| AWSTemplateFormatVersion: '2010-09-09' |
| Description: Deploy a service into an ECS cluster behind a public load balancer. |
| Parameters: |
| GerritServiceName: |
| Type: String |
| Default: gerrit-replica |
| GitDaemonServiceName: |
| Type: String |
| Default: gerrit-git-daemon |
| GitSSHServiceName: |
| Type: String |
| Default: gerrit-git-ssh |
| ClusterStackName: |
| Description: Stack name of the ECS cluster to deply the serivces |
| Type: String |
| Default: gerrit-cluster |
| TemplateBucketName: |
| Description: S3 bucket containing cloudformation templates |
| Type: String |
| EnvironmentName: |
| Description: An environment name used to build the log stream names |
| Type: String |
| Default: test |
| GerritDockerImage: |
| Description: Gerrit official Docker image |
| Type: String |
| Default: aws-gerrit/gerrit:latest |
| GitDaemonDockerImage: |
| Description: Git daemon Docker image |
| Type: String |
| Default: aws-gerrit/git-daemon:latest |
| GitSSHDockerImage: |
| Description: Git SSH Docker image |
| Type: String |
| Default: aws-gerrit/git-ssh:latest |
| DockerRegistryUrl: |
| Description: Docker registry URL |
| Type: String |
| HTTPHostPort: |
| Description: Gerrit Host HTTP port |
| Type: Number |
| Default: 9080 |
| HTTPContainePort: |
| Description: Gerrit Container HTTP port |
| Type: Number |
| Default: 8080 |
| HTTPSPort: |
| Description: Gerrit HTTPS port |
| Type: Number |
| Default: 443 |
| SSHHostPort: |
| Description: Gerrit SSH port |
| Type: Number |
| Default: 39418 |
| SSHContainerPort: |
| Description: Gerrit SSH port |
| Type: Number |
| Default: 29418 |
| GitPort: |
| Description: Git daemon port |
| Type: Number |
| Default: 9418 |
| GitSSHPort: |
| Description: Git ssh port |
| Type: Number |
| Default: 1022 |
| GitSSHContainerPort: |
| Description: Git ssh port |
| Type: Number |
| Default: 22 |
| CertificateArn: |
| Description: SSL Certificates ARN |
| Type: String |
| HostedZoneName: |
| Description: The route53 HostedZoneName. |
| Type: String |
| HttpSubdomain: |
| Description: The subdomain of the Gerrit loadbalancer serving HTTP traffic for replicas |
| Type: String |
| Default: gerrit-http-replica-demo |
| SshSubdomain: |
| Description: The subdomain of the Gerrit loadbalancer serving SSH traffic for replicas |
| Type: String |
| Default: gerrit-ssh-replica-demo |
| LoadBalancerScheme: |
| Description: Load Balancer schema, The nodes of an Internet-facing load balancer have public IP addresses. |
| Type: String |
| Default: internet-facing |
| AllowedValues: [internal, internet-facing] |
| GerritGitVolume: |
| Description: Gerrit git volume name |
| Type: String |
| Default: gerrit-git-replica |
| GerritDataVolume: |
| Description: Gerrit data volume name |
| Type: String |
| Default: gerrit-data-replica |
| GerritCacheVolume: |
| Description: Gerrit cache volume name |
| Type: String |
| Default: gerrit-cache-replica |
| GerritDbVolume: |
| Description: Gerrit db volume name |
| Type: String |
| Default: gerrit-db-replica |
| GerritLogsVolume: |
| Description: Gerrit logs volume name |
| Type: String |
| Default: gerrit-logs-replica |
| GerritKeyPrefix: |
| Description: Gerrit credentials keys prefix |
| Type: String |
| GerritRAM: |
| Description: RAM to allocate to the Gerrit container |
| Type: Number |
| Default: 6000 |
| GerritCPU: |
| Description: vCPU to allocate to the Gerrit container |
| Type: Number |
| Default: 1024 |
| GerritHeapLimit: |
| Description: Gerrit Heap limit |
| Type: String |
| Default: 6g |
| FileDescriptorsSoftLimit: |
| Description: The soft limit for file descriptors allowed in the Gerrit container |
| Type: Number |
| Default: 1024 |
| FileDescriptorsHardLimit: |
| Description: The hard limit for file descriptors allowed in the Gerrit container |
| Type: Number |
| Default: 1024 |
| JgitCacheSize: |
| Description: JGit cache size |
| Type: String |
| Default: 3g |
| JgitOpenFiles: |
| Description: Maximum number of pack files to have open at once |
| Type: Number |
| Default: 128 |
| LDAPServer: |
| Description: LDAP server URL |
| Type: String |
| LDAPUsername: |
| Description: Username to bind to the LDAP server with |
| Type: String |
| LDAPAccountBase: |
| Description: Root of the tree containing all user accounts |
| Type: String |
| LDAPGroupBase: |
| Description: Root of the tree containing all group objects |
| Type: String |
| LDAPAccountPattern: |
| Description: Query pattern to use when searching for a user account |
| Type: String |
| Default: (&(objectClass=person)(uid=${username})) |
| InstanceId: |
| Description: Optional identifier for the Gerrit instance |
| Type: String |
| Default: gerrit-primary-replica-REPLICA |
| MetricsCloudwatchEnabled: |
| Description: Whether gerrit metrics should be published to cloudwatch |
| Type: String |
| Default: false |
| AllowedValues: [true, false] |
| MetricsCloudwatchNamespace: |
| Description: The CloudWatch namespace for Gerrit metrics |
| Type: String |
| Default: gerrit |
| MetricsCloudwatchRate: |
| Description: The rate at which metrics should be fired to AWS |
| Type: String |
| Default: 60s |
| MetricsCloudwatchInitialDelay: |
| Description: The time to delay the first reporting execution |
| Type: String |
| Default: 0 |
| MetricsCloudwatchJVMEnabled: |
| Description: Whether JVM metrics shoiuld be published to cloudwatch |
| Type: String |
| Default: false |
| AllowedValues: [true, false] |
| MetricsCloudwatchDryRun: |
| Description: The reporter will log.DEBUG the metrics, instead of doing a real POST to CloudWatch |
| Type: String |
| Default: false |
| AllowedValues: [true, false] |
| MetricsCloudwatchExcludeMetrics: |
| Description: Comma separated list of regex patterns to exclude metrics reported to CloudWatch |
| Type: CommaDelimitedList |
| Default: '' |
| ReplicaAutoScalingMinCapacity: |
| Type: Number |
| Description: The minimum number of tasks that replicas should scale in to |
| Default: 1 |
| ReplicaAutoScalingDesiredCapacity: |
| Description: The desired number of replica tasks to run |
| Type: Number |
| Default: 1 |
| ReplicaAutoScalingMaxCapacity: |
| Type: Number |
| Description: The maximum number of tasks that replicas should scale out to |
| Default: 2 |
| ReplicaAutoScalingScaleInCooldown: |
| Type: Number |
| Description: The amount of time, in seconds, after a scale-in activity completes before another scale-in activity can start |
| Default: 300 |
| ReplicaAutoScalingScaleOutCooldown: |
| Type: Number |
| Description: The amount of time, in seconds, to wait for a previous scale-out activity to take effect. |
| Default: 300 |
| ReplicaAutoScalingTargetCPUPercentage: |
| Type: Number |
| Description: Aggregate CPU utilization target for auto-scaling |
| Default: 75.0 |
| EnableXray: |
| Description: Whether to enable X-Ray tracing for replicas |
| Type: String |
| Default: false |
| AllowedValues: [true, false] |
| |
| Mappings: |
| XRay: |
| Info: |
| ContainerName: xray-daemon |
| Port: 2000 |
| |
| Conditions: |
| ShouldEnableXRay: !Equals [!Ref EnableXray, true] |
| |
| Resources: |
| GerritService: |
| Type: AWS::ECS::Service |
| DependsOn: |
| - HTTPListener |
| - SSHListener |
| - GitListener |
| - GitSSHListener |
| Properties: |
| Cluster: |
| Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'ClusterName']] |
| CapacityProviderStrategy: |
| - CapacityProvider: !Sub '${ClusterStackName}-R' |
| Weight: 100 |
| DesiredCount: !Ref ReplicaAutoScalingDesiredCapacity |
| TaskDefinition: !Ref GerritTaskDefinition |
| LoadBalancers: |
| - ContainerName: !Ref GerritServiceName |
| ContainerPort: !Ref HTTPContainePort |
| TargetGroupArn: !Ref HTTPTargetGroup |
| - ContainerName: !Ref GerritServiceName |
| ContainerPort: !Ref SSHContainerPort |
| TargetGroupArn: !Ref SSHTargetGroup |
| - ContainerName: !Ref GitDaemonServiceName |
| ContainerPort: !Ref GitPort |
| TargetGroupArn: !Ref GitTargetGroup |
| - ContainerName: !Ref GitSSHServiceName |
| ContainerPort: !Ref GitSSHContainerPort |
| TargetGroupArn: !Ref GitSSHTargetGroup |
| |
| GerritTaskDefinition: |
| Type: AWS::ECS::TaskDefinition |
| Properties: |
| Family: !Join ['', [!Ref GerritServiceName, TaskDefinition]] |
| TaskRoleArn: !GetAtt ECSTaskExecutionRoleStack.Outputs.TaskExecutionRoleRef |
| ExecutionRoleArn: !GetAtt ECSTaskExecutionRoleStack.Outputs.TaskExecutionRoleRef |
| NetworkMode: bridge |
| PlacementConstraints: |
| - Expression: !Sub 'attribute:target_group == replica' |
| Type: "memberOf" |
| ContainerDefinitions: |
| - Name: !Ref GerritServiceName |
| Essential: true |
| Image: !Sub '${DockerRegistryUrl}/${GerritDockerImage}' |
| Environment: |
| - Name: XRAY_ENABLED |
| Value: !Ref EnableXray |
| - Name: AWS_XRAY_TRACING_NAME |
| Value: !Ref InstanceId |
| - Name: AWS_XRAY_DAEMON_ADDRESS |
| Value: !Join [':', [!FindInMap ['XRay', 'Info', 'ContainerName'], !FindInMap ['XRay', 'Info', 'Port']]] |
| - Name: CANONICAL_WEB_URL |
| Value: !Sub 'https://${HttpSubdomain}.${HostedZoneName}' |
| - Name: SSHD_ADVERTISED_ADDRESS |
| Value: !Sub '${SshSubdomain}.${HostedZoneName}:${SSHHostPort}' |
| - Name: HTTPD_LISTEN_URL |
| Value: !Sub 'proxy-https://*:${HTTPContainePort}/' |
| - Name: CONTAINER_REPLICA |
| Value: true |
| - Name: GERRIT_KEY_PREFIX |
| Value: !Ref GerritKeyPrefix |
| - Name: AWS_REGION |
| Value: !Ref AWS::Region |
| - Name: GERRIT_HEAP_LIMIT |
| Value: !Ref GerritHeapLimit |
| - Name: JGIT_CACHE_SIZE |
| Value: !Ref JgitCacheSize |
| - Name: JGIT_OPEN_FILES |
| Value: !Ref JgitOpenFiles |
| - Name: LDAP_SERVER |
| Value: !Ref LDAPServer |
| - Name: LDAP_USERNAME |
| Value: !Ref LDAPUsername |
| - Name: LDAP_ACCOUNT_BASE |
| Value: !Ref LDAPAccountBase |
| - Name: LDAP_GROUP_BASE |
| Value: !Ref LDAPGroupBase |
| - Name: LDAP_ACCOUNT_PATTERN |
| Value: !Ref LDAPAccountPattern |
| - Name: GERRIT_INSTANCE_ID |
| Value: !Ref InstanceId |
| - Name: METRICS_CLOUDWATCH_ENABLED |
| Value: !Ref MetricsCloudwatchEnabled |
| - Name: METRICS_CLOUDWATCH_NAMESPACE |
| Value: !Ref MetricsCloudwatchNamespace |
| - Name: METRICS_CLOUDWATCH_RATE |
| Value: !Ref MetricsCloudwatchRate |
| - Name: METRICS_CLOUDWATCH_INITIAL_DELAY |
| Value: !Ref MetricsCloudwatchInitialDelay |
| - Name: METRICS_CLOUDWATCH_JVM_ENABLED |
| Value: !Ref MetricsCloudwatchJVMEnabled |
| - Name: METRICS_CLOUDWATCH_DRY_RUN |
| Value: !Ref MetricsCloudwatchDryRun |
| - Name: METRICS_CLOUDWATCH_EXCLUDE_METRICS_LIST |
| Value: !Join [',', !Ref MetricsCloudwatchExcludeMetrics] |
| Ulimits: |
| - Name: nofile |
| HardLimit: !Ref FileDescriptorsHardLimit |
| SoftLimit: !Ref FileDescriptorsSoftLimit |
| MountPoints: |
| - SourceVolume: !Ref GerritGitVolume |
| ContainerPath: /var/gerrit/git |
| - SourceVolume: !Ref GerritDataVolume |
| ContainerPath: /var/gerrit/data |
| - SourceVolume: !Ref GerritCacheVolume |
| ContainerPath: /var/gerrit/cache |
| - SourceVolume: !Ref GerritDbVolume |
| ContainerPath: /var/gerrit/db |
| - SourceVolume: !Ref GerritLogsVolume |
| ContainerPath: /var/gerrit/logs |
| Cpu: !Ref GerritCPU |
| Memory: !Ref GerritRAM |
| PortMappings: |
| - ContainerPort: !Ref HTTPContainePort |
| HostPort: !Ref HTTPHostPort |
| Protocol: tcp |
| - ContainerPort: !Ref SSHContainerPort |
| HostPort: !Ref SSHHostPort |
| Protocol: tcp |
| LogConfiguration: |
| LogDriver: awslogs |
| Options: |
| awslogs-group: !Ref ClusterStackName |
| awslogs-region: !Ref AWS::Region |
| awslogs-stream-prefix: !Ref EnvironmentName |
| Links: |
| Fn::If: |
| - ShouldEnableXRay |
| - |
| - !FindInMap ['XRay', 'Info', 'ContainerName'] |
| - !Ref "AWS::NoValue" |
| - Name: !Ref GitDaemonServiceName |
| Essential: true |
| Image: !Sub '${DockerRegistryUrl}/${GitDaemonDockerImage}' |
| MountPoints: |
| - SourceVolume: !Ref GerritGitVolume |
| ContainerPath: /var/gerrit/git |
| Cpu: 256 |
| Memory: 512 |
| PortMappings: |
| - ContainerPort: !Ref GitPort |
| HostPort: !Ref GitPort |
| Protocol: tcp |
| LogConfiguration: |
| LogDriver: awslogs |
| Options: |
| awslogs-group: !Ref ClusterStackName |
| awslogs-region: !Ref AWS::Region |
| awslogs-stream-prefix: !Ref EnvironmentName |
| - Name: !Ref GitSSHServiceName |
| Essential: true |
| Image: !Sub '${DockerRegistryUrl}/${GitSSHDockerImage}' |
| Environment: |
| - Name: TZ |
| Value: US/Pacific |
| - Name: SSH_USERS |
| Value: gerrit:1000:1000 |
| - Name: AWS_REGION |
| Value: !Ref AWS::Region |
| - Name: GERRIT_KEY_PREFIX |
| Value: !Ref GerritKeyPrefix |
| MountPoints: |
| - SourceVolume: !Ref GerritGitVolume |
| ContainerPath: /var/gerrit/git |
| Cpu: 256 |
| Memory: 512 |
| PortMappings: |
| - ContainerPort: !Ref GitSSHContainerPort |
| HostPort: !Ref GitSSHPort |
| Protocol: tcp |
| LogConfiguration: |
| LogDriver: awslogs |
| Options: |
| awslogs-group: !Ref ClusterStackName |
| awslogs-region: !Ref AWS::Region |
| awslogs-stream-prefix: !Ref EnvironmentName |
| - Fn::If: |
| - ShouldEnableXRay |
| - Name: !FindInMap ['XRay', 'Info', 'ContainerName'] |
| Essential: false |
| Image: "amazon/aws-xray-daemon" |
| Cpu: 32 |
| MemoryReservation: 256 |
| PortMappings: |
| - HostPort: 2000 |
| ContainerPort: 2000 |
| Protocol: "udp" |
| - !Ref "AWS::NoValue" |
| Volumes: |
| - Name: !Ref 'GerritDbVolume' |
| DockerVolumeConfiguration: |
| Scope: shared |
| Autoprovision: true |
| Driver: local |
| Labels: |
| gerrit-db: !Join ['-', [!Ref EnvironmentName, !Ref GerritDbVolume]] |
| - Name: !Ref 'GerritGitVolume' |
| EFSVolumeConfiguration: |
| FilesystemId: |
| Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'ReplicaFileSystemID']] |
| - Name: !Ref 'GerritDataVolume' |
| DockerVolumeConfiguration: |
| Scope: shared |
| Autoprovision: true |
| Driver: local |
| Labels: |
| gerrit-data: !Join ['-', [!Ref EnvironmentName, !Ref GerritDataVolume]] |
| - Name: !Ref 'GerritCacheVolume' |
| DockerVolumeConfiguration: |
| Scope: shared |
| Autoprovision: true |
| Driver: local |
| Labels: |
| gerrit-cache: !Join ['-', [!Ref EnvironmentName, !Ref GerritCacheVolume]] |
| - Name: !Ref 'GerritLogsVolume' |
| DockerVolumeConfiguration: |
| Scope: shared |
| Autoprovision: true |
| Driver: local |
| Labels: |
| gerrit-logs: !Join ['-', [!Ref EnvironmentName, !Ref GerritLogsVolume]] |
| |
| ReplicaCPUAutoScaling: |
| Type: AWS::CloudFormation::Stack |
| Properties: |
| TemplateURL: !Join [ '', ['https://', !Ref TemplateBucketName, '.s3.amazonaws.com/cf-ecs-service-cpu-autoscaling.yml'] ] |
| TimeoutInMinutes: '5' |
| Parameters: |
| AutoScalingMinCapacity: !Ref ReplicaAutoScalingMinCapacity |
| AutoScalingDesiredCapacity: !Ref ReplicaAutoScalingDesiredCapacity |
| AutoScalingMaxCapacity: !Ref ReplicaAutoScalingMaxCapacity |
| AutoScalingScaleInCooldown: !Ref ReplicaAutoScalingScaleInCooldown |
| AutoScalingScaleOutCooldown: !Ref ReplicaAutoScalingScaleOutCooldown |
| AutoScalingTargetCPUPercentage: !Ref ReplicaAutoScalingTargetCPUPercentage |
| ResourceId: |
| !Join |
| - '' |
| - - 'service/' |
| - Fn::ImportValue: !Join [':', [!Ref 'ClusterStackName', 'ClusterName']] |
| - '/' |
| - !GetAtt GerritService.Name |
| |
| ReplicaHTTPLoadBalancerSG: |
| Type: AWS::EC2::SecurityGroup |
| Properties: |
| VpcId: |
| Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'VPCId']] |
| GroupDescription: "Allow public HTTPS traffic to replicas" |
| GroupName: !Sub '${ClusterStackName}-R-H' |
| SecurityGroupIngress: |
| - IpProtocol: 'tcp' |
| FromPort: !Ref HTTPSPort |
| ToPort: !Ref HTTPSPort |
| CidrIp: '0.0.0.0/0' |
| Description: "HTTPS connections from everywhere (IPv4)" |
| - IpProtocol: 'tcp' |
| FromPort: !Ref HTTPSPort |
| ToPort: !Ref HTTPSPort |
| CidrIpv6: '::/0' |
| Description: "HTTPS connections from everywhere (IPv6)" |
| |
| ReplicaHTTPLoadBalancer: |
| Type: AWS::ElasticLoadBalancingV2::LoadBalancer |
| Properties: |
| Name: !Sub '${ClusterStackName}-R-H' |
| Type: application |
| Scheme: !Ref 'LoadBalancerScheme' |
| SecurityGroups: |
| - !Ref ReplicaHTTPLoadBalancerSG |
| Subnets: |
| - Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'PublicSubnetOne']] |
| - Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'PublicSubnetTwo']] |
| Tags: |
| - Key: Name |
| Value: !Join ['-', [!Ref 'EnvironmentName', !Ref 'GerritServiceName', 'alb']] |
| |
| ReplicaSSHLoadBalancer: |
| Type: AWS::ElasticLoadBalancingV2::LoadBalancer |
| Properties: |
| Name: !Sub '${ClusterStackName}-R-S' |
| Type: network |
| Scheme: !Ref 'LoadBalancerScheme' |
| LoadBalancerAttributes: |
| - Key: 'load_balancing.cross_zone.enabled' |
| Value: true |
| Subnets: |
| - Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'PublicSubnetOne']] |
| - Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'PublicSubnetTwo']] |
| Tags: |
| - Key: Name |
| Value: !Join ['-', [!Ref 'EnvironmentName', !Ref 'GerritServiceName', 'nlb']] |
| |
| HTTPTargetGroup: |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup |
| DependsOn: ReplicaHTTPLoadBalancer |
| Properties: |
| VpcId: |
| Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'VPCId']] |
| Port: !Ref HTTPHostPort |
| Protocol: HTTP |
| HealthCheckPort: !Ref HTTPHostPort |
| HealthCheckProtocol: HTTP |
| HealthCheckPath: '/config/server/healthcheck~status' |
| Name: !Sub '${ClusterStackName}-R-H' |
| TargetGroupAttributes: |
| - Key: 'stickiness.enabled' |
| Value: true |
| - Key: 'stickiness.type' |
| Value: 'lb_cookie' |
| |
| HTTPListener: |
| Type: AWS::ElasticLoadBalancingV2::Listener |
| Properties: |
| Certificates: |
| - CertificateArn: !Ref CertificateArn |
| DefaultActions: |
| - Type: forward |
| TargetGroupArn: !Ref HTTPTargetGroup |
| LoadBalancerArn: !Ref ReplicaHTTPLoadBalancer |
| Port: !Ref HTTPSPort |
| Protocol: HTTPS |
| |
| SSHTargetGroup: |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup |
| DependsOn: ReplicaSSHLoadBalancer |
| Properties: |
| VpcId: |
| Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'VPCId']] |
| Port: !Ref SSHHostPort |
| Protocol: TCP |
| HealthCheckPort: !Ref HTTPHostPort |
| HealthCheckProtocol: HTTP |
| HealthCheckPath: '/config/server/healthcheck~status' |
| Name: !Sub '${ClusterStackName}-R-S' |
| |
| SSHListener: |
| Type: AWS::ElasticLoadBalancingV2::Listener |
| Properties: |
| DefaultActions: |
| - Type: forward |
| TargetGroupArn: !Ref SSHTargetGroup |
| LoadBalancerArn: !Ref ReplicaSSHLoadBalancer |
| Port: !Ref SSHHostPort |
| Protocol: TCP |
| |
| GitTargetGroup: |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup |
| DependsOn: ReplicaSSHLoadBalancer |
| Properties: |
| VpcId: |
| Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'VPCId']] |
| Port: !Ref GitPort |
| Protocol: TCP |
| |
| GitListener: |
| Type: AWS::ElasticLoadBalancingV2::Listener |
| Properties: |
| DefaultActions: |
| - Type: forward |
| TargetGroupArn: !Ref GitTargetGroup |
| LoadBalancerArn: !Ref ReplicaSSHLoadBalancer |
| Port: !Ref GitPort |
| Protocol: TCP |
| |
| GitSSHTargetGroup: |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup |
| DependsOn: ReplicaSSHLoadBalancer |
| Properties: |
| VpcId: |
| Fn::ImportValue: |
| !Join [':', [!Ref 'ClusterStackName', 'VPCId']] |
| Port: !Ref GitSSHPort |
| Protocol: TCP |
| |
| GitSSHListener: |
| Type: AWS::ElasticLoadBalancingV2::Listener |
| Properties: |
| DefaultActions: |
| - Type: forward |
| TargetGroupArn: !Ref GitSSHTargetGroup |
| LoadBalancerArn: !Ref ReplicaSSHLoadBalancer |
| Port: !Ref GitSSHPort |
| Protocol: TCP |
| |
| ReplicaSSHDnsRecord: |
| Type: AWS::Route53::RecordSet |
| Properties: |
| Name: !Sub '${SshSubdomain}.${HostedZoneName}' |
| HostedZoneName: !Sub '${HostedZoneName}.' |
| Comment: DNS name for Load Balancer serving SSH requests to gerrit replicas |
| Type: A |
| AliasTarget: |
| DNSName: !GetAtt 'ReplicaSSHLoadBalancer.DNSName' |
| HostedZoneId: !GetAtt 'ReplicaSSHLoadBalancer.CanonicalHostedZoneID' |
| EvaluateTargetHealth: False |
| |
| ReplicaHTTPDnsRecord: |
| Type: AWS::Route53::RecordSet |
| Properties: |
| Name: !Sub '${HttpSubdomain}.${HostedZoneName}' |
| HostedZoneName: !Sub '${HostedZoneName}.' |
| Comment: DNS name for Load Balancer serving HTTP requests to gerrit replicas |
| Type: A |
| AliasTarget: |
| DNSName: !GetAtt 'ReplicaHTTPLoadBalancer.DNSName' |
| HostedZoneId: !GetAtt 'ReplicaHTTPLoadBalancer.CanonicalHostedZoneID' |
| EvaluateTargetHealth: False |
| |
| ECSTaskExecutionRoleStack: |
| Type: AWS::CloudFormation::Stack |
| Properties: |
| TemplateURL: !Join [ '', ['https://', !Ref TemplateBucketName, '.s3.amazonaws.com/cf-gerrit-task-execution-role.yml'] ] |
| TimeoutInMinutes: '5' |
| |
| Outputs: |
| ######## |
| # HTTP # |
| ######## |
| ReplicaHTTPLoadBalancerDNSName: |
| Description: The DNS name of the replica HTTP load balancer |
| Value: !GetAtt 'ReplicaHTTPLoadBalancer.DNSName' |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ReplicaHTTPLoadBalancerDNSName' ] ] |
| ReplicaHTTPCanonicalHostedZoneID: |
| Description: Canonical Hosted Zone ID of the replica HTTP load balancer |
| Value: !GetAtt 'ReplicaHTTPLoadBalancer.CanonicalHostedZoneID' |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ReplicaHTTPCanonicalHostedZoneID' ] ] |
| ReplicaHTTPLoadBalancerUrl: |
| Description: The url of the replica HTTP load balancer |
| Value: !Join ['', ['http://', !GetAtt 'ReplicaHTTPLoadBalancer.DNSName']] |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ReplicaHTTPLoadBalancerUrl' ] ] |
| ####### |
| # SSH # |
| ####### |
| ReplicaSSHLoadBalancerDNSName: |
| Description: The DNS name of the replica SSH load balancer |
| Value: !GetAtt 'ReplicaSSHLoadBalancer.DNSName' |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ReplicaSSHLoadBalancerDNSName' ] ] |
| ReplicaSSHCanonicalHostedZoneID: |
| Description: Canonical Hosted Zone ID of the replica SSH load balancer |
| Value: !GetAtt 'ReplicaSSHLoadBalancer.CanonicalHostedZoneID' |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ReplicaSSHCanonicalHostedZoneID' ] ] |
| ReplicaSSHLoadBalancerUrl: |
| Description: The url of the replica SSH load balancer |
| Value: !Join ['', ['http://', !GetAtt 'ReplicaSSHLoadBalancer.DNSName']] |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ReplicaSSHLoadBalancerUrl' ] ] |
| ####### |
| # DNS # |
| ####### |
| HostedZoneName: |
| Description: Route53 Hosted Zone name |
| Value: !Ref HostedZoneName |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'HostedZoneName' ] ] |
| HttpSubdomain: |
| Description: Service DNS subdomain for replicas HTTP traffic |
| Value: !Ref HttpSubdomain |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'HttpSubdomain' ] ] |
| SshSubdomain: |
| Description: Service DNS subdomain for replicas SSH traffic |
| Value: !Ref SshSubdomain |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'SshSubdomain' ] ] |
| CanonicalWebUrl: |
| Description: Canonical Web URL |
| Value: !Sub 'https://${HttpSubdomain}.${HostedZoneName}' |
| Export: |
| Name: !Join [ ':', [ !Ref 'AWS::StackName', 'CanonicalWebUrl' ] ] |