public MyStack()
{
var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
},
},
new Aws.Inputs.GetAmiFilterArgs
{
Name = "virtualization-type",
Values =
{
"hvm",
},
},
},
MostRecent = true,
Owners =
{
"099720109477",
},
}));
var asConf = new Aws.Ec2.LaunchConfiguration("asConf", new Aws.Ec2.LaunchConfigurationArgs
{
ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),
InstanceType = "t2.micro",
});
}
private static void ConfigureEcsCluster()
{
cluster = new Ecs.Cluster($"{baseName}-cluster", null, new CustomResourceOptions());
// Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
var webSg = new Ec2.SecurityGroup($"{baseName}-web-sg", new Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" },
},
},
Ingress =
{
new Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" },
},
},
});
// Create an IAM role that can be used by our service's task.
var taskExecRole = new Iam.Role($"{baseName}-task-exec-role", new Iam.RoleArgs
{
AssumeRolePolicy = File.ReadAllText("perm.json"),
});
var taskExecAttach = new Iam.RolePolicyAttachment($"{baseName}-task-exec-policy", new Iam.RolePolicyAttachmentArgs
{
Role = taskExecRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
});
// Create a load balancer to listen for HTTP traffic on port 80.
var webLb = new Elb.LoadBalancer($"{baseName}-web-lb", new Elb.LoadBalancerArgs
{
Subnets = new InputList <string>()
{
subnetId, subnetTwoId
},
SecurityGroups = { webSg.Id },
});
var webTg = new Elb.TargetGroup($"{baseName}-web-tg", new Elb.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpcId,
});
var webListener = new Elb.Listener($"{baseName}-web-listener", new Elb.ListenerArgs
{
LoadBalancerArn = webLb.Arn,
Port = 80,
DefaultActions =
{
new Elb.Inputs.ListenerDefaultActionsArgs
{
Type = "forward",
TargetGroupArn = webTg.Arn,
},
},
});
var launchConfig = new Ec2.LaunchConfiguration($"{baseName}-launchconfig", new Ec2.LaunchConfigurationArgs()
{
ImageId = "ami-a1491ad2",
InstanceType = "t2.nano",
AssociatePublicIpAddress = true,
SecurityGroups = webSg.Id,
});
var scalingGroup = new Group($"{baseName}-autoscaling", new GroupArgs()
{
AvailabilityZones = new InputList <string>()
{
"eu-west-1a", "eu-west-1b"
},
VpcZoneIdentifiers = new InputList <string>()
{
subnetId, subnetTwoId
},
DesiredCapacity = 1,
LaunchConfiguration = launchConfig.Id,
MaxSize = 1,
MinSize = 0,
});
// Spin up a load balanced service running our container image.
var appTask = new Ecs.TaskDefinition($"{baseName}-app-task", new Ecs.TaskDefinitionArgs
{
Family = "fargate-task-definition",
Cpu = "256",
Memory = "512",
NetworkMode = "awsvpc",
RequiresCompatibilities = { "FARGATE", "EC2" },
ExecutionRoleArn = taskExecRole.Arn,
ContainerDefinitions = @"[{
""name"": ""my-app"",
""image"": ""nginx"",
""portMappings"": [{
""containerPort"": 80,
""hostPort"": 80,
""protocol"": ""tcp""
}]
}]",
});
var ec2Svc = new Ecs.Service($"{baseName}-ec2-svc", new Ecs.ServiceArgs()
{
Cluster = cluster.Arn,
DesiredCount = 1,
LaunchType = "EC2",
TaskDefinition = appTask.Arn,
NetworkConfiguration = new Ecs.Inputs.ServiceNetworkConfigurationArgs
{
Subnets = new InputList <string>()
{
subnetId, subnetTwoId
},
SecurityGroups = { webSg.Id },
},
LoadBalancers =
{
new Ecs.Inputs.ServiceLoadBalancersArgs
{
TargetGroupArn = webTg.Arn,
ContainerName = "my-app",
ContainerPort = 80,
},
},
}, new CustomResourceOptions {
DependsOn = { webListener }
});
}
