Google Git
Sign in
gerrit / aws-gerrit / 918e405bd0ce3026d8064ea282b691f61d918801^! / .
commit918e405bd0ce3026d8064ea282b691f61d918801[log] [tgz]
authorAntonio Barone <syntonyze@gmail.com>Thu Dec 03 11:27:54 2020 +0100
committerAntonio Barone <syntonyze@gmail.com>Thu Dec 03 17:53:58 2020 +0000
tree3fc57aa20e73ca312df414a49c2d2854b44c0223
parentfbbb5a0809527bf81dd7928f3f14872deacd63a4 [diff]
Stop creating useless network stacks for dual-master

When network resources are NOT provided via the setup.env file then a
new VPC is created with its related components, such as subnets and IGW.

However, when network resources ARE provided externally via the
setup.env file, then the network stack doesn't do much except returning
the provided input values as output, for other stacks to consume.

This causes the creation of an empty stack, with no resources created,
but just outputs.

Prevent the creation of empty network stacks by checking the existence
of VPC related input parameters and skip the creation of the stack, when
they are defined.

Change-Id: Id822e1d80384f398d31f6178cf6458b08972c1e7

diff --git a/dual-master/cf-cluster.yml b/dual-master/cf-cluster.yml
index 841e7e0..b2a5be7 100644
--- a/dual-master/cf-cluster.yml
+++ b/dual-master/cf-cluster.yml

@@ -101,6 +101,11 @@
 Conditions:
   isProvisionedThroughput: !Equals [!Ref FileSystemThroughputMode, "provisioned"]
   CreateEFS: !Equals [!Ref FileSystemID, ""]
+  NetworkStackNeeded: !Or
+    - !Equals [!Ref VPCIdProp, ""]
+    - !And
+      - !Equals [!Ref InternetGatewayIdProp, ""]
+      - !Equals [!Ref SubnetIdProp, ""]
 
 Resources:
   # ECS Resources
@@ -111,7 +116,7 @@
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: Access to the ECS hosts that run containers
-      VpcId: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef
+      VpcId: !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.VPCRef, !Ref VPCIdProp]
       SecurityGroupIngress:
           # Allow access to NLB from anywhere on the internet
           - CidrIp: 0.0.0.0/0
@@ -127,7 +132,7 @@
     Type: AWS::AutoScaling::AutoScalingGroup
     Properties:
       VPCZoneIdentifier:
-        - !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef
+        - !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef, !Ref SubnetIdProp]
       LaunchConfigurationName: !Ref 'ReplicaLaunchConfiguration'
       MinSize: '1'
       MaxSize: '1'
@@ -168,7 +173,7 @@
     Type: AWS::AutoScaling::AutoScalingGroup
     Properties:
       VPCZoneIdentifier:
-        - !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef
+        - !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef, !Ref SubnetIdProp]
       LaunchConfigurationName: !Ref 'HAProxyLaunchConfiguration'
       MinSize: '2'
       MaxSize: !Ref HAProxyMaxCount
@@ -220,7 +225,7 @@
         EC2SecurityGroup: !Ref EcsHostSecurityGroup
         EC2InstanceProfile: !Ref EC2InstanceProfile
         FileSystem: !If [CreateEFS, !GetAtt GitFileSystemPermanentStack.Outputs.FileSystemID, !Ref FileSystemID ]
-        SubnetId: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef
+        SubnetId: !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef, !Ref SubnetIdProp]
         LogGroupName: !Ref AWS::StackName
         MasterMaxCount: !Ref MasterMaxCount
         GerritVolumeAttachMaxRetries: !Ref GerritVolumeAttachMaxRetries
@@ -245,7 +250,7 @@
         EC2SecurityGroup: !Ref EcsHostSecurityGroup
         EC2InstanceProfile: !Ref EC2InstanceProfile
         FileSystem: !If [CreateEFS, !GetAtt GitFileSystemPermanentStack.Outputs.FileSystemID, !Ref FileSystemID ]
-        SubnetId: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef
+        SubnetId: !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef, !Ref SubnetIdProp]
         LogGroupName: !Ref AWS::StackName
         MasterMaxCount: !Ref MasterMaxCount
         GerritVolumeAttachMaxRetries: !Ref GerritVolumeAttachMaxRetries
@@ -306,13 +311,14 @@
       Parameters:
         FileSystemThroughputMode: !Ref FileSystemThroughputMode
         ProvisionedThroughputInMibps: !Ref ProvisionedThroughputInMibps
-        PublicSubnet: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef
-        SecurityGroupVPCID: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef
-        SecurityGroupCidrIp: !GetAtt ECSTaskNetworkStack.Outputs.PublicOneCIDR
+        PublicSubnet: !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef, !Ref SubnetIdProp]
+        SecurityGroupVPCID: !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.VPCRef, !Ref VPCIdProp]
+        SecurityGroupCidrIp: !Ref SubnetCIDR
 
   ECSTaskNetworkStack:
     Type: AWS::CloudFormation::Stack
     DeletionPolicy: Retain
+    Condition: NetworkStackNeeded
     Properties:
       TemplateURL: !Join [ '', ['https://', !Ref TemplateBucketName, '.s3.amazonaws.com/cf-gerrit-network-stack.yml'] ]
       TimeoutInMinutes: '25'
@@ -331,12 +337,12 @@
       Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ClusterName' ] ]
   VPCId:
     Description: The ID of the VPC that this stack is deployed in
-    Value: !GetAtt ECSTaskNetworkStack.Outputs.VPCRef
+    Value: !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.VPCRef, !Ref VPCIdProp]
     Export:
       Name: !Join [ ':', [ !Ref 'AWS::StackName', 'VPCId' ] ]
   PublicSubnetOne:
     Description: Public subnet one
-    Value: !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef
+    Value: !If [NetworkStackNeeded, !GetAtt ECSTaskNetworkStack.Outputs.PublicSubnetOneRef, !Ref SubnetIdProp]
     Export:
       Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetOne' ] ]