DEV Community: Hein Htet Win The latest articles on DEV Community by Hein Htet Win (@heinhtetwin). https://dev.to/heinhtetwin https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1028103%2Fc785311d-33a6-49d6-b67b-861787779f3a.jpg DEV Community: Hein Htet Win https://dev.to/heinhtetwin en Deploying a 2048 Game Application on ECS in an automated way Hein Htet Win Sat, 05 Apr 2025 15:56:54 +0000 https://dev.to/aws-builders/deploying-a-2048-game-application-on-ecs-in-an-automated-way-3o72 https://dev.to/aws-builders/deploying-a-2048-game-application-on-ecs-in-an-automated-way-3o72 <p><strong>In this article, we will learn about how to automate the deployment of a simple game 2048 application in a containerized environment using AWS ECS combined with AWS CloudFormation for Infrastructure-as-code template.</strong></p> <h2> <strong>Why This Architecture?</strong> </h2> <ul> <li><p><strong>AWS ECS</strong>: Managed container orchestration for scalable deployments in AWS environment.</p></li> <li><p><strong>CloudFormation</strong>: Infrastructure-as-Code (IaC) for repeatable, version-controlled setups.</p></li> <li><p><strong>Automation</strong>: By combining the use of AWS CloudFormation and ECS, we can automate the entire process of launching resources and deploying services.</p></li> <li><p><strong>Cost Efficiency</strong>: Pay only for resources used (ALB, ECS tasks, ECR storage).</p></li> </ul> <h2> <strong>Prerequisites</strong> </h2> <ol> <li><p>An active AWS account with CLI or GUI access.</p></li> <li><p>A S3 bucket to store your template files.</p></li> <li><p>Docker installed locally (if you want to test in local first)</p></li> <li><p>Basic knowledge of YAML and containers.</p></li> </ol> <h2> Architecture Diagram </h2> <p>Below is high-level overview diagram of architecture which we will deploy on this blog post:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2hwczns68nm0b3k2vkn0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2hwczns68nm0b3k2vkn0.png" alt="Architecture Diagram" width="800" height="618"></a></p> <h2> Step-by-step Implementation </h2> <p>In this stage, we will perform a step-by-step implementation guide and walk you through the process of creating YAML files for CloudFormation and actually deploying an open-source docker image for 2048 game application.</p> <h3> Step 0: Create a S3 bucket to store your child templates </h3> <p>Before doing anything else, we will first create a s3 bucket to store our CloudFormation templates that will later be referenced from the parent stack in a nested stack fashion.</p> <p>I will just go into AWS console and create s3 bucket like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fleywco8hbg44j7ulpkzc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fleywco8hbg44j7ulpkzc.png" alt="S3 bucket create" width="800" height="352"></a></p> <p>After creating S3 bucket for storage, we will move onto creating CF template files that we will use in this tutorial.</p> <h3> Step 1: Create a CloudFormation YAML template for based resources like VPC, ECS cluster and ECR repo </h3> <p>First thing first, we will create a stack named <code>base.yaml</code> with following content for creating necessary base resources like:</p> <ul> <li><p>a VPC with two public subnets, two private subnets and a NAT Gateway for internet connection from private subnets.</p></li> <li><p>an ECS cluster with <code>FARGATE</code> and <code>FARGATE_SPOT</code> capacity provider for serverless computing.</p></li> <li><p>a private ECR repository for storing application container image with proper lifecycle policy defined.<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Description</span><span class="pi">:</span> <span class="pi">&gt;-</span> <span class="s">CloudFormation template for VPC with public/private subnets, ECS Cluster, and ECR Repository</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">VpcCidr</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">CIDR block for the VPC</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PublicSubnet1Cidr</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">CIDR block for Public Subnet </span><span class="m">1</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PublicSubnet2Cidr</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">CIDR block for Public Subnet </span><span class="m">2</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PrivateSubnet1Cidr</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">CIDR block for Private Subnet </span><span class="m">1</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PrivateSubnet2Cidr</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">CIDR block for Private Subnet </span><span class="m">2</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">ClusterName</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Name for the ECS Cluster</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">ECRRepoName</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Name for the ECR Repository</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># VPC Configuration</span> <span class="na">Vpc</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VpcCidr</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-vpc</span> <span class="c1"># Internet Gateway</span> <span class="na">InternetGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::InternetGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-igw</span> <span class="na">GatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">InternetGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InternetGateway</span> <span class="c1"># Public Subnets</span> <span class="na">PublicSubnet1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnet1Cidr</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span><span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-public-subnet-1</span> <span class="na">PublicSubnet2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnet2Cidr</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span><span class="nv">1</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-public-subnet-2</span> <span class="c1"># Private Subnets</span> <span class="na">PrivateSubnet1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnet1Cidr</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span><span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-private-subnet-1</span> <span class="na">PrivateSubnet2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnet2Cidr</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span><span class="nv">1</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-private-subnet-2</span> <span class="c1"># NAT Gateway</span> <span class="na">NatGatewayEIP</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::EIP</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">GatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Domain</span><span class="pi">:</span> <span class="s">vpc</span> <span class="na">NatGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::NatGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AllocationId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">NatGatewayEIP.AllocationId</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnet1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-nat-gateway</span> <span class="c1"># Route Tables</span> <span class="na">PublicRouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-public-rt</span> <span class="na">PrivateRouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-private-rt</span> <span class="na">PublicRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">GatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicRouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">GatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InternetGateway</span> <span class="na">PrivateRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateRouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">NatGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">NatGateway</span> <span class="c1"># Route Table Associations</span> <span class="na">PublicSubnet1RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnet1</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicRouteTable</span> <span class="na">PublicSubnet2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnet2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicRouteTable</span> <span class="na">PrivateSubnet1RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnet1</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateRouteTable</span> <span class="na">PrivateSubnet2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnet2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateRouteTable</span> <span class="c1"># ECS Cluster</span> <span class="na">ECSCluster</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ECS::Cluster</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">ClusterName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ClusterName</span> <span class="na">CapacityProviders</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">FARGATE</span> <span class="pi">-</span> <span class="s">FARGATE_SPOT</span> <span class="na">DefaultCapacityProviderStrategy</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">CapacityProvider</span><span class="pi">:</span> <span class="s">FARGATE</span> <span class="na">Weight</span><span class="pi">:</span> <span class="m">1</span> <span class="na">ClusterSettings</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">containerInsights</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">enabled</span> <span class="c1"># ECR Repository</span> <span class="na">ECRRepository</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ECR::Repository</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RepositoryName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ECRRepoName</span> <span class="na">LifecyclePolicy</span><span class="pi">:</span> <span class="na">LifecyclePolicyText</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">{</span> <span class="s">"rules": [</span> <span class="s">{</span> <span class="s">"rulePriority": 1,</span> <span class="s">"description": "Keep only 5 images",</span> <span class="s">"selection": {</span> <span class="s">"tagStatus": "any",</span> <span class="s">"countType": "imageCountMoreThan",</span> <span class="s">"countNumber": 5</span> <span class="s">},</span> <span class="s">"action": {</span> <span class="s">"type": "expire"</span> <span class="s">}</span> <span class="s">}</span> <span class="s">]</span> <span class="s">}</span> <span class="na">ImageScanningConfiguration</span><span class="pi">:</span> <span class="na">ScanOnPush</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">VPC ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Vpc</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-VpcId</span> <span class="na">PublicSubnet1Id</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Public Subnet 1 ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnet1</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-PublicSubnet1Id</span> <span class="na">PublicSubnet2Id</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Public Subnet 2 ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnet2</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-PublicSubnet2Id</span> <span class="na">PrivateSubnet1Id</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Private Subnet 1 ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnet1</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-PrivateSubnet1Id</span> <span class="na">PrivateSubnet2Id</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Private Subnet 2 ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnet2</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-PrivateSubnet2Id</span> <span class="na">ECSClusterName</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">ECS Cluster Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ECSCluster</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-ECSClusterName</span> <span class="na">ECRRepositoryName</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">ECR Repository Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ECRRepository</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-ECRRepositoryName</span> </code></pre> </div> <p>Copy above template file to your created s3 bucket in <strong>Step0</strong> using command like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws s3 <span class="nb">cp</span> <span class="nt">--region</span> us-east-1 base.yaml s3://2048-game-templates-bucket </code></pre> </div> <p>Next, we need to pass parameter values defined in the stack like VpcCidr, ClusterName, ECRRepoName and Subnet CIDRs. For that, we will create a <code>vpc-parameters.json</code> file with values:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VpcCidr"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.0.0.0/16"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PublicSubnet1Cidr"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.0.1.0/24"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PublicSubnet2Cidr"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.0.2.0/24"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PrivateSubnet1Cidr"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.0.3.0/24"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PrivateSubnet2Cidr"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.0.4.0/24"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ClusterName"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"test-ecs-cluster"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ECRRepoName"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"app-repository"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p>After defining all the above steps, we can create our base CloudFormation stack from the command line using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation create-stack <span class="nt">--region</span> us-east-1 <span class="nt">--stack-name</span> game-2048 <span class="nt">--template-url</span> https://2048-game-templates-bucket.s3.us-east-1.amazonaws.com/base.yaml <span class="nt">--parameters</span> file://vpc-parameters.json </code></pre> </div> <h3> Step 2: Preparing container image to be used with the service stack </h3> <p>After the base stack with VPC configuration, ECS cluster and ECR repository is created, we will have a private ECR repository with given name and lifecycle policy of keeping 5 versions of our application image. Let’s prepare and push the image we will use in this example to our private repository.</p> <ul> <li>First, download and pull the image from public ECR repository that hosts the 2048 game using command: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker pull public.ecr.aws/kishorj/docker-2048:latest </code></pre> </div> <ul> <li>Login to the private repository we created using command: (You can also get the login command from AWS ECR repository)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7yepxhwqsg0qxjwftq6p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7yepxhwqsg0qxjwftq6p.png" alt="ECR Repo" width="800" height="324"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ecr get-login-password <span class="nt">--region</span> us-east-1 | docker login <span class="nt">--username</span> AWS <span class="nt">--password-stdin</span> 757641753030.dkr.ecr.us-east-1.amazonaws.com </code></pre> </div> <ul> <li>Tag the image with our private repository name and push to the repository with <code>latest</code> tag: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker tag public.ecr.aws/kishorj/docker-2048:latest 757641753030.dkr.ecr.us-east-1.amazonaws.com/app-repository:latest </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker push 757641753030.dkr.ecr.us-east-1.amazonaws.com/app-repository:latest </code></pre> </div> <h3> Step 3: Create a CloudFormation template for ECS service and ALB </h3> <p>The next step is to create another CF template for creating ECS service and its dependencies such as TaskRole, Execution Role, Auto Scaling Policies and Application Load Balancer (ALB) for exposing traffic to users.</p> <p>Create a <code>service.yaml</code> file with following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Description</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">This template shows how to create Amazon Elastic Container Service</span> <span class="s">(Amazon ECS) using clusters powered by AWS Fargate with CloudFormation.</span> <span class="s">Stack Name will be used as S3 artifacts bucket name and fargate service name.</span> <span class="na">Metadata</span><span class="pi">:</span> <span class="s2">"</span><span class="s">AWS::CloudFormation::Interface"</span><span class="err">:</span> <span class="na">ParameterGroups</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Label</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Common</span><span class="nv"> </span><span class="s">Parameters"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Label</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">VPC</span><span class="nv"> </span><span class="s">Parameters"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">VPC</span> <span class="pi">-</span> <span class="s">AppSubnetA</span> <span class="pi">-</span> <span class="s">AppSubnetB</span> <span class="pi">-</span> <span class="na">Label</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Container</span><span class="nv"> </span><span class="s">Parameters"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ClusterName</span> <span class="pi">-</span> <span class="s">ContainerPort</span> <span class="pi">-</span> <span class="s">FargateCPU</span> <span class="pi">-</span> <span class="s">FargateMemory</span> <span class="pi">-</span> <span class="s">ContainerRegistery</span> <span class="pi">-</span> <span class="s">LoadBalancerPort</span> <span class="pi">-</span> <span class="na">Label</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">LoadBalancer</span><span class="nv"> </span><span class="s">Parameters"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">LoadBalancerType</span> <span class="pi">-</span> <span class="s">LBSubnetA</span> <span class="pi">-</span> <span class="s">LBSubnetB</span> <span class="pi">-</span> <span class="s">HealthCheckPath</span> <span class="pi">-</span> <span class="s">MinContainers</span> <span class="pi">-</span> <span class="s">MaxContainers</span> <span class="pi">-</span> <span class="s">SSLCertificateARN</span> <span class="pi">-</span> <span class="s">HttpPort</span> <span class="pi">-</span> <span class="s">IsEnableHTTPS</span> <span class="pi">-</span> <span class="na">Label</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">AutoScaling</span><span class="nv"> </span><span class="s">Parameters"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">TargetCPUUtilization</span> <span class="pi">-</span> <span class="s">TargetMemoryUtilization</span> <span class="na">ParameterLabels</span><span class="pi">:</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">A</span><span class="nv"> </span><span class="s">tag</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">a</span><span class="nv"> </span><span class="s">label</span><span class="nv"> </span><span class="s">as</span><span class="nv"> </span><span class="s">well</span><span class="nv"> </span><span class="s">as</span><span class="nv"> </span><span class="s">Environment</span><span class="nv"> </span><span class="s">that</span><span class="nv"> </span><span class="s">you</span><span class="nv"> </span><span class="s">or</span><span class="nv"> </span><span class="s">AWS</span><span class="nv"> </span><span class="s">assigns</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">an</span><span class="nv"> </span><span class="s">AWS</span><span class="nv"> </span><span class="s">resource.</span><span class="nv"> </span><span class="s">You</span><span class="nv"> </span><span class="s">can</span><span class="nv"> </span><span class="s">use</span><span class="nv"> </span><span class="s">tags</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">organize</span><span class="nv"> </span><span class="s">your</span><span class="nv"> </span><span class="s">resources,</span><span class="nv"> </span><span class="s">and</span><span class="nv"> </span><span class="s">cost</span><span class="nv"> </span><span class="s">allocation</span><span class="nv"> </span><span class="s">tags</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">track</span><span class="nv"> </span><span class="s">your</span><span class="nv"> </span><span class="s">AWS</span><span class="nv"> </span><span class="s">costs</span><span class="nv"> </span><span class="s">on</span><span class="nv"> </span><span class="s">a</span><span class="nv"> </span><span class="s">detailed</span><span class="nv"> </span><span class="s">level."</span> <span class="na">VPC</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Which</span><span class="nv"> </span><span class="s">VPC</span><span class="nv"> </span><span class="s">should</span><span class="nv"> </span><span class="s">this</span><span class="nv"> </span><span class="s">be</span><span class="nv"> </span><span class="s">deployed</span><span class="nv"> </span><span class="s">to?"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">VPC</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC::Id</span> <span class="na">AppSubnetA</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet::Id</span> <span class="na">AppSubnetB</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet::Id</span> <span class="na">LBSubnetA</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet::Id</span> <span class="na">LBSubnetB</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet::Id</span> <span class="na">ClusterName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">FargateCPU</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">512</span> <span class="na">FargateMemory</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">1GB</span> <span class="na">ContainerPort</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Number</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">80</span> <span class="na">LoadBalancerPort</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Number</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">443</span> <span class="na">HttpPort</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Number</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">80</span> <span class="na">HealthCheckPath</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">/</span> <span class="na">MinContainers</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Number</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">1</span> <span class="na">MaxContainers</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Number</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">10</span> <span class="na">ContainerRegistery</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">ECR Repo Name + tag name</span> <span class="na">SSLCertificateARN</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">arn:aws:acm:us-east-1:757641753030:certificate/b7c279cd-8658-4a08-8155-e1eb9786aa7b</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">testing</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Environment name to be used with service.</span> <span class="na">AllowedPattern</span><span class="pi">:</span> <span class="s1">'</span><span class="s">[a-zA-Z0-9\-_]+'</span> <span class="na">ConstraintDescription</span><span class="pi">:</span> <span class="s">Tag name should be alpha numberic letter</span> <span class="na">LoadBalancerType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">internet-facing</span> <span class="na">AllowedValues</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">internet-facing</span><span class="pi">,</span> <span class="nv">internal</span><span class="pi">]</span> <span class="na">IsEnableHTTPS</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">AllowedValues</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">false"</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">To disable TLS, it's </span><span class="kc">false</span><span class="s">. If not, choose </span><span class="kc">true</span><span class="s">.</span> <span class="na">TargetCPUUtilization</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Number</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">70</span> <span class="na">TargetMemoryUtilization</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Number</span> <span class="na">Default</span><span class="pi">:</span> <span class="m">70</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">The name of the service to be created.</span> <span class="na">Conditions</span><span class="pi">:</span> <span class="na">ShouldCreateHTTPS</span><span class="pi">:</span> <span class="kt">!Equals</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">IsEnableHTTPS</span><span class="pi">,</span> <span class="s2">"</span><span class="s">true"</span><span class="pi">]</span> <span class="na">Resources</span><span class="pi">:</span> <span class="na">PipelineBucket</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::S3::Bucket</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">BucketName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">]]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">]]</span> <span class="na">TaskDefinition</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ECS::TaskDefinition</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Family</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">TaskDefinition</span><span class="pi">]]</span> <span class="na">NetworkMode</span><span class="pi">:</span> <span class="s">awsvpc</span> <span class="na">RequiresCompatibilities</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">FARGATE</span> <span class="c1"># 256 (.25 vCPU) - Available memory values: 0.5GB, 1GB, 2GB</span> <span class="c1"># 512 (.5 vCPU) - Available memory values: 1GB, 2GB, 3GB, 4GB</span> <span class="c1"># 1024 (1 vCPU) - Available memory values: 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB</span> <span class="c1"># 2048 (2 vCPU) - Available memory values: Between 4GB and 16GB in 1GB increments</span> <span class="c1"># 4096 (4 vCPU) - Available memory values: Between 8GB and 30GB in 1GB increments</span> <span class="na">Cpu</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">FargateCPU</span> <span class="c1"># 0.5GB, 1GB, 2GB - Available cpu values: 256 (.25 vCPU)</span> <span class="c1"># 1GB, 2GB, 3GB, 4GB - Available cpu values: 512 (.5 vCPU)</span> <span class="c1"># 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB - Available cpu values: 1024 (1 vCPU)</span> <span class="c1"># Between 4GB and 16GB in 1GB increments - Available cpu values: 2048 (2 vCPU)</span> <span class="c1"># Between 8GB and 30GB in 1GB increments - Available cpu values: 4096 (4 vCPU)</span> <span class="na">Memory</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">FargateMemory</span> <span class="c1"># A role needed by ECS.</span> <span class="c1"># "The ARN of the task execution role that containers in this task can assume. All containers in this task are granted the permissions that are specified in this role."</span> <span class="c1"># "There is an optional task execution IAM role that you can specify with Fargate to allow your Fargate tasks to make API calls to Amazon ECR."</span> <span class="na">ExecutionRoleArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ExecutionRole</span> <span class="na">TaskRoleArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TaskRole</span> <span class="na">ContainerDefinitions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::StackName</span> <span class="na">Image</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ContainerRegistery}</span> <span class="na">PortMappings</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">ContainerPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ContainerPort</span> <span class="na">LogConfiguration</span><span class="pi">:</span> <span class="na">LogDriver</span><span class="pi">:</span> <span class="s">awslogs</span> <span class="na">Options</span><span class="pi">:</span> <span class="na">awslogs-group</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LogGroup</span> <span class="na">awslogs-region</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::Region</span> <span class="na">awslogs-stream-prefix</span><span class="pi">:</span> <span class="s">fargate</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">TaskDefinition</span><span class="pi">]]</span> <span class="na">ExecutionRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RoleName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">ExecutionRole</span><span class="pi">]]</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="s">ecs-tasks.amazonaws.com</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sts:AssumeRole"</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">ExecutionRole</span><span class="pi">]]</span> <span class="na">TaskRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RoleName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">TaskRole</span><span class="pi">]]</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="s">ecs-tasks.amazonaws.com</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sts:AssumeRole"</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">TaskRole</span><span class="pi">]]</span> <span class="na">AutoScalingRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RoleName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">AutoScalingRole</span><span class="pi">]]</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="s">ecs-tasks.amazonaws.com</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sts:AssumeRole"</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole"</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">AutoScalingRole</span><span class="pi">]]</span> <span class="na">ContainerSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">ContainerSecurityGroup</span><span class="pi">]]</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">SecurityGroupIngress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ContainerPort</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ContainerPort</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LoadBalancerSecurityGroup</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">ContainerSecurityGroup</span><span class="pi">]]</span> <span class="na">LoadBalancerSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">LoadBalancerSecurityGroup</span><span class="pi">]]</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">SecurityGroupIngress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LoadBalancerPort</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LoadBalancerPort</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="pi">-</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">HttpPort</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">HttpPort</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">lb-sg</span><span class="pi">]]</span> <span class="na">Service</span><span class="pi">:</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ListenerHTTP</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ECS::Service</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::StackName</span> <span class="na">Cluster</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ClusterName</span> <span class="na">TaskDefinition</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TaskDefinition</span> <span class="na">DeploymentConfiguration</span><span class="pi">:</span> <span class="na">MinimumHealthyPercent</span><span class="pi">:</span> <span class="m">100</span> <span class="na">MaximumPercent</span><span class="pi">:</span> <span class="m">200</span> <span class="na">DesiredCount</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MinContainers</span> <span class="c1"># This may need to be adjusted if the container takes a while to start up</span> <span class="na">HealthCheckGracePeriodSeconds</span><span class="pi">:</span> <span class="m">300</span> <span class="na">LaunchType</span><span class="pi">:</span> <span class="s">FARGATE</span> <span class="na">NetworkConfiguration</span><span class="pi">:</span> <span class="na">AwsvpcConfiguration</span><span class="pi">:</span> <span class="c1"># change to DISABLED if you're using private subnets that have access to a NAT gateway</span> <span class="na">AssignPublicIp</span><span class="pi">:</span> <span class="s">DISABLED</span> <span class="na">Subnets</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">AppSubnetA</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">AppSubnetB</span> <span class="na">SecurityGroups</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">ContainerSecurityGroup</span> <span class="na">LoadBalancers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">ContainerName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::StackName</span> <span class="na">ContainerPort</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ContainerPort</span> <span class="na">TargetGroupArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TargetGroup</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">svc</span><span class="pi">]]</span> <span class="na">TargetGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::TargetGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">HealthCheckIntervalSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="c1"># will look for a 200 status code by default unless specified otherwise</span> <span class="na">HealthCheckPath</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">HealthCheckPath</span> <span class="na">HealthCheckTimeoutSeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">UnhealthyThresholdCount</span><span class="pi">:</span> <span class="m">2</span> <span class="na">HealthyThresholdCount</span><span class="pi">:</span> <span class="m">2</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">tg</span><span class="pi">]]</span> <span class="na">Port</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ContainerPort</span> <span class="na">Protocol</span><span class="pi">:</span> <span class="s">HTTP</span> <span class="na">TargetGroupAttributes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">deregistration_delay.timeout_seconds</span> <span class="na">Value</span><span class="pi">:</span> <span class="m">60</span> <span class="c1"># default is 300</span> <span class="na">TargetType</span><span class="pi">:</span> <span class="s">ip</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">tg</span><span class="pi">]]</span> <span class="na">ListenerHTTPS</span><span class="pi">:</span> <span class="na">Condition</span><span class="pi">:</span> <span class="s">ShouldCreateHTTPS</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::Listener</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DefaultActions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">TargetGroupArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TargetGroup</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">forward</span> <span class="na">LoadBalancerArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LoadBalancer</span> <span class="na">Port</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LoadBalancerPort</span> <span class="na">Protocol</span><span class="pi">:</span> <span class="s">HTTPS</span> <span class="na">Certificates</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">CertificateArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">SSLCertificateARN</span> <span class="na">ListenerHTTP</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::Listener</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DefaultActions</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!If</span> <span class="pi">-</span> <span class="s">ShouldCreateHTTPS</span> <span class="pi">-</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">redirect</span> <span class="na">RedirectConfig</span><span class="pi">:</span> <span class="na">StatusCode</span><span class="pi">:</span> <span class="s2">"</span><span class="s">HTTP_301"</span> <span class="na">Host</span><span class="pi">:</span> <span class="s2">"</span><span class="s">#{host}"</span> <span class="na">Path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/#{path}"</span> <span class="na">Port</span><span class="pi">:</span> <span class="m">443</span> <span class="na">Protocol</span><span class="pi">:</span> <span class="s2">"</span><span class="s">HTTPS"</span> <span class="na">Query</span><span class="pi">:</span> <span class="s2">"</span><span class="s">#{query}"</span> <span class="pi">-</span> <span class="na">TargetGroupArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TargetGroup</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">forward</span> <span class="na">LoadBalancerArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LoadBalancer</span> <span class="na">Port</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">HttpPort</span> <span class="na">Protocol</span><span class="pi">:</span> <span class="s">HTTP</span> <span class="na">LoadBalancer</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::LoadBalancer</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">LoadBalancerAttributes</span><span class="pi">:</span> <span class="c1"># this is the default, but is specified here in case it needs to be changed</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">idle_timeout.timeout_seconds</span> <span class="na">Value</span><span class="pi">:</span> <span class="m">60</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">routing.http2.enabled"</span> <span class="na">Value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">lb</span><span class="pi">]]</span> <span class="c1"># "internal" is also an option</span> <span class="na">Scheme</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LoadBalancerType</span> <span class="na">SecurityGroups</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">LoadBalancerSecurityGroup</span> <span class="na">Subnets</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">LBSubnetA</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">LBSubnetB</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">Environment</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Name"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-"</span><span class="pi">,</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">Environment</span><span class="pi">,</span> <span class="nv">lb</span><span class="pi">]]</span> <span class="na">LogGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Logs::LogGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">LogGroupName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">,</span> <span class="pi">[</span><span class="nv">/fargate/</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">AWS</span><span class="pi">::</span><span class="nv">StackName</span><span class="pi">,</span> <span class="nv">Logs</span><span class="pi">]]</span> <span class="na">RetentionInDays</span><span class="pi">:</span> <span class="m">60</span> <span class="na">AutoScalingTarget</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApplicationAutoScaling::ScalableTarget</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">MinCapacity</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MinContainers</span> <span class="na">MaxCapacity</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MaxContainers</span> <span class="na">ResourceId</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/"</span><span class="pi">,</span> <span class="pi">[</span><span class="nv">service</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">ClusterName</span><span class="pi">,</span> <span class="kt">!GetAtt</span> <span class="nv">Service.Name</span><span class="pi">]]</span> <span class="na">ScalableDimension</span><span class="pi">:</span> <span class="s">ecs:service:DesiredCount</span> <span class="na">ServiceNamespace</span><span class="pi">:</span> <span class="s">ecs</span> <span class="c1"># "The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that allows Application Auto Scaling to modify your scalable target."</span> <span class="na">RoleARN</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">AutoScalingRole.Arn</span> <span class="c1"># Create scaling policies that describe how to scale the service up and down.</span> <span class="na">CPUScalingPolicy</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApplicationAutoScaling::ScalingPolicy</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">AutoScalingTarget</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PolicyName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">${ServiceName}-cpu-target-tracking-policy"</span> <span class="na">PolicyType</span><span class="pi">:</span> <span class="s">TargetTrackingScaling</span> <span class="na">ResourceId</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/"</span><span class="pi">,</span> <span class="pi">[</span><span class="nv">service</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">ClusterName</span><span class="pi">,</span> <span class="kt">!GetAtt</span> <span class="nv">Service.Name</span><span class="pi">]]</span> <span class="na">ScalableDimension</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ecs:service:DesiredCount"</span> <span class="na">ServiceNamespace</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ecs"</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="pi">:</span> <span class="na">PredefinedMetricSpecification</span><span class="pi">:</span> <span class="na">PredefinedMetricType</span><span class="pi">:</span> <span class="s">ECSServiceAverageCPUUtilization</span> <span class="na">TargetValue</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TargetCPUUtilization</span> <span class="na">ScaleInCooldown</span><span class="pi">:</span> <span class="m">60</span> <span class="na">ScaleOutCooldown</span><span class="pi">:</span> <span class="m">60</span> <span class="na">MemoryScalingPolicy</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApplicationAutoScaling::ScalingPolicy</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">AutoScalingTarget</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PolicyName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">${ServiceName}-memory-target-tracking-policy"</span> <span class="na">PolicyType</span><span class="pi">:</span> <span class="s">TargetTrackingScaling</span> <span class="na">ResourceId</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/"</span><span class="pi">,</span> <span class="pi">[</span><span class="nv">service</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">ClusterName</span><span class="pi">,</span> <span class="kt">!GetAtt</span> <span class="nv">Service.Name</span><span class="pi">]]</span> <span class="na">ScalableDimension</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ecs:service:DesiredCount"</span> <span class="na">ServiceNamespace</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ecs"</span> <span class="na">TargetTrackingScalingPolicyConfiguration</span><span class="pi">:</span> <span class="na">PredefinedMetricSpecification</span><span class="pi">:</span> <span class="na">PredefinedMetricType</span><span class="pi">:</span> <span class="s">ECSServiceAverageMemoryUtilization</span> <span class="na">TargetValue</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TargetMemoryUtilization</span> <span class="na">ScaleInCooldown</span><span class="pi">:</span> <span class="m">60</span> <span class="na">ScaleOutCooldown</span><span class="pi">:</span> <span class="m">60</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">ServiceURL</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">URL of the load balancer</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">http://${LoadBalancer.DNSName}</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${AWS::StackName}-ServiceURL</span> </code></pre> </div> <p>Let me upload above template into my S3 bucket created in the <strong>step0</strong> using command*<em>:</em>*<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws s3 <span class="nb">cp</span> <span class="nt">--region</span> us-east-1 service.yaml s3://2048-game-templates-bucket </code></pre> </div> <p>This stack includes parameter variables such as VPC, Subnets for application tasks containers, Subnets for LoadBalancer and Container Registry. Other variables such as CPU, Memory configuration and Auto Scaling target percentages are optional. (already set default values for those)</p> <p>So, we would need to note down the Outputs section of the first stack regarding VPC ID, Public Subnet IDs for LoadBalancer and Private Subnet IDs for ECS service.</p> <p>Then, we will create a <code>service-parameters.json</code> file with appropriate values for subnets, VPC and ContainerRegistry.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ClusterName"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"test-ecs-cluster"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ContainerPort"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"80"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ContainerRegistery"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"app-repository:latest"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Environment"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"dev"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ServiceName"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2048-ecs"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VPC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AppSubnetA"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AppSubnetB"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LBSubnetA"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ParameterKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LBSubnetB"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ParameterValue"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <blockquote> <p>Please Don’t forget to substitute the ParameterValue section of above file with outputs from the base stack.</p> </blockquote> <p>And we can create the service stack with following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation create-stack <span class="nt">--region</span> us-east-1 <span class="nt">--stack-name</span> game-2048-svc <span class="nt">--template-url</span> https://2048-game-templates-bucket.s3.us-east-1.amazonaws.com/service.yaml <span class="nt">--parameters</span> file://service-parameters.json <span class="nt">--capabilities</span> CAPABILITY_NAMED_IAM </code></pre> </div> <blockquote> <p>Please note to replace the —template-url with your s3 file URL uploaded and relative path of your service-parameters.json file</p> </blockquote> <p>After the stack is successfully created, you will get the Domain URL endpoint of LoadBalancer in the Outputs section of the template.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0sp6y5g1le4f1t42kbos.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0sp6y5g1le4f1t42kbos.png" alt="Service URL" width="800" height="253"></a></p> <h3> Step 4: Domain Record Creation Step </h3> <p>In this example, I’ve used my custom domain URL and certificate from AWS Certificate Manager (ACM) as default value in <code>SSLCertificateARN</code> parameter value. If you don’t have custom domain available, you can just set <code>IsEnableHTTPS</code> parameter value to <code>false</code> and the template will only create HTTP listener.</p> <p>To create a <code>CNAME</code> record for your custom domain, go into your DNS provider and create a <code>CNAME</code> type record with custom domain name and value is set to the <code>ServiceURL</code> output returned from above step.</p> <p>In my case, I use <a href="https://www.cloudflare.com/" rel="noopener noreferrer">CloudFlare</a> as my DNS provider, so I logged into my CloudFlare account and create a simple DNS record as follows:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiffll61wr7ynbbz6dhdn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiffll61wr7ynbbz6dhdn.png" alt="DNS Record" width="800" height="188"></a></p> <h3> Step 5: Verify the application is working </h3> <p>Finally, you can verify your application is up and running by going to your domain URL from browser:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk0ggmsyykxpeqjaaluyp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk0ggmsyykxpeqjaaluyp.png" alt="2048 Game Application" width="800" height="467"></a></p> <p><strong>Congratulations! If you see that page, that means you have successfully deployed a 2048 game in ECS with CloudFormation as IaC tool.</strong></p> <h2> <strong>Key Takeaways</strong> </h2> <ul> <li><p><strong>Infrastructure-as-Code</strong>: CloudFormation ensures reproducibility and versioning of your infrastruture.</p></li> <li><p><strong>Scalability</strong>: ECS Fargate handles load without managing servers. (Serverless computing)</p></li> <li><p><strong>Cost Control</strong>: Tear down and bring up resources easily whenever you need, wherever you need.</p></li> </ul> <h2> Troubleshooting Tips </h2> <ul> <li><p><strong>Task Failures</strong>: Check ECS task logs in CloudWatch for any failures of tasks and not in <strong>Active</strong> status.</p></li> <li><p><strong>ALB Issues</strong>: Verify security group inbound rules are set correctly if you face timeouts when accessing the endpoint URL.</p></li> <li><p><strong>Image Pull Errors</strong>: Ensure ECR repository permissions are correct if you get any permissions error when starting ECS tasks.</p></li> </ul> <h2> Code Reference </h2> <p>All the code we used in this tutorial blog can be found here: <a href="https://github.com/Heinux-Training/Real-World-AWS-Case-Studies/tree/main/CloudFormation/2048-ECS-ALB" rel="noopener noreferrer">https://github.com/Heinux-Training/Real-World-AWS-Case-Studies/tree/main/CloudFormation/2048-ECS-ALB</a></p> <blockquote> <p><strong>NOTE: I’ve used Generative AI assistant like Amazon Q as VS Code extension and produced some of the codes used in this blog.</strong></p> </blockquote> <h2> Conclusion </h2> <p>Deploying the 2048 game on AWS ECS with CloudFormation demonstrates the power of Infrastructure-as-Code (IaC) and managed container services to streamline application deployment. By automating infrastructure provisioning, we ensure consistency, reduce human error, and enable rapid scaling—principles critical to modern DevOps practices. This tutorial highlights how tools like ECS Fargate eliminate server management overhead, while CloudFormation templates provide reusable, version-controlled blueprints for environments. Beyond the technical steps, this project teaches the value of modular design (decoupling infrastructure from code), cost optimization (leveraging serverless compute), and resilience (via ALB and multi-task deployments). These skills translate directly to real-world scenarios, empowering teams to deploy and iterate on applications faster.</p> aws cloudcomputing infrastructureascode serverless Prometheus Certified Associate - Exam Readiness Hein Htet Win Sun, 26 Mar 2023 06:25:24 +0000 https://dev.to/heinhtetwin/prometheus-certified-associate-exam-readiness-4fob https://dev.to/heinhtetwin/prometheus-certified-associate-exam-readiness-4fob <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--8uAO-fVw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/d52q8hom2opc65re17c6.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--8uAO-fVw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/d52q8hom2opc65re17c6.png" alt="Image description" width="800" height="671"></a></p> <h2> Objective </h2> <p>The main objective of this post is to give information about how to study and pass PCA exam hosted by Linux Foundation. By reading this blog, you will have a quick insight about how to start studying for Prometheus in order to manage and analyze your application’s observability data and visualize that data into graphs. </p> <h2> <strong>Domains &amp; Competencies</strong> </h2> <p>As per Linux Foundation, the <strong>curriculum</strong> for Prometheus Certification is described as follows:</p> <p>📄 <strong>Observability Concepts 18%</strong></p> <p>📄 <strong>Prometheus Fundamentals 20%</strong></p> <p>📄 <strong>PromQL 28%</strong></p> <p>📄 <strong>Instrumentation and Exporters 16%</strong></p> <p>📄 <strong>Alerting &amp; Dashboarding 18%</strong></p> <h2> Learning Objectives </h2> <ul> <li>I think the most important section in learning Prometheus is no other than <strong>PromQL</strong>.</li> <li>You can test around PromQL metrics in this <a href="[https://demo.promlens.com](https://demo.promlens.com/)">link</a>.</li> <li>You can learn about basic Prometheus system architecture <a href="[https://prometheus.io/docs/introduction/overview/#architecture](https://prometheus.io/docs/introduction/overview/#architecture)">here</a>.</li> <li>You can explore about Prometheus basic functions <a href="[https://prometheus.io/docs/prometheus/latest/querying/functions](https://prometheus.io/docs/prometheus/latest/querying/functions/)">here</a>.</li> <li>Learning AlertManager is also an important factor in learning about Prometheus. You can get an overview of AlertManger functionalities <a href="[https://prometheus.io/docs/alerting/latest/alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/)">here</a>.</li> <li>You can visualize your alertmanager routes in this <a href="[https://prometheus.io/webtools/alerting/routing-tree-editor](https://prometheus.io/webtools/alerting/routing-tree-editor/)">link</a>.</li> <li>Basic understanding of exporters such as node_exporter and blackbox_exporter is needed for PCA exam.</li> <li>In Prometheus, you can use two rules types for different purposes: <ul> <li>Record rules allow you to precompute frequently needed or computationally expensive expressions and save their results as a new set of time series.</li> <li>Alert rules allow you to define alert conditions, using queries which are written in Prometheus Query Language (Prom QL) that are applied on Prometheus metrics and if a condition is met, alert is sent to AlertManager.</li> </ul> </li> <li>Meta-monitoring is the concept of monitoring the monitoring instances itself like Prometheus.</li> </ul> <h2> Exam Experience </h2> <p>My personal exam experience went very well, I believe. You can use your Linux Foundation training portal to check in 30 minutes before your appointment time. After you start the check-in procedure, you must install the PSI secure browser. Then, you must snap a photo of both you and your form of identification, such as a passport or driver's license. Then a live proctor will ask you to show around your desk, such as under the desk. You are not allowed to have any electronic devices or paper notes nearby. If you successfully completed check-in process, you are now ready to go. I advise against spending too much time considering a single question. If you believe you are unsure of the answer, you flag for review and then move on to the next question.</p> <h2> Conclusion </h2> <p>In conclusion, my Prometheus exam experience was outstanding. I am thrilled to have passed the Prometheus Certified Associate certification and gained a deeper understanding of monitoring, alerting, and visualization using Prometheus.</p> <p>The certification process was challenging, but it was also an excellent opportunity to expand my knowledge and skills in this field. I appreciate the rigor and thoroughness of the exam, which helped me to learn and grow in ways that will benefit me in my work.</p> <h2> Resources Sharing </h2> <h3> Free Resources </h3> <p>You can explore and learn about PCA Certification and exam related topics free in these GitHub Repositories.</p> <ul> <li><a href="https://github.com/walidshaari/PrometheusCertifiedAssociate">https://github.com/walidshaari/PrometheusCertifiedAssociate</a></li> <li><a href="https://github.com/edgarpf/prometheus-certified-associate">https://github.com/edgarpf/prometheus-certified-associate</a></li> <li><a href="https://github.com/Al-HusseinHameedJasim/prometheus-certified-associate">https://github.com/Al-HusseinHameedJasim/prometheus-certified-associate</a></li> </ul> <h3> Paid Resources </h3> <p>I want to recommend some of the paid courses I took a watch in my journey to becoming a Prometheus Certified Associate.</p> <ul> <li><a href="https://kodekloud.com/courses/prometheus-certified-associate-pca/">https://kodekloud.com/courses/prometheus-certified-associate-pca</a></li> <li><a href="https://www.udemy.com/course/prometheus-course/">https://www.udemy.com/course/prometheus-course</a></li> </ul> monitoring cloudnative prometheus cncf