687 lines
20 KiB
YAML
Executable File
687 lines
20 KiB
YAML
Executable File
# Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
---
|
|
AWSTemplateFormatVersion: '2010-09-09'
|
|
Description: 'AWS CloudFormation Sample Template Managed Single ECS Job Queue: This
|
|
template demonstrates the usage of simple Job Queue and EC2 style Compute Environment
|
|
along with multi-node jobs (on a relatively small scale: 4 instances, 16 cores each).
|
|
N.B.: This is all boilerplate until the EcsInstanceRole! '
|
|
|
|
Parameters:
|
|
ProjectName:
|
|
Type: String
|
|
Default: "proofs"
|
|
Description: "S3 bucket will be AccountId-Region-ProjectName"
|
|
|
|
AvailZoneId:
|
|
Type: String
|
|
Default: "a"
|
|
Description: "Availability Zone ID"
|
|
|
|
InstanceType:
|
|
Type: String
|
|
Default: "m6i.4xlarge"
|
|
Description: "Instance type"
|
|
|
|
ContainerMemory:
|
|
Type: String
|
|
Description: "Memory Size for containers (61000 for cloud, 253000 for parallel)"
|
|
|
|
AmiImageId:
|
|
Type: String
|
|
Description: "Ami for your instances"
|
|
|
|
Resources:
|
|
|
|
VPC:
|
|
Type: AWS::EC2::VPC
|
|
Properties:
|
|
CidrBlock: 10.0.0.0/16
|
|
EnableDnsHostnames: true
|
|
EnableDnsSupport: true
|
|
|
|
SecondCidr:
|
|
Type: AWS::EC2::VPCCidrBlock
|
|
Properties:
|
|
CidrBlock: 10.1.0.0/16
|
|
VpcId: !Ref VPC
|
|
|
|
InternetGateway:
|
|
Type: AWS::EC2::InternetGateway
|
|
|
|
EIP:
|
|
Type: 'AWS::EC2::EIP'
|
|
Properties:
|
|
Domain: vpc
|
|
|
|
|
|
VPCGatewayAttachment:
|
|
Type: AWS::EC2::VPCGatewayAttachment
|
|
Properties:
|
|
VpcId:
|
|
Ref: VPC
|
|
InternetGatewayId:
|
|
Ref: InternetGateway
|
|
|
|
|
|
SecurityGroup:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: EC2 Security Group for instances launched in the VPC by Batch
|
|
VpcId:
|
|
Ref: VPC
|
|
SecurityGroupIngress:
|
|
- CidrIp: 10.0.0.0/0
|
|
Description: SSH port
|
|
FromPort: 0
|
|
IpProtocol: TCP
|
|
ToPort: 65535
|
|
|
|
NatGateway:
|
|
Type: 'AWS::EC2::NatGateway'
|
|
Properties:
|
|
AllocationId: !GetAtt 'EIP.AllocationId'
|
|
SubnetId: !Ref SubnetPublic
|
|
|
|
NatAttachment:
|
|
Type: AWS::EC2::VPCGatewayAttachment
|
|
Properties:
|
|
InternetGatewayId: !Ref InternetGateway
|
|
VpcId: !Ref VPC
|
|
|
|
SubnetPrivate:
|
|
Type: AWS::EC2::Subnet
|
|
DependsOn: SecondCidr
|
|
Properties:
|
|
AvailabilityZone: !Sub "${AWS::Region}${AvailZoneId}"
|
|
CidrBlock: 10.1.0.0/16
|
|
VpcId: !Ref VPC
|
|
RouteTablePrivate:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
VpcId:
|
|
Ref: VPC
|
|
RoutePrivate:
|
|
Type: AWS::EC2::Route
|
|
Properties:
|
|
RouteTableId:
|
|
Ref: RouteTablePrivate
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
NatGatewayId: !Ref NatGateway
|
|
|
|
SubnetRouteTableAssociationPrivate:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
RouteTableId: !Ref RouteTablePrivate
|
|
SubnetId: !Ref SubnetPrivate
|
|
|
|
|
|
SubnetPublic:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone: !Sub "${AWS::Region}${AvailZoneId}"
|
|
CidrBlock: 10.0.1.0/24
|
|
VpcId: !Ref VPC
|
|
MapPublicIpOnLaunch: 'True'
|
|
RouteTablePublic:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
VpcId:
|
|
Ref: VPC
|
|
RoutePublic:
|
|
Type: AWS::EC2::Route
|
|
Properties:
|
|
RouteTableId:
|
|
Ref: RouteTablePublic
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
GatewayId: !Ref InternetGateway
|
|
|
|
SubnetRouteTableAssociationPublic:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
RouteTableId: !Ref RouteTablePublic
|
|
SubnetId: !Ref SubnetPublic
|
|
|
|
EcsCluster:
|
|
Type: AWS::ECS::Cluster
|
|
Properties:
|
|
ClusterName: SatCompCluster
|
|
ClusterSettings:
|
|
- Name: containerInsights
|
|
Value: enabled
|
|
|
|
Ec2AutoscaleInstanceProfile:
|
|
Type: "AWS::IAM::InstanceProfile"
|
|
Properties:
|
|
Path: "/"
|
|
Roles:
|
|
- Ref: "InstanceRole"
|
|
InstanceRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
ManagedPolicyArns:
|
|
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service: [ ec2.amazonaws.com ]
|
|
Action: [ 'sts:AssumeRole' ]
|
|
Path: /
|
|
Policies:
|
|
- PolicyName: ecs-service
|
|
PolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
# Rules which allow ECS to attach network interfaces to instances
|
|
# on your behalf in order for awsvpc networking mode to work right
|
|
- 'ec2:AttachNetworkInterface'
|
|
- 'ec2:CreateNetworkInterface'
|
|
- 'ec2:CreateNetworkInterfacePermission'
|
|
- 'ec2:DeleteNetworkInterface'
|
|
- 'ec2:DeleteNetworkInterfacePermission'
|
|
- 'ec2:Describe*'
|
|
- 'ec2:DetachNetworkInterface'
|
|
- 'elasticfilesystem:*'
|
|
- 'cloudwatch:*'
|
|
- 'ecs:*'
|
|
# Rules which allow ECS to update load balancers on your behalf
|
|
# with the information sabout how to send traffic to your containers
|
|
- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
|
|
- 'elasticloadbalancing:DeregisterTargets'
|
|
- 'elasticloadbalancing:Describe*'
|
|
- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
|
|
- 'elasticloadbalancing:RegisterTargets'
|
|
- 's3:GetObject'
|
|
- 's3:GetObjectVersion'
|
|
Resource: '*'
|
|
|
|
EcsInstanceLc:
|
|
Type: AWS::AutoScaling::LaunchConfiguration
|
|
Properties:
|
|
ImageId: !Ref AmiImageId
|
|
InstanceType: !Select [ 0, [ !Ref InstanceType ] ]
|
|
AssociatePublicIpAddress: true
|
|
IamInstanceProfile: !GetAtt Ec2AutoscaleInstanceProfile.Arn
|
|
SecurityGroups: [ !Ref SecurityGroup ]
|
|
BlockDeviceMappings:
|
|
- DeviceName: /dev/xvda
|
|
Ebs:
|
|
VolumeSize: 30
|
|
VolumeType: gp2
|
|
- DeviceName: /dev/xvdcz
|
|
Ebs:
|
|
VolumeSize: 22
|
|
VolumeType: gp2
|
|
UserData:
|
|
Fn::Base64: !Sub |
|
|
#!/bin/bash -xe
|
|
echo ECS_CLUSTER=${EcsCluster} >> /etc/ecs/ecs.config
|
|
yum install -y aws-cfn-bootstrap python-pip
|
|
pip install awscli boto3
|
|
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource ECSAutoScalingGroup --region ${AWS::Region}
|
|
|
|
EcsInstanceAsg:
|
|
Type: AWS::AutoScaling::AutoScalingGroup
|
|
UpdatePolicy:
|
|
AutoScalingRollingUpdate:
|
|
MaxBatchSize: 10
|
|
MinSuccessfulInstancesPercent: 95
|
|
PauseTime: PT30M
|
|
SuspendProcesses: [ HealthCheck, ReplaceUnhealthy, AZRebalance, AlarmNotification,
|
|
ScheduledActions ]
|
|
WaitOnResourceSignals: 'true'
|
|
Properties:
|
|
VPCZoneIdentifier: [ !Ref SubnetPrivate ]
|
|
LaunchConfigurationName: !Ref EcsInstanceLc
|
|
MinSize: '0'
|
|
MaxSize: '0'
|
|
DesiredCapacity: '0'
|
|
Tags:
|
|
- Key: IsAutoscaledCluster
|
|
PropagateAtLaunch: true
|
|
Value: "true"
|
|
- Key: "Patch Group"
|
|
PropagateAtLaunch: true
|
|
Value: "ManagedClusterPatchGroup"
|
|
|
|
AutoscaleCapacityProvider:
|
|
Type: AWS::ECS::CapacityProvider
|
|
Properties:
|
|
AutoScalingGroupProvider:
|
|
AutoScalingGroupArn: !Ref EcsInstanceAsg
|
|
ManagedTerminationProtection: DISABLED
|
|
ManagedScaling:
|
|
Status: DISABLED
|
|
Name: AutoscaleCapacityProvider
|
|
|
|
# A security group for the containers we will run in Fargate.
|
|
# Rules are added to this security group based on what ingress you
|
|
# add for the cluster.
|
|
ContainerSecurityGroup:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Access to the Fargate containers
|
|
VpcId: !Ref 'VPC'
|
|
|
|
# A role used to allow AWS Autoscaling to inspect stats and adjust scaleable targets
|
|
# on your AWS account
|
|
AutoscalingRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service: [ application-autoscaling.amazonaws.com ]
|
|
Action: [ 'sts:AssumeRole' ]
|
|
Path: /
|
|
Policies:
|
|
- PolicyName: service-autoscaling
|
|
PolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- 'application-autoscaling:*'
|
|
- 'cloudwatch:DescribeAlarms'
|
|
- 'cloudwatch:PutMetricAlarm'
|
|
- 'ecs:DescribeServices'
|
|
- 'ecs:UpdateService'
|
|
Resource: '*'
|
|
|
|
# This is an IAM role which authorizes ECS to manage resources on your
|
|
# account on your behalf, such as updating your load balancer with the
|
|
# details of where your containers are, so that traffic can reach your
|
|
# containers.
|
|
ECSRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service: [ ecs.amazonaws.com ]
|
|
Action: [ 'sts:AssumeRole' ]
|
|
Path: /
|
|
Policies:
|
|
- PolicyName: ecs-service
|
|
PolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
# Rules which allow ECS to attach network interfaces to instances
|
|
# on your behalf in order for awsvpc networking mode to work right
|
|
- 'ec2:AttachNetworkInterface'
|
|
- 'ec2:CreateNetworkInterface'
|
|
- 'ec2:CreateNetworkInterfacePermission'
|
|
- 'ec2:DeleteNetworkInterface'
|
|
- 'ec2:DeleteNetworkInterfacePermission'
|
|
- 'ec2:Describe*'
|
|
- 'ec2:DetachNetworkInterface'
|
|
- 'elasticfilesystem:*'
|
|
|
|
# Rules which allow ECS to update load balancers on your behalf
|
|
# with the information sabout how to send traffic to your containers
|
|
- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
|
|
- 'elasticloadbalancing:DeregisterTargets'
|
|
- 'elasticloadbalancing:Describe*'
|
|
- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
|
|
- 'elasticloadbalancing:RegisterTargets'
|
|
Resource: '*'
|
|
|
|
SsmVpcEndpoint:
|
|
Type: AWS::EC2::VPCEndpoint
|
|
Properties:
|
|
VpcEndpointType: Interface
|
|
ServiceName: !Sub 'com.amazonaws.${AWS::Region}.ssm'
|
|
VpcId: !Ref VPC
|
|
SecurityGroupIds: [ !Ref SecurityGroup ]
|
|
SubnetIds: [ !Ref SubnetPrivate ]
|
|
PrivateDnsEnabled: true
|
|
|
|
EcsTaskRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Version: '2012-10-17'
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service: ecs-tasks.amazonaws.com
|
|
Action: sts:AssumeRole
|
|
ManagedPolicyArns:
|
|
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
|
|
- arn:aws:iam::aws:policy/AmazonS3FullAccess
|
|
Policies:
|
|
- PolicyName: !Sub "project-metrics-${AWS::Region}-${ProjectName}"
|
|
PolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Action:
|
|
- cloudwatch:PutMetricData
|
|
Effect: Allow
|
|
Resource: "*"
|
|
- PolicyName: SatCompQueueExecutionRolePolicy
|
|
PolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Action:
|
|
- "sqs:GetQueueAttributes"
|
|
- "sqs:SendMessage"
|
|
- "sqs:ReceiveMessage"
|
|
- "sqs:DeleteMessage"
|
|
- "sqs:DeleteMessageBatch"
|
|
- "sqs:GetQueueUrl"
|
|
Effect: Allow
|
|
Resource: "*"
|
|
- PolicyName: SatCompDynamoExecutionRolePolicy
|
|
PolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Action:
|
|
- "dynamodb:UpdateItem"
|
|
- "dynamodb:Scan"
|
|
Effect: Allow
|
|
Resource: "*"
|
|
|
|
SolverLeaderTaskDefinition:
|
|
Type: AWS::ECS::TaskDefinition
|
|
Properties:
|
|
ExecutionRoleArn: !GetAtt ECSTaskExecutionRole.Arn
|
|
TaskRoleArn: !GetAtt EcsTaskRole.Arn
|
|
NetworkMode: awsvpc
|
|
|
|
RequiresCompatibilities:
|
|
- EC2
|
|
Volumes:
|
|
- Name: SatVolume
|
|
EFSVolumeConfiguration:
|
|
FilesystemId: !Ref FileSystem
|
|
TransitEncryption: ENABLED
|
|
AuthorizationConfig:
|
|
AccessPointId: !Ref AccessPoint
|
|
|
|
ContainerDefinitions:
|
|
- Image: !Sub "${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ProjectName}:leader"
|
|
Name: !Sub "${ProjectName}-leader"
|
|
MemoryReservation: 61000
|
|
Environment:
|
|
- Name: SQS_QUEUE_NAME
|
|
Value: !GetAtt SatCompQueue.QueueName
|
|
- Name: SQS_OUTPUT_QUEUE_NAME
|
|
Value: !GetAtt SatCompOutputQueue.QueueName
|
|
- Name: AWS_DEFAULT_REGION
|
|
Value: !Ref AWS::Region
|
|
- Name: SATCOMP_BUCKET_NAME
|
|
Value: !Ref SatCompBucket
|
|
LogConfiguration:
|
|
LogDriver: awslogs
|
|
Options:
|
|
awslogs-group: !Sub "/ecs/${ProjectName}-leader"
|
|
awslogs-region: !Ref AWS::Region
|
|
awslogs-stream-prefix: ecs
|
|
MountPoints:
|
|
- ContainerPath: '/mount/efs'
|
|
SourceVolume: SatVolume
|
|
PortMappings:
|
|
- HostPort: 22
|
|
ContainerPort: 22
|
|
Protocol: TCP
|
|
SolverLogGroupLeader:
|
|
Type: AWS::Logs::LogGroup
|
|
Properties:
|
|
LogGroupName: !Sub "/ecs/${ProjectName}-leader"
|
|
RetentionInDays: 1827
|
|
|
|
SolverWorkerTaskDefinition:
|
|
Type: AWS::ECS::TaskDefinition
|
|
Properties:
|
|
ExecutionRoleArn: !GetAtt ECSTaskExecutionRole.Arn
|
|
TaskRoleArn: !GetAtt EcsTaskRole.Arn
|
|
NetworkMode: awsvpc
|
|
|
|
RequiresCompatibilities:
|
|
- EC2
|
|
Volumes:
|
|
- Name: SatVolume
|
|
EFSVolumeConfiguration:
|
|
FilesystemId: !Ref FileSystem
|
|
TransitEncryption: ENABLED
|
|
AuthorizationConfig:
|
|
AccessPointId: !Ref AccessPoint
|
|
|
|
ContainerDefinitions:
|
|
- Image: !Sub "${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ProjectName}:worker"
|
|
Name: !Sub "${ProjectName}-worker"
|
|
MemoryReservation: 61000
|
|
Environment:
|
|
- Name: SQS_QUEUE_NAME
|
|
Value: !GetAtt SatCompQueue.QueueName
|
|
- Name: SQS_OUTPUT_QUEUE_NAME
|
|
Value: !GetAtt SatCompOutputQueue.QueueName
|
|
- Name: AWS_DEFAULT_REGION
|
|
Value: !Ref AWS::Region
|
|
- Name: SATCOMP_BUCKET_NAME
|
|
Value: !Ref SatCompBucket
|
|
LogConfiguration:
|
|
LogDriver: awslogs
|
|
Options:
|
|
awslogs-group: !Sub "/ecs/${ProjectName}-worker"
|
|
awslogs-region: !Ref AWS::Region
|
|
awslogs-stream-prefix: ecs
|
|
MountPoints:
|
|
- ContainerPath: '/mount/efs'
|
|
SourceVolume: SatVolume
|
|
PortMappings:
|
|
- HostPort: 22
|
|
ContainerPort: 22
|
|
Protocol: TCP
|
|
SolverLogGroupWorker:
|
|
Type: AWS::Logs::LogGroup
|
|
Properties:
|
|
LogGroupName: !Sub "/ecs/${ProjectName}-worker"
|
|
RetentionInDays: 1827
|
|
|
|
ECSTaskExecutionRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service: [ ecs-tasks.amazonaws.com ]
|
|
Action: [ 'sts:AssumeRole' ]
|
|
Path: /
|
|
Policies:
|
|
- PolicyName: AmazonECSTaskExecutionRolePolicy
|
|
PolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
# Allow the ECS Tasks to download images from ECR
|
|
- 'ecr:GetAuthorizationToken'
|
|
- 'ecr:BatchCheckLayerAvailability'
|
|
- 'ecr:GetDownloadUrlForLayer'
|
|
- 'ecr:BatchGetImage'
|
|
|
|
# Allow the ECS tasks to upload logs to CloudWatch
|
|
- 'logs:CreateLogStream'
|
|
- 'logs:PutLogEvents'
|
|
Resource: '*'
|
|
|
|
SolverLeaderService:
|
|
Type: AWS::ECS::Service
|
|
Properties:
|
|
Cluster:
|
|
Ref: EcsCluster
|
|
DesiredCount: 0
|
|
LaunchType: EC2
|
|
NetworkConfiguration:
|
|
AwsvpcConfiguration:
|
|
SecurityGroups:
|
|
- !Ref SecurityGroup
|
|
Subnets:
|
|
- !Ref SubnetPrivate
|
|
TaskDefinition:
|
|
Ref: SolverLeaderTaskDefinition
|
|
|
|
SolverWorkerService:
|
|
Type: AWS::ECS::Service
|
|
Properties:
|
|
Cluster:
|
|
Ref: EcsCluster
|
|
DesiredCount: 0
|
|
LaunchType: EC2
|
|
NetworkConfiguration:
|
|
AwsvpcConfiguration:
|
|
SecurityGroups:
|
|
- !Ref SecurityGroup
|
|
Subnets:
|
|
- !Ref SubnetPrivate
|
|
TaskDefinition:
|
|
Ref: SolverWorkerTaskDefinition
|
|
|
|
|
|
AccessPoint:
|
|
Type: AWS::EFS::AccessPoint
|
|
Properties:
|
|
FileSystemId: !Ref FileSystem
|
|
PosixUser:
|
|
Uid: "1001"
|
|
Gid: "1001"
|
|
RootDirectory:
|
|
CreationInfo:
|
|
OwnerGid: "1001"
|
|
OwnerUid: "1001"
|
|
Permissions: "0755"
|
|
Path: "/sat-comp"
|
|
|
|
FileSystem:
|
|
Type: AWS::EFS::FileSystem
|
|
Properties:
|
|
PerformanceMode: generalPurpose
|
|
|
|
EFSMountTarget:
|
|
Type: AWS::EFS::MountTarget
|
|
Properties:
|
|
FileSystemId: !Ref FileSystem
|
|
SecurityGroups:
|
|
- !Ref SecurityGroup
|
|
SubnetId: !Ref SubnetPrivate
|
|
SatCompQueue:
|
|
Type: AWS::SQS::Queue
|
|
Properties:
|
|
QueueName: !Sub "${AWS::AccountId}-${AWS::Region}-SatCompQueue"
|
|
VisibilityTimeout: 5
|
|
ReceiveMessageWaitTimeSeconds: 20
|
|
KmsDataKeyReusePeriodSeconds: 3600
|
|
KmsMasterKeyId: "alias/aws/sqs"
|
|
SatCompOutputQueue:
|
|
Type: AWS::SQS::Queue
|
|
Properties:
|
|
QueueName: !Sub "${AWS::AccountId}-${AWS::Region}-SatCompOutputQueue"
|
|
VisibilityTimeout: 5
|
|
ReceiveMessageWaitTimeSeconds: 20
|
|
KmsDataKeyReusePeriodSeconds: 3600
|
|
KmsMasterKeyId: "alias/aws/sqs"
|
|
|
|
NodeManifest:
|
|
Type: AWS::DynamoDB::Table
|
|
Properties:
|
|
AttributeDefinitions:
|
|
-
|
|
AttributeName: nodeId
|
|
AttributeType: S
|
|
BillingMode: PAY_PER_REQUEST
|
|
KeySchema:
|
|
-
|
|
AttributeName: nodeId
|
|
KeyType: HASH
|
|
TableName: SatCompNodeManifest
|
|
|
|
TaskEndNotification:
|
|
Type: AWS::DynamoDB::Table
|
|
Properties:
|
|
AttributeDefinitions:
|
|
-
|
|
AttributeName: leaderIp
|
|
AttributeType: S
|
|
BillingMode: PAY_PER_REQUEST
|
|
KeySchema:
|
|
-
|
|
AttributeName: leaderIp
|
|
KeyType: HASH
|
|
TableName: TaskEndNotification
|
|
|
|
SolverLeaderEcr:
|
|
Type: AWS::ECR::Repository
|
|
Properties:
|
|
RepositoryName: !Sub "${ProjectName}"
|
|
LifecyclePolicy:
|
|
LifecyclePolicyText: '
|
|
{
|
|
"rules": [ {
|
|
"rulePriority": 10,
|
|
"description": "remove untagged images except the latest one",
|
|
"selection": {
|
|
"tagStatus": "untagged",
|
|
"countType": "imageCountMoreThan",
|
|
"countNumber": 1
|
|
},
|
|
"action": {
|
|
"type": "expire"
|
|
}
|
|
} ]
|
|
}'
|
|
|
|
# SolverWorkerEcr:
|
|
# Type: AWS::ECR::Repository
|
|
# Properties:
|
|
# RepositoryName: !Sub "${ProjectName}-worker"
|
|
# LifecyclePolicy:
|
|
# LifecyclePolicyText: '
|
|
# {
|
|
# "rules": [ {
|
|
# "rulePriority": 10,
|
|
# "description": "remove untagged images except the latest one",
|
|
# "selection": {
|
|
# "tagStatus": "untagged",
|
|
# "countType": "imageCountMoreThan",
|
|
# "countNumber": 1
|
|
# },
|
|
# "action": {
|
|
# "type": "expire"
|
|
# }
|
|
# } ]
|
|
# }'
|
|
|
|
SatCompBucket:
|
|
Type: AWS::S3::Bucket
|
|
Properties:
|
|
BucketName: !Sub "${AWS::AccountId}-${AWS::Region}-${ProjectName}"
|
|
BucketEncryption:
|
|
ServerSideEncryptionConfiguration:
|
|
- ServerSideEncryptionByDefault:
|
|
SSEAlgorithm: AES256
|
|
PublicAccessBlockConfiguration:
|
|
BlockPublicAcls: true
|
|
BlockPublicPolicy: true
|
|
IgnorePublicAcls: true
|
|
RestrictPublicBuckets: true
|
|
|
|
|
|
Outputs:
|
|
Subnet:
|
|
Value:
|
|
Ref: SubnetPrivate
|
|
Export:
|
|
Name: SubnetId
|
|
SecurityGroupId:
|
|
Value:
|
|
Ref: SecurityGroup
|
|
Export:
|
|
Name: SecurityGroup
|
|
|