Use nested CF template for Network Stack Extract common part of the network stack creation to a nested template. This change simplify code changes helps avoid code repetition. Feature: Issue 13151 Change-Id: I118404d6ca480f98b47532543d78aa0c74405916
diff --git a/Makefile.common b/Makefile.common index e5bf82a..5d5e7c8 100644 --- a/Makefile.common +++ b/Makefile.common
@@ -9,3 +9,4 @@ upload-common-templates: export AWS_PAGER=; aws s3api head-bucket --bucket $(TEMPLATE_BUCKET_NAME) 2>/dev/null || aws s3api create-bucket --bucket $(TEMPLATE_BUCKET_NAME) aws s3 cp ../common-templates/cf-gerrit-task-execution-role.yml s3://$(TEMPLATE_BUCKET_NAME)/ + aws s3 cp ../common-templates/cf-gerrit-network-stack.yml s3://$(TEMPLATE_BUCKET_NAME)/
diff --git a/common-templates/cf-gerrit-network-stack.yml b/common-templates/cf-gerrit-network-stack.yml new file mode 100644 index 0000000..4ea867b --- /dev/null +++ b/common-templates/cf-gerrit-network-stack.yml
@@ -0,0 +1,68 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: Deploy a service into an ECS cluster behind a public load balancer. + +Mappings: + # Hard values for the subnet masks. These masks define + # the range of internal IP addresses that can be assigned. + # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 + # There is the subnet which cover the ranges: + # + # 10.0.0.0 - 10.0.0.255 + SubnetConfig: + VPC: + CIDR: '10.0.0.0/16' + PublicOne: + CIDR: '10.0.0.0/24' +Resources: + VPC: + Type: AWS::EC2::VPC + Properties: + EnableDnsSupport: true + EnableDnsHostnames: true + CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] + + # Public subnets, where containers can have public IP addresses + PublicSubnetOne: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: + Fn::Select: + - 0 + - Fn::GetAZs: {Ref: 'AWS::Region'} + VpcId: !Ref 'VPC' + CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] + MapPublicIpOnLaunch: true + + # Setup networking resources for the public subnets. Containers + # in the public subnets have public IP addresses and the routing table + # sends network traffic via the internet gateway. + InternetGateway: + Type: AWS::EC2::InternetGateway + GatewayAttachement: + Type: AWS::EC2::VPCGatewayAttachment + Properties: + VpcId: !Ref 'VPC' + InternetGatewayId: !Ref 'InternetGateway' + PublicRouteTable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !Ref 'VPC' + PublicRoute: + Type: AWS::EC2::Route + DependsOn: GatewayAttachement + Properties: + RouteTableId: !Ref 'PublicRouteTable' + DestinationCidrBlock: '0.0.0.0/0' + GatewayId: !Ref 'InternetGateway' + PublicSubnetOneRouteTableAssociation: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref PublicSubnetOne + RouteTableId: !Ref PublicRouteTable +Outputs: + VPCRef: + Value: !Ref VPC + PublicSubnetOneRef: + Value: !Ref PublicSubnetOne + PublicOneCIDR: + Value: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']
diff --git a/dual-master/cf-cluster.yml b/dual-master/cf-cluster.yml index 8e49ead..3a70b84 100644 --- a/dual-master/cf-cluster.yml +++ b/dual-master/cf-cluster.yml
@@ -33,65 +33,7 @@ Description: An environment name used to build the log stream names Type: String Default: test -Mappings: - # Hard values for the subnet masks. These masks define - # the range of internal IP addresses that can be assigned. - # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 - # There is the subnet which cover the ranges: - # - # 10.0.0.0 - 10.0.0.255 - SubnetConfig: - VPC: - CIDR: '10.0.0.0/16' - PublicOne: - CIDR: '10.0.0.0/24' Resources: - VPC: - Type: AWS::EC2::VPC - Properties: - EnableDnsSupport: true - EnableDnsHostnames: true - CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] - - # Public subnets, where containers can have public IP addresses - PublicSubnetOne: - Type: AWS::EC2::Subnet - Properties: - AvailabilityZone: - Fn::Select: - - 0 - - Fn::GetAZs: {Ref: 'AWS::Region'} - VpcId: !Ref 'VPC' - CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] - MapPublicIpOnLaunch: true - - # Setup networking resources for the public subnets. Containers - # in the public subnets have public IP addresses and the routing table - # sends network traffic via the internet gateway. - InternetGateway: - Type: AWS::EC2::InternetGateway - GatewayAttachement: - Type: AWS::EC2::VPCGatewayAttachment - Properties: - VpcId: !Ref 'VPC' - InternetGatewayId: !Ref 'InternetGateway' - PublicRouteTable: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref 'VPC' - PublicRoute: - Type: AWS::EC2::Route - DependsOn: GatewayAttachement - Properties: - RouteTableId: !Ref 'PublicRouteTable' - DestinationCidrBlock: '0.0.0.0/0' - GatewayId: !Ref 'InternetGateway' - PublicSubnetOneRouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - SubnetId: !Ref PublicSubnetOne - RouteTableId: !Ref PublicRouteTable - # ECS Resources ECSCluster: Type: AWS::ECS::Cluster @@ -100,7 +42,7 @@ Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Access to the ECS hosts that run containers - VpcId: !Ref 'VPC' + VpcId: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef SecurityGroupIngress: # Allow access to NLB from anywhere on the internet - CidrIp: 0.0.0.0/0 @@ -118,7 +60,7 @@ Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: - - !Ref PublicSubnetOne + - !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef LaunchConfigurationName: !Ref 'ContainerInstances' MinSize: '1' MaxSize: !Ref 'MaxSize' @@ -289,19 +231,24 @@ Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref FileSystem - SubnetId: !Ref PublicSubnetOne + SubnetId: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef SecurityGroups: - !Ref MountTargetSecurityGroup MountTargetSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: - VpcId: !Ref 'VPC' + VpcId: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef GroupDescription: "Security group for mount target" SecurityGroupIngress: - IpProtocol: TCP FromPort: 2049 ToPort: 2049 - CidrIp: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] + CidrIp: !GetAtt ECSTaskNetworkStack.Outputs.PublicOneCIDR + ECSTaskNetworkStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://aws-gerrit-cf-templates.s3.amazonaws.com/cf-gerrit-network-stack.yml + TimeoutInMinutes: '25' Outputs: ClusterName: @@ -311,11 +258,12 @@ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ClusterName' ] ] VPCId: Description: The ID of the VPC that this stack is deployed in - Value: !Ref 'VPC' + Value: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'VPCId' ] ] PublicSubnetOne: Description: Public subnet one - Value: !Ref 'PublicSubnetOne' + Value: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetOne' ] ] +
diff --git a/master-slave/cf-cluster.yml b/master-slave/cf-cluster.yml index 1f2e1e9..b5767a0 100644 --- a/master-slave/cf-cluster.yml +++ b/master-slave/cf-cluster.yml
@@ -33,65 +33,7 @@ Description: An environment name used to build the log stream names Type: String Default: test -Mappings: - # Hard values for the subnet masks. These masks define - # the range of internal IP addresses that can be assigned. - # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 - # There is the subnet which cover the ranges: - # - # 10.0.0.0 - 10.0.0.255 - SubnetConfig: - VPC: - CIDR: '10.0.0.0/16' - PublicOne: - CIDR: '10.0.0.0/24' Resources: - VPC: - Type: AWS::EC2::VPC - Properties: - EnableDnsSupport: true - EnableDnsHostnames: true - CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] - - # Public subnets, where containers can have public IP addresses - PublicSubnetOne: - Type: AWS::EC2::Subnet - Properties: - AvailabilityZone: - Fn::Select: - - 0 - - Fn::GetAZs: {Ref: 'AWS::Region'} - VpcId: !Ref 'VPC' - CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] - MapPublicIpOnLaunch: true - - # Setup networking resources for the public subnets. Containers - # in the public subnets have public IP addresses and the routing table - # sends network traffic via the internet gateway. - InternetGateway: - Type: AWS::EC2::InternetGateway - GatewayAttachement: - Type: AWS::EC2::VPCGatewayAttachment - Properties: - VpcId: !Ref 'VPC' - InternetGatewayId: !Ref 'InternetGateway' - PublicRouteTable: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref 'VPC' - PublicRoute: - Type: AWS::EC2::Route - DependsOn: GatewayAttachement - Properties: - RouteTableId: !Ref 'PublicRouteTable' - DestinationCidrBlock: '0.0.0.0/0' - GatewayId: !Ref 'InternetGateway' - PublicSubnetOneRouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - SubnetId: !Ref PublicSubnetOne - RouteTableId: !Ref PublicRouteTable - # ECS Resources ECSCluster: Type: AWS::ECS::Cluster @@ -247,6 +189,11 @@ - 'ecr:BatchGetImage' - 'ecr:GetDownloadUrlForLayer' Resource: '*' + ECSTaskNetworkStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://aws-gerrit-cf-templates.s3.amazonaws.com/cf-gerrit-network-stack.yml + TimeoutInMinutes: '25' Outputs: ClusterName: @@ -256,11 +203,11 @@ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ClusterName' ] ] VPCId: Description: The ID of the VPC that this stack is deployed in - Value: !Ref 'VPC' + Value: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'VPCId' ] ] PublicSubnetOne: Description: Public subnet one - Value: !Ref 'PublicSubnetOne' + Value: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetOne' ] ]
diff --git a/single-master/cf-cluster.yml b/single-master/cf-cluster.yml index 205da58..c020a07 100644 --- a/single-master/cf-cluster.yml +++ b/single-master/cf-cluster.yml
@@ -33,65 +33,7 @@ Description: An environment name that will be prefixed to resource names Type: String Default: test -Mappings: - # Hard values for the subnet masks. These masks define - # the range of internal IP addresses that can be assigned. - # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255 - # There is the subnet which cover the ranges: - # - # 10.0.0.0 - 10.0.0.255 - SubnetConfig: - VPC: - CIDR: '10.0.0.0/16' - PublicOne: - CIDR: '10.0.0.0/24' Resources: - VPC: - Type: AWS::EC2::VPC - Properties: - EnableDnsSupport: true - EnableDnsHostnames: true - CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] - - # Public subnets, where containers can have public IP addresses - PublicSubnetOne: - Type: AWS::EC2::Subnet - Properties: - AvailabilityZone: - Fn::Select: - - 0 - - Fn::GetAZs: {Ref: 'AWS::Region'} - VpcId: !Ref 'VPC' - CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] - MapPublicIpOnLaunch: true - - # Setup networking resources for the public subnets. Containers - # in the public subnets have public IP addresses and the routing table - # sends network traffic via the internet gateway. - InternetGateway: - Type: AWS::EC2::InternetGateway - GatewayAttachement: - Type: AWS::EC2::VPCGatewayAttachment - Properties: - VpcId: !Ref 'VPC' - InternetGatewayId: !Ref 'InternetGateway' - PublicRouteTable: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref 'VPC' - PublicRoute: - Type: AWS::EC2::Route - DependsOn: GatewayAttachement - Properties: - RouteTableId: !Ref 'PublicRouteTable' - DestinationCidrBlock: '0.0.0.0/0' - GatewayId: !Ref 'InternetGateway' - PublicSubnetOneRouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - SubnetId: !Ref PublicSubnetOne - RouteTableId: !Ref PublicRouteTable - # ECS Resources ECSCluster: Type: AWS::ECS::Cluster @@ -100,7 +42,7 @@ Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Access to the ECS hosts that run containers - VpcId: !Ref 'VPC' + VpcId: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef SecurityGroupIngress: # Allow access to NLB from anywhere on the internet - CidrIp: 0.0.0.0/0 @@ -118,7 +60,7 @@ Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: - - !Ref PublicSubnetOne + - !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef LaunchConfigurationName: !Ref 'ContainerInstances' MinSize: '1' MaxSize: !Ref 'MaxSize' @@ -223,6 +165,12 @@ - 'ecr:GetDownloadUrlForLayer' Resource: '*' + ECSTaskNetworkStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://aws-gerrit-cf-templates.s3.amazonaws.com/cf-gerrit-network-stack.yml + TimeoutInMinutes: '25' + Outputs: ClusterName: Description: The name of the ECS cluster @@ -231,11 +179,11 @@ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ClusterName' ] ] VPCId: Description: The ID of the VPC that this stack is deployed in - Value: !Ref 'VPC' + Value: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'VPCId' ] ] PublicSubnetOne: Description: Public subnet one - Value: !Ref 'PublicSubnetOne' + Value: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef Export: Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetOne' ] ]