Skip to content

Instantly share code, notes, and snippets.

@swarupdonepudi

swarupdonepudi/template.yaml

Last active May 12, 2025 13:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save swarupdonepudi/323bfd4f39ff62b9398ff7a720daead3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save swarupdonepudi/323bfd4f39ff62b9398ff7a720daead3 to your computer and use it in GitHub Desktop.
Download ZIP
aws-ecs infra-chart template
Raw
template.yaml
---
apiVersion: aws.project-planton.org/v1
kind: AwsEcrRepo
metadata:
env: dev
name: ecr-repo
org: acmecorp
spec:
encryptionType: AES256
imageImmutable: true
repositoryName: shopping-cart-service
---
apiVersion: aws.project-planton.org/v1
kind: AwsEcsCluster
metadata:
env: dev
name: ecs-cluster
org: acmecorp
spec:
capacityProviders:
- FARGATE
- FARGATE_SPOT
---
apiVersion: aws.project-planton.org/v1
kind: AwsVpc
metadata:
env: dev
name: dev-vpc
org: acmecorp
spec:
availabilityZones:
- us-east-1a
- us-east-1b
isDnsHostnamesEnabled: true
isDnsSupportEnabled: true
isNatGatewayEnabled: true
subnetSize: 24
subnetsPerAvailabilityZone: 1
vpcCidr: 10.0.0.0/16
---
apiVersion: aws.project-planton.org/v1
kind: AwsSecurityGroup
metadata:
env: dev
name: dev-http-ingress-and-all-egress
org: acmecorp
spec:
description: allow ingress on http/s ports and egress on all ports
egress:
- description: allow all
ipv4Cidrs:
- 0.0.0.0/0
protocol: "-1"
ingress:
- description: http from anywhere planton
fromPort: 80
ipv4Cidrs:
- 0.0.0.0/0
protocol: TCP
toPort: 443
- description: Allow on 8080
fromPort: 8080
ipv4Cidrs:
- 0.0.0.0/0
protocol: TCP
toPort: 8080
vpcId:
valueFrom:
fieldPath: status.outputs.vpcId
kind: AwsVpc
name: dev-vpc
---
apiVersion: aws.project-planton.org/v1
kind: AwsRoute53Zone
metadata:
env: dev
name: example.com
org: acmecorp
spec: {}
---
apiVersion: aws.project-planton.org/v1
kind: AwsCertManagerCert
metadata:
env: dev
name: dev-alb-cert
org: acmecorp
spec:
primaryDomainName: app.example.com
route53HostedZoneId:
valueFrom:
fieldPath: status.outputs.zoneId
kind: AwsRoute53Zone
name: example.com
validationMethod: DNS
---
apiVersion: aws.project-planton.org/v1
kind: AwsAlb
metadata:
env: dev
name: dev-ecs-services-alb
org: acmecorp
spec:
dns:
enabled: true
hostnames:
- app.example.com
route53ZoneId:
valueFrom:
fieldPath: status.outputs.zoneId
kind: AwsRoute53Zone
name: example.com
idleTimeoutSeconds: 60
securityGroups:
- valueFrom:
fieldPath: status.outputs.securityGroupId
kind: AwsSecurityGroup
name: dev-http-ingress-and-all-egress
ssl:
certificateArn:
valueFrom:
fieldPath: status.outputs.certArn
kind: AwsCertManagerCert
name: dev-alb-cert
enabled: true
subnets:
- valueFrom:
fieldPath: status.outputs.publicSubnets.[0].id
kind: AwsVpc
name: dev-vpc
- valueFrom:
fieldPath: status.outputs.publicSubnets.[1].id
kind: AwsVpc
name: dev-vpc
---
apiVersion: aws.project-planton.org/v1
kind: AwsIamRole
metadata:
env: dev
name: dev-ecs-task-execution-role
org: acmecorp
spec:
description: IAM role for ECS tasks to pull images and write logs
inlinePolicies:
extraLoggingPermissions:
Statement:
- Action:
- logs:CreateLogGroup
Effect: Allow
Resource: '*'
Sid: CreateCloudWatchGroups
Version: "2012-10-17"
s3ReadPermissions:
Statement:
- Action:
- s3:ListBucket
Effect: Allow
Resource: arn:aws:s3:::*
- Action:
- s3:GetObject
Effect: Allow
Resource: arn:aws:s3:::*/*
Version: "2012-10-17"
managedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
path: /service-role/
trustPolicy:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Version: "2012-10-17"
~/scm/github.com/plantoncloud/quick-start-infra-charts  main   18:40:00
❯ planton chart build --dir aws-ecs|pbcopy
---
apiVersion: aws.project-planton.org/v1
kind: AwsEcrRepo
metadata:
env: dev
name: ecr-repo
org: acmecorp
spec:
encryptionType: AES256
imageImmutable: true
repositoryName: shopping-cart-service
---
apiVersion: aws.project-planton.org/v1
kind: AwsEcsCluster
metadata:
env: dev
name: ecs-cluster
org: acmecorp
spec:
capacityProviders:
- FARGATE
- FARGATE_SPOT
---
apiVersion: aws.project-planton.org/v1
kind: AwsVpc
metadata:
env: dev
name: dev-vpc
org: acmecorp
spec:
availabilityZones:
- us-east-1a
- us-east-1b
isDnsHostnamesEnabled: true
isDnsSupportEnabled: true
isNatGatewayEnabled: true
subnetSize: 24
subnetsPerAvailabilityZone: 1
vpcCidr: 10.0.0.0/16
---
apiVersion: aws.project-planton.org/v1
kind: AwsSecurityGroup
metadata:
env: dev
name: dev-http-ingress-and-all-egress
org: acmecorp
spec:
description: allow ingress on http/s ports and egress on all ports
egress:
- description: allow all
ipv4Cidrs:
- 0.0.0.0/0
protocol: "-1"
ingress:
- description: http from anywhere planton
fromPort: 80
ipv4Cidrs:
- 0.0.0.0/0
protocol: TCP
toPort: 443
- description: Allow on 8080
fromPort: 8080
ipv4Cidrs:
- 0.0.0.0/0
protocol: TCP
toPort: 8080
vpcId:
valueFrom:
fieldPath: status.outputs.vpcId
kind: AwsVpc
name: dev-vpc
---
apiVersion: aws.project-planton.org/v1
kind: AwsRoute53Zone
metadata:
env: dev
name: example.com
org: acmecorp
spec: {}
---
apiVersion: aws.project-planton.org/v1
kind: AwsCertManagerCert
metadata:
env: dev
name: dev-alb-cert
org: acmecorp
spec:
primaryDomainName: app.example.com
route53HostedZoneId:
valueFrom:
fieldPath: status.outputs.zoneId
kind: AwsRoute53Zone
name: example.com
validationMethod: DNS
---
apiVersion: aws.project-planton.org/v1
kind: AwsAlb
metadata:
env: dev
name: dev-ecs-services-alb
org: acmecorp
spec:
dns:
enabled: true
hostnames:
- app.example.com
route53ZoneId:
valueFrom:
fieldPath: status.outputs.zoneId
kind: AwsRoute53Zone
name: example.com
idleTimeoutSeconds: 60
securityGroups:
- valueFrom:
fieldPath: status.outputs.securityGroupId
kind: AwsSecurityGroup
name: dev-http-ingress-and-all-egress
ssl:
certificateArn:
valueFrom:
fieldPath: status.outputs.certArn
kind: AwsCertManagerCert
name: dev-alb-cert
enabled: true
subnets:
- valueFrom:
fieldPath: status.outputs.publicSubnets.[0].id
kind: AwsVpc
name: dev-vpc
- valueFrom:
fieldPath: status.outputs.publicSubnets.[1].id
kind: AwsVpc
name: dev-vpc
---
apiVersion: aws.project-planton.org/v1
kind: AwsIamRole
metadata:
env: dev
name: dev-ecs-task-execution-role
org: acmecorp
spec:
description: IAM role for ECS tasks to pull images and write logs
inlinePolicies:
extraLoggingPermissions:
Statement:
- Action:
- logs:CreateLogGroup
Effect: Allow
Resource: '*'
Sid: CreateCloudWatchGroups
Version: "2012-10-17"
s3ReadPermissions:
Statement:
- Action:
- s3:ListBucket
Effect: Allow
Resource: arn:aws:s3:::*
- Action:
- s3:GetObject
Effect: Allow
Resource: arn:aws:s3:::*/*
Version: "2012-10-17"
managedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
path: /service-role/
trustPolicy:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Version: "2012-10-17"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment