diff --git a/README.md b/README.md
index f03a8903..2e008910 100644
--- a/README.md
+++ b/README.md
@@ -252,64 +252,64 @@ CloudFormation | Region Name | Region | VPC | Bastion | DB | Fargate | Elastic B
[
][ap-southeast-2-vpc-bastion] | Asia Pacific (Sydney) | ap-southeast-2 | ✅ | ✅ |||
[ ][ap-southeast-2-vpc-bastion-eb-rds] | Asia Pacific (Sydney) | ap-southeast-2 | ✅ | ✅ | ✅ || ✅ |
-[us-east-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[us-east-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[us-east-1-vpc-bastion-fargate]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-fargate.cfn.yml
-[us-east-1-vpc-bastion-fargate-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-fargate-rds.cfn.yml
-[us-east-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[us-east-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[us-east-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[us-east-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[us-west-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[us-west-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[us-west-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[us-west-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[us-west-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[us-west-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[sa-east-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[sa-east-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[sa-east-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[eu-west-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[eu-west-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[eu-west-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[eu-west-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[eu-west-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[eu-west-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[eu-west-3-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-3#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[eu-west-3-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-3#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[eu-west-3-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-3#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[eu-central-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[eu-central-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[eu-central-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[ap-south-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-south-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[ap-south-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-south-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[ap-south-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-south-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[ap-northeast-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[ap-northeast-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[ap-northeast-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[ap-northeast-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[ap-northeast-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[ap-northeast-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[ap-southeast-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[ap-southeast-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[ap-southeast-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[ap-southeast-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[ap-southeast-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[ap-southeast-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
-
-[ca-central-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ca-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc.cfn.yml
-[ca-central-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ca-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion.cfn.yml
-[ca-central-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ca-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v2/vpc-bastion-eb-rds.cfn.yml
+[us-east-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[us-east-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[us-east-1-vpc-bastion-fargate]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-fargate.cfn.yml
+[us-east-1-vpc-bastion-fargate-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-fargate-rds.cfn.yml
+[us-east-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[us-east-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[us-east-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[us-east-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[us-west-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[us-west-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[us-west-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[us-west-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[us-west-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[us-west-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[sa-east-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[sa-east-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[sa-east-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[eu-west-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[eu-west-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[eu-west-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[eu-west-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[eu-west-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[eu-west-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[eu-west-3-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-3#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[eu-west-3-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-3#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[eu-west-3-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-3#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[eu-central-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[eu-central-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[eu-central-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[ap-south-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-south-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[ap-south-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-south-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[ap-south-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-south-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[ap-northeast-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[ap-northeast-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[ap-northeast-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[ap-northeast-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[ap-northeast-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[ap-northeast-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[ap-southeast-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[ap-southeast-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[ap-southeast-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[ap-southeast-2-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[ap-southeast-2-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[ap-southeast-2-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
+
+[ca-central-1-vpc]: https://console.aws.amazon.com/cloudformation/home?region=ca-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc.cfn.yml
+[ca-central-1-vpc-bastion]: https://console.aws.amazon.com/cloudformation/home?region=ca-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion.cfn.yml
+[ca-central-1-vpc-bastion-eb-rds]: https://console.aws.amazon.com/cloudformation/home?region=ca-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/awslabs-startup-kit-templates-deploy-v3/vpc-bastion-eb-rds.cfn.yml
diff --git a/bin/deploy.sh b/bin/deploy.sh
index f63ecbf5..5ba767f6 100755
--- a/bin/deploy.sh
+++ b/bin/deploy.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
-# Usage: ./bin/deploy.sh awslabs-startup-kit-templates-deploy-v2 startup
+# Usage: ./bin/deploy.sh awslabs-startup-kit-templates-deploy-v3 startup
#
# The first argument is the bucket and the second is the aws cli profile
#
diff --git a/templates/fargate-service.cfn.yml b/templates/fargate-service.cfn.yml
new file mode 100644
index 00000000..a6ecdeb1
--- /dev/null
+++ b/templates/fargate-service.cfn.yml
@@ -0,0 +1,682 @@
+---
+AWSTemplateFormatVersion: 2010-09-09
+
+# A CloudFormation template to deploy an additional service to Fargate. This requires an existing
+# cluster deployed by fargate.cfn.yml.
+
+Description: Fargate Service
+
+
+Parameters:
+
+ NetworkStackName:
+ Type: String
+ Description: Name of an active Startup Kit CloudFormation stack that contains networking resources
+ MinLength: 1
+ MaxLength: 255
+ AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"
+
+ EnvironmentName:
+ Type: String
+ Description: Environment name - dev or prod
+ Default: dev
+ AllowedValues:
+ - dev
+ - prod
+ ConstraintDescription: Specify either dev or prod
+
+ DatabaseStackName:
+ Type: String
+ Description: Name of an optional active Startup Kit CloudFormation stack that contains database resources
+ Default: ""
+
+ FargateStackName:
+ Type: String
+ Description: Name of an active Startup Kit CloudFormation stack that contains Fargate resources
+ MinLength: 1
+ MaxLength: 255
+ AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"
+
+ RegisterServiceWithAlb:
+ Default: true
+ Type: String
+ Description: Set to false to disable registering with the ALB (e.g., backend services without a web interface)
+ ConstraintDescription: Only true or false are allowed
+ AllowedValues:
+ - true
+ - false
+
+ AppProtocol:
+ Type: String
+ Description: The application server protocol
+ Default: HTTP
+ AllowedValues:
+ - HTTP
+ - HTTPS
+ ConstraintDescription: Specify either HTTTP or HTTPS
+
+ ServiceUrlPath:
+ Type: String
+ Description: The URL path for the service (e.g., /test)
+ Default: /test
+ MinLength: 1
+ MaxLength: 255
+ ConstraintDescription: Value must be between 1 and 255 characters
+
+ ServiceLBListenerPriority:
+ Type: Number
+ Description: The service load balancer listener priority - must be unique for each service if ALB is enabled
+ Default: 2
+ MinValue: 2
+ MaxValue: 50000
+ ConstraintDescription: Number must be between 1 and 50,000
+
+ HealthCheckPath:
+ Type: String
+ Description: The path for the Application Load Balancer health check
+ Default: /
+ MinLength: 1
+ MaxLength: 255
+ ConstraintDescription: Value must be between 1 and 255 characters
+
+ GitHubSourceRepo:
+ Type: String
+ Description: GitHub source repository - must contain a Dockerfile in the base
+
+ GitHubBranch:
+ Type: String
+ Default: master
+ Description: GitHub repository branch to trigger builds
+
+ GitHubToken:
+ Type: String
+ NoEcho: true
+ Description: "GitHub API token - see: https://github.com/blog/1509-personal-api-tokens"
+
+ GitHubUser:
+ Type: String
+ Description: GitHub username
+
+ CodeBuildDockerImage:
+ Type: String
+ Default: aws/codebuild/docker:17.09.0
+
+ SeedDockerImage:
+ Type: String
+ Default: registry.hub.docker.com/library/nginx:1.13
+ Description: The initial image, before the GitHub repo above is deployed. Existing application images in ECR should override this parameter
+
+ ContainerCpu:
+ Type: Number
+ Description: "Amount of CPU for the container - options available: https://aws.amazon.com/fargate/pricing/"
+ Default: 256
+ MinValue: 256
+ MaxValue: 4096
+ ConstraintDescription: "Value must be between 256 and 4096 - see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size"
+
+ ContainerMemory:
+ Type: Number
+ Description: "Amount of memory for the container - options available: https://aws.amazon.com/fargate/pricing/"
+ Default: 512
+ MinValue: 512
+ MaxValue: 30720
+ ConstraintDescription: "Value must be between 512 and 30720 - see: https://aws.amazon.com/fargate/pricing/"
+
+ # CPU alarm parameters
+ CpuAlarmEvaluationPeriods:
+ Description: The number of periods over which data is compared to the specified threshold
+ Type: Number
+ Default: 2
+ MinValue: 2
+
+ CpuScaleOutThreshold:
+ Type: Number
+ Description: Average CPU value to trigger auto scaling out
+ Default: 50
+ MinValue: 0
+ MaxValue: 100
+ ConstraintDescription: Value must be between 0 and 100
+
+ CpuScaleInThreshold:
+ Type: Number
+ Description: Average CPU value to trigger auto scaling in
+ Default: 25
+ MinValue: 0
+ MaxValue: 100
+ ConstraintDescription: Value must be between 0 and 100
+
+ # Auto scaling container counts
+ TaskMinContainerCount:
+ Type: Number
+ Description: Minimum number of containers to run for the service
+ Default: 1
+ MinValue: 1
+ ConstraintDescription: Value must be at least one
+
+ TaskMaxContainerCount:
+ Type: Number
+ Description: Maximum number of containers to run for the service when auto scaling out
+ Default: 2
+ MinValue: 1
+ ConstraintDescription: Value must be at least one
+
+ ContainerLogRetentionInDays:
+ Type: Number
+ Default: 7
+
+
+Conditions:
+
+ IsDbStackSet: !Not [ !Equals [ !Ref DatabaseStackName, "" ] ]
+
+ AddServiceToAlb: !Equals [ !Ref RegisterServiceWithAlb, true ]
+
+ DoNotAddServiceToAlb: !Equals [ !Ref RegisterServiceWithAlb, false ]
+
+
+Resources:
+
+ CodePipelineArtifactBucket:
+ Type: AWS::S3::Bucket
+ DeletionPolicy: Delete
+
+ CodeBuildServiceRole:
+ Type: AWS::IAM::Role
+ Properties:
+ Path: /
+ AssumeRolePolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: codebuild.amazonaws.com
+ Action: sts:AssumeRole
+ Policies:
+ - PolicyName: root
+ PolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Resource: "*"
+ Effect: Allow
+ Action:
+ - logs:CreateLogGroup
+ - logs:CreateLogStream
+ - logs:PutLogEvents
+ - ecr:GetAuthorizationToken
+ - Resource: !Sub arn:aws:s3:::${CodePipelineArtifactBucket}/*
+ Effect: Allow
+ Action:
+ - s3:GetObject
+ - s3:PutObject
+ - s3:GetObjectVersion
+ - Resource:
+ Fn::ImportValue: !Sub ${FargateStackName}-EcrDockerRepositoryArn
+ Effect: Allow
+ Action:
+ - ecr:GetDownloadUrlForLayer
+ - ecr:BatchGetImage
+ - ecr:BatchCheckLayerAvailability
+ - ecr:PutImage
+ - ecr:InitiateLayerUpload
+ - ecr:UploadLayerPart
+ - ecr:CompleteLayerUpload
+
+ # By default, the build specification is defined in this template, but you can also add buildspec.yml
+ # files in your repos to allow for customization.
+ # See:
+ # https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
+ # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-source.html
+ CodeBuildProject:
+ Type: AWS::CodeBuild::Project
+ Properties:
+ Artifacts:
+ Type: CODEPIPELINE
+ Source:
+ Type: CODEPIPELINE
+ BuildSpec: !Sub
+ - |
+ ---
+ version: 0.2
+ phases:
+ install:
+ commands:
+ - apt-get update && apt-get -y install python-pip && pip install --upgrade python && pip install --upgrade awscli
+ pre_build:
+ commands:
+ - printenv
+ - TAG="$REPOSITORY_NAME.$REPOSITORY_BRANCH.$ENVIRONMENT_NAME.$(date +%Y-%m-%d.%H.%M.%S).$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | head -c 8)"
+ - echo $TAG
+ - $(aws ecr get-login --no-include-email)
+ build:
+ commands:
+ - docker build --tag $REPOSITORY_URI:$TAG .
+ post_build:
+ commands:
+ - docker push $REPOSITORY_URI:$TAG
+ - printf '[{"name":"${ServiceName}","imageUri":"%s"}]' $REPOSITORY_URI:$TAG > build.json
+ artifacts:
+ files: build.json
+ - ServiceName: !Ref GitHubSourceRepo
+ Environment:
+ ComputeType: BUILD_GENERAL1_SMALL
+ Type: LINUX_CONTAINER
+ Image: !Ref CodeBuildDockerImage
+ EnvironmentVariables:
+ - Name: REPOSITORY_URI
+ Value:
+ Fn::ImportValue: !Sub ${FargateStackName}-EcrDockerRepositoryUri
+ - Name: ENVIRONMENT_NAME
+ Value: !Ref EnvironmentName
+ - Name: REPOSITORY_NAME
+ Value: !Ref GitHubSourceRepo
+ - Name: REPOSITORY_BRANCH
+ Value: !Ref GitHubBranch
+ Name: !Ref AWS::StackName
+ ServiceRole: !Ref CodeBuildServiceRole
+
+ CodePipelineServiceRole:
+ Type: AWS::IAM::Role
+ Properties:
+ Path: /
+ AssumeRolePolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: codepipeline.amazonaws.com
+ Action: sts:AssumeRole
+ Policies:
+ - PolicyName: codepipeline-access
+ PolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Resource: "*"
+ Effect: Allow
+ Action:
+ - ecs:List*
+ - ecs:Describe*
+ - ecs:RegisterTaskDefinition
+ - ecs:UpdateService
+ - codebuild:StartBuild
+ - codebuild:BatchGetBuilds
+ - iam:PassRole
+ - Resource: !Sub arn:aws:s3:::${CodePipelineArtifactBucket}/*
+ Effect: Allow
+ Action:
+ - s3:PutObject
+ - s3:GetObject
+ - s3:GetObjectVersion
+ - s3:GetBucketVersioning
+ DependsOn:
+ - CodePipelineArtifactBucket
+
+ # This CodePipeline triggers on a commit to the Git branch passed, builds the Docker image
+ # and then deploys the container in the Fargate Cluster. CodePipeline can support N stages. For
+ # example, you may want to add a stage to test your build and/or container.
+ CodePipeline:
+ Type: AWS::CodePipeline::Pipeline
+ Properties:
+ RoleArn: !GetAtt CodePipelineServiceRole.Arn
+ ArtifactStore:
+ Type: S3
+ Location: !Ref CodePipelineArtifactBucket
+ Stages:
+ - Name: Source
+ Actions:
+ - Name: App
+ ActionTypeId:
+ Category: Source
+ Owner: ThirdParty
+ Version: 1
+ Provider: GitHub
+ Configuration:
+ Owner: !Ref GitHubUser
+ Repo: !Ref GitHubSourceRepo
+ Branch: !Ref GitHubBranch
+ OAuthToken: !Ref GitHubToken
+ OutputArtifacts:
+ - Name: App
+ RunOrder: 1
+ - Name: Build
+ Actions:
+ - Name: Build
+ ActionTypeId:
+ Category: Build
+ Owner: AWS
+ Version: 1
+ Provider: CodeBuild
+ Configuration:
+ ProjectName: !Ref CodeBuildProject
+ InputArtifacts:
+ - Name: App
+ OutputArtifacts:
+ - Name: BuildOutput
+ RunOrder: 1
+ - Name: Deploy
+ Actions:
+ - Name: Deploy
+ ActionTypeId:
+ Category: Deploy
+ Owner: AWS
+ Version: 1
+ Provider: ECS
+ Configuration:
+ ClusterName:
+ Fn::ImportValue: !Sub ${FargateStackName}-FargateEcsClusterName
+ ServiceName: !If [ AddServiceToAlb, !GetAtt ServiceWithAlb.Name, !GetAtt ServiceWithoutAlb.Name ]
+ FileName: build.json
+ InputArtifacts:
+ - Name: BuildOutput
+ RunOrder: 1
+ DependsOn:
+ - CodePipelineArtifactBucket
+ - CodeBuildProject
+ - CodePipelineServiceRole
+
+ # The namespace in Amazon CloudWatch Logs - see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogsConcepts.html
+ LogGroup:
+ Type: AWS::Logs::LogGroup
+ Properties:
+ LogGroupName: !Sub /fargate/app/${EnvironmentName}/${GitHubSourceRepo}/${GitHubBranch}
+ RetentionInDays: !Ref ContainerLogRetentionInDays
+
+ TaskRole:
+ Type: AWS::IAM::Role
+ Properties:
+ Path: /
+ AssumeRolePolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: ecs-tasks.amazonaws.com
+ Action: sts:AssumeRole
+
+ TaskExecutionRole:
+ Type: AWS::IAM::Role
+ Properties:
+ Path: /
+ AssumeRolePolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: ecs-tasks.amazonaws.com
+ Action: sts:AssumeRole
+ ManagedPolicyArns:
+ - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
+
+ TaskDefinition:
+ Type: AWS::ECS::TaskDefinition
+ Properties:
+ Family: !Sub ${AWS::StackName}-${GitHubSourceRepo}
+ RequiresCompatibilities:
+ - FARGATE
+ Cpu: !Ref ContainerCpu
+ Memory: !Ref ContainerMemory
+ NetworkMode: awsvpc
+ TaskRoleArn: !GetAtt TaskRole.Arn
+ ExecutionRoleArn: !GetAtt TaskExecutionRole.Arn
+ ContainerDefinitions:
+ - Name: !Ref GitHubSourceRepo
+ Image: !Ref SeedDockerImage
+ Essential: true
+ PortMappings:
+ - ContainerPort:
+ Fn::ImportValue: !Sub ${NetworkStackName}-AppIngressPort
+
+ # Environment variables can be customized by adding parameters/values below. Secrets
+ # should be stored in AWS Systems Manager Parameter Store.
+ # See: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html
+ Environment:
+ - Name: ENVIRONMENT_NAME
+ Value: !Ref EnvironmentName
+ - Name: DATABASE_ENDPOINT
+ Value: !If [ IsDbStackSet, "Fn::ImportValue": !Sub "${DatabaseStackName}-DatabaseURL", "" ]
+ - Name: DATABASE_USER
+ Value: !If [ IsDbStackSet, "Fn::ImportValue": !Sub "${DatabaseStackName}-DatabaseUser", "" ]
+ - Name: LOAD_BALANCER_DNS
+ Value:
+ Fn::ImportValue: !Sub ${FargateStackName}-ApplicationLoadBalancerDnsName
+ LogConfiguration:
+ LogDriver: awslogs
+ Options:
+ awslogs-region: !Ref AWS::Region
+ awslogs-group: !Ref LogGroup
+ awslogs-stream-prefix: !Ref GitHubSourceRepo
+ DependsOn:
+ - LogGroup
+ - TaskExecutionRole
+
+ ServiceWithoutAlb:
+ Type: AWS::ECS::Service
+ Condition: DoNotAddServiceToAlb
+ Properties:
+ Cluster:
+ Fn::ImportValue: !Sub ${FargateStackName}-FargateEcsClusterName
+ ServiceName: !Ref AWS::StackName
+ DesiredCount: !Ref TaskMinContainerCount
+ LaunchType: FARGATE
+ TaskDefinition: !Ref TaskDefinition
+ NetworkConfiguration:
+ AwsvpcConfiguration:
+ AssignPublicIp: DISABLED
+ Subnets:
+ - Fn::ImportValue: !Sub ${NetworkStackName}-PrivateSubnet1ID
+ - Fn::ImportValue: !Sub ${NetworkStackName}-PrivateSubnet2ID
+ DependsOn:
+ - TaskDefinition
+
+ ServiceWithAlb:
+ Type: AWS::ECS::Service
+ Condition: AddServiceToAlb
+ Properties:
+ Cluster:
+ Fn::ImportValue: !Sub ${FargateStackName}-FargateEcsClusterName
+ ServiceName: !Ref AWS::StackName
+ DesiredCount: !Ref TaskMinContainerCount
+ LaunchType: FARGATE
+ TaskDefinition: !Ref TaskDefinition
+ LoadBalancers:
+ - ContainerName: !Ref GitHubSourceRepo
+ ContainerPort:
+ Fn::ImportValue: !Sub ${NetworkStackName}-AppIngressPort
+ TargetGroupArn: !Ref TargetGroup
+ NetworkConfiguration:
+ AwsvpcConfiguration:
+ AssignPublicIp: DISABLED
+ SecurityGroups:
+ - Fn::ImportValue: !Sub ${NetworkStackName}-AppSecurityGroupID
+ Subnets:
+ - Fn::ImportValue: !Sub ${NetworkStackName}-PrivateSubnet1ID
+ - Fn::ImportValue: !Sub ${NetworkStackName}-PrivateSubnet2ID
+ DependsOn:
+ - TaskDefinition
+
+ AutoScalingRole:
+ Type: AWS::IAM::Role
+ Properties:
+ AssumeRolePolicyDocument:
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: application-autoscaling.amazonaws.com
+ Action: sts:AssumeRole
+ Path: /
+ Policies:
+ - PolicyName: service-autoscaling
+ PolicyDocument:
+ Statement:
+ - Effect: Allow
+ Action:
+ - application-autoscaling:*
+ - cloudwatch:DescribeAlarms
+ - cloudwatch:PutMetricAlarm
+ - ecs:DescribeServices
+ - ecs:UpdateService
+ Resource: '*'
+
+ ScalingTarget:
+ Type: AWS::ApplicationAutoScaling::ScalableTarget
+ Properties:
+ MinCapacity: !Ref TaskMinContainerCount
+ MaxCapacity: !Ref TaskMaxContainerCount
+ ResourceId: !Sub
+ - service/${EcsClusterName}/${ServiceName}
+ - EcsClusterName:
+ Fn::ImportValue: !Sub ${FargateStackName}-FargateEcsClusterName
+ ServiceName: !If [ AddServiceToAlb, !GetAtt ServiceWithAlb.Name, !GetAtt ServiceWithoutAlb.Name ]
+ RoleARN: !GetAtt AutoScalingRole.Arn
+ ScalableDimension: ecs:service:DesiredCount
+ ServiceNamespace: ecs
+ DependsOn:
+ - AutoScalingRole
+
+ ScaleOutPolicy:
+ Type: AWS::ApplicationAutoScaling::ScalingPolicy
+ Properties:
+ PolicyName: ScaleOutPolicy
+ PolicyType: StepScaling
+ ScalingTargetId: !Ref ScalingTarget
+ StepScalingPolicyConfiguration:
+ AdjustmentType: ChangeInCapacity
+ Cooldown: 60
+ MetricAggregationType: Average
+ StepAdjustments:
+ - ScalingAdjustment: 1
+ MetricIntervalLowerBound: 0
+ DependsOn: ScalingTarget
+
+ ScaleInPolicy:
+ Type: AWS::ApplicationAutoScaling::ScalingPolicy
+ Properties:
+ PolicyName: ScaleInPolicy
+ PolicyType: StepScaling
+ ScalingTargetId: !Ref ScalingTarget
+ StepScalingPolicyConfiguration:
+ AdjustmentType: ChangeInCapacity
+ Cooldown: 60
+ MetricAggregationType: Average
+ StepAdjustments:
+ - ScalingAdjustment: -1
+ MetricIntervalUpperBound: 0
+ DependsOn: ScalingTarget
+
+ ScaleOutAlarm:
+ Type: AWS::CloudWatch::Alarm
+ Properties:
+ EvaluationPeriods: !Ref CpuAlarmEvaluationPeriods
+ Statistic: Average
+ TreatMissingData: notBreaching
+ Threshold: !Ref CpuScaleOutThreshold
+ AlarmDescription: Alarm to add capacity if CPU is high
+ Period: 60
+ AlarmActions:
+ - !Ref ScaleOutPolicy
+ Namespace: AWS/ECS
+ Dimensions:
+ - Name: ClusterName
+ Value:
+ Fn::ImportValue: !Sub ${FargateStackName}-FargateEcsClusterName
+ - Name: ServiceName
+ Value: !If [ AddServiceToAlb, !GetAtt ServiceWithAlb.Name, !GetAtt ServiceWithoutAlb.Name ]
+ ComparisonOperator: GreaterThanThreshold
+ MetricName: CPUUtilization
+ DependsOn:
+ - ScaleOutPolicy
+
+ ScaleInAlarm:
+ Type: AWS::CloudWatch::Alarm
+ Properties:
+ EvaluationPeriods: !Ref CpuAlarmEvaluationPeriods
+ Statistic: Average
+ TreatMissingData: notBreaching
+ Threshold: !Ref CpuScaleInThreshold
+ AlarmDescription: Alarm to reduce capacity if container CPU is low
+ Period: 300
+ AlarmActions:
+ - !Ref ScaleInPolicy
+ Namespace: AWS/ECS
+ Dimensions:
+ - Name: ClusterName
+ Value:
+ Fn::ImportValue: !Sub ${FargateStackName}-FargateEcsClusterName
+ - Name: ServiceName
+ Value: !If [ AddServiceToAlb, !GetAtt ServiceWithAlb.Name, !GetAtt ServiceWithoutAlb.Name ]
+ ComparisonOperator: LessThanThreshold
+ MetricName: CPUUtilization
+ DependsOn:
+ - ScaleInPolicy
+
+ # The health checks can be further tuned if your requirements differ
+ TargetGroup:
+ Type: AWS::ElasticLoadBalancingV2::TargetGroup
+ Condition: AddServiceToAlb
+ Properties:
+ VpcId:
+ Fn::ImportValue: !Sub ${NetworkStackName}-VpcID
+ Port:
+ Fn::ImportValue: !Sub ${NetworkStackName}-AppIngressPort
+ Protocol: !Ref AppProtocol
+ Matcher:
+ HttpCode: 200
+ HealthCheckIntervalSeconds: 10
+ HealthCheckPath: !Ref HealthCheckPath
+ HealthCheckProtocol: !Ref AppProtocol
+ HealthCheckTimeoutSeconds: 5
+ HealthyThresholdCount: 2
+ TargetGroupAttributes:
+ - Key: deregistration_delay.timeout_seconds
+ Value: 300
+ TargetType: ip
+ Tags:
+ - Key: Repository
+ Value: !Ref GitHubSourceRepo
+ - Key: Branch
+ Value: !Ref GitHubBranch
+ - Key: Stack
+ Value: !Ref AWS::StackName
+ - Key: Environment
+ Value: !Ref EnvironmentName
+
+ ListenerRule:
+ Type: AWS::ElasticLoadBalancingV2::ListenerRule
+ Condition: AddServiceToAlb
+ Properties:
+ ListenerArn:
+ Fn::ImportValue: !Sub ${FargateStackName}-ApplicationLoadBalancerListenerArn
+ Priority: !Ref ServiceLBListenerPriority
+ Conditions:
+ - Field: path-pattern
+ Values:
+ - !Ref ServiceUrlPath
+ Actions:
+ - TargetGroupArn: !Ref TargetGroup
+ Type: forward
+ DependsOn:
+ - TargetGroup
+
+
+Outputs:
+
+ ServiceArn:
+ Value: !If [ AddServiceToAlb, !Ref ServiceWithAlb, !Ref ServiceWithoutAlb ]
+ Export:
+ Name: !Sub ${AWS::StackName}-ServiceArn
+
+ ServiceName:
+ Value: !If [ AddServiceToAlb, !GetAtt ServiceWithAlb.Name, !GetAtt ServiceWithoutAlb.Name ]
+ Export:
+ Name: !Sub ${AWS::StackName}-ServiceName
+
+ CodePipelineArtifactBucketName:
+ Value: !Ref CodePipelineArtifactBucket
+ Export:
+ Name: !Sub ${AWS::StackName}-CodePipelineArtifactBucket
+
+ CodePipelineArtifactBucketArn:
+ Value: !GetAtt CodePipelineArtifactBucket.Arn
+ Export:
+ Name: !Sub ${AWS::StackName}-CodePipelineArtifactBucketArn
+
+
diff --git a/templates/fargate.cfn.yml b/templates/fargate.cfn.yml
index 2f909375..d664a636 100644
--- a/templates/fargate.cfn.yml
+++ b/templates/fargate.cfn.yml
@@ -118,17 +118,24 @@ Parameters:
MaxValue: 30720
ConstraintDescription: "Value must be between 512 and 30720 - see: https://aws.amazon.com/fargate/pricing/"
- DefaultServiceCpuScaleUpThreshold:
+ # Scaling params
+ DefaultServiceScaleEvaluationPeriods:
+ Description: The number of periods over which data is compared to the specified threshold
+ Type: Number
+ Default: 2
+ MinValue: 2
+
+ DefaultServiceCpuScaleOutThreshold:
Type: Number
- Description: Average CPU value to trigger auto scaling up
+ Description: Average CPU value to trigger auto scaling out
Default: 50
MinValue: 0
MaxValue: 100
ConstraintDescription: Value must be between 0 and 100
- DefaultServiceCpuScaleDownThreshold:
+ DefaultServiceCpuScaleInThreshold:
Type: Number
- Description: Average CPU value to trigger auto scaling down
+ Description: Average CPU value to trigger auto scaling in
Default: 25
MinValue: 0
MaxValue: 100
@@ -143,7 +150,7 @@ Parameters:
DefaultTaskMaxContainerCount:
Type: Number
- Description: Maximum number of containers to run for the service when auto scaling up
+ Description: Maximum number of containers to run for the service when auto scaling out
Default: 2
MinValue: 1
ConstraintDescription: Value must be at least one
@@ -194,9 +201,9 @@ Parameters:
LoadBalancerLatencySeconds:
Description: LoadBalancer latency threshold, in seconds
Type: Number
- Default: 1
+ Default: 2
MinValue: 1
- ConstraintDescription: Must be atleast one
+ ConstraintDescription: Must be at least one second
EnableLBAlarm:
Description: Set to true to enable load balancer latency alarm
@@ -219,6 +226,7 @@ Conditions:
IsLBAlarmEnabled: !Equals [ !Ref EnableLBAlarm, true ]
+
Resources:
DefaultContainerBucket:
@@ -291,7 +299,7 @@ Resources:
pre_build:
commands:
- printenv
- - TAG="$ENVIRONMENT_NAME.$(date +%Y-%m-%d).$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | head -c 8)"
+ - TAG="$REPOSITORY_NAME.$REPOSITORY_BRANCH.$ENVIRONMENT_NAME.$(date +%Y-%m-%d.%H.%M.%S).$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | head -c 8)"
- $(aws ecr get-login --no-include-email)
build:
commands:
@@ -308,12 +316,14 @@ Resources:
Type: LINUX_CONTAINER
Image: !Ref CodeBuildDockerImage
EnvironmentVariables:
- - Name: AWS_DEFAULT_REGION
- Value: !Ref AWS::Region
- Name: REPOSITORY_URI
Value: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${EcrDockerRepository}
- Name: ENVIRONMENT_NAME
Value: !Ref EnvironmentName
+ - Name: REPOSITORY_NAME
+ Value: !Ref GitHubSourceRepo
+ - Name: REPOSITORY_BRANCH
+ Value: !Ref GitHubBranch
Name: !Ref AWS::StackName
ServiceRole: !Ref CodeBuildServiceRole
@@ -471,8 +481,12 @@ Resources:
SecurityGroups:
- Fn::ImportValue: !Sub ${NetworkStackName}-ELBSecurityGroupID
Tags:
- - Key: Name
+ - Key: Stack
Value: !Ref AWS::StackName
+ - Key: Environment
+ Value: !Ref EnvironmentName
+ - Key: FargateCluster
+ Value: !Ref FargateEcsCluster
AlbRoute53Record:
Type: AWS::Route53::RecordSet
@@ -506,13 +520,22 @@ Resources:
- Key: deregistration_delay.timeout_seconds
Value: 300
TargetType: ip
+ Tags:
+ - Key: Repository
+ Value: !Ref GitHubSourceRepo
+ - Key: Branch
+ Value: !Ref GitHubBranch
+ - Key: Stack
+ Value: !Ref AWS::StackName
+ - Key: Environment
+ Value: !Ref EnvironmentName
DependsOn: ApplicationLoadBalancer
- # The namespace in Amazon CloudWatch Logs
+ # The namespace in Amazon CloudWatch Logs - see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogsConcepts.html
DefaultLogGroup:
Type: AWS::Logs::LogGroup
Properties:
- LogGroupName: !Sub /fargate/app/${GitHubSourceRepo}-${AWS::StackName}
+ LogGroupName: !Sub /fargate/app/${EnvironmentName}/${GitHubSourceRepo}/${GitHubBranch}
RetentionInDays: !Ref ContainerLogRetentionInDays
DefaultTaskRole:
@@ -581,6 +604,8 @@ Resources:
Value: !If [ IsDbStackSet, "Fn::ImportValue": !Sub "${DatabaseStackName}-DatabaseURL", "" ]
- Name: DATABASE_USER
Value: !If [ IsDbStackSet, "Fn::ImportValue": !Sub "${DatabaseStackName}-DatabaseUser", "" ]
+ - Name: LOAD_BALANCER_DNS
+ Value: !If [ CreateRoute53Record, !Ref LoadBalancerDomainName, !GetAtt ApplicationLoadBalancer.DNSName ]
LogConfiguration:
LogDriver: awslogs
Options:
@@ -657,10 +682,10 @@ Resources:
- DefaultFargateService
- ServiceAutoScalingRole
- DefaultServiceScaleUpPolicy:
+ DefaultServiceScaleOutPolicy:
Type: AWS::ApplicationAutoScaling::ScalingPolicy
Properties:
- PolicyName: ScaleUpPolicy
+ PolicyName: ScaleOutPolicy
PolicyType: StepScaling
ScalingTargetId: !Ref DefaultServiceScalingTarget
StepScalingPolicyConfiguration:
@@ -672,10 +697,10 @@ Resources:
MetricIntervalLowerBound: 0
DependsOn: DefaultServiceScalingTarget
- DefaultServiceScaleDownPolicy:
+ DefaultServiceScaleInPolicy:
Type: AWS::ApplicationAutoScaling::ScalingPolicy
Properties:
- PolicyName: ScaleDownPolicy
+ PolicyName: ScaleInPolicy
PolicyType: StepScaling
ScalingTargetId: !Ref DefaultServiceScalingTarget
StepScalingPolicyConfiguration:
@@ -687,16 +712,17 @@ Resources:
MetricIntervalUpperBound: 0
DependsOn: DefaultServiceScalingTarget
- DefaulServiceScaleUpAlarm:
+ DefaulServiceScaleOutAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
- EvaluationPeriods: 1
+ EvaluationPeriods: !Ref DefaultServiceScaleEvaluationPeriods
Statistic: Average
- Threshold: !Ref DefaultServiceCpuScaleUpThreshold
+ TreatMissingData: notBreaching
+ Threshold: !Ref DefaultServiceCpuScaleOutThreshold
AlarmDescription: Alarm to add capacity if CPU is high
Period: 60
AlarmActions:
- - !Ref DefaultServiceScaleUpPolicy
+ - !Ref DefaultServiceScaleOutPolicy
Namespace: AWS/ECS
Dimensions:
- Name: ClusterName
@@ -707,18 +733,19 @@ Resources:
MetricName: CPUUtilization
DependsOn:
- DefaultFargateService
- - DefaultServiceScaleUpPolicy
+ - DefaultServiceScaleOutPolicy
- DefaulServiceScaleDownAlarm:
+ DefaulServiceScaleInAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
- EvaluationPeriods: 1
+ EvaluationPeriods: !Ref DefaultServiceScaleEvaluationPeriods
Statistic: Average
- Threshold: !Ref DefaultServiceCpuScaleDownThreshold
+ TreatMissingData: notBreaching
+ Threshold: !Ref DefaultServiceCpuScaleInThreshold
AlarmDescription: Alarm to reduce capacity if container CPU is low
Period: 300
AlarmActions:
- - !Ref DefaultServiceScaleDownPolicy
+ - !Ref DefaultServiceScaleInPolicy
Namespace: AWS/ECS
Dimensions:
- Name: ClusterName
@@ -729,7 +756,7 @@ Resources:
MetricName: CPUUtilization
DependsOn:
- DefaultFargateService
- - DefaultServiceScaleDownPolicy
+ - DefaultServiceScaleInPolicy
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
@@ -751,8 +778,7 @@ Resources:
Type: AWS::CloudWatch::Alarm
Condition: IsLBAlarmEnabled
Properties:
- AlarmName: LoadBalancer Latency Alarm
- AlarmDescription: !Sub LB latency is over ${LoadBalancerLatencySeconds} for ${LoadBalancerAlarmEvaluationPeriods} period(s) of ${LoadBalancerAlarmEvaluationPeriodSeconds} seconds
+ AlarmDescription: !Sub LB latency is over ${LoadBalancerLatencySeconds} second(s) for ${LoadBalancerAlarmEvaluationPeriods} period(s) of ${LoadBalancerAlarmEvaluationPeriodSeconds} seconds
TreatMissingData: notBreaching
AlarmActions:
- !Ref LoadBalancerAlarmTopic
@@ -811,12 +837,12 @@ Outputs:
DefaultFargateServiceArn:
Value: !Ref DefaultFargateService
Export:
- Name: !Sub ${AWS::StackName}DefaultFargateServiceArn
+ Name: !Sub ${AWS::StackName}-DefaultFargateServiceArn
DefaultFargateServiceName:
Value: !GetAtt DefaultFargateService.Name
Export:
- Name: !Sub ${AWS::StackName}DefaultFargateServiceName
+ Name: !Sub ${AWS::StackName}-DefaultFargateServiceName
ApplicationLoadBalancerArn:
Value: !Ref ApplicationLoadBalancer
@@ -824,7 +850,7 @@ Outputs:
Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerArn
ApplicationLoadBalancerDnsName:
- Value: !GetAtt ApplicationLoadBalancer.DNSName
+ Value: !If [ CreateRoute53Record, !Ref LoadBalancerDomainName, !GetAtt ApplicationLoadBalancer.DNSName ]
Export:
Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerDnsName
@@ -833,6 +859,11 @@ Outputs:
Export:
Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerName
+ ApplicationLoadBalancerListenerArn:
+ Value: !Ref LoadBalancerListener
+ Export:
+ Name: !Sub ${AWS::StackName}-ApplicationLoadBalancerListenerArn
+
LoadBalancerAlarmTopicArn:
Description: LoadBalancer Alarm Topic ARN
Value: !Ref LoadBalancerAlarmTopic
@@ -847,3 +878,13 @@ Outputs:
Export:
Name: !Sub ${AWS::StackName}-LoadBalancerAlarmTopicName
+ CodePipelineArtifactBucketName:
+ Value: !Ref CodePipelineArtifactBucket
+ Export:
+ Name: !Sub ${AWS::StackName}-CodePipelineArtifactBucket
+
+ CodePipelineArtifactBucketArn:
+ Value: !GetAtt CodePipelineArtifactBucket.Arn
+ Export:
+ Name: !Sub ${AWS::StackName}-CodePipelineArtifactBucketArn
+
diff --git a/vpc-bastion-eb-rds.cfn.yml b/vpc-bastion-eb-rds.cfn.yml
index b722ea6a..4482a20b 100644
--- a/vpc-bastion-eb-rds.cfn.yml
+++ b/vpc-bastion-eb-rds.cfn.yml
@@ -9,7 +9,7 @@ Parameters:
TemplateBucket:
Type: String
- Default: awslabs-startup-kit-templates-deploy-v2
+ Default: awslabs-startup-kit-templates-deploy-v3
Description: The template bucket for the CloudFormation templates
EnvironmentName:
diff --git a/vpc-bastion-fargate-rds.cfn.yml b/vpc-bastion-fargate-rds.cfn.yml
index 33bc3ac7..529b4231 100644
--- a/vpc-bastion-fargate-rds.cfn.yml
+++ b/vpc-bastion-fargate-rds.cfn.yml
@@ -9,7 +9,7 @@ Parameters:
TemplateBucket:
Type: String
- Default: awslabs-startup-kit-templates-deploy-v2
+ Default: awslabs-startup-kit-templates-deploy-v3
Description: The template bucket for the CloudFormation templates
# vpc.cfn.yml parameters
@@ -98,7 +98,7 @@ Parameters:
LoadBalancerLatencySeconds:
Description: LoadBalancer latency threshold, in seconds
Type: Number
- Default: 1
+ Default: 2
MinValue: 1
ConstraintDescription: Must be atleast one
@@ -178,15 +178,22 @@ Parameters:
MaxValue: 30720
ConstraintDescription: "Value must be between 512 and 30720 - see: https://aws.amazon.com/fargate/pricing/"
- DefaultServiceCpuScaleUpThreshold:
+ # Scaling params
+ DefaultServiceScaleEvaluationPeriods:
+ Description: The number of periods over which data is compared to the specified threshold
+ Type: Number
+ Default: 2
+ MinValue: 2
+
+ DefaultServiceCpuScaleOutThreshold:
Type: Number
- Description: Average CPU % value to trigger auto scaling up
+ Description: Average CPU % value to trigger auto scaling out
Default: 50
MinValue: 0
MaxValue: 100
ConstraintDescription: Value must be between 0 and 100
- DefaultServiceCpuScaleDownThreshold:
+ DefaultServiceCpuScaleInThreshold:
Type: Number
Description: Average CPU % value to trigger auto scaling down
Default: 25
@@ -203,7 +210,7 @@ Parameters:
DefaultTaskMaxContainerCount:
Type: Number
- Description: Maximum number of containers to run for the service when auto scaling up
+ Description: Maximum number of containers to run for the service when auto scaling out
Default: 2
MinValue: 1
ConstraintDescription: Value must be at least one
@@ -440,8 +447,9 @@ Metadata:
- HealthCheckPath
- DefaultContainerCpu
- DefaultContainerMemory
- - DefaultServiceCpuScaleUpThreshold
- - DefaultServiceCpuScaleDownThreshold
+ - DefaultServiceScaleEvaluationPeriods
+ - DefaultServiceCpuScaleOutThreshold
+ - DefaultServiceCpuScaleInThreshold
- DefaultTaskMinContainerCount
- DefaultTaskMaxContainerCount
- ContainerLogRetentionInDays
@@ -511,10 +519,12 @@ Metadata:
default: CPU
DefaultContainerMemory:
default: Memory
- DefaultServiceCpuScaleUpThreshold:
- default: Scale Up CPU
- DefaultServiceCpuScaleDownThreshold:
- default: Scale Down CPU
+ DefaultServiceScaleEvaluationPeriods:
+ default: Scale Periods
+ DefaultServiceCpuScaleOutThreshold:
+ default: Scale Out CPU
+ DefaultServiceCpuScaleInThreshold:
+ default: Scale In CPU
DefaultTaskMinContainerCount:
default: Min Containers
DefaultTaskMaxContainerCount:
@@ -674,8 +684,9 @@ Resources:
SeedDockerImage: !Ref SeedDockerImage
DefaultContainerCpu: !Ref DefaultContainerCpu
DefaultContainerMemory: !Ref DefaultContainerMemory
- DefaultServiceCpuScaleUpThreshold: !Ref DefaultServiceCpuScaleUpThreshold
- DefaultServiceCpuScaleDownThreshold: !Ref DefaultServiceCpuScaleDownThreshold
+ DefaultServiceScaleEvaluationPeriods: !Ref DefaultServiceScaleEvaluationPeriods
+ DefaultServiceCpuScaleOutThreshold: !Ref DefaultServiceCpuScaleOutThreshold
+ DefaultServiceCpuScaleInThreshold: !Ref DefaultServiceCpuScaleInThreshold
DefaultTaskMinContainerCount: !Ref DefaultTaskMinContainerCount
DefaultTaskMaxContainerCount: !Ref DefaultTaskMaxContainerCount
ContainerLogRetentionInDays: !Ref ContainerLogRetentionInDays
diff --git a/vpc-bastion-fargate.cfn.yml b/vpc-bastion-fargate.cfn.yml
index 8c9ca2dc..2baac7ec 100644
--- a/vpc-bastion-fargate.cfn.yml
+++ b/vpc-bastion-fargate.cfn.yml
@@ -9,7 +9,7 @@ Parameters:
TemplateBucket:
Type: String
- Default: awslabs-startup-kit-templates-deploy-v2
+ Default: awslabs-startup-kit-templates-deploy-v3
Description: The template bucket for the CloudFormation templates
# vpc.cfn.yml parameters
@@ -148,17 +148,24 @@ Parameters:
MaxValue: 30720
ConstraintDescription: "Value must be between 512 and 30720 - see: https://aws.amazon.com/fargate/pricing/"
- DefaultServiceCpuScaleUpThreshold:
+ # Scaling params
+ DefaultServiceScaleEvaluationPeriods:
+ Description: The number of periods over which data is compared to the specified threshold
Type: Number
- Description: Average CPU % value to trigger auto scaling up
+ Default: 2
+ MinValue: 2
+
+ DefaultServiceCpuScaleOutThreshold:
+ Type: Number
+ Description: Average CPU % value to trigger auto scaling out
Default: 50
MinValue: 0
MaxValue: 100
ConstraintDescription: Value must be between 0 and 100
- DefaultServiceCpuScaleDownThreshold:
+ DefaultServiceCpuScaleInThreshold:
Type: Number
- Description: Average CPU % value to trigger auto scaling down
+ Description: Average CPU % value to trigger auto scaling in
Default: 25
MinValue: 0
MaxValue: 100
@@ -173,7 +180,7 @@ Parameters:
DefaultTaskMaxContainerCount:
Type: Number
- Description: Maximum number of containers to run for the service when auto scaling up
+ Description: Maximum number of containers to run for the service when auto scaling out
Default: 2
MinValue: 1
ConstraintDescription: Value must be at least one
@@ -225,7 +232,7 @@ Parameters:
LoadBalancerLatencySeconds:
Description: LoadBalancer latency threshold, in seconds
Type: Number
- Default: 1
+ Default: 2
MinValue: 1
ConstraintDescription: Must be at least one
@@ -268,8 +275,9 @@ Metadata:
- HealthCheckPath
- DefaultContainerCpu
- DefaultContainerMemory
- - DefaultServiceCpuScaleUpThreshold
- - DefaultServiceCpuScaleDownThreshold
+ - DefaultServiceScaleEvaluationPeriods
+ - DefaultServiceCpuScaleOutThreshold
+ - DefaultServiceCpuScaleInThreshold
- DefaultTaskMinContainerCount
- DefaultTaskMaxContainerCount
- ContainerLogRetentionInDays
@@ -339,9 +347,11 @@ Metadata:
default: CPU
DefaultContainerMemory:
default: Memory
- DefaultServiceCpuScaleUpThreshold:
+ DefaultServiceScaleEvaluationPeriods:
+ default: Scale Periods
+ DefaultServiceCpuScaleOutThreshold:
default: Scale Up CPU
- DefaultServiceCpuScaleDownThreshold:
+ DefaultServiceCpuScaleInThreshold:
default: Scale Down CPU
DefaultTaskMinContainerCount:
default: Min Containers
@@ -419,8 +429,9 @@ Resources:
SeedDockerImage: !Ref SeedDockerImage
DefaultContainerCpu: !Ref DefaultContainerCpu
DefaultContainerMemory: !Ref DefaultContainerMemory
- DefaultServiceCpuScaleUpThreshold: !Ref DefaultServiceCpuScaleUpThreshold
- DefaultServiceCpuScaleDownThreshold: !Ref DefaultServiceCpuScaleDownThreshold
+ DefaultServiceScaleEvaluationPeriods: !Ref DefaultServiceScaleEvaluationPeriods
+ DefaultServiceCpuScaleOutThreshold: !Ref DefaultServiceCpuScaleOutThreshold
+ DefaultServiceCpuScaleInThreshold: !Ref DefaultServiceCpuScaleInThreshold
DefaultTaskMinContainerCount: !Ref DefaultTaskMinContainerCount
DefaultTaskMaxContainerCount: !Ref DefaultTaskMaxContainerCount
ContainerLogRetentionInDays: !Ref ContainerLogRetentionInDays
diff --git a/vpc-bastion.cfn.yml b/vpc-bastion.cfn.yml
index bfba0025..de3986da 100644
--- a/vpc-bastion.cfn.yml
+++ b/vpc-bastion.cfn.yml
@@ -9,7 +9,7 @@ Parameters:
TemplateBucket:
Type: String
- Default: awslabs-startup-kit-templates-deploy-v2
+ Default: awslabs-startup-kit-templates-deploy-v3
Description: The template bucket for the CloudFormation templates
AvailabilityZone1:
diff --git a/vpc.cfn.yml b/vpc.cfn.yml
index 12f2f889..bcdcc40b 100644
--- a/vpc.cfn.yml
+++ b/vpc.cfn.yml
@@ -8,7 +8,7 @@ Parameters:
TemplateBucket:
Type: String
- Default: awslabs-startup-kit-templates-deploy-v2
+ Default: awslabs-startup-kit-templates-deploy-v3
Description: The template bucket for the CloudFormation templates
AvailabilityZone1: