Move WordPress tasks to Fargate

Author: farski

theworld/terra/templates/apps/wordpress.yml

@@ -33,13 +33,16 @@ Parameters:
   RootStackName: { Type: String }
   RootStackId: { Type: String }
   VpcId: { Type: AWS::EC2::VPC::Id }
+  VpcPublicSubnet1Id: { Type: AWS::EC2::Subnet::Id }
+  VpcPublicSubnet2Id: { Type: AWS::EC2::Subnet::Id }
+  VpcPublicSubnet3Id: { Type: AWS::EC2::Subnet::Id }
   EcrImageTag: { Type: AWS::SSM::Parameter::Value<String> }
   AlbListenerRulePriorityPrefix: { Type: String }
-  Aarch64AsgCapacityProviderName: { Type: String }
   MysqlHostname: { Type: String }
   ValkeyHostname: { Type: String }
   ValkeyPort: { Type: String }
   AlbAccessToken: { Type: AWS::SSM::Parameter::Value<String> }
+  SharedEcsAsgInstanceSecurityGroupId: { Type: AWS::EC2::SecurityGroup::Id }
 
 Conditions:
   IsProduction: !Equals [!Ref EnvironmentType, Production]
@@ -183,6 +186,7 @@ Resources:
       TargetGroupAttributes:
         - Key: deregistration_delay.timeout_seconds
           Value: "30"
+      TargetType: ip
       Tags:
         - { Key: Name, Value: !Sub "${RootStackName}_wordpress" }
         - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
@@ -261,24 +265,27 @@ Resources:
   WebEcsService:
     Type: AWS::ECS::Service
     Properties:
-      CapacityProviderStrategy:
-        - Base: 0
-          CapacityProvider: !Ref Aarch64AsgCapacityProviderName
-          Weight: 1
       Cluster: !Ref EcsClusterArn
       DeploymentConfiguration:
         MaximumPercent: 200
         MinimumHealthyPercent: 50
       DesiredCount: !If [IsProduction, 5, 1]
       EnableECSManagedTags: true
       EnableExecuteCommand: true
+      LaunchType: FARGATE
       LoadBalancers:
         - ContainerName: !Ref kWebContainerName
           ContainerPort: !Ref kWebApplicationPort
           TargetGroupArn: !Ref WebTargetGroup
-      PlacementConstraints:
-        - Type: memberOf
-          Expression: attribute:ecs.cpu-architecture == arm64
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          AssignPublicIp: ENABLED
+          SecurityGroups:
+            - !Ref SharedEcsAsgInstanceSecurityGroupId
+          Subnets:
+            - !Ref VpcPublicSubnet1Id
+            - !Ref VpcPublicSubnet2Id
+            - !Ref VpcPublicSubnet3Id
       PropagateTags: TASK_DEFINITION
       Tags:
         - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
@@ -308,9 +315,10 @@ Resources:
   WebTaskDefinition:
     Type: AWS::ECS::TaskDefinition
     Properties:
+      Cpu: !If [IsProduction, 2048, 512] # 512 = 0.5 vCPU, 2048 = 2 vCPU, etc
+      Memory: !If [IsProduction, 8192, 2048]
       ContainerDefinitions:
-        - Cpu: 100 # Currently we don't use CPU reservations for anything meaningful
-          Environment:
+        - Environment:
             - Name: PRX_ENVIRONMENT
               Value: !Ref EnvironmentTypeLowercase
             - Name: DB_HOST
@@ -373,17 +381,10 @@ Resources:
               awslogs-group: !Ref WebTaskLogGroup
               awslogs-region: !Ref AWS::Region
               awslogs-stream-prefix: ecs
-          # Memory and MemoryReservation values are based on current instances
-          # sizes, ensuring that only 1 WordPress task is running on any
-          # instance
-          # Prod: c8g.xlarge => 8 GiB
-          # Stag: t4g.small => 2 GiB
-          Memory: !If [IsProduction, 7650, 1800]
-          MemoryReservation: !If [IsProduction, 4111, 1111]
           Name: !Ref kWebContainerName
           PortMappings:
             - ContainerPort: !Ref kWebApplicationPort
-              HostPort: 0
+              Protocol: tcp
           Secrets:
             - Name: AUTH_KEY
               ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/auth-key
@@ -416,7 +417,9 @@ Resources:
             - Name: DB_PASSWORD
               ValueFrom: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/mysql/password
       ExecutionRoleArn: !GetAtt ExecutionRole.Arn
-      NetworkMode: bridge
+      NetworkMode: awsvpc
+      RequiresCompatibilities:
+        - FARGATE
       Tags:
         - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
         - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }

theworld/terra/templates/root.yml

@@ -440,6 +440,9 @@ Resources:
         EcsClusterName: !GetAtt SharedEcsClusterStack.Outputs.EcsClusterName
         EcsClusterArn: !GetAtt SharedEcsClusterStack.Outputs.EcsClusterArn
         VpcId: !GetAtt SharedVpcStack.Outputs.VpcId
+        VpcPublicSubnet1Id: !GetAtt SharedVpcStack.Outputs.PublicSubnet1Id
+        VpcPublicSubnet2Id: !GetAtt SharedVpcStack.Outputs.PublicSubnet2Id
+        VpcPublicSubnet3Id: !GetAtt SharedVpcStack.Outputs.PublicSubnet3Id
         EcrImageTag: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/pkg/docker-image-tag
         AlbListenerRulePriorityPrefix: !FindInMap [SharedAlbListenerRulePriorityMap, WordPress, prefix]
         EnvironmentType: !Ref EnvironmentType
@@ -448,11 +451,11 @@ Resources:
         RegionMode: !FindInMap [RegionModeMap, !Ref "AWS::Region", !Ref EnvironmentType]
         RootStackName: !Ref AWS::StackName
         RootStackId: !Ref AWS::StackId
-        Aarch64AsgCapacityProviderName: !GetAtt SharedEcsAsgAarch64Stack.Outputs.CapacityProviderName
         MysqlHostname: !GetAtt SharedAuroraMysqlStack.Outputs.DbHostname
         ValkeyHostname: !GetAtt SharedValkeyStack.Outputs.CacheEndpointAddress
         ValkeyPort: !GetAtt SharedValkeyStack.Outputs.CacheEndpointPort
         AlbAccessToken: !Sub /prx/${EnvironmentTypeAbbreviation}/Terra/The_World-WordPress/alb-access-token
+        SharedEcsAsgInstanceSecurityGroupId: !GetAtt SharedEcsAsgSecurityGroupStack.Outputs.InstanceSecurityGroupId
       Tags:
         "prx:meta:tagging-version": "2021-04-07"
         "prx:cloudformation:stack-name": !Ref AWS::StackName

theworld/terra/templates/shared-alb.yml

@@ -25,7 +25,6 @@ Parameters:
   CertificateArn: { Type: String }
   MaintenanceMode: { Type: String, Default: "Off" }
 
-
 Conditions:
   IsProduction: !Equals [!Ref EnvironmentType, Production]
   IsMaintenanceMode: !Equals [!Ref MaintenanceMode, "On"]