diff --git a/theworld/terra/templates/apps/wordpress.yml b/theworld/terra/templates/apps/wordpress.yml index 44f9c7a5..85b46cc8 100644 --- a/theworld/terra/templates/apps/wordpress.yml +++ b/theworld/terra/templates/apps/wordpress.yml @@ -33,13 +33,16 @@ Parameters: RootStackName: { Type: String } RootStackId: { Type: String } VpcId: { Type: AWS::EC2::VPC::Id } + VpcPublicSubnet1Id: { Type: AWS::EC2::Subnet::Id } + VpcPublicSubnet2Id: { Type: AWS::EC2::Subnet::Id } + VpcPublicSubnet3Id: { Type: AWS::EC2::Subnet::Id } EcrImageTag: { Type: AWS::SSM::Parameter::Value } AlbListenerRulePriorityPrefix: { Type: String } - Aarch64AsgCapacityProviderName: { Type: String } MysqlHostname: { Type: String } ValkeyHostname: { Type: String } ValkeyPort: { Type: String } AlbAccessToken: { Type: AWS::SSM::Parameter::Value } + SharedEcsAsgInstanceSecurityGroupId: { Type: AWS::EC2::SecurityGroup::Id } Conditions: IsProduction: !Equals [!Ref EnvironmentType, Production] @@ -183,6 +186,7 @@ Resources: TargetGroupAttributes: - Key: deregistration_delay.timeout_seconds Value: "30" + TargetType: ip Tags: - { Key: Name, Value: !Sub "${RootStackName}_wordpress" } - { Key: prx:meta:tagging-version, Value: "2021-04-07" } @@ -261,10 +265,6 @@ Resources: WebEcsService: Type: AWS::ECS::Service Properties: - CapacityProviderStrategy: - - Base: 0 - CapacityProvider: !Ref Aarch64AsgCapacityProviderName - Weight: 1 Cluster: !Ref EcsClusterArn DeploymentConfiguration: MaximumPercent: 200 @@ -272,13 +272,20 @@ Resources: DesiredCount: !If [IsProduction, 5, 1] EnableECSManagedTags: true EnableExecuteCommand: true + LaunchType: FARGATE LoadBalancers: - ContainerName: !Ref kWebContainerName ContainerPort: !Ref kWebApplicationPort TargetGroupArn: !Ref WebTargetGroup - PlacementConstraints: - - Type: memberOf - Expression: attribute:ecs.cpu-architecture == arm64 + NetworkConfiguration: + AwsvpcConfiguration: + AssignPublicIp: ENABLED + SecurityGroups: + - !Ref SharedEcsAsgInstanceSecurityGroupId + Subnets: + - !Ref VpcPublicSubnet1Id + - !Ref VpcPublicSubnet2Id + - !Ref VpcPublicSubnet3Id PropagateTags: TASK_DEFINITION Tags: - { Key: prx:meta:tagging-version, Value: "2021-04-07" } @@ -308,9 +315,10 @@ Resources: WebTaskDefinition: Type: AWS::ECS::TaskDefinition Properties: + Cpu: !If [IsProduction, 2048, 512] # 512 = 0.5 vCPU, 2048 = 2 vCPU, etc + Memory: !If [IsProduction, 8192, 2048] ContainerDefinitions: - - Cpu: 100 # Currently we don't use CPU reservations for anything meaningful - Environment: + - Environment: - Name: PRX_ENVIRONMENT Value: !Ref EnvironmentTypeLowercase - Name: DB_HOST @@ -373,17 +381,10 @@ Resources: awslogs-group: !Ref WebTaskLogGroup awslogs-region: !Ref AWS::Region awslogs-stream-prefix: ecs - # Memory and MemoryReservation values are based on current instances - # sizes, ensuring that only 1 WordPress task is running on any - # instance - # Prod: c8g.xlarge => 8 GiB - # Stag: t4g.small => 2 GiB - Memory: !If [IsProduction, 7650, 1800] - MemoryReservation: !If [IsProduction, 4111, 1111] Name: !Ref kWebContainerName PortMappings: - ContainerPort: !Ref kWebApplicationPort - HostPort: 0 + Protocol: tcp Secrets: - Name: AUTH_KEY ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/auth-key @@ -416,7 +417,9 @@ Resources: - Name: DB_PASSWORD ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/mysql/password ExecutionRoleArn: !GetAtt ExecutionRole.Arn - NetworkMode: bridge + NetworkMode: awsvpc + RequiresCompatibilities: + - FARGATE Tags: - { Key: prx:meta:tagging-version, Value: "2021-04-07" } - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName } diff --git a/theworld/terra/templates/root.yml b/theworld/terra/templates/root.yml index 95d7b494..97a3dc1e 100644 --- a/theworld/terra/templates/root.yml +++ b/theworld/terra/templates/root.yml @@ -440,6 +440,9 @@ Resources: EcsClusterName: !GetAtt SharedEcsClusterStack.Outputs.EcsClusterName EcsClusterArn: !GetAtt SharedEcsClusterStack.Outputs.EcsClusterArn VpcId: !GetAtt SharedVpcStack.Outputs.VpcId + VpcPublicSubnet1Id: !GetAtt SharedVpcStack.Outputs.PublicSubnet1Id + VpcPublicSubnet2Id: !GetAtt SharedVpcStack.Outputs.PublicSubnet2Id + VpcPublicSubnet3Id: !GetAtt SharedVpcStack.Outputs.PublicSubnet3Id EcrImageTag: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/pkg/docker-image-tag AlbListenerRulePriorityPrefix: !FindInMap [SharedAlbListenerRulePriorityMap, WordPress, prefix] EnvironmentType: !Ref EnvironmentType @@ -448,11 +451,11 @@ Resources: RegionMode: !FindInMap [RegionModeMap, !Ref "AWS::Region", !Ref EnvironmentType] RootStackName: !Ref AWS::StackName RootStackId: !Ref AWS::StackId - Aarch64AsgCapacityProviderName: !GetAtt SharedEcsAsgAarch64Stack.Outputs.CapacityProviderName MysqlHostname: !GetAtt SharedAuroraMysqlStack.Outputs.DbHostname ValkeyHostname: !GetAtt SharedValkeyStack.Outputs.CacheEndpointAddress ValkeyPort: !GetAtt SharedValkeyStack.Outputs.CacheEndpointPort AlbAccessToken: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/alb-access-token + SharedEcsAsgInstanceSecurityGroupId: !GetAtt SharedEcsAsgSecurityGroupStack.Outputs.InstanceSecurityGroupId Tags: "prx:meta:tagging-version": "2021-04-07" "prx:cloudformation:stack-name": !Ref AWS::StackName diff --git a/theworld/terra/templates/shared-alb.yml b/theworld/terra/templates/shared-alb.yml index 2ad7e892..dd31bf1e 100644 --- a/theworld/terra/templates/shared-alb.yml +++ b/theworld/terra/templates/shared-alb.yml @@ -25,7 +25,6 @@ Parameters: CertificateArn: { Type: String } MaintenanceMode: { Type: String, Default: "Off" } - Conditions: IsProduction: !Equals [!Ref EnvironmentType, Production] IsMaintenanceMode: !Equals [!Ref MaintenanceMode, "On"]