "gp2" #Will add the Cluster Name into the /etc/ecs/ecs.config file so it will be matched to the cluster #Will also add logic to increase the root volume to 20G from 10G default #MEM-18675 increase docker containter root volume to 40G from 20G UserData: Fn::Base64: !Sub - | #cloud-boothook #!/bin/bash echo ECS_CLUSTER=${PillarUpperCase}${EnvironmentUpperCase}-Ib >> /etc/ecs/ecs.config cloud-init-per once docker_options echo 'OPTIONS="$OPTIONS --storage-opt dm.basesize=40G"' >> /etc/sysconfig/docker #PSAWS-48 Install the SSM agent so we can run ssm calls

yum install -y jq

region=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)

yum install -y https://amazon-ssm-$region.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm

INSTANCEID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) DD_HOSTNAME="${Hostname}-$INSTANCEID" DD_API_KEY=${Datadog_Key} bash -c "$(curl -L ${Datadog_Install_URL})"

yum install -y unzip python27-pip curl -O https://s3-us-west-2.amazonaws.com/ua-uits-ecs-public/zabbix/zabbix-agent-install.zip unzip zabbix-agent-install.zip cd zabbix ./install_zabbix_agent.sh "${Hostname}-$INSTANCEID" "aws-hr-${ProdOrNot}" - Datadog_Key: !ImportValue foundation-datadog-apikey Datadog_Install_URL: !ImportValue foundation-datadog-install-url Hostname: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}-ib.${HostedZoneName}" ProdOrNot: !If [ThisIsProd,"prod","nonprod"] #New parameters for Launch Template InstanceInitiatedShutdownBehavior: "stop" EbsOptimized: "false" DisableApiTermination: "false" TagSpecifications: - ResourceType: "instance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" - ResourceType: "volume" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" #Auto Scaling Group for Web/App/Batch #Will be used in all non-prod environments, if this is prod this will not be created EcsInstanceAsgWap: Type: AWS::AutoScaling::AutoScalingGroup DependsOn: EcsCluster Condition: "ThisIsNotProd" Properties: #PSAWS-69 will used the PreferredPrivateSubnet passed, want it to be in the same AZ as the DB VPCZoneIdentifier: #- Fn::ImportValue:

#- Fn::ImportValue:

- !Ref PreferredPrivateSubnet #Switch to Launch Template 11/29/2018 #LaunchConfigurationName: !Ref EcsInstanceLc LaunchTemplate: LaunchTemplateId: !Ref EcsInstanceLt Version: !GetAtt EcsInstanceLt.LatestVersionNumber MinSize: '0' #MEM-20427 used the parameter passed intead of a mapping #MaxSize: !FindInMap [AsgDesiredCnt, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] #DesiredCapacity: !FindInMap [AsgDesiredCnt, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] MaxSize: !Ref "WAPInstCount" DesiredCapacity: !Ref "WAPInstCount" LoadBalancerNames: - !Ref EnvAppLoadBalancer #Added Termination Policy to terminate oldest intances first TerminationPolicies: - "OldestInstance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" PropagateAtLaunch: 'true' - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" PropagateAtLaunch: 'true' - Key: service Value: !Ref "TagService" PropagateAtLaunch: 'true' - Key: environment Value: !Ref "EnvironmentLowerCase" PropagateAtLaunch: 'true' - Key: contactnetid Value: !Ref "TagContactNetid" PropagateAtLaunch: 'true' - Key: accountnumber Value: !Ref "TagAccountNumber" PropagateAtLaunch: 'true' - Key: subaccount Value: !Ref "TagSubAccount" PropagateAtLaunch: 'true' - Key: ticketnumber Value: !Ref "TagTicketNumber" PropagateAtLaunch: 'true' #PSAWS-48 add tag bb_branch tag in order to identfy instances that #need to run a git pull from the custom repos - Key: bb_branch Value: !Ref "AppBitBucketBranch" PropagateAtLaunch: 'true' #Auto Scaling Group for Web/App for production, batch will be in another ASG #Will only create this for production environments EcsInstanceAsgWa: Type: AWS::AutoScaling::AutoScalingGroup DependsOn: EcsCluster Condition: "ThisIsProd" Properties: VPCZoneIdentifier: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" #Switch to Launch Template 11/29/2018 #LaunchConfigurationName: !Ref EcsInstanceLc LaunchTemplate: LaunchTemplateId: !Ref EcsInstanceLt Version: !GetAtt EcsInstanceLt.LatestVersionNumber MinSize: '0' #MEM-20427 used the parameter passed intead of a mapping #MaxSize: !FindInMap [AsgDesiredCnt, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] #DesiredCapacity: !FindInMap [AsgDesiredCnt, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] MaxSize: !Ref "WAPInstCount" DesiredCapacity: !Ref "WAPInstCount" #ELB to app servers will not be connected to the Web/App services in production #it will be used on the IB ECS Cluster #LoadBalancerNames:

#Added Termination Policy to terminate oldest intances first TerminationPolicies: - "OldestInstance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" PropagateAtLaunch: 'true' - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" PropagateAtLaunch: 'true' - Key: service Value: !Ref "TagService" PropagateAtLaunch: 'true' - Key: environment Value: !Ref "EnvironmentLowerCase" PropagateAtLaunch: 'true' - Key: contactnetid Value: !Ref "TagContactNetid" PropagateAtLaunch: 'true' - Key: accountnumber Value: !Ref "TagAccountNumber" PropagateAtLaunch: 'true' - Key: subaccount Value: !Ref "TagSubAccount" PropagateAtLaunch: 'true' - Key: ticketnumber Value: !Ref "TagTicketNumber" PropagateAtLaunch: 'true' #PSAWS-48 add tag bb_branch tag in order to identfy instances that #need to run a git pull from the custom repos - Key: bb_branch Value: !Ref "AppBitBucketBranch" PropagateAtLaunch: 'true' #This is the Batch ASG that will only be used in production environments EcsInstanceAsgBatch: Type: AWS::AutoScaling::AutoScalingGroup Condition: "ThisIsProd" DependsOn: EcsClusterBatch Properties: #PSAWS-69 need to place the batch servers in the same Subnet and match that with the AZ the DB is in #Needed because of latency of some batch processes when the batch server and DB are in different AZs VPCZoneIdentifier: #- Fn::ImportValue:

#- Fn::ImportValue:

- !Ref PreferredPrivateSubnet #Switch to Launch Template 11/29/2018 #LaunchConfigurationName: !Ref EcsInstanceLcBatch LaunchTemplate: LaunchTemplateId: !Ref EcsInstanceLtBatch Version: !GetAtt EcsInstanceLtBatch.LatestVersionNumber MinSize: '0' #Hardcode 2 because we will always want 2 and only 2 instances up MaxSize: "2" #Hardcode 2 because we will always want 2 and only 2 instances up DesiredCapacity: "2" #The ASG for Batch does not need a load balancer #LoadBalancerNames:

#Added Termination Policy to terminate oldest intances first TerminationPolicies: - "OldestInstance" Tags: - Key: Name Value: !Sub "ECS Instance-${AWS::StackName}-Batch" PropagateAtLaunch: 'true' - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" PropagateAtLaunch: 'true' - Key: service Value: !Ref "TagService" PropagateAtLaunch: 'true' - Key: environment Value: !Ref "EnvironmentLowerCase" PropagateAtLaunch: 'true' - Key: contactnetid Value: !Ref "TagContactNetid" PropagateAtLaunch: 'true' - Key: accountnumber Value: !Ref "TagAccountNumber" PropagateAtLaunch: 'true' - Key: subaccount Value: !Ref "TagSubAccount" PropagateAtLaunch: 'true' - Key: ticketnumber Value: !Ref "TagTicketNumber" PropagateAtLaunch: 'true' #PSAWS-48 add tag bb_branch tag in order to identfy instances that #need to run a git pull from the custom repos - Key: bb_branch Value: !Ref "AppBitBucketBranch" PropagateAtLaunch: 'true' #Auto Scaling Group for IB/ControlM #Will be used in all prod environments, if this is not prod this will not be created EcsInstanceAsgIb: Type: AWS::AutoScaling::AutoScalingGroup Condition: "ThisIsProd" DependsOn: EcsClusterIb Properties: VPCZoneIdentifier: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" #Move to Launch Template 11/29/2018 #LaunchConfigurationName: !Ref EcsInstanceLcIb LaunchTemplate: LaunchTemplateId: !Ref EcsInstanceLtIb Version: !GetAtt EcsInstanceLtIb.LatestVersionNumber MinSize: '0' #Hard code this to one, as we will only have one IB server up MaxSize: "1" #Hard code this to one, as we will only have one IB server up DesiredCapacity: "1" LoadBalancerNames: - !Ref EnvAppLoadBalancer #Added Termination Policy to terminate oldest intances first TerminationPolicies: - "OldestInstance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName} - IB" PropagateAtLaunch: 'true' - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" PropagateAtLaunch: 'true' - Key: service Value: !Ref "TagService" PropagateAtLaunch: 'true' - Key: environment Value: !Ref "EnvironmentLowerCase" PropagateAtLaunch: 'true' - Key: contactnetid Value: !Ref "TagContactNetid" PropagateAtLaunch: 'true' - Key: accountnumber Value: !Ref "TagAccountNumber" PropagateAtLaunch: 'true' - Key: subaccount Value: !Ref "TagSubAccount" PropagateAtLaunch: 'true' - Key: ticketnumber Value: !Ref "TagTicketNumber" PropagateAtLaunch: 'true' #PSAWS-48 add tag bb_branch tag in order to identfy instances that #need to run a git pull from the custom repos - Key: bb_branch Value: !Ref "AppBitBucketBranch" PropagateAtLaunch: 'true' #ECS Cluster for Web/App/Batch #Will only be used for Batch in non production environments EcsCluster: Type: "AWS::ECS::Cluster" Properties: ClusterName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}" #Batch ECS Cluster, only used for proudction environments #Batch will be separated from the Web/App tasks in production EcsClusterBatch: Type: "AWS::ECS::Cluster" Condition: "ThisIsProd" Properties: ClusterName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-Batch" #IB ECS Cluster, only used for proudction environments #IB will be separated from the Web/App tasks in production EcsClusterIb: Type: "AWS::ECS::Cluster" Condition: "ThisIsProd" Properties: ClusterName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-Ib" #ECS Task Definition for the Web/App/Batch #This will only run the Web/App if this is production so another #task will be created just for the process scheduler in a prod environment EcsTaskWebAppPs: Type: "AWS::ECS::TaskDefinition" Properties: Family: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-WAP" NetworkMode: "bridge" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values Cpu: !FindInMap [TaskCpuMemory,!Ref "WAPInstClass","Cpu"] Memory: !FindInMap [TaskCpuMemory,!Ref "WAPInstClass","Memory"] ContainerDefinitions: - Name: "WEB" Essential: "true" Image: !Ref WebDockerImage Links: - "APP:app" PortMappings: - HostPort: "0" ContainerPort: "80" Protocol: "tcp" #Per HCM-12386 added to implement Excel to CI #Need to remove as you can only have 1 Target Group per Service #http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html - HostPort: "8200" ContainerPort: "8080" Protocol: "tcp" Hostname: !Sub "${PillarLowerCase}${EnvironmentLowerCase}-web" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "500" #MemoryReservation: "2048" Privileged: "true" Environment: - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" - Name: "PSWEB_APP_ELB" Value: "app" - Name: "PSWEB_AUTH_TOKEN_DOMAIN" Value: !Ref "AuthTokenDomain" - Name: "PSWEB_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSWEB_DOMAIN" Value: !Sub "uaz${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSWEB_PROFILE_NAME" Value: !Ref "WebProfileName" - Name: "PSWEB_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Name: "PSWEB_PSREPORTS_DIR" Value: !Ref "PsReportsDirecory" - Name: "PSWEB_PILLAR" Value: !Ref "PillarLowerCase" #Added on 09/17/2017 per PSAWS-43 to trigger TLS1.2 parameters on web server - Name: "PSWEB_TLS12" Value: !Ref "Tls12" #Added on 12/03/2017 per PSAWS-54 to trigger - Name: "PSWEB_REQUIRE_DUO" Value: !Ref "PsWebRequireDuo" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "WEB" - Name: "APP" Essential: "true" Image: !Ref AppDockerImage Hostname: "app" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "1300" #MemoryReservation: "4096" Privileged: "true" PortMappings: - HostPort: "9000" ContainerPort: "9000" Protocol: "tcp" - HostPort: "9001" ContainerPort: "9001" Protocol: "tcp" - HostPort: "9002" ContainerPort: "9002" Protocol: "tcp" - HostPort: "9003" ContainerPort: "9003" Protocol: "tcp" - HostPort: "9004" ContainerPort: "9004" Protocol: "tcp" - HostPort: "9005" ContainerPort: "9005" Protocol: "tcp" - HostPort: "9006" ContainerPort: "9006" Protocol: "tcp" - HostPort: "9007" ContainerPort: "9007" Protocol: "tcp" - HostPort: "9008" ContainerPort: "9008" Protocol: "tcp" - HostPort: "9009" ContainerPort: "9009" Protocol: "tcp" - HostPort: "9010" ContainerPort: "9010" Protocol: "tcp" - HostPort: "9011" ContainerPort: "9011" Protocol: "tcp" - HostPort: "9012" ContainerPort: "9012" Protocol: "tcp" - HostPort: "9013" ContainerPort: "9013" Protocol: "tcp" - HostPort: "9014" ContainerPort: "9014" Protocol: "tcp" - HostPort: "9015" ContainerPort: "9015" Protocol: "tcp" - HostPort: "9016" ContainerPort: "9016" Protocol: "tcp" - HostPort: "9017" ContainerPort: "9017" Protocol: "tcp" - HostPort: "9018" ContainerPort: "9018" Protocol: "tcp" - HostPort: "9019" ContainerPort: "9019" Protocol: "tcp" - HostPort: "9020" ContainerPort: "9020" Protocol: "tcp" - HostPort: "9021" ContainerPort: "9021" Protocol: "tcp" - HostPort: "9022" ContainerPort: "9022" Protocol: "tcp" - HostPort: "9023" ContainerPort: "9023" Protocol: "tcp" - HostPort: "9024" ContainerPort: "9024" Protocol: "tcp" - HostPort: "9025" ContainerPort: "9025" Protocol: "tcp" Environment: - Name: "PSAPP_APP_OR_BATCH" Value: !Ref "AppOrBatch" - Name: "PSAPP_DOMAIN" Value: !Sub "UAZ${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_TEMPLATE" Value: !Ref "AppTemplate" - Name: "PSAPP_DATABASE" Value: !Sub "AWS${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_OPRID" Value: !Ref "AppOprId" - Name: "PSAPP_OPRID_PW" Value: !Ref "PSAppOpridPw" - Name: "PSAPP_DB_CNCT_ID" Value: "people" - Name: "PSAPP_DB_CNCT_PW" Value: "peop1e" - Name: "PSAPP_PILLAR" Value: !Ref "PillarLowerCase" - Name: "PSAPP_ENV" Value: !Ref "EnvironmentLowerCase" - Name: "PSAPP_APP_HOME_REP" Value: !Sub "peoplesoft-app-home-${PillarLowerCase}" - Name: "PSAPP_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSAPP_PIA_DOMAIN" Value: !Sub "uaz${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSAPP_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Name: "PSAPP_APP_ELB" Value: !Ref AppELBDnsRecord - Name: "PSAPP_RUN_POST_REFRESH" Value: !Ref "RunPostRefresh" - Name: "PSSES_SERVER" Value: !Ref "AppSesServer" - Name: "PSSES_DEFNS_TO_INCLUDE" Value: !Ref "AppSesDefns" - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" - #If this is not PRD then all will run on the same server so turn on PUBSUB #Otherwise turn it off Name: "PSAPP_PUBSUB" Value: !If [ThisIsNotProd,"Yes","No"] - #If this is the DEV environment we will turn on DEBUG and WSL for three tier debugging #Otherwise turn it off Name: "PSAPP_DBGSRV" Value: !If [ThisIsDevEnv,"Yes","No"] - Name: "PSAPP_WSL" Value: !If [ThisIsDevEnv,"Yes","No"] - #If this is a PRD environment then we will have no PUB/SUB services running on the Web/App #Cluster so we will have more APPSRV processes running, otherwise we will have fewer running Name: "PSAPP_PSAPPSRV_MIN" Value: !If [ThisIsNotProd,"4","6"] - Name: "PSAPP_PSAPPSRV_MAX" Value: !If [ThisIsNotProd,"4","6"] - #If this is a PRD environment then we will have no PUB/SUB services running on the Web/App Cluster #If this is a nonprod environment then we will have 3 PUB and 3 SUB up Name: "PSAPP_PSPUBHND_MIN" Value: !If [ThisIsNotProd,"3","1"] - Name: "PSAPP_PSPUBHND_MAX" Value: !If [ThisIsNotProd,"3","1"] - Name: "PSAPP_PSSUBHND_MIN" Value: !If [ThisIsNotProd,"3","1"] - Name: "PSAPP_PSSUBHND_MAX" Value: !If [ThisIsNotProd,"3","1"] - #The following will be hard coded for now, is the JAVAVM XMS and XMX memory settings #We may change this in the future and it may vary based on pillar/env Name: "PSAPP_JAVAVM_XMS" Value: "64m" - Name: "PSAPP_JAVAVM_XMX" Value: "256m" #Added on 09/17/2017 per PSAWS-43 to trigger TLS1.2 parameters on app server - Name: "PSAPP_TLS12" Value: !Ref "Tls12" #Added on 11/25/2017 per MEM-18500 to obscure data on post refresh if set to Y - Name: "PSAPP_OBSCURE" Value: !Ref "ObscureOnRefresh" #Added on 12/09/2017 per MEM-18660 to make the sender email dynamic - Name: "PSAPP_SENDER_EMAIL" Value: !Ref "AppSenderEmail" #SAAWS-350 string of INAS mak files that need to be run to compile Student COBOLs - Name: "PSAPP_INAS_MAK_FILES" Value: !Ref "InasMakFiles" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "APP" #This is the Task for the stand alone Batch service and will only be created for a prod environment EcsTaskPsunx: Type: "AWS::ECS::TaskDefinition" Condition: "ThisIsProd" Properties: Family: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-PSUNX" NetworkMode: "bridge" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values Cpu: !FindInMap [TaskCpuMemory,!Ref "BATCHInstClass","Cpu"] Memory: !FindInMap [TaskCpuMemory,!Ref "BATCHInstClass","Memory"] ContainerDefinitions: - Name: "PSUNX" Essential: "true" Image: !Ref AppDockerImage Hostname: "PSUNX" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "1000" #MemoryReservation: "3072" Privileged: "true" Environment: - Name: "PSAPP_APP_OR_BATCH" #Hard code BATCH because this will always be BATCH Value: "BATCH" - Name: "PSAPP_DOMAIN" Value: !Sub "UAZ${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_TEMPLATE" Value: !Ref "AppTemplate" - Name: "PSAPP_DATABASE" Value: !Sub "AWS${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_OPRID" Value: !Ref "AppOprId" - Name: "PSAPP_OPRID_PW" Value: !Ref "PSAppOpridPw" - Name: "PSAPP_DB_CNCT_ID" Value: "people" - Name: "PSAPP_DB_CNCT_PW" Value: "peop1e" - Name: "PSAPP_PILLAR" Value: !Ref "PillarLowerCase" - Name: "PSAPP_ENV" Value: !Ref "EnvironmentLowerCase" - Name: "PSAPP_APP_HOME_REP" Value: !Sub "peoplesoft-app-home-${PillarLowerCase}" - Name: "PSAPP_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSAPP_PIA_DOMAIN" Value: !Sub "uaz${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSAPP_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Name: "PSAPP_APP_ELB" Value: !Ref AppELBDnsRecord - Name: "PSAPP_RUN_POST_REFRESH" Value: !Ref "RunPostRefresh" - Name: "PSSES_SERVER" Value: !Ref "AppSesServer" - Name: "PSSES_DEFNS_TO_INCLUDE" Value: !Ref "AppSesDefns" - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" #Added on 11/25/2017 per MEM-18500 to obscure data on post refresh if set to Y - Name: "PSAPP_OBSCURE" Value: !Ref "ObscureOnRefresh" #Added on 12/09/2017 per MEM-18660 to make the sender email dynamic - Name: "PSAPP_SENDER_EMAIL" Value: !Ref "AppSenderEmail" #SAAWS-350 string of INAS mak files that need to be run to compile Student COBOLs - Name: "PSAPP_INAS_MAK_FILES" Value: !Ref "InasMakFiles" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "BATCH-PSUNX" #This is the Task for the stand alone Batch service and will only be created for a prod environment #There will be two tasks one for PSUNX and one for PSUNX1 EcsTaskPsunx1: Type: "AWS::ECS::TaskDefinition" Condition: "ThisIsProd" Properties: Family: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-PSUNX1" NetworkMode: "bridge" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values Cpu: !FindInMap [TaskCpuMemory,!Ref "BATCHInstClass","Cpu"] Memory: !FindInMap [TaskCpuMemory,!Ref "BATCHInstClass","Memory"] ContainerDefinitions: - Name: "PSUNX1" Essential: "true" Image: !Ref AppDockerImage Hostname: "PSUNX1" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "1000" #MemoryReservation: "3072" Privileged: "true" Environment: - Name: "PSAPP_APP_OR_BATCH" #Hard code BATCH because this will always be BATCH Value: "BATCH" - Name: "PSAPP_DOMAIN" Value: !Sub "UAZ${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_TEMPLATE" Value: !Ref "AppTemplate" - Name: "PSAPP_DATABASE" Value: !Sub "AWS${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_OPRID" Value: !Ref "AppOprId" - Name: "PSAPP_OPRID_PW" Value: !Ref "PSAppOpridPw" - Name: "PSAPP_DB_CNCT_ID" Value: "people" - Name: "PSAPP_DB_CNCT_PW" Value: "peop1e" - Name: "PSAPP_PILLAR" Value: !Ref "PillarLowerCase" - Name: "PSAPP_ENV" Value: !Ref "EnvironmentLowerCase" - Name: "PSAPP_APP_HOME_REP" Value: !Sub "peoplesoft-app-home-${PillarLowerCase}" - Name: "PSAPP_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSAPP_PIA_DOMAIN" Value: !Sub "uaz${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSAPP_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Name: "PSAPP_APP_ELB" Value: !Ref AppELBDnsRecord - Name: "PSAPP_RUN_POST_REFRESH" Value: !Ref "RunPostRefresh" - Name: "PSSES_SERVER" Value: !Ref "AppSesServer" - Name: "PSSES_DEFNS_TO_INCLUDE" Value: !Ref "AppSesDefns" - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" #Added on 11/25/2017 per MEM-18500 to obscure data on post refresh if set to Y - Name: "PSAPP_OBSCURE" Value: !Ref "ObscureOnRefresh" #Added on 12/09/2017 per MEM-18660 to make the sender email dynamic - Name: "PSAPP_SENDER_EMAIL" Value: !Ref "AppSenderEmail" #SAAWS-350 string of INAS mak files that need to be run to compile Student COBOLs - Name: "PSAPP_INAS_MAK_FILES" Value: !Ref "InasMakFiles" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "BATCH-PSUNX1" #ECS Task Definition for the IB Cluster #This will only run the Web/App Services for IB if this is production EcsTaskIb: Type: "AWS::ECS::TaskDefinition" Condition: "ThisIsProd" Properties: Family: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-IB" NetworkMode: "bridge" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values Cpu: !FindInMap [TaskCpuMemory,!Ref "IBInstClass","Cpu"] Memory: !FindInMap [TaskCpuMemory,!Ref "IBInstClass","Memory"] ContainerDefinitions: - Name: "WEB" Essential: "true" Image: !Ref WebDockerImage Links: - "APPIB:appib" PortMappings: - HostPort: "0" ContainerPort: "80" Protocol: "tcp" Hostname: !Sub "${PillarLowerCase}${EnvironmentLowerCase}-webib" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "500" #MemoryReservation: "2048" Privileged: "true" Environment: - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" - Name: "PSWEB_APP_ELB" Value: "appib" - Name: "PSWEB_AUTH_TOKEN_DOMAIN" Value: !Ref "AuthTokenDomain" - Name: "PSWEB_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSWEB_DOMAIN" Value: !Sub "uaz${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSWEB_PROFILE_NAME" Value: !Ref "WebProfileName" - Name: "PSWEB_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Name: "PSWEB_PSREPORTS_DIR" Value: !Ref "PsReportsDirecory" - Name: "PSWEB_PILLAR" Value: !Ref "PillarLowerCase" #Added on 09/17/2017 per PSAWS-43 to trigger TLS1.2 parameters on web server - Name: "PSWEB_TLS12" Value: !Ref "Tls12" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "WEBIB" - Name: "APPIB" Essential: "true" Image: !Ref AppDockerImage Hostname: "appib" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "1300" #MemoryReservation: "4096" Privileged: "true" PortMappings: - HostPort: "9000" ContainerPort: "9000" Protocol: "tcp" - HostPort: "9001" ContainerPort: "9001" Protocol: "tcp" - HostPort: "9002" ContainerPort: "9002" Protocol: "tcp" - HostPort: "9003" ContainerPort: "9003" Protocol: "tcp" - HostPort: "9004" ContainerPort: "9004" Protocol: "tcp" - HostPort: "9005" ContainerPort: "9005" Protocol: "tcp" - HostPort: "9006" ContainerPort: "9006" Protocol: "tcp" - HostPort: "9007" ContainerPort: "9007" Protocol: "tcp" - HostPort: "9008" ContainerPort: "9008" Protocol: "tcp" - HostPort: "9009" ContainerPort: "9009" Protocol: "tcp" - HostPort: "9010" ContainerPort: "9010" Protocol: "tcp" - HostPort: "9011" ContainerPort: "9011" Protocol: "tcp" - HostPort: "9012" ContainerPort: "9012" Protocol: "tcp" - HostPort: "9013" ContainerPort: "9013" Protocol: "tcp" - HostPort: "9014" ContainerPort: "9014" Protocol: "tcp" - HostPort: "9015" ContainerPort: "9015" Protocol: "tcp" - HostPort: "9016" ContainerPort: "9016" Protocol: "tcp" - HostPort: "9017" ContainerPort: "9017" Protocol: "tcp" - HostPort: "9018" ContainerPort: "9018" Protocol: "tcp" - HostPort: "9019" ContainerPort: "9019" Protocol: "tcp" - HostPort: "9020" ContainerPort: "9020" Protocol: "tcp" - HostPort: "9021" ContainerPort: "9021" Protocol: "tcp" - HostPort: "9022" ContainerPort: "9022" Protocol: "tcp" - HostPort: "9023" ContainerPort: "9023" Protocol: "tcp" - HostPort: "9024" ContainerPort: "9024" Protocol: "tcp" - HostPort: "9025" ContainerPort: "9025" Protocol: "tcp" Environment: - Name: "PSAPP_APP_OR_BATCH" Value: !Ref "AppOrBatch" - Name: "PSAPP_DOMAIN" Value: !Sub "UAZ${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_TEMPLATE" Value: !Ref "AppTemplate" - Name: "PSAPP_DATABASE" Value: !Sub "AWS${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_OPRID" Value: !Ref "AppOprId" - Name: "PSAPP_OPRID_PW" Value: !Ref "PSAppOpridPw" - Name: "PSAPP_DB_CNCT_ID" Value: "people" - Name: "PSAPP_DB_CNCT_PW" Value: "peop1e" - Name: "PSAPP_PILLAR" Value: !Ref "PillarLowerCase" - Name: "PSAPP_ENV" Value: !Ref "EnvironmentLowerCase" - Name: "PSAPP_APP_HOME_REP" Value: !Sub "peoplesoft-app-home-${PillarLowerCase}" - Name: "PSAPP_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSAPP_PIA_DOMAIN" Value: !Sub "uaz${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSAPP_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Name: "PSAPP_APP_ELB" Value: !Ref AppELBDnsRecord - Name: "PSAPP_RUN_POST_REFRESH" Value: !Ref "RunPostRefresh" - Name: "PSSES_SERVER" Value: !Ref "AppSesServer" - Name: "PSSES_DEFNS_TO_INCLUDE" Value: !Ref "AppSesDefns" - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" - #This will be set to Yes as it will be the the hub for all IB processing in PRD Name: "PSAPP_PUBSUB" Value: "Yes" - #3 tier debugging will not be turned on in a PRD enviornment Name: "PSAPP_DBGSRV" Value: "No" - Name: "PSAPP_WSL" Value: "No" - #On the IB Cluster will have 3 App Service processing running Name: "PSAPP_PSAPPSRV_MIN" Value: "6" - Name: "PSAPP_PSAPPSRV_MAX" Value: "6" - #On the IB Cluster will have 6 PUB/SUB services running #This may and probably will change passed on the pillar/env Name: "PSAPP_PSPUBHND_MIN" Value: "6" - Name: "PSAPP_PSPUBHND_MAX" Value: "6" - Name: "PSAPP_PSSUBHND_MIN" Value: "6" - Name: "PSAPP_PSSUBHND_MAX" Value: "6" - #The following will be hard coded for now, is the JAVAVM XMS and XMX memory settings #We may change this in the future and it may vary based on pillar/env Name: "PSAPP_JAVAVM_XMS" Value: "64m" - Name: "PSAPP_JAVAVM_XMX" Value: "256m" #Added on 09/17/2017 per PSAWS-43 to trigger TLS1.2 parameters on app server - Name: "PSAPP_TLS12" Value: !Ref "Tls12" #Added on 11/25/2017 per MEM-18500 to obscure data on post refresh if set to Y - Name: "PSAPP_OBSCURE" Value: !Ref "ObscureOnRefresh" #Added on 12/09/2017 per MEM-18660 to make the sender email dynamic - Name: "PSAPP_SENDER_EMAIL" Value: !Ref "AppSenderEmail" #SAAWS-350 string of INAS mak files that need to be run to compile Student COBOLs - Name: "PSAPP_INAS_MAK_FILES" Value: !Ref "InasMakFiles" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "APPIB" #Create ECS Service to run a Web/App/PS #This Service will contain the process scheduler in non prod environments #A Batch service will be created for prod environments #PSAWS-51 If this is NOT a point in time refresh then make it depend on the DBInstance #PSAWS-69 Remove DBInstnace from this CF Template, move to it's own EcsServiceWebAppPs: Type: "AWS::ECS::Service" Properties: ServiceName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-WAP" Cluster: !Ref EcsCluster TaskDefinition: !Ref EcsTaskWebAppPs HealthCheckGracePeriodSeconds: 900 #MEM-20427 use the parameter WAPInstCount instead of the mapping #DesiredCount: !FindInMap [EcsServiceDesiredCnt, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] DesiredCount: !Ref "WAPInstCount" Role: "ecsServiceRole" LoadBalancers: - ContainerName: "WEB" ContainerPort: "80" TargetGroupArn: !Ref EnvWebELBV2TGWAP #HCM-12386 added target group for Excel to CI #Need to remove as you can only have 1 Target Group per Service #http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html #-

#For now we will spread across AZs PlacementStrategies: - Field: "attribute:ecs.availability-zone" Type: "spread" #Will take the defaults for this right now, may not apply to PeopleSoft DeploymentConfiguration: MaximumPercent: "200" #PlacementConstraints:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DependsOn: DBInstance #Wait until the ELB Listener is created before creating this ECS service DependsOn: EnvWebELBListenerHTTPS #This service will be for production and will service the PSUNX Process Scheduler #Will only be used in production #PSAWS-69 Remove DBInstnace from this CF Template, move to it's own EcsServicePsunx: Type: "AWS::ECS::Service" Condition: "ThisIsProd" Properties: ServiceName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-PSUNX" Cluster: !Ref EcsClusterBatch TaskDefinition: !Ref EcsTaskPsunx #MEM-20514 Only set HealthCheckGracePeriodSeconds for services with Load Balancers #Process schduler services do not have ELBs #HealthCheckGracePeriodSeconds: 900 #Hardcode 1 because will only ever want one instance running DesiredCount: "1" #No Load Balancer needed for process scheduler only servers so no Role needed either #Role: "ecsServiceRole" #LoadBalancers: #For now we will spread across AZs PlacementStrategies: - Field: "attribute:ecs.availability-zone" Type: "spread" #Will take the defaults for this right now, may not apply to PeopleSoft DeploymentConfiguration: MaximumPercent: "200" #PlacementConstraints:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DependsOn: DBInstance #Wait until the ELB Listener is created before creating this ECS service DependsOn: EnvWebELBListenerHTTPS #This service will be for production and will service the PSUNX1 Process Scheduler #Will only be used in production #PSAWS-69 Remove DBInstnace from this CF Template, move to it's own EcsServicePsunx1: Type: "AWS::ECS::Service" Condition: "ThisIsProd" Properties: ServiceName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-PSUNX1" Cluster: !Ref EcsClusterBatch TaskDefinition: !Ref EcsTaskPsunx1 #MEM-20514 Only set HealthCheckGracePeriodSeconds for services with Load Balancers #Process schduler services do not have ELBs #HealthCheckGracePeriodSeconds: 900 #Hardcode 1 because will only ever want one instance running DesiredCount: "1" #No Load Balancer needed for process scheduler only servers so no Role needed either #Role: "ecsServiceRole" #LoadBalancers: #For now we will spread across AZs PlacementStrategies: - Field: "attribute:ecs.availability-zone" Type: "spread" #Will take the defaults for this right now, may not apply to PeopleSoft DeploymentConfiguration: MaximumPercent: "200" #PlacementConstraints:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DependsOn: DBInstance #Wait until the ELB Listener is created before creating this ECS service DependsOn: EnvWebELBListenerHTTPS #Create ECS Service to run a Web/App for IB and ControlM #This service will only be created for production environments EcsServiceWebAppIb: Type: "AWS::ECS::Service" Condition: "ThisIsProd" Properties: ServiceName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-WAP" Cluster: !Ref EcsClusterIb TaskDefinition: !Ref EcsTaskIb HealthCheckGracePeriodSeconds: 900 #Hardcode 1 for now, we may change this in the future DesiredCount: "1" Role: "ecsServiceRole" LoadBalancers: - ContainerName: "WEB" ContainerPort: "80" TargetGroupArn: !Ref EnvWebELBV2TGIB #For now we will spread across AZs PlacementStrategies: - Field: "attribute:ecs.availability-zone" Type: "spread" #Will take the defaults for this right now, may not apply to PeopleSoft DeploymentConfiguration: MaximumPercent: "200" #PlacementConstraints:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DependsOn: DBInstance #Wait until the ELB Listener is created before creating this ECS service DependsOn: ELBV2ListenerRuleIb #DNS Entry for Environment EnvDnsRecord: Type: AWS::Route53::RecordSet Properties: HostedZoneName: !Sub "${HostedZoneName}." Name: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}.${HostedZoneName}." Type: "CNAME" TTL: "900" ResourceRecords: - !If ["PrivateELB",!GetAtt ECSLoadBalancerV2Priv.DNSName,!GetAtt ECSLoadBalancerV2Pub.DNSName] #RDS Instance for Environment #PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DBInstance:

####### #SAAWS-1 the following is used for the public catalog and schedule website for Student ####### #SAAWS-1 ELB Target group for Public site traffic EnvWebELBV2TGPublic: Type: "AWS::ElasticLoadBalancingV2::TargetGroup" Condition: "CreatePublicSiteYes" Properties: Name: !Sub "${PillarLowerCase}${EnvironmentLowerCase}-web-elb-tg-public" HealthCheckIntervalSeconds: "30" HealthCheckProtocol: "HTTP" HealthCheckTimeoutSeconds: "10" HealthyThresholdCount: "2" UnhealthyThresholdCount: "10" Matcher: HttpCode: "200-399" Port: 80 Protocol: "HTTP" TargetGroupAttributes: - Key: "deregistration_delay.timeout_seconds" Value: "300" - Key: "stickiness.enabled" Value: "true" - Key: "stickiness.type" Value: "lb_cookie" - Key: "stickiness.lb_cookie.duration_seconds" Value: "7200" VpcId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-VPCID" #SAAWS-1 Listener Rules for Public Site #Need to look for */pub[lowerpillar][lowerenv]/* #Added for the 80 and 443 listener ELBV2ListenerRulePubCacheHttps: Type: AWS::ElasticLoadBalancingV2::ListenerRule Condition: "CreatePublicSiteYes" Properties: Actions: - Type: "forward" TargetGroupArn: !Ref EnvWebELBV2TGPublic Conditions: - Field: "host-header" Values: - !Sub "${PubFQDNPrefix}.${PubAuthTokenDomain}" ListenerArn: !Ref EnvWebELBListenerHTTPS Priority: 2 ELBV2ListenerRulePubCacheHttp: Type: AWS::ElasticLoadBalancingV2::ListenerRule Condition: "CreatePublicSiteYes" Properties: Actions: - Type: "forward" TargetGroupArn: !Ref EnvWebELBV2TGPublic Conditions: - Field: "host-header" Values: - !Sub "${PubFQDNPrefix}.${PubAuthTokenDomain}" ListenerArn: !Ref EnvWebELBListenerHTTP Priority: 1 #Add certificate for HTTPS for Public Site EnvWebELBListenerHTTPSCertPublic: Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate" Condition: "CreatePublicSiteYes" Properties: Certificates: - CertificateArn: !Ref "PubWebELBListenerSSLCertID" ListenerArn: !Ref EnvWebELBListenerHTTPS #SAAWS-1 Route 53 record for public site EnvDnsRecordPublic: Type: AWS::Route53::RecordSet Condition: "CreatePublicSiteYes" Properties: HostedZoneName: !Sub "${PubHostedZoneName}." Name: !Sub "${PubFQDNPrefix}.${PubHostedZoneName}." Type: "CNAME" TTL: "900" ResourceRecords: - !If ["PrivateELB",!GetAtt ECSLoadBalancerV2Priv.DNSName,!GetAtt ECSLoadBalancerV2Pub.DNSName] #Switch to Launch Template 11/29/2018 #SAAWS-1 Launch Config for public site EcsInstanceLtPublic: Type: AWS::EC2::LaunchTemplate Condition: "CreatePublicSiteYes" Properties: LaunchTemplateName: !Sub "${AWS::StackName}-EcsInstanceLtPublic" LaunchTemplateData: ImageId: !Ref EcsImageId #InstanceType: !FindInMap [ECSWAPInstanceType, !Ref "SetUpLikePrd", !Ref "PillarLowerCase"] #MEM-20427 reference the instance type passed via a parameter InstanceType: !Ref "WAPInstClass" #Not avaiable on Launch Template #AssociatePublicIpAddress: false IamInstanceProfile: Name: !Ref EnvInstanceProfile KeyName: "peoplesoft-keypair" SecurityGroupIds: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebSg" #- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

#- Fn::ImportValue:

BlockDeviceMappings: - DeviceName: "/dev/xvdcz" Ebs: VolumeSize: !FindInMap [ClusterType, "wap", "VolumeSize"] VolumeType: "gp2" #Will add the Cluster Name into the /etc/ecs/ecs.config file so it will be matched to the cluster #Will also add logic to increase the root volume to 20G from 10G default #MEM-18675 increase docker containter root volume to 40G from 20G UserData: Fn::Base64: !Sub - | #cloud-boothook #!/bin/bash echo ECS_CLUSTER=${PillarUpperCase}${EnvironmentUpperCase}-PUB >> /etc/ecs/ecs.config cloud-init-per once docker_options echo 'OPTIONS="$OPTIONS --storage-opt dm.basesize=40G"' >> /etc/sysconfig/docker #PSAWS-48 Install the SSM agent so we can run ssm calls #Install JQ JSON parser yum install -y jq

region=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)

yum install -y https://amazon-ssm-$region.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm

INSTANCEID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) DD_HOSTNAME="${Hostname}-$INSTANCEID" DD_API_KEY=${Datadog_Key} bash -c "$(curl -L ${Datadog_Install_URL})"

yum install -y unzip python27-pip curl -O https://s3-us-west-2.amazonaws.com/ua-uits-ecs-public/zabbix/zabbix-agent-install.zip unzip zabbix-agent-install.zip cd zabbix ./install_zabbix_agent.sh "${Hostname}-$INSTANCEID" "aws-sa-${ProdOrNot}" - Datadog_Key: !ImportValue foundation-datadog-apikey Datadog_Install_URL: !ImportValue foundation-datadog-install-url Hostname: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}-app.${HostedZoneName}" ProdOrNot: !If [ThisIsProd,"prod","nonprod"] #New parameters for Launch Template InstanceInitiatedShutdownBehavior: "stop" EbsOptimized: "false" DisableApiTermination: "false" TagSpecifications: - ResourceType: "instance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" - ResourceType: "volume" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" - Key: service Value: !Ref "TagService" - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: subaccount Value: !Ref "TagSubAccount" - Key: ticketnumber Value: !Ref "TagTicketNumber" #SAAWS-1 Auto Scaling Group for Public Site EcsInstanceAsgPublic: Type: AWS::AutoScaling::AutoScalingGroup DependsOn: EcsClusterPublic Condition: "CreatePublicSiteYes" Properties: VPCZoneIdentifier: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" #Move to Launch Template 11/29/2018 #LaunchConfigurationName: !Ref EcsInstanceLcPublic LaunchTemplate: LaunchTemplateId: !Ref EcsInstanceLtPublic Version: !GetAtt EcsInstanceLtPublic.LatestVersionNumber MinSize: "0" MaxSize: "1" DesiredCapacity: "1" #No Load Balancer, Target Groups will be used #LoadBalancerNames:

#Added Termination Policy to terminate oldest intances first TerminationPolicies: - "OldestInstance" Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}-PUB" PropagateAtLaunch: 'true' - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" PropagateAtLaunch: 'true' - Key: service Value: !Ref "TagService" PropagateAtLaunch: 'true' - Key: environment Value: !Ref "EnvironmentLowerCase" PropagateAtLaunch: 'true' - Key: contactnetid Value: !Ref "TagContactNetid" PropagateAtLaunch: 'true' - Key: accountnumber Value: !Ref "TagAccountNumber" PropagateAtLaunch: 'true' - Key: subaccount Value: !Ref "TagSubAccount" PropagateAtLaunch: 'true' - Key: ticketnumber Value: !Ref "TagTicketNumber" PropagateAtLaunch: 'true' #PSAWS-48 add tag bb_branch tag in order to identfy instances that #need to run a git pull from the custom repos - Key: bb_branch Value: !Ref "AppBitBucketBranch" PropagateAtLaunch: 'true' #SAAWS-1 ECS Cluster for Public Site EcsClusterPublic: Type: "AWS::ECS::Cluster" Condition: "CreatePublicSiteYes" Properties: ClusterName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-PUB" #SAAWS-1 ECS Task for Public Site EcsTaskWebAppPsPublic: Type: "AWS::ECS::TaskDefinition" Condition: "CreatePublicSiteYes" Properties: Family: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-PUB" NetworkMode: "bridge" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values Cpu: !FindInMap [TaskCpuMemory,!Ref "WAPInstClass","Cpu"] Memory: !FindInMap [TaskCpuMemory,!Ref "WAPInstClass","Memory"] ContainerDefinitions: - Name: "WEB" Essential: "true" Image: !Ref WebDockerImage Links: - "APP:app" PortMappings: - HostPort: "0" ContainerPort: "80" Protocol: "tcp" Hostname: !Sub "${PillarLowerCase}${EnvironmentLowerCase}-pub-web" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "500" #MemoryReservation: "2048" Privileged: "true" Environment: - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" - Name: "PSWEB_APP_ELB" Value: "app" - Name: "PSWEB_AUTH_TOKEN_DOMAIN" Value: !Ref "PubAuthTokenDomain" - Name: "PSWEB_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSWEB_DOMAIN" Value: !Sub "pub${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSWEB_PROFILE_NAME" Value: "PUBLIC" - Name: "PSWEB_FQDN" Value: !Sub "${PubFQDNPrefix}.${PubAuthTokenDomain}" - Name: "PSWEB_PSREPORTS_DIR" Value: !Ref "PsReportsDirecory" - Name: "PSWEB_PILLAR" Value: !Ref "PillarLowerCase" #Added on 09/17/2017 per PSAWS-43 to trigger TLS1.2 parameters on web server - Name: "PSWEB_TLS12" Value: !Ref "Tls12" #Added on 12/03/2017 per PSAWS-54 to trigger - Name: "PSWEB_REQUIRE_DUO" Value: !Ref "PsWebRequireDuo" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "WEB" - Name: "APP" Essential: "true" Image: !Ref AppDockerImage Hostname: "app" #MEM-20427 Move CPU and Memory to the task level and base it on mapping values #Cpu: "1300" #MemoryReservation: "4096" Privileged: "true" PortMappings: - HostPort: "9000" ContainerPort: "9000" Protocol: "tcp" - HostPort: "9001" ContainerPort: "9001" Protocol: "tcp" - HostPort: "9002" ContainerPort: "9002" Protocol: "tcp" - HostPort: "9003" ContainerPort: "9003" Protocol: "tcp" - HostPort: "9004" ContainerPort: "9004" Protocol: "tcp" - HostPort: "9005" ContainerPort: "9005" Protocol: "tcp" - HostPort: "9006" ContainerPort: "9006" Protocol: "tcp" - HostPort: "9007" ContainerPort: "9007" Protocol: "tcp" - HostPort: "9008" ContainerPort: "9008" Protocol: "tcp" - HostPort: "9009" ContainerPort: "9009" Protocol: "tcp" - HostPort: "9010" ContainerPort: "9010" Protocol: "tcp" - HostPort: "9011" ContainerPort: "9011" Protocol: "tcp" - HostPort: "9012" ContainerPort: "9012" Protocol: "tcp" - HostPort: "9013" ContainerPort: "9013" Protocol: "tcp" - HostPort: "9014" ContainerPort: "9014" Protocol: "tcp" - HostPort: "9015" ContainerPort: "9015" Protocol: "tcp" - HostPort: "9016" ContainerPort: "9016" Protocol: "tcp" - HostPort: "9017" ContainerPort: "9017" Protocol: "tcp" - HostPort: "9018" ContainerPort: "9018" Protocol: "tcp" - HostPort: "9019" ContainerPort: "9019" Protocol: "tcp" - HostPort: "9020" ContainerPort: "9020" Protocol: "tcp" - HostPort: "9021" ContainerPort: "9021" Protocol: "tcp" - HostPort: "9022" ContainerPort: "9022" Protocol: "tcp" - HostPort: "9023" ContainerPort: "9023" Protocol: "tcp" - HostPort: "9024" ContainerPort: "9024" Protocol: "tcp" - HostPort: "9025" ContainerPort: "9025" Protocol: "tcp" Environment: - Name: "PSAPP_APP_OR_BATCH" Value: !Ref "AppOrBatch" - Name: "PSAPP_DOMAIN" Value: !Sub "UAZ${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_TEMPLATE" Value: !Ref "AppTemplate" - Name: "PSAPP_DATABASE" Value: !Sub "AWS${PillarUpperCase}${EnvironmentUpperCase}" - Name: "PSAPP_OPRID" Value: !Ref "AppOprId" - Name: "PSAPP_OPRID_PW" Value: !Ref "PSAppOpridPw" - Name: "PSAPP_DB_CNCT_ID" Value: "people" - Name: "PSAPP_DB_CNCT_PW" Value: "peop1e" - Name: "PSAPP_PILLAR" Value: !Ref "PillarLowerCase" - Name: "PSAPP_ENV" Value: !Ref "EnvironmentLowerCase" - Name: "PSAPP_APP_HOME_REP" Value: !Sub "peoplesoft-app-home-${PillarLowerCase}" - Name: "PSAPP_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Name: "PSAPP_PIA_DOMAIN" Value: !Sub "pub${PillarLowerCase}${EnvironmentLowerCase}" - Name: "PSAPP_FQDN" Value: !Sub "${PubFQDNPrefix}.${PubAuthTokenDomain}" - Name: "PSAPP_APP_ELB" Value: !Ref "AppELBDnsRecord" - Name: "PSAPP_RUN_POST_REFRESH" Value: !Ref "RunPostRefresh" - Name: "PSSES_SERVER" Value: !Ref "AppSesServer" - Name: "PSSES_DEFNS_TO_INCLUDE" Value: !Ref "AppSesDefns" - Name: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Name: "PS_HR_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-HREFSID" - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Added for 8.56.10 - Name: "PS_EFS_FS_IDS" Value: !Sub - "hr=${HR_EFS_ID};el=${EL_EFS_ID};sa=${SA_EFS_ID}" - { "HR_EFS_ID": !ImportValue "PeopleSoftSG-HREFSID", "EL_EFS_ID": !ImportValue "PeopleSoftSG-ELMEFSID", "SA_EFS_ID": !ImportValue "PeopleSoftSG-SAEncryptedEFSID" } - Name: "AWS_REGION" Value: !Sub "${AWS::Region}" - #If this is not PRD then all will run on the same server so turn on PUBSUB #Otherwise turn it off Name: "PSAPP_PUBSUB" Value: !If [ThisIsNotProd,"Yes","No"] - #If this is the DEV environment we will turn on DEBUG and WSL for three tier debugging #Otherwise turn it off Name: "PSAPP_DBGSRV" Value: !If [ThisIsDevEnv,"Yes","No"] - Name: "PSAPP_WSL" Value: !If [ThisIsDevEnv,"Yes","No"] - #If this is a PRD environment then we will have no PUB/SUB services running on the Web/App #Cluster so we will have more APPSRV processes running, otherwise we will have fewer running Name: "PSAPP_PSAPPSRV_MIN" Value: !If [ThisIsNotProd,"4","6"] - Name: "PSAPP_PSAPPSRV_MAX" Value: !If [ThisIsNotProd,"4","6"] - #If this is a PRD environment then we will have no PUB/SUB services running on the Web/App Cluster #If this is a nonprod environment then we will have 3 PUB and 3 SUB up Name: "PSAPP_PSPUBHND_MIN" Value: !If [ThisIsNotProd,"3","1"] - Name: "PSAPP_PSPUBHND_MAX" Value: !If [ThisIsNotProd,"3","1"] - Name: "PSAPP_PSSUBHND_MIN" Value: !If [ThisIsNotProd,"3","1"] - Name: "PSAPP_PSSUBHND_MAX" Value: !If [ThisIsNotProd,"3","1"] - #The following will be hard coded for now, is the JAVAVM XMS and XMX memory settings #We may change this in the future and it may vary based on pillar/env Name: "PSAPP_JAVAVM_XMS" Value: "64m" - Name: "PSAPP_JAVAVM_XMX" Value: "256m" #Added on 09/17/2017 per PSAWS-43 to trigger TLS1.2 parameters on app server - Name: "PSAPP_TLS12" Value: !Ref "Tls12" #Added on 11/25/2017 per MEM-18500 to obscure data on post refresh if set to Y - Name: "PSAPP_OBSCURE" Value: !Ref "ObscureOnRefresh" #Added on 12/09/2017 per MEM-18660 to make the sender email dynamic - Name: "PSAPP_SENDER_EMAIL" Value: !Ref "AppSenderEmail" #SAAWS-350 string of INAS mak files that need to be run to compile Student COBOLs - Name: "PSAPP_INAS_MAK_FILES" Value: !Ref "InasMakFiles" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "APP" #SAAWS-1 Service for Public Site EcsServiceWebAppPsPublic: Type: "AWS::ECS::Service" Condition: "CreatePublicSiteYes" Properties: ServiceName: !Sub "${PillarUpperCase}${EnvironmentUpperCase}-WAP-PUB" Cluster: !Ref EcsClusterPublic TaskDefinition: !Ref EcsTaskWebAppPsPublic HealthCheckGracePeriodSeconds: 900 #Hard code 1 for desired count DesiredCount: "1" Role: "ecsServiceRole" LoadBalancers: - ContainerName: "WEB" ContainerPort: "80" TargetGroupArn: !Ref EnvWebELBV2TGPublic #For now we will spread across AZs PlacementStrategies: - Field: "attribute:ecs.availability-zone" Type: "spread" #Will take the defaults for this right now, may not apply to PeopleSoft DeploymentConfiguration: MaximumPercent: "200" #PlacementConstraints:

#PSAWS-69 Remove DBInstnace from this CF Template, move to it's own #DependsOn: DBInstance #Wait until the ELB Listener is created before creating this ECS service DependsOn: ELBV2ListenerRulePubCacheHttps