From a9ed5ab29eda40c8cc9010c06483c0a872190db4 Mon Sep 17 00:00:00 2001 From: Haresh Kanagasabapathi Date: Tue, 11 Jun 2024 21:00:20 -0700 Subject: [PATCH 1/6] Issue-1027: Initial Commit --- python/ecs/fargate-service-with-efs/app.py | 7 +++++++ python/ecs/fargate-service-with-efs/cdk.json | 3 +++ python/ecs/fargate-service-with-efs/requirements.txt | 2 ++ 3 files changed, 12 insertions(+) create mode 100644 python/ecs/fargate-service-with-efs/app.py create mode 100644 python/ecs/fargate-service-with-efs/cdk.json create mode 100644 python/ecs/fargate-service-with-efs/requirements.txt diff --git a/python/ecs/fargate-service-with-efs/app.py b/python/ecs/fargate-service-with-efs/app.py new file mode 100644 index 000000000..6771afe1a --- /dev/null +++ b/python/ecs/fargate-service-with-efs/app.py @@ -0,0 +1,7 @@ +from aws_cdk import ( + aws_ec2 as ec2, + aws_ecs as ecs, + aws_ecs_patterns as ecs_patterns, + App, CfnOutput, Duration, Stack +) +from constructs import Construct diff --git a/python/ecs/fargate-service-with-efs/cdk.json b/python/ecs/fargate-service-with-efs/cdk.json new file mode 100644 index 000000000..787a71dd6 --- /dev/null +++ b/python/ecs/fargate-service-with-efs/cdk.json @@ -0,0 +1,3 @@ +{ + "app": "python3 app.py" +} diff --git a/python/ecs/fargate-service-with-efs/requirements.txt b/python/ecs/fargate-service-with-efs/requirements.txt new file mode 100644 index 000000000..9eb8dd1aa --- /dev/null +++ b/python/ecs/fargate-service-with-efs/requirements.txt @@ -0,0 +1,2 @@ +aws-cdk-lib>=2.0.0 +constructs>=10.0.0 From 2802895247a058875d493938ed5af3f8d5c38e7f Mon Sep 17 00:00:00 2001 From: Haresh Kanagasabapathi Date: Tue, 11 Jun 2024 22:13:13 -0700 Subject: [PATCH 2/6] Issue-1027: Added VPC, EFS with policy and access point --- python/ecs/fargate-service-with-efs/app.py | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/python/ecs/fargate-service-with-efs/app.py b/python/ecs/fargate-service-with-efs/app.py index 6771afe1a..21ba9d742 100644 --- a/python/ecs/fargate-service-with-efs/app.py +++ b/python/ecs/fargate-service-with-efs/app.py @@ -1,7 +1,47 @@ from aws_cdk import ( aws_ec2 as ec2, aws_ecs as ecs, + aws_efs as efs, + aws_iam as iam, aws_ecs_patterns as ecs_patterns, App, CfnOutput, Duration, Stack ) from constructs import Construct +class FargateEFS(Stack): + + def __init__(self, scope: Construct, id: str, **kwargs) -> None: + super().__init__(scope, id, **kwargs) + + # Create VPC with 2 AZ and a Fargate Cluster + vpc = ec2.Vpc( + self, "MyFargateVpc", + max_azs=2 + ) + + # File System Policy + my_file_system_policy = iam.PolicyDocument( + statements=[iam.PolicyStatement( + actions=["elasticfilesystem:ClientMount"], + principals=[iam.AccountRootPrincipal()], + resources=["*"], + conditions={ + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + } + )] + ) + + # Create EFS + my_file_system = efs.FileSystem(self, "My_Fargate_File_System", + vpc=vpc, + encrypted=True, + file_system_policy=my_file_system_policy, + lifecycle_policy=efs.LifecyclePolicy.AFTER_14_DAYS, + performance_mode=efs.PerformanceMode.GENERAL_PURPOSE, + throughput_mode=efs.ThroughputMode.BURSTING, + ) + + # Create Access point + my_file_system.add_access_point("AccessPoint", "path=/uploads") + \ No newline at end of file From d5bdee66f85f997fc692e34914bb400d7e1b7106 Mon Sep 17 00:00:00 2001 From: Haresh Kanagasabapathi Date: Thu, 13 Jun 2024 16:09:05 -0700 Subject: [PATCH 3/6] Issue-1027: Adding ECS Cluster with fargate Service and mount point --- python/ecs/fargate-service-with-efs/app.py | 32 ++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/python/ecs/fargate-service-with-efs/app.py b/python/ecs/fargate-service-with-efs/app.py index 21ba9d742..f117e7e58 100644 --- a/python/ecs/fargate-service-with-efs/app.py +++ b/python/ecs/fargate-service-with-efs/app.py @@ -43,5 +43,33 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None: ) # Create Access point - my_file_system.add_access_point("AccessPoint", "path=/uploads") - \ No newline at end of file + my_file_system.add_access_point("AccessPoint", "path=/uploads") + + image=ecs.ContainerImage.fromRegistry("coderaiser/cloudcmd"), + + # Create ECS cluster with fargate service + fargate_service = ecs_patterns.NetworkLoadBalancedFargateService(self, "MyFargateService", + cluster=ecs.Cluster( + self, "ECS-EFS-Cluster", + vpc=vpc + ), + task_image_options=ecs_patterns.NetworkLoadBalancedTaskImageOptions( + image=ecs.ContainerImage.from_registry("coderaiser/cloudcmd"), + container_port=8080, + enable_logging=True, + environment={ + "PORT": "8080", + "VIRTUAL_HOST": "cloudcmd.local" + }, + file_system_configs=[ + ecs.FileSystemConfig( + file_system=my_file_system, + mount_path="/uploads", + read_only=False + ) + ] + ), + memory_limit_mib=1024, + cpu=512, + desired_count=2 + ) From 3531d282da465dbc1b1c896db8b85d404b2983e6 Mon Sep 17 00:00:00 2001 From: Haresh Kanagasabapathi Date: Fri, 14 Jun 2024 10:45:17 -0700 Subject: [PATCH 4/6] Issue-1027: created efs access point, fargate service, ecs task definition, task role --- python/ecs/fargate-service-with-efs/app.py | 119 +++++++++++++++------ 1 file changed, 85 insertions(+), 34 deletions(-) diff --git a/python/ecs/fargate-service-with-efs/app.py b/python/ecs/fargate-service-with-efs/app.py index f117e7e58..a691471d9 100644 --- a/python/ecs/fargate-service-with-efs/app.py +++ b/python/ecs/fargate-service-with-efs/app.py @@ -7,14 +7,14 @@ App, CfnOutput, Duration, Stack ) from constructs import Construct -class FargateEFS(Stack): +class FargateEfs(Stack): def __init__(self, scope: Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Create VPC with 2 AZ and a Fargate Cluster - vpc = ec2.Vpc( - self, "MyFargateVpc", + my_fargate_vpc = ec2.Vpc( + self, "my_fargate_vpc", max_azs=2 ) @@ -22,7 +22,7 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None: my_file_system_policy = iam.PolicyDocument( statements=[iam.PolicyStatement( actions=["elasticfilesystem:ClientMount"], - principals=[iam.AccountRootPrincipal()], + principals=[iam.AnyPrincipal()], resources=["*"], conditions={ "Bool": { @@ -32,44 +32,95 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None: )] ) - # Create EFS - my_file_system = efs.FileSystem(self, "My_Fargate_File_System", - vpc=vpc, + # Create EFS in MyFargateVpc + my_file_system = efs.FileSystem(self, "my_fargate_file_system", + vpc=my_fargate_vpc, encrypted=True, file_system_policy=my_file_system_policy, lifecycle_policy=efs.LifecyclePolicy.AFTER_14_DAYS, performance_mode=efs.PerformanceMode.GENERAL_PURPOSE, throughput_mode=efs.ThroughputMode.BURSTING, ) + + # Create an access point for the file system + access_point = my_file_system.add_access_point( + "MyAccessPoint", + path="/uploads", + create_acl=efs.Acl( + owner_uid="1001", + owner_gid="1001", + permissions="0755" + ), + posix_user=efs.PosixUser( + uid="1001", + gid="1001" + ) + ) + + # Output the access point ID and ARN + + CfnOutput( + self, "AccessPointId", + value=access_point.access_point_id, + description="Access Point ID" + ) + + CfnOutput( + self, "AccessPointArn", + value=access_point.access_point_arn, + description="Access Point ARN" + ) + + # Create an ECS cluster with Fargate launch type + cluster = ecs.Cluster( + self, "ECS-EFS-Cluster", + vpc=my_fargate_vpc, + cluster_name="my_ecs_fargate_efs_cluster" + ) + + # Define the task definition + task_definition = ecs.FargateTaskDefinition(self, "MyTaskDefinition") - # Create Access point - my_file_system.add_access_point("AccessPoint", "path=/uploads") + # Create a task execution role with EFS permissions + my_task_execution_role = iam.Role(self, "TaskExecutionRole", assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com")) + my_file_system.grant_root_access(my_task_execution_role) - image=ecs.ContainerImage.fromRegistry("coderaiser/cloudcmd"), + # Add a container to the task definition + container = task_definition.add_container( + "WebContainer", + image=ecs.ContainerImage.from_registry("coderaiser/cloudcmd"), + port_mappings=[ecs.PortMapping(container_port=8000)], + memory_limit_mib=512, + cpu=1, + ) + - # Create ECS cluster with fargate service - fargate_service = ecs_patterns.NetworkLoadBalancedFargateService(self, "MyFargateService", - cluster=ecs.Cluster( - self, "ECS-EFS-Cluster", - vpc=vpc - ), - task_image_options=ecs_patterns.NetworkLoadBalancedTaskImageOptions( - image=ecs.ContainerImage.from_registry("coderaiser/cloudcmd"), - container_port=8080, - enable_logging=True, - environment={ - "PORT": "8080", - "VIRTUAL_HOST": "cloudcmd.local" - }, - file_system_configs=[ - ecs.FileSystemConfig( - file_system=my_file_system, - mount_path="/uploads", - read_only=False - ) - ] - ), - memory_limit_mib=1024, - cpu=512, + # Create a Fargate service within the cluster + fargate_service = ecs_patterns.NetworkLoadBalancedFargateService( + self, "MyFargateService", + cluster=cluster, + task_definition=task_definition, desired_count=2 ) + + # Mount the EFS filesystem to the containers + fargate_service.service.task_definition.default_container.add_mount_points( + ecs.MountPoint( + container_path="/uploads", + source_volume="uploads", + read_only=False + ) + ) + + + # Output the DNS name of the load balancer + # CfnOutput( + # self, "LoadBalancerDNS", + # value=fargate_service.load_balancer.load_balancer_dns_name, + # description="DNS of the load balancer" + # ) + + +app = App() +FargateEfs(app, "aws-fargate-application-autoscaling") +app.synth() From b1feb4f3a089a6c1aa624180c8bcfab94846a98e Mon Sep 17 00:00:00 2001 From: Haresh Kanagasabapathi Date: Fri, 14 Jun 2024 11:54:11 -0700 Subject: [PATCH 5/6] Issue-1027: updated loadbalancer type, re-arrange code blocks --- python/ecs/fargate-service-with-efs/app.py | 52 +++++++++++----------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/python/ecs/fargate-service-with-efs/app.py b/python/ecs/fargate-service-with-efs/app.py index a691471d9..641ddd92c 100644 --- a/python/ecs/fargate-service-with-efs/app.py +++ b/python/ecs/fargate-service-with-efs/app.py @@ -12,12 +12,14 @@ class FargateEfs(Stack): def __init__(self, scope: Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) + #VPC # Create VPC with 2 AZ and a Fargate Cluster my_fargate_vpc = ec2.Vpc( self, "my_fargate_vpc", max_azs=2 ) + # EFS # File System Policy my_file_system_policy = iam.PolicyDocument( statements=[iam.PolicyStatement( @@ -46,15 +48,7 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None: access_point = my_file_system.add_access_point( "MyAccessPoint", path="/uploads", - create_acl=efs.Acl( - owner_uid="1001", - owner_gid="1001", - permissions="0755" - ), - posix_user=efs.PosixUser( - uid="1001", - gid="1001" - ) + transit_encryption='ENABLED' ) # Output the access point ID and ARN @@ -71,39 +65,47 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None: description="Access Point ARN" ) - # Create an ECS cluster with Fargate launch type - cluster = ecs.Cluster( - self, "ECS-EFS-Cluster", - vpc=my_fargate_vpc, - cluster_name="my_ecs_fargate_efs_cluster" - ) - - # Define the task definition + # ECS + + # Task Definition task_definition = ecs.FargateTaskDefinition(self, "MyTaskDefinition") - - # Create a task execution role with EFS permissions + + # Permissions + my_task_role = iam.Role(self, "TaskRole", assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com")) my_task_execution_role = iam.Role(self, "TaskExecutionRole", assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com")) my_file_system.grant_root_access(my_task_execution_role) - # Add a container to the task definition + # Add container to the task definition container = task_definition.add_container( "WebContainer", image=ecs.ContainerImage.from_registry("coderaiser/cloudcmd"), - port_mappings=[ecs.PortMapping(container_port=8000)], + port_mappings=[ + ecs.PortMapping(container_port=8000) + ], memory_limit_mib=512, cpu=1, ) + # ECS cluster + cluster = ecs.Cluster( + self, "ECS-EFS-Cluster", + vpc=my_fargate_vpc, + cluster_name="my_ecs_fargate_efs_cluster" + ) - # Create a Fargate service within the cluster - fargate_service = ecs_patterns.NetworkLoadBalancedFargateService( + # Create a Fargate service with application load balanced fargte + fargate_service = ecs_patterns.ApplicationLoadBalancedFargateService( self, "MyFargateService", cluster=cluster, task_definition=task_definition, - desired_count=2 + desired_count=2, + task_subnets=ec2.SubnetSelection( + subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS), + assign_public_ip=False, + platform_version=ecs.FargatePlatformVersion.VERSION1_4 ) - # Mount the EFS filesystem to the containers + # Mount the EFS filesystem to the fargate service fargate_service.service.task_definition.default_container.add_mount_points( ecs.MountPoint( container_path="/uploads", From dfed3d89c7d9a2850e02518ac59a089f39b89ee9 Mon Sep 17 00:00:00 2001 From: Haresh Kanagasabapathi Date: Fri, 14 Jun 2024 11:57:05 -0700 Subject: [PATCH 6/6] Issue-1027: removed transit_encryption --- python/ecs/fargate-service-with-efs/app.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/python/ecs/fargate-service-with-efs/app.py b/python/ecs/fargate-service-with-efs/app.py index 641ddd92c..107a0436d 100644 --- a/python/ecs/fargate-service-with-efs/app.py +++ b/python/ecs/fargate-service-with-efs/app.py @@ -47,8 +47,7 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None: # Create an access point for the file system access_point = my_file_system.add_access_point( "MyAccessPoint", - path="/uploads", - transit_encryption='ENABLED' + path="/uploads" ) # Output the access point ID and ARN