From 91e107a22c7a6089a936fa7601e158abef8327b9 Mon Sep 17 00:00:00 2001 From: Matthew Bucci Date: Thu, 28 Mar 2019 20:20:29 -0700 Subject: [PATCH 1/2] switch to ReplicationGroup for multi AZ support --- README.md | 33 +++++++++++++++++++++++++++++++++ service-ecs.yml | 30 +++++++++++++++++++++++++----- 2 files changed, 58 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 8836718..3bea783 100644 --- a/README.md +++ b/README.md @@ -1 +1,34 @@ # mu-elasticache + +Mu-elasticache is an extension [for the devops tool mu](https://github.com/stelligent/mu) + +This extension automatically creates an elasticache redis cluster in all of +your specified environments + +## Using this Extension + +copy these files into your project repo, I like to place these extensions under +the folder "mu", so you would create a new directory called mu/elasticache +to hold these files + +then place the following at the bottom of your mu.yml file +``` +extensions: + - url: mu/elasticache +``` + +This is all you need to do to get started. + +The following environmental variables can be passed to your application +via mu.yml + +``` +environment: + REDIS_HOST: ${ElasticacheCluster.PrimaryEndPoint.Address} + REDIS_PORT: ${ElasticacheCluster.PrimaryEndPoint.Port} +``` + +The following parameters are configurable +NumCacheNodes (default is 2 for Multi AZ failover) +CacheNodeType (default is cache.t2.micro) +AutomaticFailoverEnabled (default is true) diff --git a/service-ecs.yml b/service-ecs.yml index 96f1b2e..1f778f7 100644 --- a/service-ecs.yml +++ b/service-ecs.yml @@ -2,11 +2,11 @@ Parameters: NumCacheNodes: Type: String Description: Number of cache nodes - Default: 1 + Default: 2 CacheNodeType: Type: String Description: The compute and memory capacity of the node(s) in the Redis Cluster - Default: "cache.m3.medium" + Default: "cache.t2.micro" AllowedValues: - cache.t2.micro - cache.t2.small @@ -43,6 +43,10 @@ Parameters: - cache.r3.2xlarge - cache.r3.4xlarge - cache.r3.8xlarge + AutomaticFailoverEnabled: + Type: String + Description: Indicates whether Multi-AZ is enabled. When Multi-AZ is enabled, a read-only replica is automatically promoted to a read-write primary cluster if the existing primary cluster fails. + Default: "true" Resources: ElasticacheSubnetGroup: @@ -72,15 +76,31 @@ Resources: Ref: ServiceSecurityGroup ElasticacheCluster: - Type: "AWS::ElastiCache::CacheCluster" + Type: "AWS::ElastiCache::ReplicationGroup" Properties: Engine: "redis" CacheNodeType: Ref: CacheNodeType - NumCacheNodes: + NumCacheClusters: Ref: NumCacheNodes CacheSubnetGroupName: Ref: ElasticacheSubnetGroup - VpcSecurityGroupIds: + AutomaticFailoverEnabled: + Ref: AutomaticFailoverEnabled + ReplicationGroupDescription: + Fn::Sub: ${Namespace}-${ServiceName}-${EnvironmentName}-cache + SecurityGroupIds: - Fn::ImportValue: Ref: ServiceSecurityGroup + +Outputs: + ElasticacheClusterEndpointAddress: + Description: "Elastic Cache Cluster Endpoint Address" + Value: + Fn::Sub: + ${ElasticacheCluster.PrimaryEndPoint.Address} + ElasticacheClusterEndpointPort: + Description: "Elastic Cache Cluster Endpoint Port" + Value: + Fn::Sub: + ${ElasticacheCluster.PrimaryEndPoint.Port} From 8f29eda758a6dd3fb5d9d70f0578058a7f8fe2cc Mon Sep 17 00:00:00 2001 From: Karl Skidmore Date: Thu, 18 Jul 2019 13:17:14 +0000 Subject: [PATCH 2/2] Move from inline policy to managed policy, also added stack exports for endpoint address and port --- README.md | 25 +++++++++++++----- common-iam.yml | 69 ++++++++++++++++++++++++++----------------------- service-ecs.yml | 6 +++++ 3 files changed, 62 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 3bea783..d5a1d7b 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ the folder "mu", so you would create a new directory called mu/elasticache to hold these files then place the following at the bottom of your mu.yml file -``` +```yaml extensions: - url: mu/elasticache ``` @@ -22,13 +22,26 @@ This is all you need to do to get started. The following environmental variables can be passed to your application via mu.yml -``` +```yaml environment: REDIS_HOST: ${ElasticacheCluster.PrimaryEndPoint.Address} REDIS_PORT: ${ElasticacheCluster.PrimaryEndPoint.Port} ``` -The following parameters are configurable -NumCacheNodes (default is 2 for Multi AZ failover) -CacheNodeType (default is cache.t2.micro) -AutomaticFailoverEnabled (default is true) +The following parameters are configurable: +* NumCacheNodes (default is 2 for Multi AZ failover) +* CacheNodeType (default is cache.t2.micro) +* AutomaticFailoverEnabled (default is true) + +Example: + +```yaml +parameters: + mu-service-SERVICE-acceptance: + NumCacheNodes: 1 + AutomaticFailoverEnabled: false + + mu-service-SERVICE-production: + NumCacheNodes: 2 + AutomaticFailoverEnabled: true +``` diff --git a/common-iam.yml b/common-iam.yml index a861be1..4186bab 100644 --- a/common-iam.yml +++ b/common-iam.yml @@ -1,34 +1,39 @@ Resources: - CloudFormationRole: + ElastiCachePolicy: + Type: "AWS::IAM::ManagedPolicy" Properties: - Policies: - - PolicyName: deploy-elasticache - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - elasticache:AddTagsToResource - - elasticache:AuthorizeCacheSecurityGroupIngress - - elasticache:CreateCacheCluster - - elasticache:CreateCacheSubnetGroup - - elasticache:DeleteCacheCluster - - elasticache:DeleteCacheSubnetGroup - - elasticache:DescribeCacheClusters - - elasticache:DescribeCacheSecurityGroups - - elasticache:DescribeCacheSubnetGroups - - elasticache:DescribeEvents - - elasticache:ListTagsForResource - - elasticache:ModifyCacheCluster - - elasticache:ModifyCacheSubnetGroup - - elasticache:RemoveTagsFromResource - - elasticache:RevokeCacheSecurityGroupIngress - Resource: '*' - Effect: Allow - - Action: - - iam:CreateServiceLinkedRole - - iam:PutRolePolicy - Resource: 'arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache*' - Condition: - StringLike: - iam:AWSServiceName: elasticache.amazonaws.com - Effect: Allow + PolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - elasticache:AddTagsToResource + - elasticache:AuthorizeCacheSecurityGroupIngress + - elasticache:CreateCacheCluster + - elasticache:CreateCacheSubnetGroup + - elasticache:CreateReplicationGroup + - elasticache:DeleteCacheCluster + - elasticache:DeleteCacheSubnetGroup + - elasticache:DeleteReplicationGroup + - elasticache:DescribeCacheClusters + - elasticache:DescribeCacheSecurityGroups + - elasticache:DescribeCacheSubnetGroups + - elasticache:DescribeReplicationGroup + - elasticache:DescribeReplicationGroups + - elasticache:DescribeEvents + - elasticache:ListTagsForResource + - elasticache:ModifyCacheCluster + - elasticache:ModifyCacheSubnetGroup + - elasticache:RemoveTagsFromResource + - elasticache:RevokeCacheSecurityGroupIngress + Resource: '*' + Effect: Allow + - Action: + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy + Resource: 'arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache*' + Condition: + StringLike: + iam:AWSServiceName: elasticache.amazonaws.com + Effect: Allow + Roles: + - Ref: CloudFormationRole diff --git a/service-ecs.yml b/service-ecs.yml index 1f778f7..016e3fc 100644 --- a/service-ecs.yml +++ b/service-ecs.yml @@ -99,8 +99,14 @@ Outputs: Value: Fn::Sub: ${ElasticacheCluster.PrimaryEndPoint.Address} + Export: + Name: + Fn::Sub: ${AWS::StackName}-ElasticacheClusterEndpointAddress ElasticacheClusterEndpointPort: Description: "Elastic Cache Cluster Endpoint Port" Value: Fn::Sub: ${ElasticacheCluster.PrimaryEndPoint.Port} + Export: + Name: + Fn::Sub: ${AWS::StackName}-ElasticacheClusterEndpointPort