Darnel Project

1.
Dockerfile
FROM alpine:3.11
RUN echo "America/Bogota" > /etc/timezone
ENV TZ=America/Bogota
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN apk update && apk add --no-cache jq php7-fpm php7-zip nginx nginx-mod-http-headers-more \
php7 php7-pdo php7-dom php7-xml php7-tokenizer php7-curl php7-pdo_mysql php7-json php7-cli \
php7-mbstring php7-gd php7-simplexml php7-fileinfo php7-xmlwriter php7-session \
nodejs npm supervisor composer make g++ gcc libgcc curl \
&& rm -rf /var/cache/apk/*
RUN apk add --no-cache bash
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

RUN php wp-cli.phar --info
RUN chmod +x wp-cli.phar
RUN mv wp-cli.phar /usr/local/bin/wp
WORKDIR /var/www/html/darnel
COPY docker/php.ini /etc/php7/php.ini

ADD ./composer.json .
ADD ./composer.lock .
ADD ./package.json .
#ADD ./ciencuadrassource/package-lock.json .
COPY . .
COPY ./composer.json /var/www/html/darnel/composer.json

COPY ./composer.lock /var/www/html/darnel/composer.lock
COPY ./package.json /var/www/html/darnel/package.json
RUN composer self-update --version

#RUN composer require wikimedia/composer-merge-plugin
RUN composer install --ignore-platform-reqs
RUN npm install
ARG APP_ENV
ENV APP_ENV $APP_ENV
COPY "docker/enviroments/.env.$APP_ENV" /var/www/html/darnel/.env
RUN chmod -R 777 ./storage

RUN chmod -R 777 ./storage
RUN rm /etc/nginx/conf.d/default.conf \
&& rm /etc/php7/php-fpm.d/www.conf
COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf
COPY docker/nginx/sites-enabled /etc/nginx/sites-enabled
COPY docker/www.conf /etc/php7/php-fpm.d/www.conf
COPY docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
1.2 nginx
server {
listen 80;
listen [::]:80;
#server_name _;
root /var/www/html/darnel;
index index.php index.html;
# add_header X-Cached $upstream_cache_status;
# expires 5m;
set $my_https $https;

if ($http_x_forwarded_proto = 'https') {
set $my_https 'on';
}
location / {
# try to serve file directly, fallback to app.php
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
#include conf.d/cache5m.inc;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;

fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param HTTPS $my_https; # set $_SERVER['HTTPS']
include fastcgi_params;
#internal;
}
# PROD
location ~ ^/index\.php(/|$) {
#include conf.d/cache5m.inc;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;

fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param HTTPS $my_https; # set $_SERVER['HTTPS']

include fastcgi_params;
#internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
}
2. Plantilla yml infraestructura IAAS

2.1 VPC yml
AWSTemplateFormatVersion: 2010-09-09
Description: vpc 3zonas

Parameters:
AvailabilityZone1:
Description: The first availability zone in the region
Type: AWS::EC2::AvailabilityZone::Name
ConstraintDescription: Must be a valid availability zone
AvailabilityZone2:
Description: The second availability zone in the region
AvailabilityZone3:
Description: The second availability zone in the region
SSHFrom:
Description: Limit SSH access to bastion hosts to a CIDR IP block
Type: String
MinLength: 9
MaxLength: 18
Default: 0.0.0.0/0
ELBIngressPort:
Description: The ELB ingress port used by security groups
Type: Number
MinValue: 0
MaxValue: 65535
ConstraintDescription: TCP ports must be between 0 - 65535
Default: 80
ELBIngressPortSSL:
Description: The ELB ingress ssl port used by security groups
Type: Number
MinValue: 0
MaxValue: 65535
Default: 443
AppIngressPort:
Description: The application ingress port used by security groups
Type: Number
MinValue: 0
MaxValue: 65535
Default: 80
SingleNatGateway:
Description: Set to true to only install one NAT gateway
Type: String
ConstraintDescription: Value must be true or false
Default: true
AllowedValues:
- true
- false
PrefixCIDR:
Description: "PrefixCIDR example : 10.52.0"
Type: String
#Default: 10.65.25
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Region Availability Zones
Parameters:
- AvailabilityZone1
- AvailabilityZone2
- AvailabilityZone3
- Label:
default: Ingress Ports
Parameters:
- ELBIngressPort
- ELBIngressPortSSL
- AppIngressPort
ParameterLabels:
AvailabilityZone1:
default: Availability Zone 1
AvailabilityZone2:
AvailabilityZone3:
ELBIngressPort:
default: Load Balancer Port
ELBIngressPortSSL:
default: Load Balancer Port SSL
AppIngressPort:
default: Application Port
Conditions:
CreateSingleNatGateway: !Equals [ !Ref SingleNatGateway, true ]
CreateMultipleNatGateways: !Not [ Condition: CreateSingleNatGateway ]
Mappings:
# Maps CIDR blocks to VPC and various subnets

CIDRMap:
VPC:
CIDR: ".0/24"
Public1:
CIDR: ".0/28"
Public2:
CIDR: ".16/28"
Public3:
CIDR: ".38/28"
Private1:
CIDR: ".64/26"
Private2:
CIDR: ".128/26"
Private3:
CIDR: ".192/26"
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock:
!Join
- ''
- - !Sub "${PrefixCIDR}"
- !FindInMap [CIDRMap, VPC, CIDR]
- ""
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Ref "AWS::StackName"
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock:
!Join
- ''
- !FindInMap [ CIDRMap, Public1, CIDR ]
AvailabilityZone: !Ref AvailabilityZone1
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PublicSubnet1"
PublicSubnet2:
Properties:
VpcId: !Ref VPC
CidrBlock:
!Join
- ''
Tags:
- Key: Name
PublicSubnet3:
Properties:
VpcId: !Ref VPC
CidrBlock:
!Join
- ''
Tags:
- Key: Name
PrivateSubnet1:
Properties:
VpcId: !Ref VPC
CidrBlock:
!Join
- ''
- !FindInMap [ CIDRMap, Private1, CIDR ]
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PrivateSubnet1"
PrivateSubnet2:
Properties:
VpcId: !Ref VPC
CidrBlock:
!Join
- ''
Tags:
- Key: Name
PrivateSubnet3:
Properties:
VpcId: !Ref VPC
CidrBlock:
!Join
- ''
Tags:
- Key: Name
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-igw"
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-public-igw"
PublicRoute:
Type: AWS::EC2::Route
DependsOn: VPCGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
Properties:
Properties:
PublicSubnetNetworkAclAssociation1:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !GetAtt VPC.DefaultNetworkAcl
Properties:
Properties:
ELBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP/HTTPs ingress
VpcId: !Ref VPC
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
ToPort: !Ref ELBIngressPort
FromPort: !Ref ELBIngressPort
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
ToPort: !Ref ELBIngressPortSSL
FromPort: !Ref ELBIngressPortSSL
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-ELBSecurityGroup"
ELBSecurityGroupToAppEgress:
Type: AWS::EC2::SecurityGroupEgress # prevent security group circular references
Properties:
GroupId: !Ref ELBSecurityGroup
IpProtocol: tcp
ToPort: !Ref AppIngressPort
FromPort: !Ref AppIngressPort
DestinationSecurityGroupId: !Ref AppSecurityGroup
AppSecurityGroup:
Properties:
GroupDescription: Enable access from ELB to app
VpcId: !Ref VPC
- SourceSecurityGroupId: !Ref ELBSecurityGroup
IpProtocol: tcp
- SourceSecurityGroupId: !Ref BastionSecurityGroup
IpProtocol: tcp
ToPort: 22
FromPort: 22
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: -1
ToPort: 65535
FromPort: 0
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-AppSecurityGroup"
AppSecurityGroupFromELBIngress:
Type: AWS::EC2::SecurityGroupIngress # prevent security group circular references
Properties:
GroupId: !Ref AppSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref ELBSecurityGroup
AppSecurityGroupFromBastionIngress:
Type: AWS::EC2::SecurityGroupIngress # prevent security group circular references
Properties:
GroupId: !Ref AppSecurityGroup
IpProtocol: tcp
ToPort: 22
FromPort: 22
SourceSecurityGroupId: !Ref BastionSecurityGroup
BastionSecurityGroup:
Properties:
GroupDescription: Enable access to the bastion host
VpcId: !Ref VPC
- CidrIp: !Ref SSHFrom
IpProtocol: tcp
ToPort: 22
FromPort: 22
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-BastionSecurityGroup"
MongoSecurityGroup:
Properties:
GroupDescription: Enable access from ELB to app
VpcId: !Ref VPC
IpProtocol: tcp
ToPort: 22
FromPort: 22
IpProtocol: tcp
ToPort: 27017
FromPort: 27017
- SourceSecurityGroupId: !Ref AppSecurityGroup
IpProtocol: tcp
ToPort: 27017
FromPort: 27017
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-MongoSecurityGroup"
BastionSecurityGroupToAppEgress:
Properties:
GroupId: !Ref BastionSecurityGroup
IpProtocol: tcp
ToPort: 22
FromPort: 22
DestinationSecurityGroupId: !Ref AppSecurityGroup
BastionSecurityGroupToAllEgress:
Properties:
GroupId: !Ref BastionSecurityGroup
IpProtocol: -1
ToPort: 65535
FromPort: 0
CidrIp: 0.0.0.0/0
# NAT-related resources
#
# NAT is used to allow instances in private subnets to communicate with AWS
# services, and pull down code and updates.
NatGateway1:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatEIP1.AllocationId
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-NatGateway1"
NatGateway2:
Condition: CreateMultipleNatGateways
Properties:
Tags:
- Key: Name
NatGateway3:
Properties:
Tags:
- Key: Name
NatEIP1:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-NatEIP1"
NatEIP2:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Tags:
- Key: Name
NatEIP3:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Tags:
- Key: Name
NatRouteTable1:
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-private-nat-1"
NatRouteTable2:
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
NatRouteTable3:
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
NatRoute1:
Properties:
RouteTableId: !Ref NatRouteTable1
NatGatewayId: !Ref NatGateway1
NatRoute2:
Properties:
NatRoute3:
Properties:
PrivateSubnetRouteTableAssociation1:
Properties:
SubnetId: !Ref PrivateSubnet1
PrivateSubnetRouteTableAssociation1a:
Condition: CreateSingleNatGateway
Properties:
PrivateSubnetRouteTableAssociation1b:
Condition: CreateSingleNatGateway
Properties:
Properties:
Properties:
Outputs:
Name:
Description: VPC Stack Name
Value: !Ref AWS::StackName
Export:
Name: !Sub ${AWS::StackName}-Name
VPCId:
Description: VPC ID
Value: !Ref VPC
Export:
Name: !Sub "${AWS::StackName}-VpcID"
VpcCidr:
Description: Vpc cidr block
Value:
!Join
- ''
- !FindInMap [ CIDRMap, VPC, CIDR ]
Export:
Name: !Sub "${AWS::StackName}-vpc-cidr"
PublicSubnet1:
Description: Public subnet 1 ID
Value: !Ref PublicSubnet1
Export:
Name: !Sub "${AWS::StackName}-PublicSubnet1ID"
PublicSubnet2:
Export:
PublicSubnet3:
Export:
PrivateSubnet1:
Description: Private subnet 1 ID
Value: !Ref PrivateSubnet1
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnet1ID"
PrivateSubnet2:
Export:
PrivateSubnet3:
Export:
ELBSecurityGroup:
Description: Security group ID for Internet-facing ELB
Value: !GetAtt ELBSecurityGroup.GroupId
Export:
Name: !Sub "${AWS::StackName}-ELBSecurityGroupID"
AppSecurityGroup:
Description: Security group ID for app behind ELB
Value: !GetAtt AppSecurityGroup.GroupId
Export:
Name: !Sub "${AWS::StackName}-AppSecurityGroupID"
BastionSecurityGroup:
Description: Security group ID for bastion host
Value: !GetAtt BastionSecurityGroup.GroupId
Export:
Name: !Sub "${AWS::StackName}-BastionGroupID"
ELBIngressPort:
Description: ELB ingress port
Value: !Ref ELBIngressPort
Export:
Name: !Sub "${AWS::StackName}-ELBIngressPort"
ELBIngressPortSSL:
Description: ELB ingress port
Value: !Ref ELBIngressPortSSL
Export:
Name: !Sub "${AWS::StackName}-ELBIngressPortSSL"
AppIngressPort:
Description: App ingress port
Value: !Ref AppIngressPort
Export:
Name: !Sub "${AWS::StackName}-AppIngressPort"
2.2 ELB yml plantilla

#
# This template is released under Apache Version 2.0, and can be forked, copied, modified,
# customized, etc. to match your application/system requirements.
#Description: ELB Fargate
Parameters:
NetworkStackName:
Type: String
Description: Name of an active Startup Kit CloudFormation stack that contains networking resources
MinLength: 1
MaxLength: 255
AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"
AppProtocol:
Type: String
Description: The application server protocol
Default: HTTP
AllowedValues:
- HTTP
- HTTPS
ConstraintDescription: Specify either HTTTP or HTTPS
SSLCertificateId:
Type: String
Description: The SSL/TLS certificate ID (abcdef01-abcd-abcd-abcd-abcdef012345)
MinLength: 0
MaxLength: 36
Default: ""
EnvironmentName:
Type: String
Description: Environment name - dev, qa or prod
Default: dev
AllowedValues:
- dev
- qa
- pre
- prod
- proy
ConstraintDescription: Specify dev, test or prod
AppEnvironment:
Type: String
Description: App Environment for the build time
Default: dev
AllowedValues:
- dev
- qa
- pre
- prod
- proy
LoadBalancerAlarmEvaluationPeriods:
Description: The number of periods over which data is compared to the specified threshold
Type: Number
Default: 2
MinValue: 2
ConstraintDescription: Must be at least two
LoadBalancerAlarmEvaluationPeriodSeconds:
Description: The time over which the specified statistic is applied. Specify time in seconds, in multiples of 60.
Type: Number
Default: 300
MinValue: 60
ConstraintDescription: Must be at least 60 seconds
LoadBalancerLatencySeconds:
Description: LoadBalancer latency threshold, in seconds
Type: Number
Default: 2
MinValue: 1
ConstraintDescription: Must be at least one second
EnableLBAlarm:
Description: Set to true to enable load balancer latency alarm
Type: String
Default: false
AllowedValues:
- true
- false
Conditions:
IsTlsEnabled: !Not [ !Equals [ !Ref SSLCertificateId, "" ] ]
IsNotTlsEnabled: !Not [ Condition: IsTlsEnabled ]
IsLBAlarmEnabled: !Equals [ !Ref EnableLBAlarm, true ]
IsProduction: !Equals [ !Ref EnvironmentName, prod ]
Resources:
# The ALB lives in two public subnets. See the existing vpc.cfn.yml stack
# for ELB/ALB and application security groups which define ingress ports.
ApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Ref AWS::StackName
Subnets:
- Fn::ImportValue: !Sub ${NetworkStackName}-PublicSubnet1ID
SecurityGroups:
- Fn::ImportValue: !Sub ${NetworkStackName}-ELBSecurityGroupID
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: 600
Tags:
- Key: Stack
- Key: Environment
Value: !Ref EnvironmentName
- Key: AppEnvironment
Value: !Ref AppEnvironment
# The health checks can be further tuned if your requirements differ

DefaultTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckTimeoutSeconds: 30
HealthCheckIntervalSeconds: 60
HealthyThresholdCount: 2
UnhealthyThresholdCount: 5
VpcId:
Fn::ImportValue: !Sub ${NetworkStackName}-VpcID
Port:
Fn::ImportValue: !Sub ${NetworkStackName}-AppIngressPort
Protocol: !Ref AppProtocol
Matcher:
HttpCode: 200
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: !If [IsProduction, 300, 1]
TargetType: ip
Tags:
- Key: Stack
- Key: Environment
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Condition: IsNotTlsEnabled
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port:
Fn::ImportValue: !Sub ${NetworkStackName}-ELBIngressPort
Protocol: HTTP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref DefaultTargetGroup
LoadBalancerListenerRedirect:
Condition: IsTlsEnabled
Properties:
Port:
Fn::ImportValue: !Sub ${NetworkStackName}-ELBIngressPort
Protocol: HTTP
DefaultActions:
- Type: redirect
RedirectConfig:
Port:
Fn::ImportValue: !Sub ${NetworkStackName}-ELBIngressPortSSL
Protocol: 'HTTPS'
StatusCode: 'HTTP_301'
LoadBalancerListenerSSL:
Condition: IsTlsEnabled
Properties:
Port:
Fn::ImportValue: !Sub ${NetworkStackName}-ELBIngressPortSSL
Protocol: HTTPS
Certificates:
- CertificateArn: !Sub "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/${SSLCertificateId}"
DefaultActions:
- Type: forward
TargetGroupArn: !Ref DefaultTargetGroup
DependsOn: ApplicationLoadBalancer
FargateEcsCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Ref AWS::StackName
CapacityProviders:
- FARGATE
- FARGATE_SPOT
DefaultCapacityProviderStrategy:
- CapacityProvider: FARGATE_SPOT
Weight: 1
- CapacityProvider: FARGATE
Weight: 1
Outputs:
Name:
Description: Stack Name
Export:
EnvironmentName:
Description: Environment Name
Export:
Name: !Sub ${AWS::StackName}-EnvironmentName
ApplicationLoadBalancerArn:
Value: !Ref ApplicationLoadBalancer
Export:
Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerArn
ApplicationLoadBalancerBaseDnsName:
Value: !GetAtt ApplicationLoadBalancer.DNSName
Export:
Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerBaseDnsName
ApplicationLoadBalancerName:
Value: !GetAtt ApplicationLoadBalancer.LoadBalancerName
Export:
Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerName
ApplicationLoadBalancerListenerArn:
Value: !If [IsNotTlsEnabled, !Ref LoadBalancerListener, !Ref LoadBalancerListenerSSL]
Export:
Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerListenerArn
FargateEcsClusterName:
Value: !Ref FargateEcsCluster
Export:
Name: !Sub ${AWS::StackName}-FargateEcsClusterName
FargateEcsClusterArn:
Value: !GetAtt FargateEcsCluster.Arn
Export:
Name: !Sub ${AWS::StackName}-FargateEcsClusterArn
2.3 Pipeline Fargate yml plantilla

Description: Insoftar Fargate
Parameters:
NetworkStackName:
Type: String
MinLength: 1
MaxLength: 255
ELBStackName:
Type: String
MinLength: 1
MaxLength: 255
ELBRuleHostHeader:
Type: List<String>
Description: ELB Rule Host Header
MinLength: 1
ELBRulePathPattern:
Type: String
Description: ELB Rule Path Pattern
AllowedPattern: "^(/[a-zA-Z][a-zA-Z0-9]*)|(\\s*)$"
Default: ""
ELBRulePriority:
Type: Number
MinValue: 1
Default: 1
AppProtocol:
Type: String
Description: The application server protocol
Default: HTTP
AllowedValues:
- HTTP
- HTTPS
ConstraintDescription: Specify either HTTTP or HTTPS
GitHubRepo:
Type: String
Description: CodeCommit or GitHub source repository - must contain a Dockerfile in the base
GitHubBranch:
Type: String
Description: CodeCommit or GitHub git repository branch - change triggers a new build
GitHubToken:
Type: String
Description: "GitHub API token - see: https://github.com/blog/1509-personal-api-tokens"
GitHubUser:
Type: String
Description: GitHub username or organization - leave blank if using CodeCommit
CodeBuildDockerImage:
Type: String
Default: aws/codebuild/docker:18.09.0
#Default: aws/codebuild/amazonlinux2-x86_64-standard:3.0
SeedDockerImage:
Type: String
Default: registry.hub.docker.com/library/nginx:1.13
Description: Initial image before CodePipeline is executed. Existing application images in ECR should override this
parameter
DefaultContainerCpu:
Type: Number
Description: "Amount of CPU for the container - options available: https://aws.amazon.com/fargate/pricing/"
Default: 1024
MinValue: 256
MaxValue: 4096
ConstraintDescription: "Value must be between 256 and 4096 - see:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size"
DefaultContainerMemory:
Type: Number
Description: "Amount of memory for the container - options available: https://aws.amazon.com/fargate/pricing/"
Default: 2048
MinValue: 512
MaxValue: 30720
ConstraintDescription: "Value must be between 512 and 30720 - see: https://aws.amazon.com/fargate/pricing/"
DefaultTaskMinContainerCount:
Type: Number
Description: Minimum number of containers to run for the service
Default: 1
MinValue: 1
ConstraintDescription: Value must be at least one
DefaultTaskMaxContainerCount:
Type: Number
Description: Maximum number of containers to run for the service when auto scaling out
Default: 2
MinValue: 1
ConstraintDescription: Value must be at least one
ContainerLogRetentionInDays:
Type: Number
Default: 7
MaxTaggedContainerImagesToRetain:
Type: Number
Description: The number of tagged container images to retain before expiring
MinValue: 1
MaxValue: 100
ConstraintDescription: Value must be between 1 and 100
Default: 20
DaysToRetainUntaggedContainerImages:
Type: Number
Description: The number days to retain untagged container images before expiring
MinValue: 1
MaxValue: 100
ConstraintDescription: Value must be between 1 and 100
Default: 7
EnvironmentName:
Type: String
Description: Environment name - dev, stg , prod, pre
Default: dev
AllowedValues:
- dev
- stg
- pre
- prod
- test
- qa
ConstraintDescription: Specify dev, stg , prod, pre
AppEnvironment:
Type: String
Description: App Environment for the build time
Default: dev
AllowedValues:
- dev
- stg
- pre
- prod
- qa
- test
CreateECSRole:
Description: Set to true to create the service linked role for ECS - Fargate
Type: String
Default: false
AllowedValues:
- true
- false
EFSStackName:
Type: String
MinLength: 0
MaxLength: 255
Default: "none"
EFSPath:
Type: String
MinLength: 0
MaxLength: 255
Default: ""
EFSContainerPath:
Type: String
MinLength: 0
MaxLength: 255
Default: ""
Conditions:
IsGitHub: !And
- !Not [ !Equals [ !Ref GitHubToken, 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 ] ]
- !Not [ !Equals [ !Ref GitHubUser, info@quadi.co ] ]
IsCodeCommit: !Not [ Condition: IsGitHub ]
IsProd: !Equals [ !Ref EnvironmentName, production ]
IsProduction: !Or [ !Equals [ !Ref EnvironmentName, prod ], Condition: IsProd ]
CreateEventRule: !Not [ Condition: IsProduction ]
ECSRoleTobeCreated: !Equals [!Ref CreateECSRole, true]
IsListenerRuleHostHeaderOnly: !Equals [ !Ref ELBRulePathPattern, "" ]
IsListenerRulePathPattern: !Not [!Equals [ !Ref ELBRulePathPattern, "" ]]
HasEFS: !And
- !Not [ !Equals [ !Ref EFSStackName, "" ] ]
- !Not [ !Equals [ !Ref EFSPath, "" ] ]
- !Not [ !Equals [ !Ref EFSContainerPath, "" ] ]
NotHasEFS: !Not [ Condition: HasEFS ]
Resources:
DefaultContainerBucket:
Type: AWS::S3::Bucket
CodePipelineArtifactBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
LifecycleConfiguration:
Rules:
- Id: delete-rule
Status: Enabled
ExpirationInDays: 1
NoncurrentVersionExpirationInDays: 1
AbortIncompleteMultipartUpload:
DaysAfterInitiation: 1
CodeBuildServiceRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource: "*"
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- ecr:GetAuthorizationToken
- Resource: "*"
Effect: Allow
Action:
- secretsmanager:GetSecretValue
- Resource: "*"
Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeDhcpOptions
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
- ec2:DescribeSubnets
- ec2:DescribeSecurityGroups
- ec2:DescribeVpcs
- ec2:CreateNetworkInterfacePermission
- Resource: !Sub arn:aws:s3:::${CodePipelineArtifactBucket}/*
Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetBucketVersioning
- s3:DeleteObject
- s3:DeleteObjectVersion
- s3:PutObjectAcl
- Resource: !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/$
{EcrDockerRepository}
Effect: Allow
Action:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:PutImage
- ecr:InitiateLayerUpload
- ecr:UploadLayerPart
- ecr:CompleteLayerUpload
# By default, the build specification is defined in this template, but you can also add buildspec.yml
# files in your repos to allow for customization.
# See:
# https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-source.html
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: CODEPIPELINE
Source:
Type: CODEPIPELINE
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Type: LINUX_CONTAINER
Image: !Ref CodeBuildDockerImage
EnvironmentVariables:
- Name: REPOSITORY_URI
Value: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${EcrDockerRepository}
- Name: ENVIRONMENT_NAME
- Name: REPOSITORY_NAME
Value: !Ref GitHubRepo
- Name: REPOSITORY_BRANCH
Value: !Ref GitHubBranch
- Name: AWS_DEFAULT_REGION
Value: !Ref AWS::Region
- Name: IMAGE_TAG
Value: latest
- Name: BUILD_ENV
- Name: APP_ENVIRONMENT
Name: !Ref AWS::StackName
ServiceRole: !Ref CodeBuildServiceRole
VpcConfig:
VpcId:
Subnets:
- Fn::ImportValue: !Sub ${NetworkStackName}-PrivateSubnet1ID
SecurityGroupIds:
- Fn::ImportValue: !Sub ${NetworkStackName}-AppSecurityGroupID
CodePipelineServiceRole:
Properties:
Path: /
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Policies:
- PolicyName: codepipeline-access
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource: "*"
Effect: Allow
Action:
- ecs:List*
- ecs:Describe*
- ecs:RegisterTaskDefinition
- ecs:UpdateService
- codebuild:StartBuild
- codebuild:BatchGetBuilds
- codecommit:GetBranch
- codecommit:GetCommit
- codecommit:UploadArchive
- codecommit:GetUploadArchiveStatus
- codecommit:CancelUploadArchive
- iam:PassRole
- Resource: !Sub arn:aws:s3:::${CodePipelineArtifactBucket}/*
Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetBucketVersioning
- s3:DeleteObject
- s3:DeleteObjectVersion
- s3:PutObjectAcl
DependsOn:
- CodePipelineArtifactBucket
# This CodePipeline is used for CodeCommit repos. It triggers on a commit to the Git branch passed,
# builds the Docker image and then deploys the container in the Fargate Cluster. CodePipeline can support N stages.
# For example, you may want to add a stage to test your build and/or container.
CodePipelineCodeCommit:
Type: AWS::CodePipeline::Pipeline
Condition: IsCodeCommit
Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn
Name: !Sub ${AWS::StackName}
ArtifactStore:
Type: S3
Location: !Ref CodePipelineArtifactBucket
Stages:
- Name: Source
Actions:
- Name: App
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: '1'
Provider: GitHub
Configuration:
Owner: !Ref GitHubUser
Repo: !Ref GitHubRepo
Branch: !Ref GitHubBranch
OAuthToken: !Ref GitHubToken
OutputArtifacts:
- Name: App
RunOrder: 1
- Name: Build
Actions:
- Name: Build
ActionTypeId:
Category: Build
Owner: AWS
Version: 1
Provider: CodeBuild
Configuration:
ProjectName: !Ref CodeBuildProject
InputArtifacts:
- Name: App
OutputArtifacts:
- Name: BuildOutput
RunOrder: 1
- Name: Deploy
Actions:
- Name: Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: ECS
Configuration:
ClusterName:
Fn::ImportValue: !Sub ${ELBStackName}-FargateEcsClusterName
ServiceName: !GetAtt DefaultFargateService.Name
FileName: imagedefinitions.json
InputArtifacts:
- Name: BuildOutput
RunOrder: 1
DependsOn:
- CodePipelineArtifactBucket
- CodeBuildProject
- CodePipelineServiceRole
- DefaultFargateService
# Simple Amazon ECR Lifecycle Policies to try and reduce storage costs
# See: https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
EcrDockerRepository:
Type: AWS::ECR::Repository
Properties:
RepositoryName: !Sub ${AWS::StackName}
LifecyclePolicy:
LifecyclePolicyText: !Sub
-|
{
"rules": [
{
"rulePriority": 1,
"description": "Only keep untagged images for ${DaysToRetainUntaggedContainerImages}
days",
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": ${DaysToRetainUntaggedContainerImages}
},
"action": { "type": "expire" }
},
{
"rulePriority": 2,
"description": "Keep only ${MaxTaggedContainerImagesToRetain} tagged images, expire all
others",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": [ "${EnvironmentName}" ],
"countType": "imageCountMoreThan",
"countNumber": ${MaxTaggedContainerImagesToRetain}
},
"action": { "type": "expire" }
}
]
}
- DaysToRetainUntaggedContainerImages: !Ref DaysToRetainUntaggedContainerImages
MaxTaggedContainerImagesToRetain: !Ref MaxTaggedContainerImagesToRetain
EnvironmentName: !Ref EnvironmentName
# The health checks can be further tuned if your requirements differ

TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
#Name: !Sub ${AWS::StackName}
Name: !Join [ '-', !Split ['fargate',!Join [ '', !Split ['-',!Ref AWS::StackName]]]]
HealthCheckTimeoutSeconds: !If [IsProduction, 30, 60]
HealthCheckIntervalSeconds: !If [IsProduction, 60, 90]
HealthyThresholdCount: 2
UnhealthyThresholdCount: 5
VpcId:
Port:
Protocol: !Ref AppProtocol
Matcher:
HttpCode: 200,404,302
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: !If [IsProduction, 300, 1]
- Key: stickiness.enabled
Value: false
TargetType: ip
Tags:
- Key: Repository
Value: !Ref GitHubRepo
- Key: Branch
Value: !Ref GitHubBranch
- Key: Stack
- Key: Environment
- Key: Name
ListenerRuleHostHeader:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Condition: IsListenerRuleHostHeaderOnly
Properties:
Actions:
- Type: forward
TargetGroupArn: !Ref TargetGroup
Conditions:
- Field: host-header
HostHeaderConfig:
Values: !Ref ELBRuleHostHeader
ListenerArn:
Fn::ImportValue: !Sub ${ELBStackName}-ApplicationLoadBalancerListenerArn
Priority: !Ref ELBRulePriority
ListenerRulePathPattern:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Condition: IsListenerRulePathPattern
Properties:
Actions:
- Type: forward
Conditions:
- Field: host-header
HostHeaderConfig:
Values: !Ref ELBRuleHostHeader
- Field: path-pattern
PathPatternConfig:
Values:
- !Sub "${ELBRulePathPattern}"
- !Sub "${ELBRulePathPattern}/"
- !Sub "${ELBRulePathPattern}/*"
ListenerArn:
Fn::ImportValue: !Sub ${ELBStackName}-ApplicationLoadBalancerListenerArn
Priority: !Ref ELBRulePriority
# The namespace in Amazon CloudWatch Logs - see

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogsConcepts.html
DefaultLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /fargate/${AWS::StackName}/${GitHubRepo}/${GitHubBranch}/${EnvironmentName}
RetentionInDays: !Ref ContainerLogRetentionInDays
DefaultTaskRole:
Properties:
Path: /
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Policies:
- PolicyName: default-s3-bucket-and-ecs-readonly
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: s3:*
Resource: !GetAtt DefaultContainerBucket.Arn
- Resource: '*'
Effect: Allow
Action:
- ecs:ListAttributes
- ecs:DescribeTaskSets
- ecs:DescribeTaskDefinition
- ecs:DescribeClusters
- ecs:ListServices
- ecs:ListAccountSettings
- ecs:DescribeCapacityProviders
- ecs:ListTagsForResource
- ecs:ListTasks
- ecs:ListTaskDefinitionFamilies
- ecs:DescribeServices
- ecs:ListContainerInstances
- ecs:DescribeContainerInstances
- ecs:DescribeTasks
- ecs:ListTaskDefinitions
- ecs:ListClusters
DependsOn: DefaultContainerBucket
DefaultTaskExecutionRole:
Properties:
Path: /
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
DefaultFargateTaskDefinition:
Condition: NotHasEFS
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Ref AWS::StackName
RequiresCompatibilities:
- FARGATE
Cpu: !Ref DefaultContainerCpu
Memory: !Ref DefaultContainerMemory
NetworkMode: awsvpc
TaskRoleArn: !GetAtt DefaultTaskRole.Arn
ExecutionRoleArn: !GetAtt DefaultTaskExecutionRole.Arn
ContainerDefinitions:
- Name: !Ref GitHubRepo
Image: !Ref SeedDockerImage
Essential: true
Ulimits:
- HardLimit: 10240
Name: nofile
SoftLimit: 10240
PortMappings:
- ContainerPort:
# Environment variables can be customized by adding parameters/values below. Secrets

# should be stored in AWS Systems Manager Parameter Store.
# See: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html
Environment:
- Name: BUCKET_NAME
Value: !Ref DefaultContainerBucket
- Name: BUILD_ENV
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: !Ref AWS::Region
awslogs-group: !Ref DefaultLogGroup
awslogs-stream-prefix: !Ref GitHubRepo
DependsOn:
- DefaultContainerBucket
- DefaultLogGroup
- DefaultTaskExecutionRole
DefaultFargateTaskDefinitionEFS:
Condition: HasEFS
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Ref AWS::StackName
RequiresCompatibilities:
- FARGATE
Cpu: !Ref DefaultContainerCpu
Memory: !Ref DefaultContainerMemory
NetworkMode: awsvpc
TaskRoleArn: !GetAtt DefaultTaskRole.Arn
ExecutionRoleArn: !GetAtt DefaultTaskExecutionRole.Arn
Volumes:
- Name: efshtml
EfsVolumeConfiguration:
FileSystemId:
Fn::ImportValue: !Sub ${EFSStackName}-FileSystemId
RootDirectory: !Sub ${EFSPath}
ContainerDefinitions:
- Name: !Ref GitHubRepo
Image: !Ref SeedDockerImage
Essential: true
Ulimits:
- HardLimit: 10240
Name: nofile
SoftLimit: 10240
PortMappings:
- ContainerPort:
# Environment variables can be customized by adding parameters/values below. Secrets

# should be stored in AWS Systems Manager Parameter Store.
# See: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html
Environment:
- Name: BUCKET_NAME
Value: !Ref DefaultContainerBucket
- Name: BUILD_ENV
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: !Ref AWS::Region
awslogs-group: !Ref DefaultLogGroup
awslogs-stream-prefix: !Ref GitHubRepo
MountPoints:
- SourceVolume: efshtml
ContainerPath: !Sub ${EFSContainerPath}
ReadOnly: false
DependsOn:
- DefaultContainerBucket
- DefaultLogGroup
- DefaultTaskExecutionRole
SLRWaitCondition:
Type: "AWS::CloudFormation::WaitCondition"
Properties:
Handle: !If [ECSRoleTobeCreated, !Ref SLRWaitHandle, !Ref SLRNoWaitHandle]
Timeout: "1"
Count: 0
SLRNoWaitHandle:
Type: "AWS::CloudFormation::WaitConditionHandle"
SLRWaitHandle:
Condition: ECSRoleTobeCreated
DependsOn: DefaultFargateServiceSLR
Type: "AWS::CloudFormation::WaitConditionHandle"
DefaultFargateServiceSLR:
Type: "AWS::IAM::ServiceLinkedRole"
Condition: ECSRoleTobeCreated
Properties:
AWSServiceName: "ecs.amazonaws.com"
Description: "Role to enable Amazon ECS to manage your cluster."
DefaultFargateService:
Type: AWS::ECS::Service
Properties:
Cluster:
Fn::ImportValue: !Sub ${ELBStackName}-FargateEcsClusterName
#ServiceName: !Ref AWS::StackName
DesiredCount: !Ref DefaultTaskMinContainerCount
CapacityProviderStrategy:
- Base: 1
CapacityProvider: FARGATE_SPOT
Weight: 1
# - Base: 1
# CapacityProvider: FARGATE
# Weight: 1
#LaunchType: FARGATE
PlatformVersion: 1.4.0
TaskDefinition: !If [HasEFS, !Ref DefaultFargateTaskDefinitionEFS, !Ref DefaultFargateTaskDefinition]
LoadBalancers:
- ContainerName: !Ref GitHubRepo
ContainerPort:
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- Fn::ImportValue: !Sub ${NetworkStackName}-AppSecurityGroupID
Subnets:
# - Fn::ImportValue: !Sub ${NetworkStackName}-PrivateSubnet3ID
DependsOn:
- SLRWaitCondition
- TargetGroup
CommitEventRole:
Condition: CreateEventRule
Properties:
Path: /
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: events.amazonaws.com
Policies:
- PolicyName: !Sub ${AWS::StackName}-codepipeline-execution
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: codepipeline:StartPipelineExecution
Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:$
{CodePipelineCodeCommit}
DependsOn: CodePipelineCodeCommit
CommitEvent:
Type: AWS::Events::Rule
Condition: CreateEventRule
Properties:
Description: "Amazon CloudWatch Events rule to automatically start your pipeline when a change occurs in the
AWS CodeCommit source repository and branch. Deleting this may prevent changes from being detected in that pipeline.
Read more: http://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-about-starting.html"
EventPattern:
source:
- aws.codecommit
detail-type:
- CodeCommit Repository State Change
resources:
- !Ref GitHubRepo
detail:
event:
- referenceCreated
- referenceUpdated
referenceType:
- branch
referenceName:
- !Ref GitHubBranch
Name: !Sub ${AWS::StackName}
State: "ENABLED"
Targets:
-
RoleArn: !GetAtt CommitEventRole.Arn
Id: !Ref CodePipelineCodeCommit
Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineCodeCommit}
DependsOn: CommitEventRole
Outputs:
Name:
Description: Fargate Stack Name
Export:
EnvironmentName:
Description: Environment Name
Export:
Name: !Sub ${AWS::StackName}-EnvironmentName
EcrDockerRepositoryName:
Value: !Ref EcrDockerRepository
Export:
Name: !Sub ${AWS::StackName}-EcrDockerRepositoryName
EcrDockerRepositoryArn:
Value: !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${EcrDockerRepository}
Export:
Name: !Sub ${AWS::StackName}-EcrDockerRepositoryArn
EcrDockerRepositoryUri:
Value: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${EcrDockerRepository}
Export:
Name: !Sub ${AWS::StackName}-EcrDockerRepositoryUri
DefaultFargateServiceArn:
Value: !Ref DefaultFargateService
Export:
Name: !Sub ${AWS::StackName}-DefaultFargateServiceArn
DefaultFargateServiceName:
Value: !GetAtt DefaultFargateService.Name
Export:
Name: !Sub ${AWS::StackName}-DefaultFargateServiceName
CodePipelineArtifactBucketName:
Value: !Ref CodePipelineArtifactBucket
Export:
Name: !Sub ${AWS::StackName}-CodePipelineArtifactBucket
CodePipelineArtifactBucketArn:
Value: !GetAtt CodePipelineArtifactBucket.Arn
Export:
Name: !Sub ${AWS::StackName}-CodePipelineArtifactBucketArn
3 Diagramas infraestructura
3.1 Diagrama ELB

3.2 Diagrama VPC
3.3 Diagrama fargate pipeline
Diagrama general.

Darnel Project

Uploaded by

Copyright:

Available Formats

Darnel Project

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Darnel Project

Uploaded by

Copyright:

Available Formats

1.

RUN echo "America/Bogota" > /etc/timezone

RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN apk add --no-cache bash

RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

COPY docker/php.ini /etc/php7/php.ini

COPY ./composer.json /var/www/html/darnel/composer.json

RUN composer self-update --version

COPY "docker/enviroments/.env.$APP_ENV" /var/www/html/darnel/.env

RUN chmod -R 777 ./storage

COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf

COPY docker/nginx/sites-enabled /etc/nginx/sites-enabled

COPY docker/www.conf /etc/php7/php-fpm.d/www.conf

COPY docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

set $my_https $https;

fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;

fastcgi_param HTTPS $my_https; # set $_SERVER['HTTPS']

fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;

fastcgi_param HTTPS $my_https; # set $_SERVER['HTTPS']

2. Plantilla yml infraestructura IAAS

Description: vpc 3zonas

# Maps CIDR blocks to VPC and various subnets

2.2 ELB yml plantilla

#Description: ELB Fargate

IsTlsEnabled: !Not [ !Equals [ !Ref SSLCertificateId, "" ] ]

IsNotTlsEnabled: !Not [ Condition: IsTlsEnabled ]

IsLBAlarmEnabled: !Equals [ !Ref EnableLBAlarm, true ]

IsProduction: !Equals [ !Ref EnvironmentName, prod ]

# The health checks can be further tuned if your requirements differ

2.3 Pipeline Fargate yml plantilla

Description: Insoftar Fargate

IsCodeCommit: !Not [ Condition: IsGitHub ]

IsProd: !Equals [ !Ref EnvironmentName, production ]

IsProduction: !Or [ !Equals [ !Ref EnvironmentName, prod ], Condition: IsProd ]

CreateEventRule: !Not [ Condition: IsProduction ]

ECSRoleTobeCreated: !Equals [!Ref CreateECSRole, true]

IsListenerRuleHostHeaderOnly: !Equals [ !Ref ELBRulePathPattern, "" ]

IsListenerRulePathPattern: !Not [!Equals [ !Ref ELBRulePathPattern, "" ]]

NotHasEFS: !Not [ Condition: HasEFS ]

# The health checks can be further tuned if your requirements differ

# The namespace in Amazon CloudWatch Logs - see

# Environment variables can be customized by adding parameters/values below. Secrets

# Environment variables can be customized by adding parameters/values below. Secrets

3.1 Diagrama ELB

You might also like