ECS-Cloudformation/vpc-subnets-stack.yml

AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  NginxImage:
    Type: String
    Default: 539634357948.dkr.ecr.eu-central-1.amazonaws.com/commit-nginx:latest

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true

  SubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.0.0/24
      AvailabilityZone: eu-central-1a

  SubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: eu-central-1b

  Nacl:
    Type: AWS::EC2::NetworkAcl
    Properties:
      VpcId: !Ref VPC

  InboundRuleHttps:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "1"
      Protocol: 6
      RuleAction: allow
      PortRange:
        From: 443
        To: 443
      Egress: false
      CidrBlock: 0.0.0.0/0

  InboundRuleHttp:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "2"
      Protocol: 6
      RuleAction: allow
      PortRange:
        From: 80
        To: 80
      Egress: false
      CidrBlock: 0.0.0.0/0

  OutboundRuleHttps:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "3"
      Protocol: 6
      PortRange:
        From: 443
        To: 443
      RuleAction: allow
      Egress: true
      CidrBlock: 0.0.0.0/0

  OutboundRuleHttp:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "4"
      Protocol: 6
      PortRange:
        From: 80
        To: 80
      RuleAction: allow
      Egress: true
      CidrBlock: 0.0.0.0/0

  RDSInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 20
      DBInstanceClass: db.t2.micro
      Engine: mysql
      MasterUsername: root_user
      MasterUserPassword: root_password
      DBName: root_db
      MultiAZ: false

  ECSCluster:
    Type: AWS::ECS::Cluster

  ECSTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ExecutionRoleArn: !Ref ExecutionRole
      TaskRoleArn: !Ref TaskRole
      Cpu: 256
      Memory: 0.5GB
      Family: !Ref ECSCluster
      ContainerDefinitions:
        - Name: commit-stack # Updated application name to "commit-stack"
          Image: !Ref NginxImage
          Memory: 512
          PortMappings:
            - ContainerPort: 80
            - ContainerPort: 443

  ECSService:
    Type: AWS::ECS::Service
    Properties:
      Cluster: !Ref ECSCluster
      LoadBalancers:
        - ContainerName: commit-stack # Updated container name
          ContainerPort: 80
          LoadBalancerName: !Ref LoadBalancer
      TaskDefinition: !Ref ECSTaskDefinition
      DesiredCount: 1
      LaunchType: EC2
      NetworkConfiguration:
        AwsvpcConfiguration:
          Subnets:
            - !Ref SubnetA
            - !Ref SubnetB

  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: "Commit-elb"
      LoadBalancerAttributes:
        - Key: idle_timeout.timeout_seconds
          Value: 60
      Scheme: internet-facing
      Subnets:
        - !Ref SubnetA
        - !Ref SubnetB

  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "Commit-ECSRole"
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: "sts:AssumeRole"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"

  TaskRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "Commit-TaskRole"
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: "sts:AssumeRole"

  MyInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: stack
          Value: production

  MyVPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref MyInternetGateway
      VpcId: !Ref VPC

  ListenerHTTP:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref TargetGroup
          Type: forward
      LoadBalancerArn: !Ref LoadBalancer
      Port: 80
      Protocol: HTTP

  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 10
      HealthCheckPath: "/"
      HealthCheckTimeoutSeconds: 5
      UnhealthyThresholdCount: 2
      HealthyThresholdCount: 2
      Name: MyTargetGroup
      Port: 80
      Protocol: HTTP
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 60
      TargetType: ip
      VpcId: !Ref VPC