openstack/ci-log-processing
Code Issues Proposed changes
c0cc4dbaf1
ci-log-processing/opensearch-config/logstash_cluster.yaml
Reed Tomlinson bff3f150b8 Configure Opensearch on AWS 
This commit adds the CloudFormation files for the
current OpenStack AWS OpenSearch cluster, and the
associated Logstash servers and load balancer.

Change-Id: I4ff2aecb668279f8aabb8d72ffd6f4a2c960ed89
2022-02-15 15:28:25 +00:00

198 lines
6.1 KiB
YAML
Raw Blame History

Description:
This template deploys an ECS cluster to the provided VPC and subnets
using an Auto Scaling Group
Parameters:
Stage:
Type: String
Default: pre-prod
Description: Deployment stage
Resources:
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Join ['-', [!Ref Stage, 'Cluster']]
ECSExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Join ['-', [!Ref Stage, 'ExecutionRole']]
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
# Create a TaskDefinition with container details
TaskDefinition:
Type: AWS::ECS::TaskDefinition
DependsOn: LogGroup
Properties:
# 4GB memory
Memory: 4096
# 2 VCPUs
Cpu: 2048
NetworkMode: awsvpc
RequiresCompatibilities:
- 'FARGATE'
TaskRoleArn: !Ref ECSExecutionRole
ExecutionRoleArn: !Ref ECSExecutionRole
ContainerDefinitions:
# TODO: Make this a param, or get it from outputs...
- Name: !Join ['-', [!Ref Stage, 'Container']]
Image: 035559393697.dkr.ecr.us-east-1.amazonaws.com/openstack-logstash-repository:latest
PortMappings:
- ContainerPort: 9600
HostPort: 9600
- ContainerPort: 9999
HostPort: 9999
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: !Ref AWS::Region
awslogs-group: !Ref LogGroup
awslogs-stream-prefix: ecs
# # Create a TaskDefinition with container details
# TaskDefinition:
# Type: AWS::ECS::TaskDefinition
# Properties:
# Memory: 1024
# Cpu: 512
# NetworkMode: awsvpc
# RequiresCompatibilities:
# - 'FARGATE'
# TaskRoleArn: !Ref ExecutionRole
# ExecutionRoleArn: !Ref ExecutionRole
# ContainerDefinitions:
# - Name: !Join ['-', [!Ref Stage, !Ref 'AWS::AccountId', 'Container']]
# Image: !Ref ImageURI
# PortMappings:
# - ContainerPort: !Ref ContainerPort
# HostPort: !Ref ContainerPort
# Creat a security group for load balancer and open ports 9600 and 9999 in-bound from internet
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Join ['-', [!Ref Stage, 'LoadBalancerSecurityGroup']]
VpcId: {Fn::ImportValue: VPC}
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 9600
ToPort: 9600
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 9999
ToPort: 9999
CidrIp: 0.0.0.0/0
# Create a security group for Containers and open-in bound Container ports from Load balancer security group to the Container
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Join ['-', [!Ref Stage, 'ContainerSecurityGroup']]
VpcId: {Fn::ImportValue: VPC}
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 9600
ToPort: 9600
CidrIp: 0.0.0.0/0
# SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
- IpProtocol: tcp
FromPort: 9999
ToPort: 9999
CidrIp: 0.0.0.0/0
# SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
# Create a LoadBalancer and attach the Security group and Subnets
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Scheme: internet-facing
# SecurityGroups:
# - !Ref LoadBalancerSecurityGroup
Subnets:
- {Fn::ImportValue: SubnetPublic1}
- {Fn::ImportValue: SubnetPublic2}
Type: network
# Create a TargetGroup for TCP port 9600
TargetGroup9600:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 9600
Protocol: TCP
TargetType: ip
VpcId: {Fn::ImportValue: VPC}
# Create a TargetGroup for TCP port 9999
TargetGroup9999:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 9999
Protocol: TCP
TargetType: ip
VpcId: {Fn::ImportValue: VPC}
# Create a LoadBalancerListener for port 9600 and attach the TargetGroup and LoadBalancer
LoadBalancerListener9600:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref TargetGroup9600
Type: forward
LoadBalancerArn: !Ref LoadBalancer
Port: 9600
Protocol: TCP
# Create a LoadBalancerListener for port 9600 and attach the TargetGroup and LoadBalancer
LoadBalancerListener9999:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref TargetGroup9999
Type: forward
LoadBalancerArn: !Ref LoadBalancer
Port: 9999
Protocol: TCP
# Create an ECS Service and add created Cluster, TaskDefintion, Subnets, TargetGroup and SecurityGroup
ECSService:
Type: AWS::ECS::Service
DependsOn: [LoadBalancerListener9600, LoadBalancerListener9999]
Properties:
ServiceName: !Join ['-', [!Ref Stage, 'ECSService']]
Cluster: !Ref Cluster
TaskDefinition: !Ref TaskDefinition
DesiredCount: 15
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- {Fn::ImportValue: SubnetPublic1}
- {Fn::ImportValue: SubnetPublic2}
SecurityGroups:
- !Ref ContainerSecurityGroup
LoadBalancers:
- ContainerName: !Join ['-', [!Ref Stage, 'Container']]
ContainerPort: 9600
TargetGroupArn: !Ref TargetGroup9600
- ContainerName: !Join ['-', [!Ref Stage, 'Container']]
ContainerPort: 9999
TargetGroupArn: !Ref TargetGroup9999
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Join ['', [/ecs/, !Ref Stage, TaskDefinition]]
View Git Blame Copy Permalink