From 40950092c674a8461f7ec6242f6aa9e69d0a6e57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=86=E6=B2=89?= Date: Sat, 30 Mar 2024 20:46:53 +0800 Subject: [PATCH] feat: add aws CloudFormation Stack template to lanch stack --- .aws/awsCloudFormation.yaml | 437 ++++++++++++++++++++++++++++++++++++ 1 file changed, 437 insertions(+) create mode 100644 .aws/awsCloudFormation.yaml diff --git a/.aws/awsCloudFormation.yaml b/.aws/awsCloudFormation.yaml new file mode 100644 index 00000000..e9f82d50 --- /dev/null +++ b/.aws/awsCloudFormation.yaml @@ -0,0 +1,437 @@ +Resources: + PrivateIntegrationsPeterCatVPCD20D58E8: + Type: 'AWS::EC2::VPC' + Properties: + CidrBlock: 10.0.0.0/16 + EnableDnsHostnames: true + EnableDnsSupport: true + InstanceTenancy: default + Tags: + - Key: Name + Value: PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC + PrivateIntegrationsPeterCatVPCPublicSubnet1SubnetBE0B3CBD: + Type: 'AWS::EC2::Subnet' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + AvailabilityZone: !Select + - 0 + - !GetAZs '' + CidrBlock: 10.0.0.0/18 + MapPublicIpOnLaunch: true + Tags: + - Key: 'aws-tutorial:subnet-name' + Value: Public + - Key: 'aws-tutorial:subnet-type' + Value: Public + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet1 + PrivateIntegrationsPeterCatVPCPublicSubnet1RouteTableA63763CC: + Type: 'AWS::EC2::RouteTable' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet1 + PrivateIntegrationsPeterCatVPCPublicSubnet1RouteTableAssociationFD6DF484: + Type: 'AWS::EC2::SubnetRouteTableAssociation' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet1RouteTableA63763CC + SubnetId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet1SubnetBE0B3CBD + PrivateIntegrationsPeterCatVPCPublicSubnet1DefaultRouteD59FC1D2: + Type: 'AWS::EC2::Route' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet1RouteTableA63763CC + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref PrivateIntegrationsPeterCatVPCIGW3645F9D4 + DependsOn: + - PrivateIntegrationsPeterCatVPCVPCGW514A8E2A + PrivateIntegrationsPeterCatVPCPublicSubnet1EIPD3DAF766: + Type: 'AWS::EC2::EIP' + Properties: + Domain: vpc + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet1 + PrivateIntegrationsPeterCatVPCPublicSubnet1NATGatewayC5702CC8: + Type: 'AWS::EC2::NatGateway' + Properties: + SubnetId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet1SubnetBE0B3CBD + AllocationId: !GetAtt + - PrivateIntegrationsPeterCatVPCPublicSubnet1EIPD3DAF766 + - AllocationId + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet1 + PrivateIntegrationsPeterCatVPCPublicSubnet2Subnet26685AB7: + Type: 'AWS::EC2::Subnet' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + AvailabilityZone: !Select + - 1 + - !GetAZs '' + CidrBlock: 10.0.64.0/18 + MapPublicIpOnLaunch: true + Tags: + - Key: 'aws-tutorial:subnet-name' + Value: Public + - Key: 'aws-tutorial:subnet-type' + Value: Public + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet2 + PrivateIntegrationsPeterCatVPCPublicSubnet2RouteTable356B306D: + Type: 'AWS::EC2::RouteTable' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet2 + PrivateIntegrationsPeterCatVPCPublicSubnet2RouteTableAssociation1035F5D0: + Type: 'AWS::EC2::SubnetRouteTableAssociation' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet2RouteTable356B306D + SubnetId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet2Subnet26685AB7 + PrivateIntegrationsPeterCatVPCPublicSubnet2DefaultRoute4AB2237D: + Type: 'AWS::EC2::Route' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet2RouteTable356B306D + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref PrivateIntegrationsPeterCatVPCIGW3645F9D4 + DependsOn: + - PrivateIntegrationsPeterCatVPCVPCGW514A8E2A + PrivateIntegrationsPeterCatVPCPublicSubnet2EIP40226FDB: + Type: 'AWS::EC2::EIP' + Properties: + Domain: vpc + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet2 + PrivateIntegrationsPeterCatVPCPublicSubnet2NATGatewayE6EAEEAB: + Type: 'AWS::EC2::NatGateway' + Properties: + SubnetId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet2Subnet26685AB7 + AllocationId: !GetAtt + - PrivateIntegrationsPeterCatVPCPublicSubnet2EIP40226FDB + - AllocationId + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PublicSubnet2 + PrivateIntegrationsPeterCatVPCPrivateSubnet1SubnetE5CDA06F: + Type: 'AWS::EC2::Subnet' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + AvailabilityZone: !Select + - 0 + - !GetAZs '' + CidrBlock: 10.0.128.0/18 + MapPublicIpOnLaunch: false + Tags: + - Key: 'aws-tutorial:subnet-name' + Value: Private + - Key: 'aws-tutorial:subnet-type' + Value: Private + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PrivateSubnet1 + PrivateIntegrationsPeterCatVPCPrivateSubnet1RouteTable2DE71EA5: + Type: 'AWS::EC2::RouteTable' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PrivateSubnet1 + PrivateIntegrationsPeterCatVPCPrivateSubnet1RouteTableAssociation0CFE385A: + Type: 'AWS::EC2::SubnetRouteTableAssociation' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet1RouteTable2DE71EA5 + SubnetId: !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet1SubnetE5CDA06F + PrivateIntegrationsPeterCatVPCPrivateSubnet1DefaultRouteAAEB83F7: + Type: 'AWS::EC2::Route' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet1RouteTable2DE71EA5 + DestinationCidrBlock: 0.0.0.0/0 + NatGatewayId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet1NATGatewayC5702CC8 + PrivateIntegrationsPeterCatVPCPrivateSubnet2SubnetA9278FA5: + Type: 'AWS::EC2::Subnet' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + AvailabilityZone: !Select + - 1 + - !GetAZs '' + CidrBlock: 10.0.192.0/18 + MapPublicIpOnLaunch: false + Tags: + - Key: 'aws-tutorial:subnet-name' + Value: Private + - Key: 'aws-tutorial:subnet-type' + Value: Private + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PrivateSubnet2 + PrivateIntegrationsPeterCatVPCPrivateSubnet2RouteTable6E1CF234: + Type: 'AWS::EC2::RouteTable' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + Tags: + - Key: Name + Value: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC/PrivateSubnet2 + PrivateIntegrationsPeterCatVPCPrivateSubnet2RouteTableAssociation7F682A6E: + Type: 'AWS::EC2::SubnetRouteTableAssociation' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet2RouteTable6E1CF234 + SubnetId: !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet2SubnetA9278FA5 + PrivateIntegrationsPeterCatVPCPrivateSubnet2DefaultRoute012406AE: + Type: 'AWS::EC2::Route' + Properties: + RouteTableId: !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet2RouteTable6E1CF234 + DestinationCidrBlock: 0.0.0.0/0 + NatGatewayId: !Ref PrivateIntegrationsPeterCatVPCPublicSubnet2NATGatewayE6EAEEAB + PrivateIntegrationsPeterCatVPCIGW3645F9D4: + Type: 'AWS::EC2::InternetGateway' + Properties: + Tags: + - Key: Name + Value: PrivateIntegrationsStack/PrivateIntegrationsPeterCatVPC + PrivateIntegrationsPeterCatVPCVPCGW514A8E2A: + Type: 'AWS::EC2::VPCGatewayAttachment' + Properties: + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + InternetGatewayId: !Ref PrivateIntegrationsPeterCatVPCIGW3645F9D4 + PrivateIntegrationsPeterCatCluster09C95435: + Type: 'AWS::ECS::Cluster' + PrivateIntegrationsPeterCatServiceLB8E9ECEA5: + Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' + Properties: + LoadBalancerAttributes: + - Key: deletion_protection.enabled + Value: 'false' + Scheme: internal + SecurityGroups: + - !GetAtt + - PrivateIntegrationsPeterCatServiceLBSecurityGroup22BA351A + - GroupId + Subnets: + - !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet1SubnetE5CDA06F + - !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet2SubnetA9278FA5 + Type: application + PrivateIntegrationsPeterCatServiceLBSecurityGroup22BA351A: + Type: 'AWS::EC2::SecurityGroup' + Properties: + GroupDescription: >- + Automatically created Security Group for ELB + PrivateIntegrationsStackPrivateIntegrationsPeterCatServiceLBCB8E0368 + SecurityGroupIngress: + - CidrIp: 0.0.0.0/0 + Description: Allow from anyone on port 80 + FromPort: 80 + IpProtocol: tcp + ToPort: 80 + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + PrivateIntegrationsPeterCatServiceLBSecurityGrouptoPrivateIntegrationsStackPrivateIntegrationsPeterCatServiceSecurityGroupD7C89143805EA68A3C: + Type: 'AWS::EC2::SecurityGroupEgress' + Properties: + GroupId: !GetAtt + - PrivateIntegrationsPeterCatServiceLBSecurityGroup22BA351A + - GroupId + IpProtocol: tcp + Description: Load balancer to target + DestinationSecurityGroupId: !GetAtt + - PrivateIntegrationsPeterCatServiceSecurityGroup334FF7AF + - GroupId + FromPort: 80 + ToPort: 80 + PrivateIntegrationsPeterCatServiceLBPublicListener2554FECD: + Type: 'AWS::ElasticLoadBalancingV2::Listener' + Properties: + DefaultActions: + - TargetGroupArn: !Ref PrivateIntegrationsPeterCatServiceLBPublicListenerECSGroup0E6605DB + Type: forward + LoadBalancerArn: !Ref PrivateIntegrationsPeterCatServiceLB8E9ECEA5 + Port: 80 + Protocol: HTTP + PrivateIntegrationsPeterCatServiceLBPublicListenerECSGroup0E6605DB: + Type: 'AWS::ElasticLoadBalancingV2::TargetGroup' + Properties: + Port: 80 + Protocol: HTTP + TargetGroupAttributes: + - Key: stickiness.enabled + Value: 'false' + TargetType: ip + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + PrivateIntegrationsPeterCatServiceTaskDefTaskRole2B89439A: + Type: 'AWS::IAM::Role' + Properties: + AssumeRolePolicyDocument: + Statement: + - Action: 'sts:AssumeRole' + Effect: Allow + Principal: + Service: ecs-tasks.amazonaws.com + Version: 2012-10-17 + PrivateIntegrationsPeterCatServiceTaskDef914930A0: + Type: 'AWS::ECS::TaskDefinition' + Properties: + ContainerDefinitions: + - Essential: true + Image: '654654285942.dkr.ecr.ap-northeast-1.amazonaws.com/xuexiao:d1d5dfef1cb93227e56baad0742ee0b2ca3909f0' + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-group: !Ref PrivateIntegrationsPeterCatServiceTaskDefwebLogGroupBA8BE497 + awslogs-stream-prefix: PrivateIntegrationsPeterCatService + awslogs-region: !Ref 'AWS::Region' + Command: + - "uvicorn" + - "main:app" + - "--host" + - "0.0.0.0" + - "--port" + - "80" + - "--workers" + - "6" + Name: petercat-web + EnvironmentFiles: + - Type: s3 + Value: arn:aws:s3:::xuexiao-env-variables/production.env + RuntimePlatform: + - CpuArchitecture: "X86_64" + - OperatingSystemFamily: "LINUX" + PortMappings: + - ContainerPort: 80 + Protocol: tcp + Cpu: 2048 + Memory: 8192 + ExecutionRoleArn: !GetAtt + - PrivateIntegrationsPeterCatServiceTaskDefExecutionRoleC7103AEA + - Arn + Family: >- + PrivateIntegrationsStackPrivateIntegrationsPeterCatServiceTaskDefB5E162FC + NetworkMode: awsvpc + RequiresCompatibilities: + - FARGATE + TaskRoleArn: !GetAtt + - PrivateIntegrationsPeterCatServiceTaskDefTaskRole2B89439A + - Arn + PrivateIntegrationsPeterCatServiceTaskDefwebLogGroupBA8BE497: + Type: 'AWS::Logs::LogGroup' + UpdateReplacePolicy: Retain + DeletionPolicy: Retain + PrivateIntegrationsPeterCatServiceTaskDefExecutionRoleC7103AEA: + Type: 'AWS::IAM::Role' + Properties: + AssumeRolePolicyDocument: + Statement: + - Action: 'sts:AssumeRole' + Effect: Allow + Principal: + Service: ecs-tasks.amazonaws.com + Version: 2012-10-17 + ManagedPolicyArns: + - "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" + PrivateIntegrationsPeterCatServiceTaskDefExecutionRoleDefaultPolicy0F96072D: + Type: 'AWS::IAM::Policy' + Properties: + PolicyDocument: + Statement: + - Action: + - 'logs:CreateLogStream' + - 'logs:PutLogEvents' + Effect: Allow + Resource: !GetAtt + - PrivateIntegrationsPeterCatServiceTaskDefwebLogGroupBA8BE497 + - Arn + - Action: ecr:GetAuthorizationToken + Effect: Allow + Resource: '*' + - Sid: VisualEditor0 + Effect: Allow + Action: s3:GetObject + Resource: + - arn:aws:s3:::xuexiao-env-variables/preview.env + - arn:aws:s3:::xuexiao-env-variables/production.env + - Sid: VisualEditor1 + Effect: Allow + Action: s3:GetBucketLocation + Resource: + - arn:aws:s3:::xuexiao-env-variables + - arn:aws:s3:::xuexiao-env-variables/ + - arn:aws:s3:::xuexiao-env-variables/* + Version: 2012-10-17 + PolicyName: >- + PrivateIntegrationsPeterCatServiceTaskDefExecutionRoleDefaultPolicy0F96072D + Roles: + - !Ref PrivateIntegrationsPeterCatServiceTaskDefExecutionRoleC7103AEA + PrivateIntegrationsPeterCatService73010F72: + Type: 'AWS::ECS::Service' + Properties: + Cluster: !Ref PrivateIntegrationsPeterCatCluster09C95435 + DeploymentConfiguration: + MaximumPercent: 200 + MinimumHealthyPercent: 50 + DesiredCount: 2 + EnableECSManagedTags: false + HealthCheckGracePeriodSeconds: 60 + LaunchType: FARGATE + LoadBalancers: + - ContainerName: petercat-web + ContainerPort: 80 + TargetGroupArn: !Ref PrivateIntegrationsPeterCatServiceLBPublicListenerECSGroup0E6605DB + NetworkConfiguration: + AwsvpcConfiguration: + AssignPublicIp: DISABLED + SecurityGroups: + - !GetAtt + - PrivateIntegrationsPeterCatServiceSecurityGroup334FF7AF + - GroupId + Subnets: + - !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet1SubnetE5CDA06F + - !Ref PrivateIntegrationsPeterCatVPCPrivateSubnet2SubnetA9278FA5 + TaskDefinition: !Ref PrivateIntegrationsPeterCatServiceTaskDef914930A0 + DependsOn: + - PrivateIntegrationsPeterCatServiceLBPublicListenerECSGroup0E6605DB + - PrivateIntegrationsPeterCatServiceLBPublicListener2554FECD + PrivateIntegrationsPeterCatServiceSecurityGroup334FF7AF: + Type: 'AWS::EC2::SecurityGroup' + Properties: + GroupDescription: >- + PrivateIntegrationsStack/PrivateIntegrationsPeterCatService/Service/SecurityGroup + SecurityGroupEgress: + - CidrIp: 0.0.0.0/0 + Description: Allow all outbound traffic by default + IpProtocol: '-1' + VpcId: !Ref PrivateIntegrationsPeterCatVPCD20D58E8 + PrivateIntegrationsPeterCatServiceSecurityGroupfromPrivateIntegrationsStackPrivateIntegrationsPeterCatServiceLBSecurityGroup37A9AEF980935D99E0: + Type: 'AWS::EC2::SecurityGroupIngress' + Properties: + IpProtocol: tcp + Description: Load balancer to target + FromPort: 80 + GroupId: !GetAtt + - PrivateIntegrationsPeterCatServiceSecurityGroup334FF7AF + - GroupId + SourceSecurityGroupId: !GetAtt + - PrivateIntegrationsPeterCatServiceLBSecurityGroup22BA351A + - GroupId + ToPort: 80 +Outputs: + PrivateIntegrationsPeterCatServiceLoadBalancerDNSCBE42D83: + Value: !GetAtt + - PrivateIntegrationsPeterCatServiceLB8E9ECEA5 + - DNSName + PrivateIntegrationsPeterCatServiceServiceURLB6E59CA2: + Value: !Join + - '' + - - 'http://' + - !GetAtt + - PrivateIntegrationsPeterCatServiceLB8E9ECEA5 + - DNSName