{
"version": 4,
"terraform_version": "1.4.6",
"serial": 12,
"lineage": "3f24e75d-2e86-a48b-866a-a7f12d90723c",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_cloudformation_stack",
"name": "ecs_service",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": []
},
{
"mode": "managed",
"type": "aws_cloudformation_stack",
"name": "vpc",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"status": "tainted",
"schema_version": 0,
"attributes": {
"capabilities": [
"CAPABILITY_NAMED_IAM"
],
"disable_rollback": null,
"iam_role_arn": null,
"id": "arn:aws:cloudformation:us-east-1:759907441676:stack/fastapi-backend-vpc-stack/c32164f0-681d-11ee-927b-0a46d441a571",
"name": "fastapi-backend-vpc-stack",
"notification_arns": null,
"on_failure": null,
"outputs": null,
"parameters": {
"ClusterName": "fastapi-backend-cluster",
"ExecutionRoleName": "fastapi-backend-ecs-execution-role"
},
"policy_body": null,
"policy_url": null,
"tags": null,
"template_body": "AWSTemplateFormatVersion: '2010-09-09'\r\nDescription: A stack for deploying containerized applications in AWS Fargate.\r\n This stack runs containers in a public VPC subnet, and includes a\r\n public facing load balancer to register the services in.\r\nParameters:\r\n ClusterName:\r\n Type: String\r\n Description: Name of the ECS cluster to be created\r\n ExecutionRoleName:\r\n Type: String\r\n Description: Name of the IAM role used by the ECS tasks to be created\r\n\r\nMappings:\r\n # Hard values for the subnet masks. These masks define\r\n # the range of internal IP addresses that can be assigned.\r\n # The VPC can have all IP's from 10.0.0.0 to 10.0.255.255\r\n # There are two subnets which cover the ranges:\r\n #\r\n # 10.0.0.0 - 10.0.0.255\r\n # 10.0.1.0 - 10.0.1.255\r\n #\r\n # If you need more IP addresses (perhaps you have so many\r\n # instances that you run out) then you can customize these\r\n # ranges to add more\r\n SubnetConfig:\r\n VPC:\r\n CIDR: '10.0.0.0/16'\r\n PublicOne:\r\n CIDR: '10.0.0.0/24'\r\n PublicTwo:\r\n CIDR: '10.0.1.0/24'\r\nResources:\r\n # VPC in which containers will be networked.\r\n # It has two public subnets\r\n # We distribute the subnets across the first two available subnets\r\n # for the region, for high availability.\r\n VPC:\r\n Type: AWS::EC2::VPC\r\n Properties:\r\n EnableDnsSupport: true\r\n EnableDnsHostnames: true\r\n CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']\r\n\r\n # Two public subnets, where containers can have public IP addresses\r\n PublicSubnetOne:\r\n Type: AWS::EC2::Subnet\r\n Properties:\r\n AvailabilityZone:\r\n Fn::Select:\r\n - 0\r\n - Fn::GetAZs: {Ref: 'AWS::Region'}\r\n VpcId: !Ref 'VPC'\r\n CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']\r\n MapPublicIpOnLaunch: true\r\n PublicSubnetTwo:\r\n Type: AWS::EC2::Subnet\r\n Properties:\r\n AvailabilityZone:\r\n Fn::Select:\r\n - 1\r\n - Fn::GetAZs: {Ref: 'AWS::Region'}\r\n VpcId: !Ref 'VPC'\r\n CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR']\r\n MapPublicIpOnLaunch: true\r\n\r\n # Setup networking resources for the public subnets. Containers\r\n # in the public subnets have public IP addresses and the routing table\r\n # sends network traffic via the internet gateway.\r\n InternetGateway:\r\n Type: AWS::EC2::InternetGateway\r\n GatewayAttachement:\r\n Type: AWS::EC2::VPCGatewayAttachment\r\n Properties:\r\n VpcId: !Ref 'VPC'\r\n InternetGatewayId: !Ref 'InternetGateway'\r\n PublicRouteTable:\r\n Type: AWS::EC2::RouteTable\r\n Properties:\r\n VpcId: !Ref 'VPC'\r\n PublicRoute:\r\n Type: AWS::EC2::Route\r\n DependsOn: GatewayAttachement\r\n Properties:\r\n RouteTableId: !Ref 'PublicRouteTable'\r\n DestinationCidrBlock: '0.0.0.0/0'\r\n GatewayId: !Ref 'InternetGateway'\r\n PublicSubnetOneRouteTableAssociation:\r\n Type: AWS::EC2::SubnetRouteTableAssociation\r\n Properties:\r\n SubnetId: !Ref PublicSubnetOne\r\n RouteTableId: !Ref PublicRouteTable\r\n PublicSubnetTwoRouteTableAssociation:\r\n Type: AWS::EC2::SubnetRouteTableAssociation\r\n Properties:\r\n SubnetId: !Ref PublicSubnetTwo\r\n RouteTableId: !Ref PublicRouteTable\r\n\r\n # ECS Resources\r\n ECSCluster:\r\n Type: AWS::ECS::Cluster\r\n Properties:\r\n # Fix a name to avoid having an auto-generated one\r\n ClusterName: !Ref 'ClusterName'\r\n\r\n # A security group for the containers we will run in Fargate.\r\n # Two rules, allowing network traffic from a public facing load\r\n # balancer and from other members of the security group.\r\n #\r\n # Remove any of the following ingress rules that are not needed.\r\n # If you want to make direct requests to a container using its\r\n # public IP address you'll need to add a security group rule\r\n # to allow traffic from all IP addresses.\r\n FargateContainerSecurityGroup:\r\n Type: AWS::EC2::SecurityGroup\r\n Properties:\r\n GroupDescription: Access to the Fargate containers\r\n VpcId: !Ref 'VPC'\r\n EcsSecurityGroupIngressFromPublicALB:\r\n Type: AWS::EC2::SecurityGroupIngress\r\n Properties:\r\n Description: Ingress from the public ALB\r\n GroupId: !Ref 'FargateContainerSecurityGroup'\r\n IpProtocol: -1\r\n SourceSecurityGroupId: !Ref 'PublicLoadBalancerSG'\r\n EcsSecurityGroupIngressFromSelf:\r\n Type: AWS::EC2::SecurityGroupIngress\r\n Properties:\r\n Description: Ingress from other containers in the same security group\r\n GroupId: !Ref 'FargateContainerSecurityGroup'\r\n IpProtocol: -1\r\n SourceSecurityGroupId: !Ref 'FargateContainerSecurityGroup'\r\n\r\n # Load balancers for getting traffic to containers.\r\n # This sample template creates one load balancer:\r\n #\r\n # - One public load balancer, hosted in public subnets that is accessible\r\n # to the public, and is intended to route traffic to one or more public\r\n # facing services.\r\n\r\n # A public facing load balancer, this is used for accepting traffic from the public\r\n # internet and directing it to public facing microservices\r\n PublicLoadBalancerSG:\r\n Type: AWS::EC2::SecurityGroup\r\n Properties:\r\n GroupDescription: Access to the public facing load balancer\r\n VpcId: !Ref 'VPC'\r\n SecurityGroupIngress:\r\n # Allow access to ALB from anywhere on the internet\r\n - CidrIp: 0.0.0.0/0\r\n IpProtocol: -1\r\n PublicLoadBalancer:\r\n Type: AWS::ElasticLoadBalancingV2::LoadBalancer\r\n Properties:\r\n Scheme: internet-facing\r\n LoadBalancerAttributes:\r\n - Key: idle_timeout.timeout_seconds\r\n Value: '30'\r\n Subnets:\r\n # The load balancer is placed into the public subnets, so that traffic\r\n # from the internet can reach the load balancer directly via the internet gateway\r\n - !Ref PublicSubnetOne\r\n - !Ref PublicSubnetTwo\r\n SecurityGroups: [!Ref 'PublicLoadBalancerSG']\r\n # A dummy target group is used to setup the ALB to just drop traffic\r\n # initially, before any real service target groups have been added.\r\n DummyTargetGroupPublic:\r\n Type: AWS::ElasticLoadBalancingV2::TargetGroup\r\n Properties:\r\n HealthCheckIntervalSeconds: 6\r\n HealthCheckPath: /\r\n HealthCheckProtocol: HTTP\r\n HealthCheckTimeoutSeconds: 5\r\n HealthyThresholdCount: 2\r\n Name: !Join ['-', [!Ref 'AWS::StackName', 'drop-1']]\r\n Port: 80\r\n Protocol: HTTP\r\n UnhealthyThresholdCount: 2\r\n VpcId: !Ref 'VPC'\r\n PublicLoadBalancerListener:\r\n Type: AWS::ElasticLoadBalancingV2::Listener\r\n DependsOn:\r\n - PublicLoadBalancer\r\n Properties:\r\n DefaultActions:\r\n - TargetGroupArn: !Ref 'DummyTargetGroupPublic'\r\n Type: 'forward'\r\n LoadBalancerArn: !Ref 'PublicLoadBalancer'\r\n Port: 80\r\n Protocol: HTTP\r\n\r\n # This is an IAM role which authorizes ECS to manage resources on your\r\n # account on your behalf, such as updating your load balancer with the\r\n # details of where your containers are, so that traffic can reach your\r\n # containers.\r\n ECSRole:\r\n Type: AWS::IAM::Role\r\n Properties:\r\n AssumeRolePolicyDocument:\r\n Statement:\r\n - Effect: Allow\r\n Principal:\r\n Service: [ecs.amazonaws.com]\r\n Action: ['sts:AssumeRole']\r\n Path: /\r\n Policies:\r\n - PolicyName: ecs-service\r\n PolicyDocument:\r\n Statement:\r\n - Effect: Allow\r\n Action:\r\n # Rules which allow ECS to attach network interfaces to instances\r\n # on your behalf in order for awsvpc networking mode to work right\r\n - 'ec2:AttachNetworkInterface'\r\n - 'ec2:CreateNetworkInterface'\r\n - 'ec2:CreateNetworkInterfacePermission'\r\n - 'ec2:DeleteNetworkInterface'\r\n - 'ec2:DeleteNetworkInterfacePermission'\r\n - 'ec2:Describe*'\r\n - 'ec2:DetachNetworkInterface'\r\n\r\n # Rules which allow ECS to update load balancers on your behalf\r\n # with the information sabout how to send traffic to your containers\r\n - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'\r\n - 'elasticloadbalancing:DeregisterTargets'\r\n - 'elasticloadbalancing:Describe*'\r\n - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'\r\n - 'elasticloadbalancing:RegisterTargets'\r\n Resource: '*'\r\n\r\n # This is a role which is used by the ECS tasks themselves.\r\n ECSTaskExecutionRole:\r\n Type: AWS::IAM::Role\r\n Properties:\r\n AssumeRolePolicyDocument:\r\n Statement:\r\n - Effect: Allow\r\n Principal:\r\n Service: [ecs-tasks.amazonaws.com]\r\n Action: ['sts:AssumeRole']\r\n Path: /\r\n Policies:\r\n - PolicyName: AmazonECSTaskExecutionRolePolicy\r\n PolicyDocument:\r\n Statement:\r\n - Effect: Allow\r\n Action:\r\n # Allow the ECS Tasks to download images from ECR\r\n - 'ecr:GetAuthorizationToken'\r\n - 'ecr:BatchCheckLayerAvailability'\r\n - 'ecr:GetDownloadUrlForLayer'\r\n - 'ecr:BatchGetImage'\r\n\r\n # Allow the ECS tasks to upload logs to CloudWatch\r\n - 'logs:CreateLogStream'\r\n - 'logs:PutLogEvents'\r\n Resource: '*'\r\n RoleName: !Ref 'ExecutionRoleName'\r\n\r\n# These are the values output by the CloudFormation template. Be careful\r\n# about changing any of them, because of them are exported with specific\r\n# names so that the other task related CF templates can use them.\r\nOutputs:\r\n ClusterName:\r\n Description: The name of the ECS cluster\r\n Value: !Ref 'ECSCluster'\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ClusterName' ] ]\r\n ExternalUrl:\r\n Description: The url of the external load balancer\r\n Value: !Join ['', ['http://', !GetAtt 'PublicLoadBalancer.DNSName']]\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ExternalUrl' ] ]\r\n ECSRole:\r\n Description: The ARN of the ECS role\r\n Value: !GetAtt 'ECSRole.Arn'\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ECSRole' ] ]\r\n ECSTaskExecutionRole:\r\n Description: The ARN of the ECS role\r\n Value: !GetAtt 'ECSTaskExecutionRole.Arn'\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ECSTaskExecutionRole' ] ]\r\n PublicListener:\r\n Description: The ARN of the public load balancer's Listener\r\n Value: !Ref PublicLoadBalancerListener\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicListener' ] ]\r\n VPCId:\r\n Description: The ID of the VPC that this stack is deployed in\r\n Value: !Ref 'VPC'\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'VPCId' ] ]\r\n PublicSubnetOne:\r\n Description: Public subnet one\r\n Value: !Ref 'PublicSubnetOne'\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetOne' ] ]\r\n PublicSubnetTwo:\r\n Description: Public subnet two\r\n Value: !Ref 'PublicSubnetTwo'\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetTwo' ] ]\r\n FargateContainerSecurityGroup:\r\n Description: A security group used to allow Fargate containers to receive traffic\r\n Value: !Ref 'FargateContainerSecurityGroup'\r\n Export:\r\n Name: !Join [ ':', [ !Ref 'AWS::StackName', 'FargateContainerSecurityGroup' ] ]",
"template_url": null,
"timeout_in_minutes": null,
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19"
}
]
},
{
"mode": "managed",
"type": "aws_ecr_repository",
"name": "demo-app-repository",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ecr:us-east-1:759907441676:repository/fastapi-backend",
"id": "fastapi-backend",
"image_scanning_configuration": [
{
"scan_on_push": false
}
],
"image_tag_mutability": "MUTABLE",
"name": "fastapi-backend",
"registry_id": "759907441676",
"repository_url": "759907441676.dkr.ecr.us-east-1.amazonaws.com/fastapi-backend",
"tags": {},
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxMjAwMDAwMDAwMDAwfX0="
}
]
}
],
"check_results": null
}