Allow ECS to pull docker image from private repo

Use AWS::NoValue Remove {} Try at CredentialsParameter level Duplicate code :/ Remove volume
2025-12-06 17:33:41 +01:00 · 2020-07-28 18:42:37 -04:00
parent 808334b24c
commit a57c16a69e
2 changed files with 73 additions and 33 deletions
--- a/cloudformation/nakama/task.yaml
+++ b/cloudformation/nakama/task.yaml
@@ -38,9 +38,14 @@ Parameters:
    Type: Number
    Description: Port for the Postgres server
    Default: 5432
+  RepositoryCredentialsSecret:
+    Type: String
+    Description: Arn of repostiory secret from AWS Secrets Manager. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html for more information
+    Default: ""

 Conditions:
  CreateSecret: !Equals [!Ref NakamaPasswordOverride, ""]
+  NoRepositoryCredentials: !Equals [!Ref RepositoryCredentialsSecret, ""]

 Resources:

@@ -64,39 +69,66 @@ Resources:
    Type: AWS::ECS::TaskDefinition
    Properties:
      ContainerDefinitions:
-      - Name: nakama
-        Essential: 'true'
-        Image: !Ref NakamaContainer
-        MemoryReservation: 800
-        PortMappings:
-        - HostPort: 0
-          ContainerPort: 7348
-        - HostPort: 0
-          ContainerPort: 7349
-        - HostPort: 0
-          ContainerPort: 7350
-        - HostPort: 0
-          ContainerPort: 7351
-        LogConfiguration:
-          LogDriver: awslogs
-          Options:
-            awslogs-region:
-              Ref: AWS::Region
-            awslogs-group:
-              Ref: LogGroup
-        MountPoints:
-          - ContainerPath: /nakama/volume
-            SourceVolume: "nakama-volume"
-        EntryPoint: 
-            - "/bin/sh"
-            - "-ecx"
-            - !Join ["", [
-              !Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
-              !Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
-              !If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:",  !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
-              ]]                
-      Volumes:
-        - Name: "nakama-volume"
+      - !If
+        - NoRepositoryCredentials
+        - Name: nakama
+          Essential: 'true'
+          Image: !Ref NakamaContainer
+          MemoryReservation: 800
+          PortMappings:
+          - HostPort: 0
+            ContainerPort: 7348
+          - HostPort: 0
+            ContainerPort: 7349
+          - HostPort: 0
+            ContainerPort: 7350
+          - HostPort: 0
+            ContainerPort: 7351
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region:
+                Ref: AWS::Region
+              awslogs-group:
+                Ref: LogGroup
+          EntryPoint: 
+              - "/bin/sh"
+              - "-ecx"
+              - !Join ["", [
+                !Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
+                !Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
+                !If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:",  !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
+                ]]
+        - Name: nakama
+          Essential: 'true'
+          Image: !Ref NakamaContainer
+          RepositoryCredentials:
+            CredentialsParameter: !Ref RepositoryCredentialsSecret
+          MemoryReservation: 800
+          PortMappings:
+          - HostPort: 0
+            ContainerPort: 7348
+          - HostPort: 0
+            ContainerPort: 7349
+          - HostPort: 0
+            ContainerPort: 7350
+          - HostPort: 0
+            ContainerPort: 7351
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region:
+                Ref: AWS::Region
+              awslogs-group:
+                Ref: LogGroup
+          EntryPoint: 
+              - "/bin/sh"
+              - "-ecx"
+              - !Join ["", [
+                !Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
+                !Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
+                !If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:",  !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
+                ]]
 Outputs:
  TaskArn:
    Description: ARN of the TaskDefinition