Exemple #1
0
    public MyStack()
    {
        var foo = new Aws.Ecr.Repository("foo", new Aws.Ecr.RepositoryArgs
        {
        });
        var foopolicy = new Aws.Ecr.LifecyclePolicy("foopolicy", new Aws.Ecr.LifecyclePolicyArgs
        {
            Policy     = @"{
    ""rules"": [
        {
            ""rulePriority"": 1,
            ""description"": ""Keep last 30 images"",
            ""selection"": {
                ""tagStatus"": ""tagged"",
                ""tagPrefixList"": [""v""],
                ""countType"": ""imageCountMoreThan"",
                ""countNumber"": 30
            },
            ""action"": {
                ""type"": ""expire""
            }
        }
    ]
}

",
            Repository = foo.Name,
        });
    }
Exemple #2
0
    public MyStack()
    {
        var foo = new Aws.Ecr.Repository("foo", new Aws.Ecr.RepositoryArgs
        {
        });
        var foopolicy = new Aws.Ecr.LifecyclePolicy("foopolicy", new Aws.Ecr.LifecyclePolicyArgs
        {
            Policy     = @"{
    ""rules"": [
        {
            ""rulePriority"": 1,
            ""description"": ""Expire images older than 14 days"",
            ""selection"": {
                ""tagStatus"": ""untagged"",
                ""countType"": ""sinceImagePushed"",
                ""countUnit"": ""days"",
                ""countNumber"": 14
            },
            ""action"": {
                ""type"": ""expire""
            }
        }
    ]
}

",
            Repository = foo.Name,
        });
    }
Exemple #3
0
 public MyStack()
 {
     var foo = new Aws.Ecr.Repository("foo", new Aws.Ecr.RepositoryArgs
     {
         ImageScanningConfiguration = new Aws.Ecr.Inputs.RepositoryImageScanningConfigurationArgs
         {
             ScanOnPush = true,
         },
         ImageTagMutability = "MUTABLE",
     });
 }
Exemple #4
0
    public MyStack()
    {
        var foo = new Aws.Ecr.Repository("foo", new Aws.Ecr.RepositoryArgs
        {
        });
        var foopolicy = new Aws.Ecr.RepositoryPolicy("foopolicy", new Aws.Ecr.RepositoryPolicyArgs
        {
            Policy     = @"{
    ""Version"": ""2008-10-17"",
    ""Statement"": [
        {
            ""Sid"": ""new policy"",
            ""Effect"": ""Allow"",
            ""Principal"": ""*"",
            ""Action"": [
                ""ecr:GetDownloadUrlForLayer"",
                ""ecr:BatchGetImage"",
                ""ecr:BatchCheckLayerAvailability"",
                ""ecr:PutImage"",
                ""ecr:InitiateLayerUpload"",
                ""ecr:UploadLayerPart"",
                ""ecr:CompleteLayerUpload"",
                ""ecr:DescribeRepositories"",
                ""ecr:GetRepositoryPolicy"",
                ""ecr:ListImages"",
                ""ecr:DeleteRepository"",
                ""ecr:BatchDeleteImage"",
                ""ecr:SetRepositoryPolicy"",
                ""ecr:DeleteRepositoryPolicy""
            ]
        }
    ]
}

",
            Repository = foo.Name,
        });
    }
Exemple #5
0
    public FargateStack()
    {
        // Read back the default VPC and public subnets, which we will use.
        var vpc = Output.Create(Ec2.GetVpc.InvokeAsync(new Ec2.GetVpcArgs {
            Default = true
        }));
        var vpcId  = vpc.Apply(vpc => vpc.Id);
        var subnet = vpcId.Apply(id => Ec2.GetSubnetIds.InvokeAsync(new Ec2.GetSubnetIdsArgs {
            VpcId = id
        }));
        var subnetIds = subnet.Apply(s => s.Ids);

        // Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
        var webSg = new Ec2.SecurityGroup("web-sg", new Ec2.SecurityGroupArgs
        {
            VpcId  = vpcId,
            Egress =
            {
                new Ec2.Inputs.SecurityGroupEgressArgs
                {
                    Protocol   = "-1",
                    FromPort   = 0,
                    ToPort     = 0,
                    CidrBlocks ={ "0.0.0.0/0"                  }
                }
            },
            Ingress =
            {
                new Ec2.Inputs.SecurityGroupIngressArgs
                {
                    Protocol   = "tcp",
                    FromPort   = 80,
                    ToPort     = 80,
                    CidrBlocks ={ "0.0.0.0/0"                  }
                }
            }
        });

        // Create an ECS cluster to run a container-based service.
        var cluster = new Ecs.Cluster("app-cluster");

        // Create an IAM role that can be used by our service's task.
        var taskExecRole = new Iam.Role("task-exec-role", new Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
    ""Sid"": """",
    ""Effect"": ""Allow"",
    ""Principal"": {
        ""Service"": ""ecs-tasks.amazonaws.com""
    },
    ""Action"": ""sts:AssumeRole""
}]
}"
        });
        var taskExecAttach = new Iam.RolePolicyAttachment("task-exec-policy", new Iam.RolePolicyAttachmentArgs
        {
            Role      = taskExecRole.Name,
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
        });

        // Create a load balancer to listen for HTTP traffic on port 80.
        var webLb = new Elb.LoadBalancer("web-lb", new Elb.LoadBalancerArgs
        {
            Subnets        = subnetIds,
            SecurityGroups = { webSg.Id }
        });
        var webTg = new Elb.TargetGroup("web-tg", new Elb.TargetGroupArgs
        {
            Port       = 80,
            Protocol   = "HTTP",
            TargetType = "ip",
            VpcId      = vpcId
        });
        var webListener = new Elb.Listener("web-listener", new Elb.ListenerArgs
        {
            LoadBalancerArn = webLb.Arn,
            Port            = 80,
            DefaultActions  =
            {
                new Elb.Inputs.ListenerDefaultActionArgs
                {
                    Type           = "forward",
                    TargetGroupArn = webTg.Arn,
                }
            }
        });

        // Create a private ECR registry and build and publish our app's container image to it.
        var appRepo            = new Ecr.Repository("app-repo");
        var appRepoCredentials = appRepo.RegistryId.Apply(async rid =>
        {
            var credentials = await Ecr.GetCredentials.InvokeAsync(new Ecr.GetCredentialsArgs {
                RegistryId = rid
            });
            var data = Convert.FromBase64String(credentials.AuthorizationToken);
            return(Encoding.UTF8.GetString(data).Split(":").ToImmutableArray());
        });
        var image = new Docker.Image("app-img", new Docker.ImageArgs
        {
            Build     = "../App",
            ImageName = appRepo.RepositoryUrl,
            Registry  = new Docker.ImageRegistry
            {
                Server   = appRepo.RepositoryUrl,
                Username = appRepoCredentials.GetAt(0),
                Password = appRepoCredentials.GetAt(1)
            }
        });

        // Spin up a load balanced service running our container image.
        var appTask = new Ecs.TaskDefinition("app-task", new Ecs.TaskDefinitionArgs
        {
            Family                  = "fargate-task-definition",
            Cpu                     = "256",
            Memory                  = "512",
            NetworkMode             = "awsvpc",
            RequiresCompatibilities = { "FARGATE" },
            ExecutionRoleArn        = taskExecRole.Arn,
            ContainerDefinitions    = image.ImageName.Apply(imageName => @"[{
""name"": ""my-app"",
""image"": """ + imageName + @""",
""portMappings"": [{
    ""containerPort"": 80,
    ""hostPort"": 80,
    ""protocol"": ""tcp""
}]
}]")
        });
        var appSvc = new Ecs.Service("app-svc", new Ecs.ServiceArgs
        {
            Cluster              = cluster.Arn,
            DesiredCount         = 3,
            LaunchType           = "FARGATE",
            TaskDefinition       = appTask.Arn,
            NetworkConfiguration = new Ecs.Inputs.ServiceNetworkConfigurationArgs
            {
                AssignPublicIp = true,
                Subnets        = subnetIds,
                SecurityGroups = { webSg.Id }
            },
            LoadBalancers =
            {
                new Ecs.Inputs.ServiceLoadBalancerArgs
                {
                    TargetGroupArn = webTg.Arn,
                    ContainerName  = "my-app",
                    ContainerPort  = 80
                }
            }
        }, new CustomResourceOptions {
            DependsOn = { webListener }
        });

        // Export the resulting web address.
        this.Url = Output.Format($"http://{webLb.DnsName}");
    }