tb_pulumi.fargate¶

Infrastructural patterns related to AWS Fargate.

class tb_pulumi.fargate.FargateClusterWithLogging(name: str, project: ThunderbirdPulumiProject, subnets: list[str], assign_public_ip: bool = False, container_security_groups: list[str] = [], desired_count: int = 1, ecr_resources: list = ['*'], enable_container_insights: bool = False, health_check_grace_period_seconds: int = None, internal: bool = True, key_deletion_window_in_days: int = 7, load_balancer_security_groups: list[str] = [], services: dict = {}, task_definition: dict = {}, opts: ResourceOptions = None, **kwargs)¶

Bases: ThunderbirdComponentResource

Pulumi Type: tb:fargate:FargateClusterWithLogging

Builds a Fargate cluster running a variable number of tasks. Logs from these tasks will be sent to CloudWatch.

Produces the following resources:

cluster - The aws.ecs.Cluster.

log_group - aws.cloudwatch.LogGroup where these tasks send their logs.

log_key - aws.kms.Key used to encrypt log contents.

fargate_service_alb - tb_pulumi.fargate.FargateServiceAlb balancing traffic between these tasks.

policy_exec - aws.iam.Policy allowing the service access to other resources needed to launch tasks.

policy_log_sending - aws.iam.Policy allowing tasks to send logs to their log group.

service - aws.ecs.Service managing the tasks.

task_role - aws.iam.Role used for executing tasks in this cluster.

task_definition - aws.ecs.TaskDefinition describing the properties of the tasks being managed.

Parameters:

name (str) – A string identifying this set of resources.
project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.
subnets (list[str]) – A list of subnet IDs to build Fargate containers on. There must be at least one subnet to use.
assign_public_ip (bool, optional) – When True, containers will receive Internet-facing network interfaces. Must be enabled for Fargate-backed containers to talk out to the net. Defaults to False.
container_security_groups (list[str], optional) – List of security group IDs which will attach to the containers/tasks running in this cluster. Defaults to [].
desired_count (int, optional) – The number of containers the service should target to run. Defaults to 1.
ecr_resources (list, optional) – The containers will be granted permissions to pull images from ECR. If you would like to restrict these permissions, supply this argument as a list of ARNs as they would appear in an IAM Policy. Defaults to [‘*’].
enable_container_insights (bool, optional) – When True, enables advanced CloudWatch metrics collection. Defaults to False.
health_check_grace_period_seconds (int, optional) – Time to wait for a container to come online before attempting health checks. This can be used to prevent accidental health check failures. Defaults to None.
internal (bool, optional) – Whether traffic should be accepted from the Internet (False) or not (True). Defaults to True.
key_deletion_window_in_days (int, optional) – Number of days after the KMS key is deleted that it will be recoverable. If you need to forcibly delete a key, set this to 0. Defaults to 7.
load_balancer_security_groups (list[str], optional) – List of security group IDs which will attach to the load balancers created for these services.

services (dict, optional) –

A dict defining the ports to use when routing requests to each service. The keys should be the name of the service as described in a container definition. The values should be dicts supporting the options shown below. If no listenter_port is specified, the container_port will be used. The container_name is the name of a container as specified in a container definition which can receive this traffic.

{'web_portal': {
    'container_port': 8080,
    'container_name': 'web_backend',
    'listener_cert_arn': 'arn:aws:acm:region:account:certificate/id',
    'listener_port': 443,
    'listener_proto': 'HTTPS',
    'name': 'Arbitrary name for the ALB; must be unique and no longer than 32 characters.',
    'health_check': {
        # Keys match parameters listed here:
        # https://www.pulumi.com/registry/packages/aws/api-docs/alb/targetgroup/#targetgrouphealthcheck
    }
}}

Defaults to {}.

task_definition (dict, optional) – A dict representing an ECS task definition. Defaults to {}.
opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.
kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.

Raises:

IndexError – Thrown if the list of subnets is empty.

task_definition(task_def: dict, family: str, log_group_name: str, aws_region: str, tags: dict, task_role_arn: str, dependencies: list[Resource] = []) → TaskDefinition¶

Returns an ECS task definition resource.

Parameters:

task_def (dict) – A dict defining the task definition template which needs modification.
family (str) – A unique name for the task definition.
log_group_name (str) – Name of the log group to ship logs to.
aws_region (str) – AWS region to build in.
tags (dict, optional) – Key/value pairs to merge with the default tags which get applied to all resources in this group. Defaults to {}.
task_role_arn (str) – ARN of the IAM role the task will run as.
dependencies (list[pulumi.Resource]) – List of Resources this task definition is dependent upon.

Returns:

A TaskDefinition Resource

Return type:

aws.ecs.TaskDefinition

class tb_pulumi.fargate.FargateServiceAlb(name: str, project: ThunderbirdPulumiProject, subnets: list[Output], internal: bool = True, security_groups: list[str] = [], services: dict = {}, opts: ResourceOptions = None, **kwargs)¶

Bases: ThunderbirdComponentResource

Pulumi Type: tb:fargate:FargateServiceAlb

Builds an ALB with all of its constituent components to serve traffic for a set of ECS services. ECS does not allow reuse of a single ALB with multiple listeners, so if there are multiple services, multiple ALBs will be constructed.

Produces the following resources:

albs - Dict where the keys match the keys of the services parameter and the values are the aws.lb.LoadBalancers created for those services.

listeners - Dict where the keys match the keys of the services parameter and the values are the aws.lb.Listeners created for the load balancers for those services.

target_groups - Dict where the keys match the keys of the services parameter and the values are the aws.lb.TargetGroups created for the listeners for those services. Importantly, Fargate services manage their own targets, so this module does not track any target group attachments.

Parameters:

name (str) – A string identifying this set of resources.
project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.
subnets (list[pulumi.Output]) – A list of subnet resources (pulumi outputs) to attach the ALB to.
internal (bool, optional) – Whether traffic should be accepted from the Internet (False) or not (True). Defaults to True.
security_groups (list[str], optional) – A list of security group IDs to attach to the load balancer. Defaults to [].

services (dict, optional) –

{'web_portal': {
    'container_port': 8080,
    'container_name': 'web_backend',
    'listener_cert_arn': 'arn:aws:acm:region:account:certificate/id',
    'listener_port': 443,
    'listener_proto': 'HTTPS',
    'name': 'Arbitrary name for the ALB; must be unique and no longer than 32 characters.',
    'health_check': {
        # Keys match parameters listed here:
        # https://www.pulumi.com/registry/packages/aws/api-docs/alb/targetgroup/#targetgrouphealthcheck
    }
}}

Defaults to {}.

opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.
kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.