sparse-intern-71089
07/08/2023, 4:38 PMelegant-gigabyte-8733
07/09/2023, 12:05 AMbitter-insurance-72016
07/09/2023, 11:09 PMimport pulumi
import pulumi_docker as docker
import pulumi_aws as aws
import json
from pulumi import export, ResourceOptions
from pulumi_aws import ecr
from pulumi_docker import Image
import base64
# Create an ECS cluster
cluster = aws.ecs.Cluster('cogito-cluster')
# Create an ECR repository
repo = aws.ecr.Repository('cogito-repo')
app = 'src/web'
# Create a new VPC
vpc = aws.ec2.Vpc(
"cogito-vpc",
cidr_block="10.0.0.0/16",
enable_dns_support=True,
enable_dns_hostnames=True,
tags={"Name": "cogito-vpc"},
)
# Create a subnets within the VPC
subnet1 = aws.ec2.Subnet(
"cogito-subnet1",
vpc_id=vpc.id,
cidr_block="10.0.0.0/24",
availability_zone="us-east-1a",
tags={"Name": "cogito-subnet1"},
)
subnet2 = aws.ec2.Subnet(
"cogito-subnet2",
vpc_id=vpc.id,
cidr_block="10.0.1.0/24",
availability_zone="us-east-1b",
tags={"Name": "cogito-subnet2"},
)
# Create an internet gateway for the VPC
gateway = aws.ec2.InternetGateway(
"cogito-internet-gateway",
vpc_id=vpc.id,
tags={"Name": "cogito-internet-gateway"},
)
# Create a route table for the VPC
route_table = aws.ec2.RouteTable(
"cogito-route-table",
vpc_id=vpc.id,
routes=[aws.ec2.RouteTableRouteArgs(
cidr_block="0.0.0.0/0",
gateway_id=gateway.id,
)],
tags={"Name": "cogito-route-table"},
)
# Create security group
group = aws.ec2.SecurityGroup('cogitoapp-secgrp',
vpc_id=vpc.id,
description='Enable HTTP access for cogito app',
ingress=[aws.ec2.SecurityGroupIngressArgs(
protocol='tcp',
from_port=80,
to_port=80,
cidr_blocks=['0.0.0.0/0'],
)],
egress=[aws.ec2.SecurityGroupEgressArgs(
protocol='-1',
from_port=0,
to_port=0,
cidr_blocks=['0.0.0.0/0'],
)],
tags={"Name": "cogito-sg"},
)
# Create external load balancer
alb = aws.lb.LoadBalancer('cogitoapp-lb',
security_groups=[group.id],
subnets=[subnet1.id, subnet2.id],
enable_deletion_protection=False,
tags={"Name": "cogito-lb"},
)
# Create target group
atg = aws.lb.TargetGroup('cogitoapp-tg',
port=80,
protocol='HTTP',
target_type='ip',
vpc_id=vpc.id,
)
# Create load balancer listener
wl = aws.lb.Listener('cogitoweb-listener',
load_balancer_arn=alb.arn,
port=80,
default_actions=[aws.lb.ListenerDefaultActionArgs(
type='forward',
target_group_arn=atg.arn,
)],
)
def create_image_registry(rid):
creds = ecr.get_credentials(rid)
decoded = base64.b64decode(creds.authorization_token).decode('utf-8')
username, password = decoded.split(':')
return docker.ImageRegistry(creds.proxy_endpoint, username, password)
# Get credentials and create an ImageRegistry from the credentials
registry = repo.registry_id.apply(lambda rid: create_image_registry(rid))
# Create image
image = docker.Image(app,
image_name=pulumi.Output.concat(repo.repository_url, ':', '1.0'),
build=docker.DockerBuild(context=f'./{app}'),
registry=registry
)
# Create an IAM role that can be used by our service's task.
role = aws.iam.Role('task-exec-role',
assume_role_policy=json.dumps({
'Version': '2008-10-17',
'Statement': [{
'Sid': '',
'Effect': 'Allow',
'Principal': {
'Service': '<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>'
},
'Action': 'sts:AssumeRole',
}]
}),
)
# Attach IAM to service's task
rpa = aws.iam.RolePolicyAttachment('task-exec-policy',
role=role.name,
policy_arn='arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
)
task_definition = aws.ecs.TaskDefinition('cogitoapp-task',
family='fargate-task-definition',
cpu='256',
memory='512',
network_mode='awsvpc',
requires_compatibilities=['FARGATE'],
execution_role_arn=role.arn,
container_definitions=json.dumps([{
'name': 'cogito-app',
'image': 'repo.repository_url',
'portMappings': [{
'containerPort': 80,
'hostPort': 80,
'protocol': 'tcp'
}]
}])
)
# Create ECS service
service = aws.ecs.Service('cogitoapp-svc',
cluster=cluster.arn,
desired_count=3,
launch_type='FARGATE',
task_definition=task_definition.arn,
network_configuration=aws.ecs.ServiceNetworkConfigurationArgs(
assign_public_ip=True,
subnets=[subnet1.id, subnet2.id],
security_groups=[group.id],
),
load_balancers=[aws.ecs.ServiceLoadBalancerArgs(
target_group_arn=atg.arn,
container_name='cogito-app',
container_port=80,
)],
opts=ResourceOptions(depends_on=[wl]),
)
# Export the necessary values
pulumi.export('lburl', alb.dns_name)
pulumi.export("vpc_id", vpc.id)
pulumi.export("repo_url", repo.repository_url)
elegant-gigabyte-8733
07/10/2023, 12:49 AMbitter-insurance-72016
07/10/2023, 7:46 AMglamorous-father-12267
07/10/2023, 9:11 PMbitter-insurance-72016
07/11/2023, 6:14 PM