Skip to content

Commit

Permalink
ci(engine): Hopefully fix multicontainer deployment with multi target…
Browse files Browse the repository at this point in the history
… ecs pattern
  • Loading branch information
topher-lo committed Mar 18, 2024
1 parent 25d778c commit 6684237
Showing 1 changed file with 37 additions and 65 deletions.
102 changes: 37 additions & 65 deletions aws/stack.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
execution_role = iam.Role(
self,
"ExecutionRole",
role_name="TracecatEngineExecutionRole",
role_name="TracecatFargateServiceExecutionRole",
assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"),
)
iam.Policy(
Expand Down Expand Up @@ -73,12 +73,12 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:

# Create task definition
task_definition = ecs.FargateTaskDefinition(
self, "TracecatEngineTaskDefinition", execution_role=execution_role
self, "TaskDefinition", execution_role=execution_role
)

# Secrets
tracecat_secret = secretsmanager.Secret.from_secret_complete_arn(
self, "TracecatEngineSecret", secret_complete_arn=AWS_SECRET__ARN
self, "Secret", secret_complete_arn=AWS_SECRET__ARN
)
api_secrets = {
"TRACECAT__SIGNING_SECRET": ecs.Secret.from_secrets_manager(
Expand All @@ -102,7 +102,7 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:

# Tracecat API
api_container = task_definition.add_container(
"TracecatApiContainer",
"ApiContainer",
image=ecs.ContainerImage.from_asset(
directory=".",
file="Dockerfile",
Expand All @@ -126,7 +126,7 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:

# Tracecat Runner
runner_container = task_definition.add_container(
"TracecatRunnerContainer",
"RunnerContainer",
image=ecs.ContainerImage.from_asset(
directory=".",
file="Dockerfile",
Expand All @@ -145,78 +145,50 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
)
runner_container.add_port_mappings(ecs.PortMapping(container_port=8001))

# Set default container
task_definition.default_container = api_container

# Create Fargate service
ecs_service = ecs_patterns.ApplicationLoadBalancedFargateService(
# Create fargate service
ecs_service = ecs_patterns.ApplicationMultipleTargetGroupsFargateService(
self,
"TracecatEngineALBFargateService",
certificate=cert,
"FargateService",
cluster=cluster,
desired_count=1,
domain_zone=hosted_zone,
health_check_grace_period=Duration.seconds(150),
public_load_balancer=True,
redirect_http=True,
service_name="tracecat-fargate-fastapi",
task_definition=task_definition,
)

# Add routing based on hostname or path with the single listern
listener = ecs_service.load_balancer.listeners[0]

# API target
listener.add_targets(
"TracecatApiTarget",
priority=10,
protocol=elbv2.ApplicationProtocol.HTTP,
health_check=elbv2.HealthCheck(
path="/api",
enabled=True,
interval=Duration.seconds(120),
unhealthy_threshold_count=3,
healthy_threshold_count=5,
timeout=Duration.seconds(10),
),
conditions=[
elbv2.ListenerCondition.path_patterns(["/api", "/api/*"]),
],
targets=[
ecs_service.service.load_balancer_target(
container_name="TracecatApiContainer", container_port=8000
load_balancers=[
ecs_patterns.ApplicationLoadBalancerProps(
name="alb",
domain_name=AWS_ROUTE53__HOSTED_ZONE_NAME,
domain_zone=hosted_zone,
public_load_balancer=True,
listeners=[
ecs_patterns.ApplicationListenerProps(
name="listener", certificate=cert
)
],
)
],
)

# Runner target
listener.add_targets(
"TracecatRunnerTarget",
priority=20,
protocol=elbv2.ApplicationProtocol.HTTP,
health_check=elbv2.HealthCheck(
path="/runner",
enabled=True,
interval=Duration.seconds(120),
unhealthy_threshold_count=3,
healthy_threshold_count=5,
timeout=Duration.seconds(10),
),
conditions=[
elbv2.ListenerCondition.path_patterns(["/runner", "/runner/*"]),
],
targets=[
ecs_service.service.load_balancer_target(
container_name="TracecatRunnerContainer", container_port=8001
)
target_groups=[
ecs_patterns.ApplicationTargetProps(
container_port=8000,
priority=10,
path_pattern="/api/*",
listener="listener",
),
ecs_patterns.ApplicationTargetProps(
container_port=8001,
priority=20,
path_pattern="/runner/*",
listener="listener",
),
],
)
listener = ecs_service.load_balancers[0].listeners[0]
listener.add_action(
"DefaultAction", action=elbv2.ListenerAction.fixed_response(status_code=200)
)

# # Add WAF to block all traffic not from platform.tracecat.com
# # NOTE: Please change this to the domain you deployed Tracecat frontend to
# web_acl = wafv2.CfnWebACL(
# self,
# "TracecatWebAcl",
# "WebAcl",
# scope="REGIONAL",
# # Block ALL requests by default
# default_action=wafv2.CfnWebACL.DefaultActionProperty(block={}),
Expand Down

0 comments on commit 6684237

Please sign in to comment.