feat(infra/cfn): provision Forgejo ECS cluster, service, and task

Define ECS cluster with exports, service wired to ALB target group and deployment circuit breaker, and task definition with IAM role, ARM64 runtime, EFS volumes, ports 3000/2222, logging, and MinIO/S3 env config.
2026-01-02 18:20:02 +09:00 · 2026-01-02 18:20:02 +09:00 · 1998d1cf03
commit 1998d1cf03
parent 8140c89e3a
3 changed files with 253 additions and 0 deletions
--- a/infra/cfn/forgejo-ecs-service.yaml
+++ b/infra/cfn/forgejo-ecs-service.yaml
@ -0,0 +1,86 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: ECS Service for Forgejo
+
+Parameters:
+
+  ServiceName:
+    Type: String
+    Default: forgejo-service
+    Description: Name of the ECS Service
+
+  TaskDefinitionFamily:
+    Type: String
+    Default: forgejo-task
+    Description: Task definition family name
+
+  DesiredCount:
+    Type: Number
+    Default: 1
+    Description: Number of desired tasks
+
+  SubnetId1:
+    Type: String
+    Default: subnet-064c8fcfd627077ef
+    Description: First subnet ID for the service
+
+  SubnetId2:
+    Type: String
+    Default: subnet-004fa7ef9de2dfb34
+    Description: Second subnet ID for the service
+
+  SecurityGroupId:
+    Type: String
+    Default: sg-022a8622e7387dc70
+    Description: Security group ID for the service
+
+Resources:
+
+  ECSService:
+    Type: AWS::ECS::Service
+    Properties:
+      ServiceName: !Ref ServiceName
+      Cluster: !ImportValue forgejo-ecs-cluster-ClusterName
+      TaskDefinition: !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${TaskDefinitionFamily}"
+      DesiredCount: !Ref DesiredCount
+      LaunchType: FARGATE
+      PlatformVersion: LATEST
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          Subnets:
+            - !Ref SubnetId1
+            - !Ref SubnetId2
+          SecurityGroups:
+            - !Ref SecurityGroupId
+          AssignPublicIp: ENABLED
+      LoadBalancers:
+        - TargetGroupArn: !ImportValue forgejo-network-TargetGroupArn
+          ContainerName: forgejo
+          ContainerPort: 3000
+      HealthCheckGracePeriodSeconds: 0
+      DeploymentConfiguration:
+        MaximumPercent: 100
+        MinimumHealthyPercent: 0
+        DeploymentCircuitBreaker:
+          Enable: true
+          Rollback: true
+      SchedulingStrategy: REPLICA
+      EnableECSManagedTags: true
+      PropagateTags: TASK_DEFINITION
+      EnableExecuteCommand: true
+      Tags:
+        - Key: Project
+          Value: Git-server
+
+Outputs:
+
+  ServiceArn:
+    Description: ARN of the ECS Service
+    Value: !Ref ECSService
+    Export:
+      Name: !Sub "${AWS::StackName}-ServiceArn"
+
+  ServiceName:
+    Description: Name of the ECS Service
+    Value: !GetAtt ECSService.Name
+    Export:
+      Name: !Sub "${AWS::StackName}-ServiceName"