LD4P · gdelisle · Mar 17, 2022 · Mar 29, 2022 · Mar 30, 2022 · Apr 6, 2022
diff --git a/deploy-templates/aws-deploy.yaml b/deploy-templates/aws-deploy.yaml
@@ -54,6 +54,22 @@ Parameters:
     Description: EC2 instance type for the cluster. This is recommended to be a type with at least 2 CPUs and 8 GiB of RAM, but you can change it here if you need to.
     Type: String
     Default: m5.large
+  TagCostCenter:
+    Type: String
+    Default: L858313
+    Description: This tag and the ones that follow are provided as an example and may not be appropriate to your environment. Feel free to alter or remove them as necessary.
+  TagEnvironment:
+    Type: String
+    Default: Development
+  TagApplication:
+    Type: String
+    Default: LD4P
+  TagPanopta:
+    Type: String
+    Default: Dev
+  TagTechnicalContact:
+    Type: String
+    Default: gad22
 Mappings:
   AWSRegionToAMI:
     Description: This list of ECS-optimized AMIs will change over time and will need to be maintained. You can get the most recent AMI for your current region with the command `aws ssm get-parameters --names /aws/service/ecs/optimized-ami/amazon-linux-2/recommended`. If your region is known and does not change, the others can be ignored or removed safely.
@@ -147,6 +163,11 @@ Resources:
               AccessPointId: !Ref DatabaseAccessPointId
             RootDirectory: "/"
             TransitEncryption: ENABLED
+      Tags:
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
   CloudwatchLogGroup:
     Type: AWS::Logs::LogGroup
     Properties: 
@@ -156,6 +177,15 @@ Resources:
     Type: AWS::ECS::Cluster
     Properties: 
       ClusterName: !Join ["", [!Ref AWS::StackName, "-cluster"]]
+      Tags:
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
+        - Key: "Environment"
+          Value: !Ref TagEnvironment
+        - Key: "Technical Contact"
+          Value: !Ref TagTechnicalContact
   Service:
     Type: AWS::ECS::Service
     DependsOn: 
@@ -165,8 +195,8 @@ Resources:
       Cluster: !Join ["", [!Ref AWS::StackName, "-cluster"]]
       DeploymentConfiguration: 
         MaximumPercent: 200
-        MinimumHealthyPercent: 100
-      DesiredCount: 2
+        MinimumHealthyPercent: 0
+      DesiredCount: 1
       EnableECSManagedTags: true
       HealthCheckGracePeriodSeconds: 0
       LaunchType: "EC2"
@@ -202,6 +232,14 @@ Resources:
         - Key: Name
           Value:
             Ref: AWS::StackName
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
+        - Key: "Environment"
+          Value: !Ref TagEnvironment
+        - Key: "Technical Contact"
+          Value: !Ref TagTechnicalContact
       Type: application
   SecurityGroupLB:
     Type: AWS::EC2::SecurityGroup
@@ -327,6 +365,25 @@ Resources:
       MinSize: '1'
       MaxSize: '2'
       DesiredCapacity: '2'
+      Tags:
+        - Key: "Name"
+          Value: !Ref AWS::StackName
+          PropagateAtLaunch: true
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+          PropagateAtLaunch: true
+        - Key: "Application"
+          Value: !Ref TagApplication
+          PropagateAtLaunch: true
+        - Key: "Environment"
+          Value: !Ref TagEnvironment
+          PropagateAtLaunch: true
+        - Key: "Panopta"
+          Value: !Ref TagPanopta
+          PropagateAtLaunch: true
+        - Key: "Technical Contact"
+          Value: !Ref TagTechnicalContact
+          PropagateAtLaunch: true
     CreationPolicy:
       ResourceSignal:
         Timeout: PT15M
@@ -367,8 +424,9 @@ Resources:
               'ecr:BatchCheckLayerAvailability', 'ecr:GetDownloadUrlForLayer',
               'ecr:BatchGetImage', 'logs:CreateLogStream', 'logs:PutLogEvents']
             Resource: '*'
-#  If you would rather use the AWS managed policy than the above custom policy, use this:
-#      ManagedPolicyArns:
+      ManagedPolicyArns:
+        - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
+# The following managed policy is an alternative to the custom policy
 #        - 'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role'
   AutoscalingRole:
     Type: AWS::IAM::Role

diff --git a/deploy-templates/aws-resources.yaml b/deploy-templates/aws-resources.yaml
@@ -12,25 +12,35 @@ Parameters:
   AWSVpcId:
     Type: String
     Default: ''
-    Description: Your AWS VPC ID. It should look like vpc-4d4bec2b. Required for load balancer configuration and security group rules.
+    Description: Your AWS VPC ID. This template will not create a VPC for you, please enter the ID of a VPC that already exists. It should look like vpc-4d4bec2b. Required for load balancer configuration and security group rules.
   SubnetIds:
     Type: List<AWS::EC2::Subnet::Id>
-    Description: Select two subnets in your selected VPC. The values must be separated by commas.
+    Description: Select two subnets in your selected VPC. This template will not create subnets for you, please enter the IDs of two subnets that already exist. The values must be separated by commas, and the two subnets must be in different AZs.
   S3BucketName:
     Type: String
     Default: ''
-    Description: The name you wish your S3 bucket to have. This bucket name must be unique within the entire AWS region, so you will have to change the value provided here to one that is not already in use.
+    Description: The name you wish your S3 bucket to have. This template will create a new bucket with this name. The bucket name must be unique within the entire AWS region, so you will have to change the value provided here to one that is not already in use.
   EFSName:
     Type: String
-    Description: The name you wish your EFS filesystem to have. This name must be unique within your account.
+    Description: The name you wish your EFS filesystem to have. This template will create a new EFS filesystem with this name. This name must be unique within your account.
   EFSAuthoritiesAccessPoint:
     Type: String
     Default: ''
-    Description: The name you wish your EFS authorities access point to have. This will create an access point where your service's authorities files will live. After it is created, you will need to connect to this access point to upload at least one authority file.
+    Description: The name you wish your EFS authorities access point to have. This template will create an access point where your service's authorities files will live. After it is created, you will need to connect to this access point to upload at least one authority file.
   EFSDatabaseAccessPoint:
     Type: String
     Default: ''
-    Description: The name you wish your EFS database access point to have. This will create an access point that the database will use to store its datafiles.
+    Description: The name you wish your EFS database access point to have. This template will create an access point that the database will use to store its datafiles.
+  TagCostCenter:
+    Type: String
+    Default: L858313
+    Description: This tag and the ones that follow are provided as an example and may not be appropriate to your environment. Feel free to alter or remove them as necessary.
+  TagEnvironment:
+    Type: String
+    Default: Development
+  TagApplication:
+    Type: String
+    Default: LD4P
 Resources:
   Bucket:
     Type: AWS::S3::Bucket
@@ -41,12 +51,23 @@ Resources:
         BlockPublicPolicy: true
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
+      Tags:
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
   Filesystem:
     Type: AWS::EFS::FileSystem
     Properties: 
       FileSystemTags:
         - Key: "Name"
           Value: !Ref EFSName
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
+        - Key: "Environment"
+          Value: !Ref TagEnvironment
   EFSMountTarget1:
     Type: AWS::EFS::MountTarget
     Properties: 
@@ -85,6 +106,12 @@ Resources:
       AccessPointTags: 
         - Key: "Name"
           Value: !Ref EFSAuthoritiesAccessPoint
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
+        - Key: "Environment"
+          Value: !Ref TagEnvironment
       FileSystemId: !Ref Filesystem
       PosixUser:
         Gid: 0
@@ -97,6 +124,12 @@ Resources:
       AccessPointTags: 
         - Key: "Name"
           Value: !Ref EFSDatabaseAccessPoint
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
+        - Key: "Environment"
+          Value: !Ref TagEnvironment
       FileSystemId: !Ref Filesystem
       PosixUser:
         Gid: 0
@@ -149,6 +182,15 @@ Resources:
         OverwriteMode: 'ALWAYS'
         PreserveDeletedFiles: 'REMOVE'
         TransferMode: 'CHANGED'
+      Tags:
+        - Key: "Name"
+          Value: !Ref EFSName
+        - Key: "Cost Center"
+          Value: !Ref TagCostCenter
+        - Key: "Application"
+          Value: !Ref TagApplication
+        - Key: "Environment"
+          Value: !Ref TagEnvironment
 
 Outputs:
   S3BucketName: