AWSTemplateFormatVersion: '2010-09-09' Description: RoboReg ECS

Parameters: SecurityGroupCloudFormationName: Description: CloudFormation Security Group Name Type: String Default: "PeopleSoftSG" KeyName: Description: Amazon EC2 Key Pair Type: AWS::EC2::KeyPair::KeyName Default: "peoplesoft-keypair" DockerImage: Description: 'Docker Image, i.e.: ecs/roboreg:latest' Default: 415418166582.dkr.ecr.us-west-2.amazonaws.com/eas-peoplesoft-roboreg Type: String EcsImageId: Description: The AMI Amazon built specifically for ECS Type: String #Go here to get the latest AMI, need to see if we can automate this #http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI_launch_latest.html #This is 2017.03, looks like a new one comes out twice a year Default: "ami-596d6520" SetUpLikePrd: Description: If set to Y then will set up like a Production Environment Type: String Default: "N" TagService: Description: Refers to the application (Uaccess Learning, Uaccess Employee, Uaccess Student) Type: String Default: "Uaccess Student" TagContactNetid: Description: NetID of person most familiar with resource Type: String Default: "kellehs" TagAccountNumber: Description: Identifies the financial system account number Type: String Default: "Uaccess Student" TagSubAccount: Description: Identifies the financial system subaccount number Type: String Default: "Uaccess Student" TagTicketNumber: Description: Jira Ticket Number Type: String Default: "CLOUD-15" FCIE: Description: FICE provided by RoboReg to connect to the RoboReg Service (SAAWS-8) Type: String CINCPASSWD: Description: CINCPASSWD provided by RoboReg to connect to the RoboReg Service (SAAWS-8) Type: String #Next is the Conditions section, these will be used to build additional #infrastructure for production Conditions: ThisIsProd: !Equals [!Ref SetUpLikePrd, "Y"]

EnvInstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: "/" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role Policies: - PolicyName: opsworks-service PolicyDocument: Statement: - Action: - ec2:* - iam:PassRole - cloudwatch:GetMetricStatistics - elasticloadbalancing:* - rds:* Effect: Allow Resource: - "*"

EnvInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - !Ref EnvInstanceRole #Need to create a LogGroup in order for the ECS service to log details of the build #If this does not exist the ECS Service will not come up EcsLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: "ROBOREG-LG" #Launch Config for the Auto Scaling Group for the ECS Cluster EcsInstanceLc: Type: AWS::AutoScaling::LaunchConfiguration Properties: ImageId: !Ref EcsImageId InstanceType: 't2.micro' AssociatePublicIpAddress: false IamInstanceProfile: !Ref EnvInstanceProfile KeyName: "peoplesoft-keypair" SecurityGroups: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSSG" BlockDeviceMappings: - DeviceName: "/dev/xvdcz" Ebs: VolumeSize: "22" VolumeType: "gp2" UserData: Fn::Base64: !Sub | #!/bin/bash echo ECS_CLUSTER=ROBOREG >> /etc/ecs/ecs.config #Auto Scaling Group #Will be used in all non-prod environments, if this is prod this will not be created EcsInstanceAsg: Type: AWS::AutoScaling::AutoScalingGroup DependsOn: EcsCluster Properties: VPCZoneIdentifier: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" LaunchConfigurationName: !Ref EcsInstanceLc MinSize: '0' #If this is production we'll need to instances for HA, for nonprod only 1 MaxSize: !If [ThisIsProd,"2","1"] DesiredCapacity: !If [ThisIsProd,"2","1"] Tags: - Key: Name Value: !Sub "ECS Instance - ${AWS::StackName}" PropagateAtLaunch: 'true' - Key: Description Value: "This instance is the part of the Auto Scaling group which was created through CloudFormation" PropagateAtLaunch: 'true' - Key: service Value: !Ref TagService PropagateAtLaunch: 'true' - Key: environment Value: "roboreg" PropagateAtLaunch: 'true' - Key: contactnetid Value: !Ref TagContactNetid PropagateAtLaunch: 'true' - Key: accountnumber Value: !Ref TagAccountNumber PropagateAtLaunch: 'true' - Key: ticketnumber Value: !Ref "TagTicketNumber" PropagateAtLaunch: 'true' - Key: subaccount Value: !Ref TagSubAccount PropagateAtLaunch: 'true' #ECS Cluster EcsCluster: Type: "AWS::ECS::Cluster" Properties: ClusterName: "ROBOREG" #ECS Task Definition EcsTask: Type: "AWS::ECS::TaskDefinition" Properties: Family: "ROBOREG" NetworkMode: "bridge" ContainerDefinitions: - Name: !Sub "ROBOREG" Essential: "true" Image: !Ref DockerImage Hostname: "roboreg" Cpu: "200" MemoryReservation: "512" Privileged: "true" LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: !Ref "EcsLogGroup" awslogs-region: "us-west-2" awslogs-stream-prefix: "ROBOREG" Environment: - Name: "ROBOREG_FICE" Value: !Ref FCIE - Name: "ROBOREG_CINCPASSWD" Value: !Ref CINCPASSWD - Name: "PS_SA_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SAEncryptedEFSID" #Create ECS Service to run a roboreg EcsService: Type: "AWS::ECS::Service" DependsOn: [EcsInstanceAsg] Properties: ServiceName: "ROBOREG" Cluster: !Ref EcsCluster TaskDefinition: !Ref EcsTask DesiredCount: !If [ThisIsProd,"2","1"] #For now we will spread across AZs PlacementStrategies: - Field: "attribute:ecs.availability-zone" Type: "spread" #Will take the defaults for this right now, may not apply to PeopleSoft DeploymentConfiguration: MaximumPercent: "200"