11Resources :
2- WebserverExternalSecurityGroup :
2+ workerSecurityGroup :
33 Type : AWS::EC2::SecurityGroup
44 Properties :
5- GroupDescription : Security group for Airflow webserver. Allow all inbound traffic.
6- GroupName : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "webserver-external -security-group"]]
5+ GroupDescription : Security group for Airflow workers
6+ GroupName : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "worker -security-group"]]
77 SecurityGroupEgress :
88 - CidrIp : 0.0.0.0/0
99 FromPort : 0
1010 IpProtocol : -1
1111 ToPort : 0
1212 SecurityGroupIngress :
13- - CidrIp : 0.0.0.0/0
14- FromPort : 80
15- IpProtocol : tcp
16- ToPort : 80
17- VpcId : !ImportValue network-VpcId
18- Tags :
19- - Key : Name
20- Value : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "webserver-external-security-group"]]
21-
22- WebserverInternalSecurityGroup :
23- Type : AWS::EC2::SecurityGroup
24- Properties :
25- GroupDescription : Security group for Airflow webserver.
26- GroupName : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "webserver-internal-security-group"]]
27- SecurityGroupEgress :
28- - CidrIp : 0.0.0.0/0
29- FromPort : 0
30- IpProtocol : -1
31- ToPort : 0
32- SecurityGroupIngress :
33- - SourceSecurityGroupId : !GetAtt WebserverExternalSecurityGroup.GroupId
34- FromPort : 8080
13+ - CidrIp : !Join ["/", [!ImportValue parameter-CidrBlock, "16"]]
14+ FromPort : 8793
3515 IpProtocol : tcp
36- ToPort : 8080
16+ ToPort : 8793
3717 VpcId : !ImportValue network-VpcId
3818 Tags :
3919 - Key : Name
40- Value : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "webserver-internal -security-group"]]
20+ Value : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "worker -security-group"]]
4121
42- WebserverTaskDefinition :
22+ workerTaskDefinition :
4323 Type : AWS::ECS::TaskDefinition
4424 Properties :
45- Cpu : 1024
25+ Cpu : 512
4626 Memory : 2048
4727 ExecutionRoleArn : !ImportValue iam-ECSTaskRoleArn
48- Family : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "webserver -task-definition"]]
28+ Family : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "worker -task-definition"]]
4929 NetworkMode : awsvpc
5030 RequiresCompatibilities :
5131 - FARGATE
5232 ContainerDefinitions :
53- - Name : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "webserver "]]
33+ - Name : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "worker "]]
5434 Image : !Sub
5535 - " ${AWS::AccountId}.dkr.ecr.${aws_region}.amazonaws.com/${ecr_repository}:${image_version}"
5636 - aws_region : !ImportValue parameter-AwsRegion
5737 ecr_repository : !ImportValue ecs-AirflowDockerRepositoryName
5838 image_version : !ImportValue parameter-ImageVersion
5939 Essential : true
6040 PortMappings :
61- - ContainerPort : 8080
62- HostPort : 8080
41+ - ContainerPort : 8793
42+ HostPort : 8793
6343 Command :
64- - webserver
44+ - worker
6545 Environment :
6646 - Name : REDIS_HOST
6747 Value : !ImportValue redis-CeleryBackendHost
@@ -94,7 +74,7 @@ Resources:
9474 service : !ImportValue parameter-ServiceName
9575 environment : !ImportValue parameter-Environment
9676 awslogs-region : !ImportValue parameter-AwsRegion
97- awslogs-stream-prefix : webserver
77+ awslogs-stream-prefix : worker
9878 Tags :
9979 - Key : Name
100- Value : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "webserver -task-definition"]]
80+ Value : !Join ["-", [!ImportValue parameter-ServiceName, !ImportValue parameter-Environment, "worker -task-definition"]]
0 commit comments