Cloudformation Template that will created below resources.
- IAM role for ECS Task and Cloudwatch rule.
- CloudWatch schedule rule ( cron ) to trigger task defination.
Template
AWSTemplateFormatVersion: 2010-09-09
Description: |
1. IAM Role to be used by ECS task and cloudwatch event rule.
2. CloudWatch Rule to trigger ecs tasks.
Parameters:
ProductName:
Description: Parent Product name.
Type: String
Default: cyberkeeda
ProjectName:
Description: Project Name
Type: String
Default: cyberkeeda-report
Environment:
Description: The equivalent CN name of the environment being worked on
Type: String
AllowedValues:
- dev
- uat
- qa
Region:
Description: Ck Region specific parameter
Type: String
AllowedValues:
- mum
- hyd
ECSClusterARN:
Description: ECS Cluster ARN to schedule Task
Type: String
Default: None
CWEventRuleCron:
Description: Cron Expression to schedule ECS task.
Type: String
Default: "cron(0 9 * * ? *)"
ECSTaskDefARN:
Description: ARN for ECS Task defination
Type: String
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: Project based details
Parameters:
- ProductName
- ProjectName
- Environment
- Region
-
Label:
default: ECS details.
Parameters:
- ECSClusterARN
- ECSTaskDefARN
- CWEventRuleCron
Resources:
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role"
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ 'ecs-tasks.amazonaws.com', 'events.amazonaws.com' ]
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Policies:
- PolicyName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role-inlinePolicy"
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ecs:RunTask
Resource:
- !Sub "${ECSTaskDefARN}:*"
- Effect: Allow
Action: iam:PassRole
Resource:
- "*"
Condition:
StringLike:
iam:PassedToService: ecs-tasks.amazonaws.com
TaskSchedule:
Type: AWS::Events::Rule
Properties:
Description: Trigger Cyberkeeda Daily ECS task
Name: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule"
ScheduleExpression: !Ref CWEventRuleCron
State: ENABLED
Targets:
- Id: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule-targetId"
EcsParameters:
LaunchType: EC2
TaskDefinitionArn: !Ref TaskDefinition
TaskCount: 1
RoleArn:
Fn::GetAtt:
- ExecutionRole
- Arn
Arn: !Ref ECSClusterARN
Let me know, for any questions in comment box.
AWSTemplateFormatVersion: 2010-09-09
Description: |
1. IAM Role to be used by ECS task and cloudwatch event rule.
2. CloudWatch Rule to trigger ecs tasks.
Parameters:
ProductName:
Description: Parent Product name.
Type: String
Default: cyberkeeda
ProjectName:
Description: Project Name
Type: String
Default: cyberkeeda-report
Environment:
Description: The equivalent CN name of the environment being worked on
Type: String
AllowedValues:
- dev
- uat
- qa
Region:
Description: Ck Region specific parameter
Type: String
AllowedValues:
- mum
- hyd
ECSClusterARN:
Description: ECS Cluster ARN to schedule Task
Type: String
Default: None
CWEventRuleCron:
Description: Cron Expression to schedule ECS task.
Type: String
Default: "cron(0 9 * * ? *)"
ECSTaskDefARN:
Description: ARN for ECS Task defination
Type: String
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: Project based details
Parameters:
- ProductName
- ProjectName
- Environment
- Region
-
Label:
default: ECS details.
Parameters:
- ECSClusterARN
- ECSTaskDefARN
- CWEventRuleCron
Resources:
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role"
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ 'ecs-tasks.amazonaws.com', 'events.amazonaws.com' ]
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Policies:
- PolicyName: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-role-inlinePolicy"
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ecs:RunTask
Resource:
- !Sub "${ECSTaskDefARN}:*"
- Effect: Allow
Action: iam:PassRole
Resource:
- "*"
Condition:
StringLike:
iam:PassedToService: ecs-tasks.amazonaws.com
TaskSchedule:
Type: AWS::Events::Rule
Properties:
Description: Trigger Cyberkeeda Daily ECS task
Name: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule"
ScheduleExpression: !Ref CWEventRuleCron
State: ENABLED
Targets:
- Id: !Sub "${ProductName}-${Region}-${Environment}-${ProjectName}-daily-event-rule-targetId"
EcsParameters:
LaunchType: EC2
TaskDefinitionArn: !Ref TaskDefinition
TaskCount: 1
RoleArn:
Fn::GetAtt:
- ExecutionRole
- Arn
Arn: !Ref ECSClusterARN