Cloudformation Template that will created below resources.
- IAM role for ECS Task and Cloudwatch rule.
- CloudWatch schedule rule ( cron ) to trigger task defination.
Template
AWSTemplateFormatVersion: 2010-09-09
Description: |
1. IAM Role to be used by ECS task and cloudwatch event rule.
2. CloudWatch Rule to trigger ecs tasks.
Parameters:
ProductName:
Description: Parent Product name.
Type: String
Default: cyberkeeda
ProjectName:
Description: Project Name
Type: String
Default: cyberkeeda-report
Environment:
Description: The equivalent CN name of the environment being worked on
Type: String
AllowedValues:
- dev
- uat
- qa
Region:
Description: Ck Region specific parameter
Type: String
AllowedValues:
- mum
- hyd
ECSClusterARN:
Description: ECS Cluster ARN to schedule Task
Type: String
Default: None
CWEventRuleCron:
Description: Cron Expression to schedule ECS task.
Type: String
Default: "cron(0 9 * * ? *)"
ECSTaskDefARN:
Description: ARN for ECS Task defination
Type: String
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: Project based details
Parameters:
- ProductName
- ProjectName
- Environment
- Region
-
Label:
default: ECS details.
Parameters:
- ECSClusterARN
- ECSTaskDefARN
- CWEventRuleCron
Resources:
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role"
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ 'ecs-tasks.amazonaws.com', 'events.amazonaws.com' ]
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Policies:
- PolicyName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role-inlinePolicy"
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ecs:RunTask
Resource:
- !Sub "${ECSTaskDefARN}:*"
- Effect: Allow
Action: iam:PassRole
Resource:
- "*"
Condition:
StringLike:
iam:PassedToService: ecs-tasks.amazonaws.com
TaskSchedule:
Type: AWS::Events::Rule
Properties:
Description: Trigger Cyberkeeda Daily ECS task
Name: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule"
ScheduleExpression: !Ref CWEventRuleCron
State: ENABLED
Targets:
- Id: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule-targetId"
EcsParameters:
LaunchType: EC2
TaskDefinitionArn: !Ref TaskDefinition
TaskCount: 1
RoleArn:
Fn::GetAtt:
- ExecutionRole
- Arn
Arn: !Ref ECSClusterARN
Let me know, for any questions in comment box.
AWSTemplateFormatVersion: 2010-09-09
Description: |
1. IAM Role to be used by ECS task and cloudwatch event rule.
2. CloudWatch Rule to trigger ecs tasks.
Parameters:
ProductName:
Description: Parent Product name.
Type: String
Default: cyberkeeda
ProjectName:
Description: Project Name
Type: String
Default: cyberkeeda-report
Environment:
Description: The equivalent CN name of the environment being worked on
Type: String
AllowedValues:
- dev
- uat
- qa
Region:
Description: Ck Region specific parameter
Type: String
AllowedValues:
- mum
- hyd
ECSClusterARN:
Description: ECS Cluster ARN to schedule Task
Type: String
Default: None
CWEventRuleCron:
Description: Cron Expression to schedule ECS task.
Type: String
Default: "cron(0 9 * * ? *)"
ECSTaskDefARN:
Description: ARN for ECS Task defination
Type: String
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: Project based details
Parameters:
- ProductName
- ProjectName
- Environment
- Region
-
Label:
default: ECS details.
Parameters:
- ECSClusterARN
- ECSTaskDefARN
- CWEventRuleCron
Resources:
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role"
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ 'ecs-tasks.amazonaws.com', 'events.amazonaws.com' ]
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Policies:
- PolicyName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role-inlinePolicy"
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ecs:RunTask
Resource:
- !Sub "${ECSTaskDefARN}:*"
- Effect: Allow
Action: iam:PassRole
Resource:
- "*"
Condition:
StringLike:
iam:PassedToService: ecs-tasks.amazonaws.com
TaskSchedule:
Type: AWS::Events::Rule
Properties:
Description: Trigger Cyberkeeda Daily ECS task
Name: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule"
ScheduleExpression: !Ref CWEventRuleCron
State: ENABLED
Targets:
- Id: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule-targetId"
EcsParameters:
LaunchType: EC2
TaskDefinitionArn: !Ref TaskDefinition
TaskCount: 1
RoleArn:
Fn::GetAtt:
- ExecutionRole
- Arn
Arn: !Ref ECSClusterARN
57269CB7B5
ReplyDeletebot takipçi
101 Okey Vip Hediye Kodu
M3u Listesi
Duolingo Puan Hilesi
Bedava Brawl Stars Hesapları
Highrise Gold Hilesi
Netflix Kodları
First Blood Altın Hilesi
lindyn oversized swivel accent chair