aspnet-core-web-api-metrics-demo/cfn.yaml at main · CharlesHolmes/aspnet-core-web-api-metrics-demo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys a service and client in AppRunner to demonstrate metric collection"
Parameters:
  WeatherServiceImageRepoArn:
    Description: ARN of the ECR repository where the weather service image is stored
    Type: String
    AllowedPattern: "arn:aws:ecr:.+"
  WeatherServiceUriWithTag:
    Description: The URI of the weather service image that should be running, including its SHA-256 digest.
    Type: String
  WeatherServiceContainerPort:
    Type: Number
    Default: 3000
  WeatherServiceLoadBalancerPort:
    Type: Number
    Default: 80
  DatadogSecretArn:
    Description: ARN of the secret containing the Datadog ID we will be using
    Type: String
    AllowedPattern: "arn:aws:secretsmanager:.+"
  DatadogDdSiteVariable:
    Description: The DD_SITE environment variable expected by Datadog.  API key won't work without the correct DD_SITE.
    Type: String
  SimulatedClientUriWithTag:
    Description: The URI of the simulated client image that should be running, including its SHA-256 digest.
    Type: String
  VPCIPRange:
    Type: String
    Default: 10.0.0.0/16
  PublicSubnetAZ1IPRange:
    Type: String
    Default: 10.0.1.0/24
  PublicSubnetAZ2IPRange:
    Type: String
    Default: 10.0.2.0/24
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VPCIPRange
      EnableDnsHostnames: true
      EnableDnsSupport: true
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  VPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  PublicSubnetDefaultRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
    DependsOn: VPCGatewayAttachment
  PublicSubnetAZ1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: !Ref PublicSubnetAZ1IPRange
      MapPublicIpOnLaunch: true
      AvailabilityZone: !Select [0, !GetAZs ""]
  PublicSubnetAZ1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnetAZ1
      RouteTableId: !Ref PublicRouteTable
  PublicSubnetAZ2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: !Ref PublicSubnetAZ2IPRange
      MapPublicIpOnLaunch: true
      AvailabilityZone: !Select [1, !GetAZs ""]
  PublicSubnetAZ2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnetAZ2
      RouteTableId: !Ref PublicRouteTable
  Cluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: MetricsDemoCluster
      ClusterSettings:
        - Name: containerInsights
          Value: enabled
  WeatherService:
    Type: AWS::ECS::Service
    DependsOn: LoadBalancerListener
    Properties:
      ServiceName: WeatherService
      Cluster: !Ref Cluster
      TaskDefinition: !Ref WeatherServiceTaskDefinition
      DeploymentConfiguration:
        MinimumHealthyPercent: 100
        MaximumPercent: 200
      DesiredCount:  1
      HealthCheckGracePeriodSeconds: 60
      LaunchType: FARGATE
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          Subnets:
            - !Ref PublicSubnetAZ1
            - !Ref PublicSubnetAZ2
          SecurityGroups:
            - !Ref WeatherServiceSecurityGroup
      LoadBalancers:
        - ContainerName: WeatherService
          ContainerPort: !Ref WeatherServiceContainerPort
          TargetGroupArn: !Ref WeatherServiceTargetGroup
  WeatherServiceTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    DependsOn:
      - WeatherServiceLogGroup
      - WeatherServiceDatadogSidecarLogGroup
    Properties:
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      Cpu: 256
      Memory: 2GB
      ExecutionRoleArn: !Ref WeatherServiceExecutionRole
      TaskRoleArn: !Ref WeatherServiceTaskRole
      ContainerDefinitions:
        - Name: WeatherService
          Image: !Ref WeatherServiceUriWithTag
          PortMappings:
            - ContainerPort: !Ref WeatherServiceContainerPort
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Ref AWS::Region
              awslogs-group: !Ref WeatherServiceLogGroup
              awslogs-stream-prefix: ecs
          Environment:
            - Name: AWS_XRAY_DAEMON_ADDRESS
              Value: xray-sidecar:2000
        - Name: datadog-agent
          Image: 'public.ecr.aws/datadog/agent:latest'
          Secrets:
            - Name: DD_API_KEY
              ValueFrom: !Ref DatadogSecretArn
          Environment:
            - Name: ECS_FARGATE
              Value: true
            - Name: DD_APM_ENABLED
              Value: true
            - Name: DD_APM_NON_LOCAL_TRAFFIC
              Value: true
            - Name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC
              Value: true
            - Name: DD_LOGS_ENABLED
              Value: true
            - Name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL
              Value: true
            - Name: DD_SITE
              Value: !Ref DatadogDdSiteVariable
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Ref AWS::Region
              awslogs-group: !Ref WeatherServiceDatadogSidecarLogGroup
              awslogs-stream-prefix: ecs
        - Name: xray-sidecar
          Image: 'amazon/aws-xray-daemon'
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Ref AWS::Region
              awslogs-group: !Ref WeatherServiceXraySidecarLogGroup
              awslogs-stream-prefix: ecs
  WeatherServiceTaskRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: WeatherServiceTaskRole
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess'
      Policies:
        - PolicyName: datadog-permissions
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - 'ecs:ListClusters'
                  - 'ecs:ListContainerInstances'
                  - 'ecs:DescribeContainerInstances'
                Resource:
                  - '*'
        - PolicyName: write-metrics
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - 'cloudwatch:PutMetricData'
                Resource:
                  - '*'
  WeatherServiceExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: WeatherServiceExecutionRole
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
      Policies:
        - PolicyName: read-datadog-api-key
          PolicyDocument:
            Version: 2012-10-17
            Statement:
            - Effect: Allow
              Action:
              - 'secretsmanager:GetSecretValue'
              Resource:
              - !Ref DatadogSecretArn
  WeatherServiceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: WeatherServiceSecurityGroup
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: !Ref WeatherServiceContainerPort
          ToPort: !Ref WeatherServiceContainerPort
          SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
  WeatherServiceTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 20
      HealthCheckPath: /WeatherForecast?city=Dallas&includeRadar=true&includeSatellite=false
      HealthCheckTimeoutSeconds: 10
      UnhealthyThresholdCount: 2
      HealthyThresholdCount: 2
      Name: WeatherServiceTargetGroup
      Port: !Ref WeatherServiceContainerPort
      Protocol: HTTP
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 60
      TargetType: ip
      VpcId: !Ref VPC
  LoadBalancerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: LoadBalancerSecurityGroup
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: !Ref WeatherServiceLoadBalancerPort
          ToPort: !Ref WeatherServiceLoadBalancerPort
          CidrIp: 0.0.0.0/0
  LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref WeatherServiceTargetGroup
          Type: forward
      LoadBalancerArn: !Ref LoadBalancer
      Port: !Ref WeatherServiceLoadBalancerPort
      Protocol: HTTP
  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    DependsOn: InternetGateway
    Properties:
      Name: LoadBalancer
      Scheme: internet-facing
      SecurityGroups:
        - !Ref LoadBalancerSecurityGroup
      Subnets:
            - !Ref PublicSubnetAZ1
            - !Ref PublicSubnetAZ2
  WeatherServiceLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: /ecs/WeatherService/WeatherServiceContainer
  WeatherServiceDatadogSidecarLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: /ecs/WeatherService/DatadogSidecarContainer
  WeatherServiceXraySidecarLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: /ecs/WeatherService/XraySidecarContainer
  SimulatedClient:
    Type: AWS::ECS::Service
    Properties:
      ServiceName: SimulatedClient
      Cluster: !Ref Cluster
      TaskDefinition: !Ref SimulatedClientTaskDefinition
      DesiredCount:  1
      LaunchType: FARGATE
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          Subnets:
            - !Ref PublicSubnetAZ1
            - !Ref PublicSubnetAZ2
  SimulatedClientTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    DependsOn:
      - SimulatedClientLogGroup
    Properties:
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      Cpu: 256
      Memory: 0.5GB
      ExecutionRoleArn: !Ref SimulatedClientExecutionRole
      ContainerDefinitions:
        - Name: SimulatedClient
          Image: !Ref SimulatedClientUriWithTag
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Ref AWS::Region
              awslogs-group: !Ref SimulatedClientLogGroup
              awslogs-stream-prefix: ecs
          Environment:
            - Name: WEATHER_SERVICE_HOSTNAME
              Value: !GetAtt LoadBalancer.DNSName
            - Name: PROTOCOL
              Value: http
            - Name: VU_COUNT
              Value: 10
  SimulatedClientExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: SimulatedClientExecutionRole
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
  SimulatedClientLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: /ecs/SimulatedClient/SimulatedClientContainer
Outputs:
  LoadBalancerHostname:
    Description: Load balancer hostname
    Value: !GetAtt LoadBalancer.DNSName