From 9a4d6243ae009dc02949dd2cf415523dbf582678 Mon Sep 17 00:00:00 2001 From: Oliver Bowman Date: Thu, 13 May 2021 07:40:55 +0100 Subject: [PATCH 1/7] docs(lambda-nodejs): Example for esbuild missing comma in property (#13520) ---- Example under esbuild appears to be missing comma. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-lambda-nodejs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-lambda-nodejs/README.md b/packages/@aws-cdk/aws-lambda-nodejs/README.md index 7a1662dc26fb2..c52b0fe2570c9 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/README.md +++ b/packages/@aws-cdk/aws-lambda-nodejs/README.md @@ -142,7 +142,7 @@ new lambda.NodejsFunction(this, 'my-handler', { }, logLevel: LogLevel.SILENT, // defaults to LogLevel.WARNING keepNames: true, // defaults to false - tsconfig: 'custom-tsconfig.json' // use custom-tsconfig.json instead of default, + tsconfig: 'custom-tsconfig.json', // use custom-tsconfig.json instead of default, metafile: true, // include meta file, defaults to false banner : '/* comments */', // by default no comments are passed footer : '/* comments */', // by default no comments are passed From 282d242c513a9bc853e9b96ff782a7823abd5a5a Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Thu, 13 May 2021 00:37:33 -0700 Subject: [PATCH 2/7] chore(custom-resources): import the AWSLambda package explicitly (#14643) When linking the aws-cdk repository to a CDK app using the `link-all.sh` script, if the app uses `ts-node`, the Lambda code in the @aws-cdk/custom-resources package gets picked up by the TypeScript compiler. That code relied on the `aws-lambda` package being implicitly available, but that would cause `ts-node` to fail. Add an explicit import of it in the code - I checked the only difference in the generated JS code is the sourceMappingUrl, so it shouldn't make a difference at runtime, but allows `ts-node` to load that file successfully. Fixes #11627 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-msk/test/integ.cluster.expected.json | 18 +++++++++--------- .../lib/aws-custom-resource/runtime/index.ts | 8 +++++++- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json b/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json index 43769c1b25ac8..769c0533269cd 100644 --- a/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json +++ b/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json @@ -524,7 +524,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersb965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98S3Bucket4DD075F7" + "Ref": "AssetParametersf56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483S3Bucket9DEDD0AB" }, "S3Key": { "Fn::Join": [ @@ -537,7 +537,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98S3VersionKeyBD0E03B7" + "Ref": "AssetParametersf56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483S3VersionKeyA54743D3" } ] } @@ -550,7 +550,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98S3VersionKeyBD0E03B7" + "Ref": "AssetParametersf56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483S3VersionKeyA54743D3" } ] } @@ -576,17 +576,17 @@ } }, "Parameters": { - "AssetParametersb965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98S3Bucket4DD075F7": { + "AssetParametersf56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483S3Bucket9DEDD0AB": { "Type": "String", - "Description": "S3 bucket for asset \"b965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98\"" + "Description": "S3 bucket for asset \"f56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483\"" }, - "AssetParametersb965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98S3VersionKeyBD0E03B7": { + "AssetParametersf56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483S3VersionKeyA54743D3": { "Type": "String", - "Description": "S3 key for asset version \"b965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98\"" + "Description": "S3 key for asset version \"f56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483\"" }, - "AssetParametersb965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98ArtifactHash35A756EB": { + "AssetParametersf56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483ArtifactHash228F5AF4": { "Type": "String", - "Description": "Artifact hash for asset \"b965ea3084ec95e24846d4975623e62a02c21883c3ddea9366b2ae42d21cef98\"" + "Description": "Artifact hash for asset \"f56a9c742f3e99b26237d5d0912c69f9db8289c13656fdcb490fd017d801c483\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/custom-resources/lib/aws-custom-resource/runtime/index.ts b/packages/@aws-cdk/custom-resources/lib/aws-custom-resource/runtime/index.ts index 56d485e83d4fa..807dc7e78fec5 100644 --- a/packages/@aws-cdk/custom-resources/lib/aws-custom-resource/runtime/index.ts +++ b/packages/@aws-cdk/custom-resources/lib/aws-custom-resource/runtime/index.ts @@ -1,5 +1,11 @@ /* eslint-disable no-console */ import { execSync } from 'child_process'; +// import the AWSLambda package explicitly, +// which is globally available in the Lambda runtime, +// as otherwise linking this repository with link-all.sh +// fails in the CDK app executed with ts-node +/* eslint-disable-next-line import/no-extraneous-dependencies,import/no-unresolved */ +import * as AWSLambda from 'aws-lambda'; import { AwsSdkCall } from '../aws-custom-resource'; /** @@ -204,4 +210,4 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent function decodeCall(call: string | undefined) { if (!call) { return undefined; } return JSON.parse(call); -} \ No newline at end of file +} From 9d97b7db1fa4634c9d62778badb0f90ed9f6aef6 Mon Sep 17 00:00:00 2001 From: Mitchell Valine Date: Thu, 13 May 2021 02:01:08 -0700 Subject: [PATCH 3/7] chore: init templates use node jest environment (#14632) Remove usage of the `jsdom` test environment in init templates to speed up unit testing by default. Testing: ran cdk init --language=(typescript|javascript) against local build of CLI then ran yarn test to verify that the testing config was valid and jest correctly used the node environment. fix: #14630 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/init-templates/v1/app/javascript/jest.config.js | 3 +++ .../lib/init-templates/v1/app/typescript/jest.config.js | 1 + .../lib/init-templates/v1/lib/typescript/jest.config.js | 1 + .../lib/init-templates/v1/sample-app/javascript/jest.config.js | 3 +++ .../lib/init-templates/v1/sample-app/typescript/jest.config.js | 1 + .../lib/init-templates/v2/app/javascript/jest.config.js | 3 +++ .../lib/init-templates/v2/app/typescript/jest.config.js | 1 + .../lib/init-templates/v2/lib/typescript/jest.config.js | 1 + .../lib/init-templates/v2/sample-app/javascript/jest.config.js | 3 +++ .../lib/init-templates/v2/sample-app/typescript/jest.config.js | 1 + 10 files changed, 18 insertions(+) create mode 100644 packages/aws-cdk/lib/init-templates/v1/app/javascript/jest.config.js create mode 100644 packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/jest.config.js create mode 100644 packages/aws-cdk/lib/init-templates/v2/app/javascript/jest.config.js create mode 100644 packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/jest.config.js diff --git a/packages/aws-cdk/lib/init-templates/v1/app/javascript/jest.config.js b/packages/aws-cdk/lib/init-templates/v1/app/javascript/jest.config.js new file mode 100644 index 0000000000000..668e089fb02b3 --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/app/javascript/jest.config.js @@ -0,0 +1,3 @@ +module.exports = { + testEnvironment: "node" +} diff --git a/packages/aws-cdk/lib/init-templates/v1/app/typescript/jest.config.js b/packages/aws-cdk/lib/init-templates/v1/app/typescript/jest.config.js index 772f974903b79..08263b8954a42 100644 --- a/packages/aws-cdk/lib/init-templates/v1/app/typescript/jest.config.js +++ b/packages/aws-cdk/lib/init-templates/v1/app/typescript/jest.config.js @@ -1,4 +1,5 @@ module.exports = { + testEnvironment: 'node', roots: ['/test'], testMatch: ['**/*.test.ts'], transform: { diff --git a/packages/aws-cdk/lib/init-templates/v1/lib/typescript/jest.config.js b/packages/aws-cdk/lib/init-templates/v1/lib/typescript/jest.config.js index 772f974903b79..08263b8954a42 100644 --- a/packages/aws-cdk/lib/init-templates/v1/lib/typescript/jest.config.js +++ b/packages/aws-cdk/lib/init-templates/v1/lib/typescript/jest.config.js @@ -1,4 +1,5 @@ module.exports = { + testEnvironment: 'node', roots: ['/test'], testMatch: ['**/*.test.ts'], transform: { diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/jest.config.js b/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/jest.config.js new file mode 100644 index 0000000000000..95495de92eb8c --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/jest.config.js @@ -0,0 +1,3 @@ +module.exports = { + testEnvironment: 'node' +} diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/jest.config.js b/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/jest.config.js index 772f974903b79..08263b8954a42 100644 --- a/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/jest.config.js +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/jest.config.js @@ -1,4 +1,5 @@ module.exports = { + testEnvironment: 'node', roots: ['/test'], testMatch: ['**/*.test.ts'], transform: { diff --git a/packages/aws-cdk/lib/init-templates/v2/app/javascript/jest.config.js b/packages/aws-cdk/lib/init-templates/v2/app/javascript/jest.config.js new file mode 100644 index 0000000000000..95495de92eb8c --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/app/javascript/jest.config.js @@ -0,0 +1,3 @@ +module.exports = { + testEnvironment: 'node' +} diff --git a/packages/aws-cdk/lib/init-templates/v2/app/typescript/jest.config.js b/packages/aws-cdk/lib/init-templates/v2/app/typescript/jest.config.js index 772f974903b79..08263b8954a42 100644 --- a/packages/aws-cdk/lib/init-templates/v2/app/typescript/jest.config.js +++ b/packages/aws-cdk/lib/init-templates/v2/app/typescript/jest.config.js @@ -1,4 +1,5 @@ module.exports = { + testEnvironment: 'node', roots: ['/test'], testMatch: ['**/*.test.ts'], transform: { diff --git a/packages/aws-cdk/lib/init-templates/v2/lib/typescript/jest.config.js b/packages/aws-cdk/lib/init-templates/v2/lib/typescript/jest.config.js index 772f974903b79..08263b8954a42 100644 --- a/packages/aws-cdk/lib/init-templates/v2/lib/typescript/jest.config.js +++ b/packages/aws-cdk/lib/init-templates/v2/lib/typescript/jest.config.js @@ -1,4 +1,5 @@ module.exports = { + testEnvironment: 'node', roots: ['/test'], testMatch: ['**/*.test.ts'], transform: { diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/jest.config.js b/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/jest.config.js new file mode 100644 index 0000000000000..95495de92eb8c --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/jest.config.js @@ -0,0 +1,3 @@ +module.exports = { + testEnvironment: 'node' +} diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/jest.config.js b/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/jest.config.js index 772f974903b79..08263b8954a42 100644 --- a/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/jest.config.js +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/jest.config.js @@ -1,4 +1,5 @@ module.exports = { + testEnvironment: 'node', roots: ['/test'], testMatch: ['**/*.test.ts'], transform: { From 3063818aa7c3c3ff56cf55254b0f6561db190a3e Mon Sep 17 00:00:00 2001 From: Madeline Kusters <80541297+madeline-k@users.noreply.github.com> Date: Thu, 13 May 2021 02:29:45 -0700 Subject: [PATCH 4/7] fix(events-targets): circular dependency when adding a KMS-encrypted SQS queue (#14638) fixes #11158 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-events-targets/lib/sqs.ts | 15 +++-- .../@aws-cdk/aws-events-targets/package.json | 2 + .../integ.sqs-event-rule-target.expected.json | 66 ++++++++++++++++--- .../test/sqs/integ.sqs-event-rule-target.ts | 9 ++- 4 files changed, 74 insertions(+), 18 deletions(-) diff --git a/packages/@aws-cdk/aws-events-targets/lib/sqs.ts b/packages/@aws-cdk/aws-events-targets/lib/sqs.ts index 8d711b4b9f5be..501414ecee348 100644 --- a/packages/@aws-cdk/aws-events-targets/lib/sqs.ts +++ b/packages/@aws-cdk/aws-events-targets/lib/sqs.ts @@ -52,14 +52,15 @@ export class SqsQueue implements events.IRuleTarget { * @see https://docs.aws.amazon.com/eventbridge/latest/userguide/resource-based-policies-eventbridge.html#sqs-permissions */ public bind(rule: events.IRule, _id?: string): events.RuleTargetConfig { + // Only add the rule as a condition if the queue is not encrypted, to avoid circular dependency. See issue #11158. + const principalOpts = this.queue.encryptionMasterKey ? {} : { + conditions: { + ArnEquals: { 'aws:SourceArn': rule.ruleArn }, + }, + }; + // deduplicated automatically - this.queue.grantSendMessages(new iam.ServicePrincipal('events.amazonaws.com', - { - conditions: { - ArnEquals: { 'aws:SourceArn': rule.ruleArn }, - }, - }), - ); + this.queue.grantSendMessages(new iam.ServicePrincipal('events.amazonaws.com', principalOpts)); return { arn: this.queue.queueArn, diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index e36df0baf5c71..f262d5897aa5a 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -93,6 +93,7 @@ "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-kinesis": "0.0.0", "@aws-cdk/aws-kinesisfirehose": "0.0.0", + "@aws-cdk/aws-kms": "0.0.0", "@aws-cdk/aws-lambda": "0.0.0", "@aws-cdk/aws-logs": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", @@ -114,6 +115,7 @@ "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-kinesis": "0.0.0", "@aws-cdk/aws-kinesisfirehose": "0.0.0", + "@aws-cdk/aws-kms": "0.0.0", "@aws-cdk/aws-lambda": "0.0.0", "@aws-cdk/aws-logs": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json index eebbc3a996344..eb2a7dd26ef5f 100644 --- a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json @@ -1,5 +1,53 @@ { "Resources": { + "MyKey6AB29FA6": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*" + ], + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, "MyRuleA44AB831": { "Type": "AWS::Events::Rule", "Properties": { @@ -20,6 +68,14 @@ }, "MyQueueE6CA6235": { "Type": "AWS::SQS::Queue", + "Properties": { + "KmsMasterKeyId": { + "Fn::GetAtt": [ + "MyKey6AB29FA6", + "Arn" + ] + } + }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, @@ -34,16 +90,6 @@ "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], - "Condition": { - "ArnEquals": { - "aws:SourceArn": { - "Fn::GetAtt": [ - "MyRuleA44AB831", - "Arn" - ] - } - } - }, "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" diff --git a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.ts b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.ts index b58641f727d03..b2b8fb334bff6 100644 --- a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.ts +++ b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.ts @@ -1,4 +1,5 @@ import * as events from '@aws-cdk/aws-events'; +import * as kms from '@aws-cdk/aws-kms'; import * as sqs from '@aws-cdk/aws-sqs'; import * as cdk from '@aws-cdk/core'; import * as targets from '../../lib'; @@ -12,11 +13,17 @@ const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-sqs-event-target'); +const key = new kms.Key(stack, 'MyKey'); + const event = new events.Rule(stack, 'MyRule', { schedule: events.Schedule.rate(cdk.Duration.minutes(1)), }); -const queue = new sqs.Queue(stack, 'MyQueue'); +const queue = new sqs.Queue(stack, 'MyQueue', { + encryption: sqs.QueueEncryption.KMS, + encryptionMasterKey: key, +}); + event.addTarget(new targets.SqsQueue(queue)); app.synth(); From b240f6ece74d129e5f43b210e8ad12f95c4a2971 Mon Sep 17 00:00:00 2001 From: Nick Lynch Date: Thu, 13 May 2021 14:21:05 +0100 Subject: [PATCH 5/7] feat(cloudwatch): GraphWidget supports period and statistic (#14679) Dashboard metric widgets support overridding/setting both period and stat on the widget as a whole. This is often useful in combination with `MathExpression` metrics. Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structure.html#CloudWatch-Dashboard-Properties-Metric-Widget-Object ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-cloudwatch/lib/graph.ts | 20 +++++++++++- .../aws-cloudwatch/test/test.graphs.ts | 31 ++++++++++++++++++- 2 files changed, 49 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts b/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts index bc6407a52f8e6..709baba719109 100644 --- a/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts +++ b/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts @@ -206,7 +206,6 @@ export interface GraphWidgetProps extends MetricWidgetProps { */ readonly liveData?: boolean; - /** * Display this metric * @@ -223,6 +222,23 @@ export interface GraphWidgetProps extends MetricWidgetProps { * @default false */ readonly setPeriodToTimeRange?: boolean; + + /** + * The default period for all metrics in this widget. + * The period is the length of time represented by one data point on the graph. + * This default can be overridden within each metric definition. + * + * @default cdk.Duration.seconds(300) + */ + readonly period?: cdk.Duration; + + /** + * The default statistic to be displayed for each metric. + * This default can be overridden within the definition of each individual metric + * + * @default - The statistic for each metric is used + */ + readonly statistic?: string; } /** @@ -287,6 +303,8 @@ export class GraphWidget extends ConcreteWidget { legend: this.props.legendPosition !== undefined ? { position: this.props.legendPosition } : undefined, liveData: this.props.liveData, setPeriodToTimeRange: this.props.setPeriodToTimeRange, + period: this.props.period?.toSeconds(), + stat: this.props.statistic, }, }]; } diff --git a/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts b/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts index e6420bbec1955..e5cc11781393d 100644 --- a/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts +++ b/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts @@ -1,4 +1,4 @@ -import { Stack } from '@aws-cdk/core'; +import { Duration, Stack } from '@aws-cdk/core'; import { Test } from 'nodeunit'; import { Alarm, AlarmWidget, Color, GraphWidget, GraphWidgetView, LegendPosition, LogQueryWidget, Metric, Shading, SingleValueWidget, LogQueryVisualizationType } from '../lib'; @@ -688,4 +688,33 @@ export = { test.done(); }, + + 'GraphWidget supports stat and period'(test: Test) { + // GIVEN + const stack = new Stack(); + const widget = new GraphWidget({ + left: [new Metric({ namespace: 'CDK', metricName: 'Test' })], + statistic: 'Average', + period: Duration.days(2), + }); + + // THEN + test.deepEqual(stack.resolve(widget.toJson()), [{ + type: 'metric', + width: 6, + height: 6, + properties: { + view: 'timeSeries', + region: { Ref: 'AWS::Region' }, + metrics: [ + ['CDK', 'Test'], + ], + yAxis: {}, + stat: 'Average', + period: 172800, + }, + }]); + + test.done(); + }, }; From 82966237556bee9d2bc608a19e7e7558aa2a58b3 Mon Sep 17 00:00:00 2001 From: Hsing-Hui Hsu Date: Thu, 13 May 2021 08:22:23 -0700 Subject: [PATCH 6/7] test(ecs-patterns): update l3 fargate integ tests (#14668) This adds integ tests for NLB fargate services -- previously, there were duplicate ALB fargate services being spun up. Also gives integ test stacks unique names. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...g.alb-fargate-service-https.expected.json} | 49 +- ....ts => integ.alb-fargate-service-https.ts} | 2 +- .../fargate/integ.l3-autocreate.expected.json | 252 ++--- .../test/fargate/integ.l3-autocreate.ts | 10 +- .../fargate/integ.l3-vpconly.expected.json | 959 ++---------------- .../test/fargate/integ.l3-vpconly.ts | 22 +- .../test/fargate/integ.l3.expected.json | 353 ++++++- .../aws-ecs-patterns/test/fargate/integ.l3.ts | 17 +- 8 files changed, 531 insertions(+), 1133 deletions(-) rename packages/@aws-cdk/aws-ecs-patterns/test/fargate/{integ.load-balanced-fargate-service.expected.json => integ.alb-fargate-service-https.expected.json} (92%) rename packages/@aws-cdk/aws-ecs-patterns/test/fargate/{integ.load-balanced-fargate-service.ts => integ.alb-fargate-service-https.ts} (94%) diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.load-balanced-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.expected.json similarity index 92% rename from packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.load-balanced-fargate-service.expected.json rename to packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.expected.json index 1d670f79f58a6..5a67a969707c8 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.load-balanced-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.expected.json @@ -10,7 +10,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc" + "Value": "aws-ecs-integ-alb-fg-https/Vpc" } ] } @@ -35,7 +35,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet1" } ] } @@ -49,7 +49,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet1" } ] } @@ -87,7 +87,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet1" } ] } @@ -107,7 +107,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet1" } ] } @@ -132,7 +132,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet2" } ] } @@ -146,7 +146,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet2" } ] } @@ -184,7 +184,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet2" } ] } @@ -204,7 +204,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PublicSubnet2" } ] } @@ -229,7 +229,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PrivateSubnet1" } ] } @@ -243,7 +243,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PrivateSubnet1" } ] } @@ -291,7 +291,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PrivateSubnet2" } ] } @@ -305,7 +305,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-alb-fg-https/Vpc/PrivateSubnet2" } ] } @@ -339,7 +339,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc" + "Value": "aws-ecs-integ-alb-fg-https/Vpc" } ] } @@ -394,7 +394,7 @@ "myServiceLBSecurityGroupFE0ED608": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "Automatically created Security Group for ELB awsecsintegmyServiceLB1F7A535D", + "GroupDescription": "Automatically created Security Group for ELB awsecsintegalbfghttpsmyServiceLB8BEE3C49", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", @@ -416,7 +416,7 @@ } } }, - "myServiceLBSecurityGrouptoawsecsintegmyServiceSecurityGroup8DAB521180B6703B07": { + "myServiceLBSecurityGrouptoawsecsintegalbfghttpsmyServiceSecurityGroup49C558AD803FB613FF": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { @@ -451,15 +451,15 @@ "LoadBalancerArn": { "Ref": "myServiceLB168895E1" }, - "Port": 443, - "Protocol": "HTTPS", "Certificates": [ { "CertificateArn": { "Ref": "myServiceCertificate152F9DDA" } } - ] + ], + "Port": 443, + "Protocol": "HTTPS" } }, "myServiceLBPublicListenerECSGroup17E9BBC1": { @@ -513,8 +513,7 @@ "Type": "A", "AliasTarget": { "DNSName": { - "Fn::Join": - [ + "Fn::Join": [ "", [ "dualstack.", @@ -589,7 +588,7 @@ "Arn" ] }, - "Family": "awsecsintegmyServiceTaskDefA3A33D18", + "Family": "awsecsintegalbfghttpsmyServiceTaskDefD8ABFBF2", "Memory": "512", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ @@ -709,7 +708,7 @@ "myServiceSecurityGroupC3B9D4E0": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "aws-ecs-integ/myService/Service/SecurityGroup", + "GroupDescription": "aws-ecs-integ-alb-fg-https/myService/Service/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -722,7 +721,7 @@ } } }, - "myServiceSecurityGroupfromawsecsintegmyServiceLBSecurityGroupFA544FE5800A81885C": { + "myServiceSecurityGroupfromawsecsintegalbfghttpsmyServiceLBSecurityGroupA934AF89808E9FB7A3": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "tcp", @@ -767,4 +766,4 @@ } } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.load-balanced-fargate-service.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts similarity index 94% rename from packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.load-balanced-fargate-service.ts rename to packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts index b78ff8da2304f..fe6940d272cc9 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.load-balanced-fargate-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts @@ -7,7 +7,7 @@ import { App, Stack } from '@aws-cdk/core'; import { ApplicationLoadBalancedFargateService } from '../../lib'; const app = new App(); -const stack = new Stack(app, 'aws-ecs-integ'); +const stack = new Stack(app, 'aws-ecs-integ-alb-fg-https'); const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2 }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.expected.json index 5813cd78e41f3..778523d6bc6df 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.expected.json @@ -1,6 +1,6 @@ { "Resources": { - "L3LB212FC0E0": { + "ALBFargateServiceLB64A0074E": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "LoadBalancerAttributes": [ @@ -13,7 +13,7 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] } @@ -33,10 +33,10 @@ "EcsDefaultClusterMnL3mNNYNVpcPublicSubnet2DefaultRouteB1375520" ] }, - "L3LBSecurityGroupEDE61198": { + "ALBFargateServiceLBSecurityGroup5DC3060E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "Automatically created Security Group for ELB awsecsintegL3LB6453BA0A", + "GroupDescription": "Automatically created Security Group for ELB awsecsintegl3autocreateALBFargateServiceLB31EA4AB6", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", @@ -51,12 +51,12 @@ } } }, - "L3LBSecurityGrouptoawsecsintegL3ServiceSecurityGroup7B96C87F8094933E0A": { + "ALBFargateServiceLBSecurityGrouptoawsecsintegl3autocreateALBFargateServiceSecurityGroup6F9400B580770A6C60": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] }, @@ -64,7 +64,7 @@ "Description": "Load balancer to target", "DestinationSecurityGroupId": { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] }, @@ -72,25 +72,25 @@ "ToPort": 80 } }, - "L3LBPublicListener156FFC0F": { + "ALBFargateServiceLBPublicListener3489002A": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [ { "TargetGroupArn": { - "Ref": "L3LBPublicListenerECSGroup648EEA11" + "Ref": "ALBFargateServiceLBPublicListenerECSGroup6871FB8C" }, "Type": "forward" } ], "LoadBalancerArn": { - "Ref": "L3LB212FC0E0" + "Ref": "ALBFargateServiceLB64A0074E" }, "Port": 80, "Protocol": "HTTP" } }, - "L3LBPublicListenerECSGroup648EEA11": { + "ALBFargateServiceLBPublicListenerECSGroup6871FB8C": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties": { "Port": 80, @@ -101,7 +101,7 @@ } } }, - "L3TaskDefTaskRole21C75D10": { + "ALBFargateServiceTaskDefTaskRole11408723": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -118,7 +118,7 @@ } } }, - "L3TaskDef48D8ACB8": { + "ALBFargateServiceTaskDefF69F17D6": { "Type": "AWS::ECS::TaskDefinition", "Properties": { "ContainerDefinitions": [ @@ -129,9 +129,9 @@ "LogDriver": "awslogs", "Options": { "awslogs-group": { - "Ref": "L3TaskDefwebLogGroupC6E4A38A" + "Ref": "ALBFargateServiceTaskDefwebLogGroup7073A41D" }, - "awslogs-stream-prefix": "L3", + "awslogs-stream-prefix": "ALBFargateService", "awslogs-region": { "Ref": "AWS::Region" } @@ -149,11 +149,11 @@ "Cpu": "512", "ExecutionRoleArn": { "Fn::GetAtt": [ - "L3TaskDefExecutionRole49AF0996", + "ALBFargateServiceTaskDefExecutionRole9E885E7B", "Arn" ] }, - "Family": "awsecsintegL3TaskDefAA25240E", + "Family": "awsecsintegl3autocreateALBFargateServiceTaskDefDA905826", "Memory": "1024", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ @@ -161,18 +161,18 @@ ], "TaskRoleArn": { "Fn::GetAtt": [ - "L3TaskDefTaskRole21C75D10", + "ALBFargateServiceTaskDefTaskRole11408723", "Arn" ] } } }, - "L3TaskDefwebLogGroupC6E4A38A": { + "ALBFargateServiceTaskDefwebLogGroup7073A41D": { "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "L3TaskDefExecutionRole49AF0996": { + "ALBFargateServiceTaskDefExecutionRole9E885E7B": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -189,7 +189,7 @@ } } }, - "L3TaskDefExecutionRoleDefaultPolicy4656E642": { + "ALBFargateServiceTaskDefExecutionRoleDefaultPolicy574B9EAD": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -202,7 +202,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "L3TaskDefwebLogGroupC6E4A38A", + "ALBFargateServiceTaskDefwebLogGroup7073A41D", "Arn" ] } @@ -210,15 +210,15 @@ ], "Version": "2012-10-17" }, - "PolicyName": "L3TaskDefExecutionRoleDefaultPolicy4656E642", + "PolicyName": "ALBFargateServiceTaskDefExecutionRoleDefaultPolicy574B9EAD", "Roles": [ { - "Ref": "L3TaskDefExecutionRole49AF0996" + "Ref": "ALBFargateServiceTaskDefExecutionRole9E885E7B" } ] } }, - "L3Service616D5A93": { + "ALBFargateService90FDCE10": { "Type": "AWS::ECS::Service", "Properties": { "Cluster": { @@ -236,7 +236,7 @@ "ContainerName": "web", "ContainerPort": 80, "TargetGroupArn": { - "Ref": "L3LBPublicListenerECSGroup648EEA11" + "Ref": "ALBFargateServiceLBPublicListenerECSGroup6871FB8C" } } ], @@ -246,7 +246,7 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] } @@ -262,18 +262,18 @@ } }, "TaskDefinition": { - "Ref": "L3TaskDef48D8ACB8" + "Ref": "ALBFargateServiceTaskDefF69F17D6" } }, "DependsOn": [ - "L3LBPublicListenerECSGroup648EEA11", - "L3LBPublicListener156FFC0F" + "ALBFargateServiceLBPublicListenerECSGroup6871FB8C", + "ALBFargateServiceLBPublicListener3489002A" ] }, - "L3ServiceSecurityGroup677B0897": { + "ALBFargateServiceSecurityGroup82F7A67E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "aws-ecs-integ/L3/Service/SecurityGroup", + "GroupDescription": "aws-ecs-integ-l3-autocreate/ALBFargateService/Service/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -286,7 +286,7 @@ } } }, - "L3ServiceSecurityGroupfromawsecsintegL3LBSecurityGroupA70DA46C80DBDFBCD6": { + "ALBFargateServiceSecurityGroupfromawsecsintegl3autocreateALBFargateServiceLBSecurityGroupD565E0BF802E7B8344": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "tcp", @@ -294,13 +294,13 @@ "FromPort": 80, "GroupId": { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] }, "SourceSecurityGroupId": { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] }, @@ -320,7 +320,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc" } ] } @@ -345,7 +345,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" } ] } @@ -359,7 +359,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" } ] } @@ -397,7 +397,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" } ] } @@ -417,7 +417,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet1" } ] } @@ -442,7 +442,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" } ] } @@ -456,7 +456,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" } ] } @@ -494,7 +494,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" } ] } @@ -514,7 +514,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PublicSubnet2" } ] } @@ -539,7 +539,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet1" } ] } @@ -553,7 +553,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet1" } ] } @@ -601,7 +601,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet2" } ] } @@ -615,7 +615,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc/PrivateSubnet2" } ] } @@ -649,7 +649,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/EcsDefaultClusterMnL3mNNYN/Vpc" + "Value": "aws-ecs-integ-l3-autocreate/EcsDefaultClusterMnL3mNNYN/Vpc" } ] } @@ -665,7 +665,7 @@ } } }, - "L3bLBB8FADA4E": { + "NLBFargateServiceLB659EC17C": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "LoadBalancerAttributes": [ @@ -675,14 +675,6 @@ } ], "Scheme": "internet-facing", - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "L3bLBSecurityGroup7A2B0AA0", - "GroupId" - ] - } - ], "Subnets": [ { "Ref": "EcsDefaultClusterMnL3mNNYNVpcPublicSubnet1Subnet3C273B99" @@ -691,82 +683,43 @@ "Ref": "EcsDefaultClusterMnL3mNNYNVpcPublicSubnet2Subnet95FF715A" } ], - "Type": "application" + "Type": "network" }, "DependsOn": [ "EcsDefaultClusterMnL3mNNYNVpcPublicSubnet1DefaultRouteFF4E2178", "EcsDefaultClusterMnL3mNNYNVpcPublicSubnet2DefaultRouteB1375520" ] }, - "L3bLBSecurityGroup7A2B0AA0": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Automatically created Security Group for ELB awsecsintegL3bLB9C1497A7", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow from anyone on port 80", - "FromPort": 80, - "IpProtocol": "tcp", - "ToPort": 80 - } - ], - "VpcId": { - "Ref": "EcsDefaultClusterMnL3mNNYNVpc7788A521" - } - } - }, - "L3bLBSecurityGrouptoawsecsintegL3bServiceSecurityGroupC2BD1A598019C4C37D": { - "Type": "AWS::EC2::SecurityGroupEgress", - "Properties": { - "GroupId": { - "Fn::GetAtt": [ - "L3bLBSecurityGroup7A2B0AA0", - "GroupId" - ] - }, - "IpProtocol": "tcp", - "Description": "Load balancer to target", - "DestinationSecurityGroupId": { - "Fn::GetAtt": [ - "L3bServiceSecurityGroupA8DA736E", - "GroupId" - ] - }, - "FromPort": 80, - "ToPort": 80 - } - }, - "L3bLBPublicListenerA825925B": { + "NLBFargateServiceLBPublicListenerB0DCA73C": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [ { "TargetGroupArn": { - "Ref": "L3bLBPublicListenerECSGroup0070C5CA" + "Ref": "NLBFargateServiceLBPublicListenerECSGroupC469CAA2" }, "Type": "forward" } ], "LoadBalancerArn": { - "Ref": "L3bLBB8FADA4E" + "Ref": "NLBFargateServiceLB659EC17C" }, "Port": 80, - "Protocol": "HTTP" + "Protocol": "TCP" } }, - "L3bLBPublicListenerECSGroup0070C5CA": { + "NLBFargateServiceLBPublicListenerECSGroupC469CAA2": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties": { "Port": 80, - "Protocol": "HTTP", + "Protocol": "TCP", "TargetType": "ip", "VpcId": { "Ref": "EcsDefaultClusterMnL3mNNYNVpc7788A521" } } }, - "L3bTaskDefTaskRoleADAB80C8": { + "NLBFargateServiceTaskDefTaskRole6C88F40B": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -783,7 +736,7 @@ } } }, - "L3bTaskDef5506864D": { + "NLBFargateServiceTaskDefB836FA89": { "Type": "AWS::ECS::TaskDefinition", "Properties": { "ContainerDefinitions": [ @@ -794,9 +747,9 @@ "LogDriver": "awslogs", "Options": { "awslogs-group": { - "Ref": "L3bTaskDefwebLogGroup8E5F1183" + "Ref": "NLBFargateServiceTaskDefwebLogGroupC4A42FE2" }, - "awslogs-stream-prefix": "L3b", + "awslogs-stream-prefix": "NLBFargateService", "awslogs-region": { "Ref": "AWS::Region" } @@ -814,11 +767,11 @@ "Cpu": "512", "ExecutionRoleArn": { "Fn::GetAtt": [ - "L3bTaskDefExecutionRole9A3E2688", + "NLBFargateServiceTaskDefExecutionRoleF6D642D5", "Arn" ] }, - "Family": "awsecsintegL3bTaskDef24D7E4F1", + "Family": "awsecsintegl3autocreateNLBFargateServiceTaskDef7AC6C114", "Memory": "1024", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ @@ -826,18 +779,18 @@ ], "TaskRoleArn": { "Fn::GetAtt": [ - "L3bTaskDefTaskRoleADAB80C8", + "NLBFargateServiceTaskDefTaskRole6C88F40B", "Arn" ] } } }, - "L3bTaskDefwebLogGroup8E5F1183": { + "NLBFargateServiceTaskDefwebLogGroupC4A42FE2": { "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "L3bTaskDefExecutionRole9A3E2688": { + "NLBFargateServiceTaskDefExecutionRoleF6D642D5": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -854,7 +807,7 @@ } } }, - "L3bTaskDefExecutionRoleDefaultPolicy0CEA0ED2": { + "NLBFargateServiceTaskDefExecutionRoleDefaultPolicy90080805": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -867,7 +820,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "L3bTaskDefwebLogGroup8E5F1183", + "NLBFargateServiceTaskDefwebLogGroupC4A42FE2", "Arn" ] } @@ -875,15 +828,15 @@ ], "Version": "2012-10-17" }, - "PolicyName": "L3bTaskDefExecutionRoleDefaultPolicy0CEA0ED2", + "PolicyName": "NLBFargateServiceTaskDefExecutionRoleDefaultPolicy90080805", "Roles": [ { - "Ref": "L3bTaskDefExecutionRole9A3E2688" + "Ref": "NLBFargateServiceTaskDefExecutionRoleF6D642D5" } ] } }, - "L3bServiceF9D33D5A": { + "NLBFargateServiceB92AC095": { "Type": "AWS::ECS::Service", "Properties": { "Cluster": { @@ -901,7 +854,7 @@ "ContainerName": "web", "ContainerPort": 80, "TargetGroupArn": { - "Ref": "L3bLBPublicListenerECSGroup0070C5CA" + "Ref": "NLBFargateServiceLBPublicListenerECSGroupC469CAA2" } } ], @@ -911,7 +864,7 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3bServiceSecurityGroupA8DA736E", + "NLBFargateServiceSecurityGroup9D81388B", "GroupId" ] } @@ -927,18 +880,18 @@ } }, "TaskDefinition": { - "Ref": "L3bTaskDef5506864D" + "Ref": "NLBFargateServiceTaskDefB836FA89" } }, "DependsOn": [ - "L3bLBPublicListenerECSGroup0070C5CA", - "L3bLBPublicListenerA825925B" + "NLBFargateServiceLBPublicListenerECSGroupC469CAA2", + "NLBFargateServiceLBPublicListenerB0DCA73C" ] }, - "L3bServiceSecurityGroupA8DA736E": { + "NLBFargateServiceSecurityGroup9D81388B": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "aws-ecs-integ/L3b/Service/SecurityGroup", + "GroupDescription": "aws-ecs-integ-l3-autocreate/NLBFargateService/Service/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -950,39 +903,18 @@ "Ref": "EcsDefaultClusterMnL3mNNYNVpc7788A521" } } - }, - "L3bServiceSecurityGroupfromawsecsintegL3bLBSecurityGroupA7B79A628034042CE5": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "Load balancer to target", - "FromPort": 80, - "GroupId": { - "Fn::GetAtt": [ - "L3bServiceSecurityGroupA8DA736E", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "L3bLBSecurityGroup7A2B0AA0", - "GroupId" - ] - }, - "ToPort": 80 - } } }, "Outputs": { - "L3LoadBalancerDNSC6CB4A70": { + "ALBFargateServiceLoadBalancerDNSAFB2EDDB": { "Value": { "Fn::GetAtt": [ - "L3LB212FC0E0", + "ALBFargateServiceLB64A0074E", "DNSName" ] } }, - "L3ServiceURL0F065F2D": { + "ALBFargateServiceServiceURL4A19CF25": { "Value": { "Fn::Join": [ "", @@ -990,7 +922,7 @@ "http://", { "Fn::GetAtt": [ - "L3LB212FC0E0", + "ALBFargateServiceLB64A0074E", "DNSName" ] } @@ -998,29 +930,13 @@ ] } }, - "L3bLoadBalancerDNSED096132": { + "NLBFargateServiceLoadBalancerDNSC2B2922F": { "Value": { "Fn::GetAtt": [ - "L3bLBB8FADA4E", + "NLBFargateServiceLB659EC17C", "DNSName" ] } - }, - "L3bServiceURL0EDED888": { - "Value": { - "Fn::Join": [ - "", - [ - "http://", - { - "Fn::GetAtt": [ - "L3bLBB8FADA4E", - "DNSName" - ] - } - ] - ] - } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts index aae9efc969bac..3644cbbe8ec9f 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts @@ -3,9 +3,12 @@ import * as cdk from '@aws-cdk/core'; import * as ecsPatterns from '../../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-integ'); +const stack = new cdk.Stack(app, 'aws-ecs-integ-l3-autocreate'); -new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3', { +// No VPC or Cluster specified + +// Create ALB service +new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'ALBFargateService', { memoryLimitMiB: 1024, cpu: 512, taskImageOptions: { @@ -13,7 +16,8 @@ new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3', { }, }); -new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3b', { +// Create NLB service +new ecsPatterns.NetworkLoadBalancedFargateService(stack, 'NLBFargateService', { memoryLimitMiB: 1024, cpu: 512, taskImageOptions: { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.expected.json index 5556df70a59b7..f221c99ccf4fc 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.expected.json @@ -10,7 +10,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc" + "Value": "aws-ecs-integ-l3-vpconly/Vpc" } ] } @@ -35,7 +35,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet1" } ] } @@ -49,7 +49,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet1" } ] } @@ -87,7 +87,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet1" } ] } @@ -107,7 +107,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet1" } ] } @@ -132,7 +132,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet2" } ] } @@ -146,7 +146,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet2" } ] } @@ -184,7 +184,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet2" } ] } @@ -204,7 +204,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PublicSubnet2" } ] } @@ -229,7 +229,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PrivateSubnet1" } ] } @@ -243,7 +243,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PrivateSubnet1" } ] } @@ -291,7 +291,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PrivateSubnet2" } ] } @@ -305,7 +305,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-l3-vpconly/Vpc/PrivateSubnet2" } ] } @@ -339,7 +339,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc" + "Value": "aws-ecs-integ-l3-vpconly/Vpc" } ] } @@ -355,7 +355,7 @@ } } }, - "L3LB212FC0E0": { + "ALBFargateServiceLB64A0074E": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "LoadBalancerAttributes": [ @@ -368,7 +368,7 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] } @@ -388,10 +388,10 @@ "VpcPublicSubnet2DefaultRoute97F91067" ] }, - "L3LBSecurityGroupEDE61198": { + "ALBFargateServiceLBSecurityGroup5DC3060E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "Automatically created Security Group for ELB awsecsintegL3LB6453BA0A", + "GroupDescription": "Automatically created Security Group for ELB awsecsintegl3vpconlyALBFargateServiceLBE08492C1", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", @@ -406,12 +406,12 @@ } } }, - "L3LBSecurityGrouptoawsecsintegL3ServiceSecurityGroup7B96C87F8094933E0A": { + "ALBFargateServiceLBSecurityGrouptoawsecsintegl3vpconlyALBFargateServiceSecurityGroup3700A42180D1AB9DBC": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] }, @@ -419,7 +419,7 @@ "Description": "Load balancer to target", "DestinationSecurityGroupId": { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] }, @@ -427,25 +427,25 @@ "ToPort": 80 } }, - "L3LBPublicListener156FFC0F": { + "ALBFargateServiceLBPublicListener3489002A": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [ { "TargetGroupArn": { - "Ref": "L3LBPublicListenerECSGroup648EEA11" + "Ref": "ALBFargateServiceLBPublicListenerECSGroup6871FB8C" }, "Type": "forward" } ], "LoadBalancerArn": { - "Ref": "L3LB212FC0E0" + "Ref": "ALBFargateServiceLB64A0074E" }, "Port": 80, "Protocol": "HTTP" } }, - "L3LBPublicListenerECSGroup648EEA11": { + "ALBFargateServiceLBPublicListenerECSGroup6871FB8C": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties": { "Port": 80, @@ -456,7 +456,7 @@ } } }, - "L3TaskDefTaskRole21C75D10": { + "ALBFargateServiceTaskDefTaskRole11408723": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -473,7 +473,7 @@ } } }, - "L3TaskDef48D8ACB8": { + "ALBFargateServiceTaskDefF69F17D6": { "Type": "AWS::ECS::TaskDefinition", "Properties": { "ContainerDefinitions": [ @@ -484,9 +484,9 @@ "LogDriver": "awslogs", "Options": { "awslogs-group": { - "Ref": "L3TaskDefwebLogGroupC6E4A38A" + "Ref": "ALBFargateServiceTaskDefwebLogGroup7073A41D" }, - "awslogs-stream-prefix": "L3", + "awslogs-stream-prefix": "ALBFargateService", "awslogs-region": { "Ref": "AWS::Region" } @@ -504,11 +504,11 @@ "Cpu": "512", "ExecutionRoleArn": { "Fn::GetAtt": [ - "L3TaskDefExecutionRole49AF0996", + "ALBFargateServiceTaskDefExecutionRole9E885E7B", "Arn" ] }, - "Family": "awsecsintegL3TaskDefAA25240E", + "Family": "awsecsintegl3vpconlyALBFargateServiceTaskDef846555AE", "Memory": "1024", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ @@ -516,18 +516,18 @@ ], "TaskRoleArn": { "Fn::GetAtt": [ - "L3TaskDefTaskRole21C75D10", + "ALBFargateServiceTaskDefTaskRole11408723", "Arn" ] } } }, - "L3TaskDefwebLogGroupC6E4A38A": { + "ALBFargateServiceTaskDefwebLogGroup7073A41D": { "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "L3TaskDefExecutionRole49AF0996": { + "ALBFargateServiceTaskDefExecutionRole9E885E7B": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -544,7 +544,7 @@ } } }, - "L3TaskDefExecutionRoleDefaultPolicy4656E642": { + "ALBFargateServiceTaskDefExecutionRoleDefaultPolicy574B9EAD": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -557,7 +557,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "L3TaskDefwebLogGroupC6E4A38A", + "ALBFargateServiceTaskDefwebLogGroup7073A41D", "Arn" ] } @@ -565,15 +565,15 @@ ], "Version": "2012-10-17" }, - "PolicyName": "L3TaskDefExecutionRoleDefaultPolicy4656E642", + "PolicyName": "ALBFargateServiceTaskDefExecutionRoleDefaultPolicy574B9EAD", "Roles": [ { - "Ref": "L3TaskDefExecutionRole49AF0996" + "Ref": "ALBFargateServiceTaskDefExecutionRole9E885E7B" } ] } }, - "L3Service616D5A93": { + "ALBFargateService90FDCE10": { "Type": "AWS::ECS::Service", "Properties": { "Cluster": { @@ -591,7 +591,7 @@ "ContainerName": "web", "ContainerPort": 80, "TargetGroupArn": { - "Ref": "L3LBPublicListenerECSGroup648EEA11" + "Ref": "ALBFargateServiceLBPublicListenerECSGroup6871FB8C" } } ], @@ -601,7 +601,7 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] } @@ -617,18 +617,18 @@ } }, "TaskDefinition": { - "Ref": "L3TaskDef48D8ACB8" + "Ref": "ALBFargateServiceTaskDefF69F17D6" } }, "DependsOn": [ - "L3LBPublicListenerECSGroup648EEA11", - "L3LBPublicListener156FFC0F" + "ALBFargateServiceLBPublicListenerECSGroup6871FB8C", + "ALBFargateServiceLBPublicListener3489002A" ] }, - "L3ServiceSecurityGroup677B0897": { + "ALBFargateServiceSecurityGroup82F7A67E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "aws-ecs-integ/L3/Service/SecurityGroup", + "GroupDescription": "aws-ecs-integ-l3-vpconly/ALBFargateService/Service/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -641,7 +641,7 @@ } } }, - "L3ServiceSecurityGroupfromawsecsintegL3LBSecurityGroupA70DA46C80DBDFBCD6": { + "ALBFargateServiceSecurityGroupfromawsecsintegl3vpconlyALBFargateServiceLBSecurityGroup96E9BBBD8073FB670D": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "tcp", @@ -649,13 +649,13 @@ "FromPort": 80, "GroupId": { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] }, "SourceSecurityGroupId": { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] }, @@ -665,672 +665,7 @@ "EcsDefaultClusterMnL3mNNYNVpc18E0451A": { "Type": "AWS::ECS::Cluster" }, - "Vpc299FDBC5F": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2" - } - ] - } - }, - "Vpc2PublicSubnet1Subnet758D49A9": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.0.0/18", - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet1" - } - ] - } - }, - "Vpc2PublicSubnet1RouteTable424A19D4": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet1" - } - ] - } - }, - "Vpc2PublicSubnet1RouteTableAssociationA1651F3A": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PublicSubnet1RouteTable424A19D4" - }, - "SubnetId": { - "Ref": "Vpc2PublicSubnet1Subnet758D49A9" - } - } - }, - "Vpc2PublicSubnet1DefaultRoute64172CA2": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PublicSubnet1RouteTable424A19D4" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "Vpc2IGWB10A76EB" - } - }, - "DependsOn": [ - "Vpc2VPCGW62C338EF" - ] - }, - "Vpc2PublicSubnet1EIP42DB8E45": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet1" - } - ] - } - }, - "Vpc2PublicSubnet1NATGateway26016506": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "Vpc2PublicSubnet1EIP42DB8E45", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "Vpc2PublicSubnet1Subnet758D49A9" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet1" - } - ] - } - }, - "Vpc2PublicSubnet2Subnet0BF8C291": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.64.0/18", - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet2" - } - ] - } - }, - "Vpc2PublicSubnet2RouteTableF9AE47B1": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet2" - } - ] - } - }, - "Vpc2PublicSubnet2RouteTableAssociation361E1341": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PublicSubnet2RouteTableF9AE47B1" - }, - "SubnetId": { - "Ref": "Vpc2PublicSubnet2Subnet0BF8C291" - } - } - }, - "Vpc2PublicSubnet2DefaultRouteBAB514C1": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PublicSubnet2RouteTableF9AE47B1" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "Vpc2IGWB10A76EB" - } - }, - "DependsOn": [ - "Vpc2VPCGW62C338EF" - ] - }, - "Vpc2PublicSubnet2EIP66DD26A4": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet2" - } - ] - } - }, - "Vpc2PublicSubnet2NATGateway6CBF7FA6": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "Vpc2PublicSubnet2EIP66DD26A4", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "Vpc2PublicSubnet2Subnet0BF8C291" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PublicSubnet2" - } - ] - } - }, - "Vpc2PrivateSubnet1Subnet34902000": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.128.0/18", - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PrivateSubnet1" - } - ] - } - }, - "Vpc2PrivateSubnet1RouteTableF8A2430B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PrivateSubnet1" - } - ] - } - }, - "Vpc2PrivateSubnet1RouteTableAssociation74320528": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PrivateSubnet1RouteTableF8A2430B" - }, - "SubnetId": { - "Ref": "Vpc2PrivateSubnet1Subnet34902000" - } - } - }, - "Vpc2PrivateSubnet1DefaultRoute24717F54": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PrivateSubnet1RouteTableF8A2430B" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "Vpc2PublicSubnet1NATGateway26016506" - } - } - }, - "Vpc2PrivateSubnet2Subnet3BA0F39B": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.192.0/18", - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PrivateSubnet2" - } - ] - } - }, - "Vpc2PrivateSubnet2RouteTableB4F37E84": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2/PrivateSubnet2" - } - ] - } - }, - "Vpc2PrivateSubnet2RouteTableAssociation19A1B68F": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PrivateSubnet2RouteTableB4F37E84" - }, - "SubnetId": { - "Ref": "Vpc2PrivateSubnet2Subnet3BA0F39B" - } - } - }, - "Vpc2PrivateSubnet2DefaultRouteA55B1734": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "Vpc2PrivateSubnet2RouteTableB4F37E84" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "Vpc2PublicSubnet2NATGateway6CBF7FA6" - } - } - }, - "Vpc2IGWB10A76EB": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Vpc2" - } - ] - } - }, - "Vpc2VPCGW62C338EF": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "Vpc299FDBC5F" - }, - "InternetGatewayId": { - "Ref": "Vpc2IGWB10A76EB" - } - } - }, - "L3bLBB8FADA4E": { - "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", - "Properties": { - "LoadBalancerAttributes": [ - { - "Key": "deletion_protection.enabled", - "Value": "false" - } - ], - "Scheme": "internet-facing", - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "L3bLBSecurityGroup7A2B0AA0", - "GroupId" - ] - } - ], - "Subnets": [ - { - "Ref": "Vpc2PublicSubnet1Subnet758D49A9" - }, - { - "Ref": "Vpc2PublicSubnet2Subnet0BF8C291" - } - ], - "Type": "application" - }, - "DependsOn": [ - "Vpc2PublicSubnet1DefaultRoute64172CA2", - "Vpc2PublicSubnet2DefaultRouteBAB514C1" - ] - }, - "L3bLBSecurityGroup7A2B0AA0": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Automatically created Security Group for ELB awsecsintegL3bLB9C1497A7", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow from anyone on port 80", - "FromPort": 80, - "IpProtocol": "tcp", - "ToPort": 80 - } - ], - "VpcId": { - "Ref": "Vpc299FDBC5F" - } - } - }, - "L3bLBSecurityGrouptoawsecsintegL3bServiceSecurityGroupC2BD1A598019C4C37D": { - "Type": "AWS::EC2::SecurityGroupEgress", - "Properties": { - "GroupId": { - "Fn::GetAtt": [ - "L3bLBSecurityGroup7A2B0AA0", - "GroupId" - ] - }, - "IpProtocol": "tcp", - "Description": "Load balancer to target", - "DestinationSecurityGroupId": { - "Fn::GetAtt": [ - "L3bServiceSecurityGroupA8DA736E", - "GroupId" - ] - }, - "FromPort": 80, - "ToPort": 80 - } - }, - "L3bLBPublicListenerA825925B": { - "Type": "AWS::ElasticLoadBalancingV2::Listener", - "Properties": { - "DefaultActions": [ - { - "TargetGroupArn": { - "Ref": "L3bLBPublicListenerECSGroup0070C5CA" - }, - "Type": "forward" - } - ], - "LoadBalancerArn": { - "Ref": "L3bLBB8FADA4E" - }, - "Port": 80, - "Protocol": "HTTP" - } - }, - "L3bLBPublicListenerECSGroup0070C5CA": { - "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", - "Properties": { - "Port": 80, - "Protocol": "HTTP", - "TargetType": "ip", - "VpcId": { - "Ref": "Vpc299FDBC5F" - } - } - }, - "L3bTaskDefTaskRoleADAB80C8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "L3bTaskDef5506864D": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Essential": true, - "Image": "amazon/amazon-ecs-sample", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "L3bTaskDefwebLogGroup8E5F1183" - }, - "awslogs-stream-prefix": "L3b", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "Name": "web", - "PortMappings": [ - { - "ContainerPort": 80, - "Protocol": "tcp" - } - ] - } - ], - "Cpu": "512", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "L3bTaskDefExecutionRole9A3E2688", - "Arn" - ] - }, - "Family": "awsecsintegL3bTaskDef24D7E4F1", - "Memory": "1024", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "L3bTaskDefTaskRoleADAB80C8", - "Arn" - ] - } - } - }, - "L3bTaskDefwebLogGroup8E5F1183": { - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "L3bTaskDefExecutionRole9A3E2688": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "L3bTaskDefExecutionRoleDefaultPolicy0CEA0ED2": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "L3bTaskDefwebLogGroup8E5F1183", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "L3bTaskDefExecutionRoleDefaultPolicy0CEA0ED2", - "Roles": [ - { - "Ref": "L3bTaskDefExecutionRole9A3E2688" - } - ] - } - }, - "L3bServiceF9D33D5A": { - "Type": "AWS::ECS::Service", - "Properties": { - "Cluster": { - "Ref": "EcsDefaultClusterMnL3mNNYNVpc2B5DB011D" - }, - "DeploymentConfiguration": { - "MaximumPercent": 200, - "MinimumHealthyPercent": 50 - }, - "EnableECSManagedTags": false, - "HealthCheckGracePeriodSeconds": 60, - "LaunchType": "FARGATE", - "LoadBalancers": [ - { - "ContainerName": "web", - "ContainerPort": 80, - "TargetGroupArn": { - "Ref": "L3bLBPublicListenerECSGroup0070C5CA" - } - } - ], - "NetworkConfiguration": { - "AwsvpcConfiguration": { - "AssignPublicIp": "DISABLED", - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "L3bServiceSecurityGroupA8DA736E", - "GroupId" - ] - } - ], - "Subnets": [ - { - "Ref": "Vpc2PrivateSubnet1Subnet34902000" - }, - { - "Ref": "Vpc2PrivateSubnet2Subnet3BA0F39B" - } - ] - } - }, - "TaskDefinition": { - "Ref": "L3bTaskDef5506864D" - } - }, - "DependsOn": [ - "L3bLBPublicListenerECSGroup0070C5CA", - "L3bLBPublicListenerA825925B" - ] - }, - "L3bServiceSecurityGroupA8DA736E": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "aws-ecs-integ/L3b/Service/SecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "Vpc299FDBC5F" - } - } - }, - "L3bServiceSecurityGroupfromawsecsintegL3bLBSecurityGroupA7B79A628034042CE5": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "Load balancer to target", - "FromPort": 80, - "GroupId": { - "Fn::GetAtt": [ - "L3bServiceSecurityGroupA8DA736E", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "L3bLBSecurityGroup7A2B0AA0", - "GroupId" - ] - }, - "ToPort": 80 - } - }, - "EcsDefaultClusterMnL3mNNYNVpc2B5DB011D": { - "Type": "AWS::ECS::Cluster" - }, - "L3cLB041B1E8C": { + "NLBFargateServiceLB659EC17C": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "LoadBalancerAttributes": [ @@ -1340,98 +675,51 @@ } ], "Scheme": "internet-facing", - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "L3cLBSecurityGroup818CBDE1", - "GroupId" - ] - } - ], "Subnets": [ { - "Ref": "Vpc2PublicSubnet1Subnet758D49A9" + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" }, { - "Ref": "Vpc2PublicSubnet2Subnet0BF8C291" + "Ref": "VpcPublicSubnet2Subnet691E08A3" } ], - "Type": "application" + "Type": "network" }, "DependsOn": [ - "Vpc2PublicSubnet1DefaultRoute64172CA2", - "Vpc2PublicSubnet2DefaultRouteBAB514C1" + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet2DefaultRoute97F91067" ] }, - "L3cLBSecurityGroup818CBDE1": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Automatically created Security Group for ELB awsecsintegL3cLB16505710", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow from anyone on port 80", - "FromPort": 80, - "IpProtocol": "tcp", - "ToPort": 80 - } - ], - "VpcId": { - "Ref": "Vpc299FDBC5F" - } - } - }, - "L3cLBSecurityGrouptoawsecsintegL3cServiceSecurityGroupA4254E838029E3B246": { - "Type": "AWS::EC2::SecurityGroupEgress", - "Properties": { - "GroupId": { - "Fn::GetAtt": [ - "L3cLBSecurityGroup818CBDE1", - "GroupId" - ] - }, - "IpProtocol": "tcp", - "Description": "Load balancer to target", - "DestinationSecurityGroupId": { - "Fn::GetAtt": [ - "L3cServiceSecurityGroup94AFACED", - "GroupId" - ] - }, - "FromPort": 80, - "ToPort": 80 - } - }, - "L3cLBPublicListener1D4B3F11": { + "NLBFargateServiceLBPublicListenerB0DCA73C": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [ { "TargetGroupArn": { - "Ref": "L3cLBPublicListenerECSGroup62D7B705" + "Ref": "NLBFargateServiceLBPublicListenerECSGroupC469CAA2" }, "Type": "forward" } ], "LoadBalancerArn": { - "Ref": "L3cLB041B1E8C" + "Ref": "NLBFargateServiceLB659EC17C" }, "Port": 80, - "Protocol": "HTTP" + "Protocol": "TCP" } }, - "L3cLBPublicListenerECSGroup62D7B705": { + "NLBFargateServiceLBPublicListenerECSGroupC469CAA2": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties": { "Port": 80, - "Protocol": "HTTP", + "Protocol": "TCP", "TargetType": "ip", "VpcId": { - "Ref": "Vpc299FDBC5F" + "Ref": "Vpc8378EB38" } } }, - "L3cTaskDefTaskRole3C3C6124": { + "NLBFargateServiceTaskDefTaskRole6C88F40B": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -1448,7 +736,7 @@ } } }, - "L3cTaskDefA575AF8A": { + "NLBFargateServiceTaskDefB836FA89": { "Type": "AWS::ECS::TaskDefinition", "Properties": { "ContainerDefinitions": [ @@ -1459,9 +747,9 @@ "LogDriver": "awslogs", "Options": { "awslogs-group": { - "Ref": "L3cTaskDefwebLogGroupE4BDEC1B" + "Ref": "NLBFargateServiceTaskDefwebLogGroupC4A42FE2" }, - "awslogs-stream-prefix": "L3c", + "awslogs-stream-prefix": "NLBFargateService", "awslogs-region": { "Ref": "AWS::Region" } @@ -1479,11 +767,11 @@ "Cpu": "512", "ExecutionRoleArn": { "Fn::GetAtt": [ - "L3cTaskDefExecutionRoleF366B4B2", + "NLBFargateServiceTaskDefExecutionRoleF6D642D5", "Arn" ] }, - "Family": "awsecsintegL3cTaskDefF83D4A1D", + "Family": "awsecsintegl3vpconlyNLBFargateServiceTaskDef1E6E41A6", "Memory": "1024", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ @@ -1491,18 +779,18 @@ ], "TaskRoleArn": { "Fn::GetAtt": [ - "L3cTaskDefTaskRole3C3C6124", + "NLBFargateServiceTaskDefTaskRole6C88F40B", "Arn" ] } } }, - "L3cTaskDefwebLogGroupE4BDEC1B": { + "NLBFargateServiceTaskDefwebLogGroupC4A42FE2": { "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "L3cTaskDefExecutionRoleF366B4B2": { + "NLBFargateServiceTaskDefExecutionRoleF6D642D5": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -1519,7 +807,7 @@ } } }, - "L3cTaskDefExecutionRoleDefaultPolicy364B8E8C": { + "NLBFargateServiceTaskDefExecutionRoleDefaultPolicy90080805": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -1532,7 +820,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "L3cTaskDefwebLogGroupE4BDEC1B", + "NLBFargateServiceTaskDefwebLogGroupC4A42FE2", "Arn" ] } @@ -1540,19 +828,19 @@ ], "Version": "2012-10-17" }, - "PolicyName": "L3cTaskDefExecutionRoleDefaultPolicy364B8E8C", + "PolicyName": "NLBFargateServiceTaskDefExecutionRoleDefaultPolicy90080805", "Roles": [ { - "Ref": "L3cTaskDefExecutionRoleF366B4B2" + "Ref": "NLBFargateServiceTaskDefExecutionRoleF6D642D5" } ] } }, - "L3cServiceADA1E573": { + "NLBFargateServiceB92AC095": { "Type": "AWS::ECS::Service", "Properties": { "Cluster": { - "Ref": "EcsDefaultClusterMnL3mNNYNVpc2B5DB011D" + "Ref": "EcsDefaultClusterMnL3mNNYNVpc18E0451A" }, "DeploymentConfiguration": { "MaximumPercent": 200, @@ -1566,7 +854,7 @@ "ContainerName": "web", "ContainerPort": 80, "TargetGroupArn": { - "Ref": "L3cLBPublicListenerECSGroup62D7B705" + "Ref": "NLBFargateServiceLBPublicListenerECSGroupC469CAA2" } } ], @@ -1576,34 +864,34 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3cServiceSecurityGroup94AFACED", + "NLBFargateServiceSecurityGroup9D81388B", "GroupId" ] } ], "Subnets": [ { - "Ref": "Vpc2PrivateSubnet1Subnet34902000" + "Ref": "VpcPrivateSubnet1Subnet536B997A" }, { - "Ref": "Vpc2PrivateSubnet2Subnet3BA0F39B" + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" } ] } }, "TaskDefinition": { - "Ref": "L3cTaskDefA575AF8A" + "Ref": "NLBFargateServiceTaskDefB836FA89" } }, "DependsOn": [ - "L3cLBPublicListenerECSGroup62D7B705", - "L3cLBPublicListener1D4B3F11" + "NLBFargateServiceLBPublicListenerECSGroupC469CAA2", + "NLBFargateServiceLBPublicListenerB0DCA73C" ] }, - "L3cServiceSecurityGroup94AFACED": { + "NLBFargateServiceSecurityGroup9D81388B": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "aws-ecs-integ/L3c/Service/SecurityGroup", + "GroupDescription": "aws-ecs-integ-l3-vpconly/NLBFargateService/Service/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -1612,66 +900,21 @@ } ], "VpcId": { - "Ref": "Vpc299FDBC5F" + "Ref": "Vpc8378EB38" } } - }, - "L3cServiceSecurityGroupfromawsecsintegL3cLBSecurityGroup7820B0B28070DB6447": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "Load balancer to target", - "FromPort": 80, - "GroupId": { - "Fn::GetAtt": [ - "L3cServiceSecurityGroup94AFACED", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "L3cLBSecurityGroup818CBDE1", - "GroupId" - ] - }, - "ToPort": 80 - } } }, "Outputs": { - "L3LoadBalancerDNSC6CB4A70": { - "Value": { - "Fn::GetAtt": [ - "L3LB212FC0E0", - "DNSName" - ] - } - }, - "L3ServiceURL0F065F2D": { - "Value": { - "Fn::Join": [ - "", - [ - "http://", - { - "Fn::GetAtt": [ - "L3LB212FC0E0", - "DNSName" - ] - } - ] - ] - } - }, - "L3bLoadBalancerDNSED096132": { + "ALBFargateServiceLoadBalancerDNSAFB2EDDB": { "Value": { "Fn::GetAtt": [ - "L3bLBB8FADA4E", + "ALBFargateServiceLB64A0074E", "DNSName" ] } }, - "L3bServiceURL0EDED888": { + "ALBFargateServiceServiceURL4A19CF25": { "Value": { "Fn::Join": [ "", @@ -1679,7 +922,7 @@ "http://", { "Fn::GetAtt": [ - "L3bLBB8FADA4E", + "ALBFargateServiceLB64A0074E", "DNSName" ] } @@ -1687,29 +930,13 @@ ] } }, - "L3cLoadBalancerDNS9409202E": { + "NLBFargateServiceLoadBalancerDNSC2B2922F": { "Value": { "Fn::GetAtt": [ - "L3cLB041B1E8C", + "NLBFargateServiceLB659EC17C", "DNSName" ] } - }, - "L3cServiceURL2E1758C7": { - "Value": { - "Fn::Join": [ - "", - [ - "http://", - { - "Fn::GetAtt": [ - "L3cLB041B1E8C", - "DNSName" - ] - } - ] - ] - } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts index e3e7fedceda97..f0f76f754639e 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts @@ -4,21 +4,14 @@ import * as cdk from '@aws-cdk/core'; import * as ecsPatterns from '../../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-integ'); +const stack = new cdk.Stack(app, 'aws-ecs-integ-l3-vpconly'); +// Create VPC only const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2 }); -new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3', { - vpc, - memoryLimitMiB: 1024, - cpu: 512, - taskImageOptions: { - image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), - }, -}); -const vpc2 = new ec2.Vpc(stack, 'Vpc2', { maxAzs: 2 }); -new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3b', { - vpc: vpc2, +// Create ALB service +new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'ALBFargateService', { + vpc, memoryLimitMiB: 1024, cpu: 512, taskImageOptions: { @@ -26,8 +19,9 @@ new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3b', { }, }); -new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3c', { - vpc: vpc2, +// Create NLB service +new ecsPatterns.NetworkLoadBalancedFargateService(stack, 'NLBFargateService', { + vpc, memoryLimitMiB: 1024, cpu: 512, taskImageOptions: { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.expected.json index 40d86be5d331b..efd340e79b5cf 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.expected.json @@ -10,7 +10,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc" + "Value": "aws-ecs-integ-lb-fargate/Vpc" } ] } @@ -35,7 +35,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet1" } ] } @@ -49,7 +49,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet1" } ] } @@ -87,7 +87,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet1" } ] } @@ -107,7 +107,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet1" } ] } @@ -132,7 +132,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet2" } ] } @@ -146,7 +146,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet2" } ] } @@ -184,7 +184,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet2" } ] } @@ -204,7 +204,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PublicSubnet2" } ] } @@ -229,7 +229,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PrivateSubnet1" } ] } @@ -243,7 +243,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PrivateSubnet1" } ] } @@ -291,7 +291,7 @@ }, { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PrivateSubnet2" } ] } @@ -305,7 +305,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + "Value": "aws-ecs-integ-lb-fargate/Vpc/PrivateSubnet2" } ] } @@ -339,7 +339,7 @@ "Tags": [ { "Key": "Name", - "Value": "aws-ecs-integ/Vpc" + "Value": "aws-ecs-integ-lb-fargate/Vpc" } ] } @@ -358,7 +358,7 @@ "FargateCluster7CCD5F93": { "Type": "AWS::ECS::Cluster" }, - "L3LB212FC0E0": { + "ALBFargateServiceLB64A0074E": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "LoadBalancerAttributes": [ @@ -371,7 +371,7 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] } @@ -391,10 +391,10 @@ "VpcPublicSubnet2DefaultRoute97F91067" ] }, - "L3LBSecurityGroupEDE61198": { + "ALBFargateServiceLBSecurityGroup5DC3060E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "Automatically created Security Group for ELB awsecsintegL3LB6453BA0A", + "GroupDescription": "Automatically created Security Group for ELB awsecsinteglbfargateALBFargateServiceLBF93E98F2", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", @@ -409,12 +409,12 @@ } } }, - "L3LBSecurityGrouptoawsecsintegL3ServiceSecurityGroup7B96C87F8094933E0A": { + "ALBFargateServiceLBSecurityGrouptoawsecsinteglbfargateALBFargateServiceSecurityGroup0D9B5AEB80C5CFCE6C": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] }, @@ -422,7 +422,7 @@ "Description": "Load balancer to target", "DestinationSecurityGroupId": { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] }, @@ -430,25 +430,25 @@ "ToPort": 80 } }, - "L3LBPublicListener156FFC0F": { + "ALBFargateServiceLBPublicListener3489002A": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [ { "TargetGroupArn": { - "Ref": "L3LBPublicListenerECSGroup648EEA11" + "Ref": "ALBFargateServiceLBPublicListenerECSGroup6871FB8C" }, "Type": "forward" } ], "LoadBalancerArn": { - "Ref": "L3LB212FC0E0" + "Ref": "ALBFargateServiceLB64A0074E" }, "Port": 80, "Protocol": "HTTP" } }, - "L3LBPublicListenerECSGroup648EEA11": { + "ALBFargateServiceLBPublicListenerECSGroup6871FB8C": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties": { "Port": 80, @@ -459,7 +459,7 @@ } } }, - "L3TaskDefTaskRole21C75D10": { + "ALBFargateServiceTaskDefTaskRole11408723": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -476,7 +476,7 @@ } } }, - "L3TaskDef48D8ACB8": { + "ALBFargateServiceTaskDefF69F17D6": { "Type": "AWS::ECS::TaskDefinition", "Properties": { "ContainerDefinitions": [ @@ -487,9 +487,9 @@ "LogDriver": "awslogs", "Options": { "awslogs-group": { - "Ref": "L3TaskDefwebLogGroupC6E4A38A" + "Ref": "ALBFargateServiceTaskDefwebLogGroup7073A41D" }, - "awslogs-stream-prefix": "L3", + "awslogs-stream-prefix": "ALBFargateService", "awslogs-region": { "Ref": "AWS::Region" } @@ -507,11 +507,11 @@ "Cpu": "512", "ExecutionRoleArn": { "Fn::GetAtt": [ - "L3TaskDefExecutionRole49AF0996", + "ALBFargateServiceTaskDefExecutionRole9E885E7B", "Arn" ] }, - "Family": "awsecsintegL3TaskDefAA25240E", + "Family": "awsecsinteglbfargateALBFargateServiceTaskDef26FE75C0", "Memory": "1024", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ @@ -519,18 +519,18 @@ ], "TaskRoleArn": { "Fn::GetAtt": [ - "L3TaskDefTaskRole21C75D10", + "ALBFargateServiceTaskDefTaskRole11408723", "Arn" ] } } }, - "L3TaskDefwebLogGroupC6E4A38A": { + "ALBFargateServiceTaskDefwebLogGroup7073A41D": { "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "L3TaskDefExecutionRole49AF0996": { + "ALBFargateServiceTaskDefExecutionRole9E885E7B": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -547,7 +547,7 @@ } } }, - "L3TaskDefExecutionRoleDefaultPolicy4656E642": { + "ALBFargateServiceTaskDefExecutionRoleDefaultPolicy574B9EAD": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -560,7 +560,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "L3TaskDefwebLogGroupC6E4A38A", + "ALBFargateServiceTaskDefwebLogGroup7073A41D", "Arn" ] } @@ -568,15 +568,15 @@ ], "Version": "2012-10-17" }, - "PolicyName": "L3TaskDefExecutionRoleDefaultPolicy4656E642", + "PolicyName": "ALBFargateServiceTaskDefExecutionRoleDefaultPolicy574B9EAD", "Roles": [ { - "Ref": "L3TaskDefExecutionRole49AF0996" + "Ref": "ALBFargateServiceTaskDefExecutionRole9E885E7B" } ] } }, - "L3Service616D5A93": { + "ALBFargateService90FDCE10": { "Type": "AWS::ECS::Service", "Properties": { "Cluster": { @@ -594,7 +594,7 @@ "ContainerName": "web", "ContainerPort": 80, "TargetGroupArn": { - "Ref": "L3LBPublicListenerECSGroup648EEA11" + "Ref": "ALBFargateServiceLBPublicListenerECSGroup6871FB8C" } } ], @@ -604,7 +604,7 @@ "SecurityGroups": [ { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] } @@ -620,18 +620,18 @@ } }, "TaskDefinition": { - "Ref": "L3TaskDef48D8ACB8" + "Ref": "ALBFargateServiceTaskDefF69F17D6" } }, "DependsOn": [ - "L3LBPublicListenerECSGroup648EEA11", - "L3LBPublicListener156FFC0F" + "ALBFargateServiceLBPublicListenerECSGroup6871FB8C", + "ALBFargateServiceLBPublicListener3489002A" ] }, - "L3ServiceSecurityGroup677B0897": { + "ALBFargateServiceSecurityGroup82F7A67E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "aws-ecs-integ/L3/Service/SecurityGroup", + "GroupDescription": "aws-ecs-integ-lb-fargate/ALBFargateService/Service/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -644,7 +644,7 @@ } } }, - "L3ServiceSecurityGroupfromawsecsintegL3LBSecurityGroupA70DA46C80DBDFBCD6": { + "ALBFargateServiceSecurityGroupfromawsecsinteglbfargateALBFargateServiceLBSecurityGroupCD911D2880462ECC11": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "tcp", @@ -652,30 +652,269 @@ "FromPort": 80, "GroupId": { "Fn::GetAtt": [ - "L3ServiceSecurityGroup677B0897", + "ALBFargateServiceSecurityGroup82F7A67E", "GroupId" ] }, "SourceSecurityGroupId": { "Fn::GetAtt": [ - "L3LBSecurityGroupEDE61198", + "ALBFargateServiceLBSecurityGroup5DC3060E", "GroupId" ] }, "ToPort": 80 } + }, + "NLBFargateServiceLB659EC17C": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internet-facing", + "Subnets": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "Type": "network" + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet2DefaultRoute97F91067" + ] + }, + "NLBFargateServiceLBPublicListenerB0DCA73C": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "DefaultActions": [ + { + "TargetGroupArn": { + "Ref": "NLBFargateServiceLBPublicListenerECSGroupC469CAA2" + }, + "Type": "forward" + } + ], + "LoadBalancerArn": { + "Ref": "NLBFargateServiceLB659EC17C" + }, + "Port": 80, + "Protocol": "TCP" + } + }, + "NLBFargateServiceLBPublicListenerECSGroupC469CAA2": { + "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "Properties": { + "Port": 80, + "Protocol": "TCP", + "TargetType": "ip", + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "NLBFargateServiceTaskDefTaskRole6C88F40B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "NLBFargateServiceTaskDefB836FA89": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Essential": true, + "Image": "amazon/amazon-ecs-sample", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "NLBFargateServiceTaskDefwebLogGroupC4A42FE2" + }, + "awslogs-stream-prefix": "NLBFargateService", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "web", + "PortMappings": [ + { + "ContainerPort": 80, + "Protocol": "tcp" + } + ] + } + ], + "Cpu": "512", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "NLBFargateServiceTaskDefExecutionRoleF6D642D5", + "Arn" + ] + }, + "Family": "awsecsinteglbfargateNLBFargateServiceTaskDef1265FF34", + "Memory": "1024", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "NLBFargateServiceTaskDefTaskRole6C88F40B", + "Arn" + ] + } + } + }, + "NLBFargateServiceTaskDefwebLogGroupC4A42FE2": { + "Type": "AWS::Logs::LogGroup", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "NLBFargateServiceTaskDefExecutionRoleF6D642D5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "NLBFargateServiceTaskDefExecutionRoleDefaultPolicy90080805": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "NLBFargateServiceTaskDefwebLogGroupC4A42FE2", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "NLBFargateServiceTaskDefExecutionRoleDefaultPolicy90080805", + "Roles": [ + { + "Ref": "NLBFargateServiceTaskDefExecutionRoleF6D642D5" + } + ] + } + }, + "NLBFargateServiceB92AC095": { + "Type": "AWS::ECS::Service", + "Properties": { + "Cluster": { + "Ref": "FargateCluster7CCD5F93" + }, + "DeploymentConfiguration": { + "MaximumPercent": 200, + "MinimumHealthyPercent": 50 + }, + "EnableECSManagedTags": false, + "HealthCheckGracePeriodSeconds": 60, + "LaunchType": "FARGATE", + "LoadBalancers": [ + { + "ContainerName": "web", + "ContainerPort": 80, + "TargetGroupArn": { + "Ref": "NLBFargateServiceLBPublicListenerECSGroupC469CAA2" + } + } + ], + "NetworkConfiguration": { + "AwsvpcConfiguration": { + "AssignPublicIp": "DISABLED", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "NLBFargateServiceSecurityGroup9D81388B", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "TaskDefinition": { + "Ref": "NLBFargateServiceTaskDefB836FA89" + } + }, + "DependsOn": [ + "NLBFargateServiceLBPublicListenerECSGroupC469CAA2", + "NLBFargateServiceLBPublicListenerB0DCA73C" + ] + }, + "NLBFargateServiceSecurityGroup9D81388B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-ecs-integ-lb-fargate/NLBFargateService/Service/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } } }, "Outputs": { - "L3LoadBalancerDNSC6CB4A70": { + "ALBFargateServiceLoadBalancerDNSAFB2EDDB": { "Value": { "Fn::GetAtt": [ - "L3LB212FC0E0", + "ALBFargateServiceLB64A0074E", "DNSName" ] } }, - "L3ServiceURL0F065F2D": { + "ALBFargateServiceServiceURL4A19CF25": { "Value": { "Fn::Join": [ "", @@ -683,13 +922,21 @@ "http://", { "Fn::GetAtt": [ - "L3LB212FC0E0", + "ALBFargateServiceLB64A0074E", "DNSName" ] } ] ] } + }, + "NLBFargateServiceLoadBalancerDNSC2B2922F": { + "Value": { + "Fn::GetAtt": [ + "NLBFargateServiceLB659EC17C", + "DNSName" + ] + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.ts index 5819bb3955190..b7cca5925e67c 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.l3.ts @@ -4,13 +4,24 @@ import * as cdk from '@aws-cdk/core'; import * as ecsPatterns from '../../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-integ'); +const stack = new cdk.Stack(app, 'aws-ecs-integ-lb-fargate'); +// Create VPC and cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2 }); - const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); -new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'L3', { +// Create ALB service +new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'ALBFargateService', { + cluster, + memoryLimitMiB: 1024, + cpu: 512, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + }, +}); + +// Create NLB service +new ecsPatterns.NetworkLoadBalancedFargateService(stack, 'NLBFargateService', { cluster, memoryLimitMiB: 1024, cpu: 512, From d82de0518abf4deb2c5b38d8eed9653fa8181cbd Mon Sep 17 00:00:00 2001 From: Bryan Pan Date: Thu, 13 May 2021 08:48:46 -0700 Subject: [PATCH 7/7] chore(appsync): rds data source service integration with grantDataApi (#14671) Utilize the `grantDataApi` from RDS to complete service integration. Fixes: #13189 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-appsync/lib/data-source.ts | 4 +++- .../aws-appsync/test/appsync-rds.test.ts | 20 ++++++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-appsync/lib/data-source.ts b/packages/@aws-cdk/aws-appsync/lib/data-source.ts index 4c1280c2196d9..b7570be255fac 100644 --- a/packages/@aws-cdk/aws-appsync/lib/data-source.ts +++ b/packages/@aws-cdk/aws-appsync/lib/data-source.ts @@ -350,12 +350,14 @@ export class RdsDataSource extends BackedDataSource { props.secretStore.grantRead(this); // Change to grant with RDS grant becomes implemented + + props.serverlessCluster.grantDataApiAccess(this); + Grant.addToPrincipal({ grantee: this, actions: [ 'rds-data:DeleteItems', 'rds-data:ExecuteSql', - 'rds-data:ExecuteStatement', 'rds-data:GetItems', 'rds-data:InsertItems', 'rds-data:UpdateItems', diff --git a/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts b/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts index 1f7c942811791..9a328b0fe65a0 100644 --- a/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts +++ b/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts @@ -58,11 +58,29 @@ describe('Rds Data Source configuration', () => { Effect: 'Allow', Resource: { Ref: 'AuroraSecret41E6E877' }, }, + { + Action: [ + 'rds-data:BatchExecuteStatement', + 'rds-data:BeginTransaction', + 'rds-data:CommitTransaction', + 'rds-data:ExecuteStatement', + 'rds-data:RollbackTransaction', + ], + Effect: 'Allow', + Resource: '*', + }, + { + Action: [ + 'secretsmanager:GetSecretValue', + 'secretsmanager:DescribeSecret', + ], + Effect: 'Allow', + Resource: { Ref: 'AuroraClusterSecretAttachmentDB8032DA' }, + }, { Action: [ 'rds-data:DeleteItems', 'rds-data:ExecuteSql', - 'rds-data:ExecuteStatement', 'rds-data:GetItems', 'rds-data:InsertItems', 'rds-data:UpdateItems',