wip add flower service

briancaffey · briancaffey · commit 19d9232c7329 · 2020-05-25T19:50:01.000-04:00
diff --git a/awscdk/awscdk/flower.py b/awscdk/awscdk/flower.py
@@ -0,0 +1,72 @@
+import os
+
+from aws_cdk import (
+    core,
+    aws_ec2 as ec2,
+    aws_ecs as ecs,
+    aws_logs as logs,
+    aws_cloudformation as cloudformation,
+    aws_elasticloadbalancingv2 as elbv2,
+)
+
+
+class FlowerServiceStack(cloudformation.NestedStack):
+    def __init__(self, scope: core.Construct, id: str, **kwargs,) -> None:
+        super().__init__(
+            scope, id, **kwargs,
+        )
+
+        self.flower_task = ecs.FargateTaskDefinition(self, "FlowerTask")
+
+        FLOWER_PASSWORD = os.environ.get("FLOWER_PASSWORD", "flowerpassword")
+        REDIS_SERVICE_HOST = (
+            scope.elasticache.elasticache.attr_redis_endpoint_address
+        )
+        CELERY_BROKER_URL = f"redis://{REDIS_SERVICE_HOST}:6379/0"
+        self.flower_task.add_container(
+            "BackendContainer",
+            image=ecs.ContainerImage.from_registry("mher/flower"),
+            logging=ecs.LogDrivers.aws_logs(
+                stream_prefix="FlowerContainer",
+                log_retention=logs.RetentionDays.ONE_DAY,
+            ),
+            command=[
+                "--url_prefix=flower",
+                f"--broker={CELERY_BROKER_URL}",
+                f"--basic_auth=flower:{FLOWER_PASSWORD}",
+            ],
+        )
+
+        scope.backend_assets_bucket.grant_read_write(
+            self.backend_task.task_role
+        )
+
+        for secret in [scope.variables.django_secret_key, scope.rds.db_secret]:
+            secret.grant_read(self.backend_task.task_role)
+
+        port_mapping = ecs.PortMapping(
+            container_port=5555, protocol=ecs.Protocol.TCP
+        )
+        self.flower_task.default_container.add_port_mappings(port_mapping)
+
+        self.flower_service = ecs.FargateService(
+            self,
+            "FlowerService",
+            task_definition=self.flower_task,
+            assign_public_ip=True,
+            cluster=scope.ecs.cluster,
+            security_group=ec2.SecurityGroup.from_security_group_id(
+                self,
+                "BackendServiceSecurityGroup",
+                security_group_id=scope.vpc.vpc_default_security_group,
+            ),
+        )
+
+        scope.https_listener.add_targets(
+            "BackendTarget",
+            port=80,
+            targets=[self.flower_service],
+            priority=1,
+            path_patterns=["/flower/*"],
+            health_check=elbv2.HealthCheck(healthy_http_codes="200-401",),
+        )
diff --git a/cloudformation/services/flower.yaml b/cloudformation/services/flower.yaml
@@ -2,7 +2,6 @@ Description: >
   This is an example of a long running ECS service that serves a JSON API of products.
 
 Parameters:
-
   StackName:
     Description: The name of the stack
     Type: String
@@ -37,15 +36,13 @@ Parameters:
     Type: String
 
 Resources:
-
   FlowerService:
     Type: AWS::ECS::Service
     DependsOn: FlowerListenerRule
     Properties:
       # Cluster: !Ref ECSCluster
       Cluster:
-        Fn::ImportValue:
-          !Sub ${StackName}:ECSCluster
+        Fn::ImportValue: !Sub ${StackName}:ECSCluster
       Role: !Ref ServiceRole
       DesiredCount: !Ref DesiredCount
       TaskDefinition: !Ref FlowerTaskDefinition
@@ -64,7 +61,7 @@ Resources:
           Image: mher/flower
           Memory: 128
           Command:
-            - 'flower'
+            - "flower"
             - !Sub "--broker=redis://${ElastiCacheHost}:6379//"
             - !Sub "--basic_auth=${FlowerUsername}:${FlowerPassword}"
           PortMappings:
@@ -85,8 +82,7 @@ Resources:
     Type: AWS::ElasticLoadBalancingV2::TargetGroup
     Properties:
       VpcId:
-        Fn::ImportValue:
-          !Sub ${StackName}:VpcId
+        Fn::ImportValue: !Sub ${StackName}:VpcId
       Port: 80
       Protocol: HTTP
       Matcher:
