Created
May 19, 2021 06:57
-
-
Save toricls/5c448b723e25118e683ae065ce58fa1d to your computer and use it in GitHub Desktop.
AWS App Runner CloudFormation Template generated using AWS Copilot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. | |
# SPDX-License-Identifier: Apache-2.0 | |
AWSTemplateFormatVersion: 2010-09-09 | |
Description: CloudFormation template that represents a request driven web service on AWS App Runner. | |
Parameters: | |
AppName: | |
Type: String | |
EnvName: | |
Type: String | |
WorkloadName: | |
Type: String | |
ContainerImage: | |
Type: String | |
ContainerPort: | |
Type: Number | |
ImageRepositoryType: | |
Type: String | |
InstanceCPU: | |
Type: String | |
InstanceMemory: | |
Type: String | |
HealthCheckPath: | |
Type: String | |
Default: '' | |
HealthCheckInterval: | |
Type: String | |
Default: '' | |
HealthCheckTimeout: | |
Type: String | |
Default: '' | |
HealthCheckHealthyThreshold: | |
Type: String | |
Default: '' | |
HealthCheckUnhealthyThreshold: | |
Type: String | |
Default: '' | |
Conditions: | |
# App Runner will not accept an AccessRole for ImageRepositoryTypes other than ECR. | |
# In this scenario the request will fail. | |
NeedsAccessRole: | |
!Equals [!Ref ImageRepositoryType, 'ECR'] | |
HasHealthCheckPath: | |
!Not [!Equals [!Ref HealthCheckPath, '']] | |
HasHealthCheckInterval: | |
!Not [!Equals [!Ref HealthCheckInterval, '']] | |
HasHealthCheckTimeout: | |
!Not [!Equals [!Ref HealthCheckTimeout, '']] | |
HasHealthCheckHealthyThreshold: | |
!Not [!Equals [!Ref HealthCheckHealthyThreshold, '']] | |
HasHealthCheckUnhealthyThreshold: | |
!Not [!Equals [!Ref HealthCheckUnhealthyThreshold, '']] | |
Resources: | |
AccessRole: | |
Metadata: | |
'aws:copilot:description': 'An IAM Role for App Runner to use on your behalf to pull your image from ECR' | |
Type: AWS::IAM::Role | |
Condition: NeedsAccessRole | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: '2008-10-17' | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- build.apprunner.amazonaws.com | |
Action: sts:AssumeRole | |
ManagedPolicyArns: | |
- arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess | |
InstanceRole: | |
Metadata: | |
'aws:copilot:description': 'An IAM role to control permissions for the containers in your service' | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: tasks.apprunner.amazonaws.com | |
Action: 'sts:AssumeRole' | |
Service: | |
Metadata: | |
'aws:copilot:description': 'An App Runner service to run and manage your containers' | |
Type: AWS::AppRunner::Service | |
Properties: | |
ServiceName: !Sub '${AppName}-${EnvName}-${WorkloadName}' | |
SourceConfiguration: | |
AuthenticationConfiguration: !If | |
- NeedsAccessRole | |
- AccessRoleArn: !GetAtt AccessRole.Arn | |
- !Ref AWS::NoValue | |
AutoDeploymentsEnabled: false | |
ImageRepository: | |
ImageIdentifier: !Ref ContainerImage | |
ImageRepositoryType: !Ref ImageRepositoryType | |
ImageConfiguration: | |
Port: !Ref ContainerPort | |
RuntimeEnvironmentVariables: | |
- Name: COPILOT_APPLICATION_NAME | |
Value: !Ref AppName | |
- Name: COPILOT_ENVIRONMENT_NAME | |
Value: !Ref EnvName | |
- Name: COPILOT_SERVICE_NAME | |
Value: !Ref WorkloadName | |
InstanceConfiguration: | |
Cpu: !Ref InstanceCPU | |
Memory: !Ref InstanceMemory | |
InstanceRoleArn: !GetAtt InstanceRole.Arn | |
Tags: | |
- Key: copilot-application | |
Value: !Ref AppName | |
- Key: copilot-environment | |
Value: !Ref EnvName | |
- Key: copilot-service | |
Value: !Ref WorkloadName |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment