tb_pulumi.fargate¶

Infrastructural patterns related to AWS Fargate.

class tb_pulumi.fargate.FargateClusterWithLogging(name: str, project: ThunderbirdPulumiProject, subnets: list[str], assign_public_ip: bool = False, desired_count: int = 1, ecr_resources: list = ['*'], enable_container_insights: bool = False, health_check_grace_period_seconds: int = None, internal: bool = True, key_deletion_window_in_days: int = 7, security_groups: list[str] = [], services: dict = {}, task_definition: dict = {}, opts: ResourceOptions = None, **kwargs)¶

Bases: ThunderbirdComponentResource

Builds a Fargate cluster running a variable number of tasks. Logs from these tasks will be sent to CloudWatch.

Parameters:

name (str) – A string identifying this set of resources.
project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.
subnets (list[str]) – A list of subnet IDs to build Fargate containers on. There must be at least one subnet to use.
assign_public_ip (bool, optional) – When True, containers will receive Internet-facing network interfaces. Must be enabled for Fargate-backed containers to talk out to the net. Defaults to False.
desired_count (int, optional) – The number of containers the service should target to run. Defaults to 1.
ecr_resources (list, optional) – The containers will be granted permissions to pull images from ECR. If you would like to restrict these permissions, supply this argument as a list of ARNs as they would appear in an IAM Policy. Defaults to [‘*’].
enable_container_insights (bool, optional) – When True, enables advanced CloudWatch metrics collection. Defaults to False.
health_check_grace_period_seconds (int, optional) – Time to wait for a container to come online before attempting health checks. This can be used to prevent accidental health check failures. Defaults to None.
internal (bool, optional) – Whether traffic should be accepted from the Internet (False) or not (True). Defaults to True.
key_deletion_window_in_days (int, optional) – Number of days after the KMS key is deleted that it will be recoverable. If you need to forcibly delete a key, set this to 0. Defaults to 7.
security_groups (list[str], optional) – A list of security group IDs to attach to the load balancer. Defaults to [].

services (dict, optional) –

A dict defining the ports to use when routing requests to each service. The keys should be the name of the service as described in a container definition. The values should be dicts supporting the options shown below. If no listenter_port is specified, the container_port will be used. The container_name is the name of a container as specified in a container definition which can receive this traffic.

{'web_portal': {
    'container_port': 8080,
    'container_name': 'web_backend',
    'listener_cert_arn': 'arn:aws:acm:region:account:certificate/id',
    'listener_port': 443,
    'listener_proto': 'HTTPS',
    'name': 'Arbitrary name for the ALB; must be unique and no longer than 32 characters.',
    'health_check': {
        # Keys match parameters listed here:
        # https://www.pulumi.com/registry/packages/aws/api-docs/alb/targetgroup/#targetgrouphealthcheck
    }
}}

Defaults to {}.

task_definition (dict, optional) – A dict representing an ECS task definition. Defaults to {}.
opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.
kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.

Raises:

IndexError – Thrown if the list of subnets is empty.

task_definition(task_def: dict, family: str, log_group_name: str, aws_region: str, task_role_arn: str) → TaskDefinition¶

Returns an ECS task definition resource.

Parameters:

task_def (dict) – A dict defining the task definition template which needs modification.
family (str) – A unique name for the task definition.
log_group_name (str) – Name of the log group to ship logs to.
aws_region (str) – AWS region to build in.
task_role_arn (str) – ARN of the IAM role the task will run as.

Returns:

A TaskDefinition Resource

Return type:

aws.ecs.TaskDefinition

class tb_pulumi.fargate.FargateServiceAlb(name: str, project: ThunderbirdPulumiProject, subnets: list[Output], internal: bool = True, security_groups: list[str] = [], services: dict = {}, opts: ResourceOptions = None, **kwargs)¶

Bases: ThunderbirdComponentResource

Builds an ALB with all of its constituent components to serve traffic for a set of ECS services. ECS does not allow reuse of a single ALB with multiple listeners, so if there are multiple services, multiple ALBs will be constructed.

Parameters:

name (str) – A string identifying this set of resources.
project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.
subnets (list[pulumi.Output]) – A list of subnet resources (pulumi outputs) to attach the ALB to.
internal (bool, optional) – Whether traffic should be accepted from the Internet (False) or not (True). Defaults to True.
security_groups (list[str], optional) – A list of security group IDs to attach to the load balancer. Defaults to [].

services (dict, optional) –

{'web_portal': {
    'container_port': 8080,
    'container_name': 'web_backend',
    'listener_cert_arn': 'arn:aws:acm:region:account:certificate/id',
    'listener_port': 443,
    'listener_proto': 'HTTPS',
    'name': 'Arbitrary name for the ALB; must be unique and no longer than 32 characters.',
    'health_check': {
        # Keys match parameters listed here:
        # https://www.pulumi.com/registry/packages/aws/api-docs/alb/targetgroup/#targetgrouphealthcheck
    }
}}

Defaults to {}.

opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.
kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.