From efcafd8e3d6eba733d295936c83e4486b61ee206 Mon Sep 17 00:00:00 2001 From: Mohamed ElAsmar Date: Mon, 27 May 2024 16:47:17 -0700 Subject: [PATCH 1/4] Allow custom container name for Scheduled tasks --- .../aws-ecs-integ-ecs.assets.json | 4 +- .../aws-ecs-integ-ecs.template.json | 239 ++++++++ .../manifest.json | 50 +- .../tree.json | 426 ++++++++++++++ .../test/ec2/integ.scheduled-ecs-task.ts | 21 + .../aws-fargate-integ.assets.json | 4 +- .../aws-fargate-integ.template.json | 320 ++++++++++ .../manifest.json | 56 +- .../tree.json | 551 ++++++++++++++++++ .../fargate/integ.scheduled-fargate-task.ts | 21 + .../aws-cdk-lib/aws-ecs-patterns/README.md | 16 + .../lib/base/scheduled-task-base.ts | 7 + .../lib/ecs/scheduled-ecs-task.ts | 4 +- .../lib/fargate/scheduled-fargate-task.ts | 3 +- .../test/ec2/scheduled-ecs-task.test.ts | 81 +++ .../fargate/scheduled-fargate-task.test.ts | 71 +++ 16 files changed, 1866 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.assets.json index 76c7d930a0d16..eb3ce1d8fd880 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "1259adb9d491b9491b349aff3ff67ac9e96ed23a68a4f774f130a37ed7f67cb4": { + "879d43bd7fa593d0da48ddd22d54a1ec2eab5a43a0ec95fb9933166ec27ea119": { "source": { "path": "aws-ecs-integ-ecs.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "1259adb9d491b9491b349aff3ff67ac9e96ed23a68a4f774f130a37ed7f67cb4.json", + "objectKey": "879d43bd7fa593d0da48ddd22d54a1ec2eab5a43a0ec95fb9933166ec27ea119.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.template.json index 04778e17c43d0..54326dd6e447f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/aws-ecs-integ-ecs.template.json @@ -955,6 +955,245 @@ } ] } + }, + "ScheduledEc2Task2ScheduledEventRule904C0930": { + "Type": "AWS::Events::Rule", + "Properties": { + "ScheduleExpression": "rate(1 minute)", + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Fn::GetAtt": [ + "EcsCluster97242B84", + "Arn" + ] + }, + "EcsParameters": { + "PropagateTags": "TASK_DEFINITION", + "TagList": [ + { + "Key": "my-tag", + "Value": "my-tag-value" + } + ], + "TaskCount": 2, + "TaskDefinitionArn": { + "Ref": "ScheduledEc2Task2ScheduledTaskDef5A1A589E" + } + }, + "Id": "Target0", + "Input": "{}", + "RoleArn": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefEventsRoleE4A47A7F", + "Arn" + ] + } + } + ] + } + }, + "ScheduledEc2Task2ScheduledTaskDefTaskRoleF24CD72E": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ScheduledEc2Task2ScheduledTaskDef5A1A589E": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Cpu": 1, + "Environment": [ + { + "Name": "TRIGGER", + "Value": "CloudWatch Events" + } + ], + "Essential": true, + "Image": "amazon/amazon-ecs-sample", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "ScheduledEc2Task2ScheduledTaskDefdifferentNameLogGroup576E34BD" + }, + "awslogs-stream-prefix": "ScheduledEc2Task2", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Memory": 512, + "Name": "differentName" + } + ], + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80", + "Arn" + ] + }, + "Family": "awsecsintegecsScheduledEc2Task2ScheduledTaskDef4390684D", + "NetworkMode": "bridge", + "RequiresCompatibilities": [ + "EC2" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefTaskRoleF24CD72E", + "Arn" + ] + } + } + }, + "ScheduledEc2Task2ScheduledTaskDefdifferentNameLogGroup576E34BD": { + "Type": "AWS::Logs::LogGroup", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ScheduledEc2Task2ScheduledTaskDefExecutionRoleDefaultPolicy70781945": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefdifferentNameLogGroup576E34BD", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ScheduledEc2Task2ScheduledTaskDefExecutionRoleDefaultPolicy70781945", + "Roles": [ + { + "Ref": "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80" + } + ] + } + }, + "ScheduledEc2Task2ScheduledTaskDefEventsRoleE4A47A7F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ScheduledEc2Task2ScheduledTaskDefEventsRoleDefaultPolicyF5EB7640": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "ecs:RunTask", + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "EcsCluster97242B84", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": { + "Ref": "ScheduledEc2Task2ScheduledTaskDef5A1A589E" + } + }, + { + "Action": "ecs:TagResource", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecs:", + { + "Ref": "AWS::Region" + }, + ":*:task/", + { + "Ref": "EcsCluster97242B84" + }, + "/*" + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ScheduledEc2Task2ScheduledTaskDefEventsRoleDefaultPolicyF5EB7640", + "Roles": [ + { + "Ref": "ScheduledEc2Task2ScheduledTaskDefEventsRoleE4A47A7F" + } + ] + } } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/manifest.json index e9f6d4682dd9c..3f73c6c19a314 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1259adb9d491b9491b349aff3ff67ac9e96ed23a68a4f774f130a37ed7f67cb4.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/879d43bd7fa593d0da48ddd22d54a1ec2eab5a43a0ec95fb9933166ec27ea119.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -262,6 +262,54 @@ "data": "ScheduledEc2TaskScheduledTaskDefEventsRoleDefaultPolicyA6C9177A" } ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledEventRule/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledEventRule904C0930" + } + ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledTaskDefTaskRoleF24CD72E" + } + ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledTaskDef5A1A589E" + } + ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/differentName/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledTaskDefdifferentNameLogGroup576E34BD" + } + ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80" + } + ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledTaskDefExecutionRoleDefaultPolicy70781945" + } + ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/EventsRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledTaskDefEventsRoleE4A47A7F" + } + ], + "/aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/EventsRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledEc2Task2ScheduledTaskDefEventsRoleDefaultPolicyF5EB7640" + } + ], "/aws-ecs-integ-ecs/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/tree.json index b5d3ad07cc3a6..d110f83eb9b0a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.js.snapshot/tree.json @@ -1601,6 +1601,432 @@ "version": "0.0.0" } }, + "ScheduledEc2Task2": { + "id": "ScheduledEc2Task2", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2", + "children": { + "ScheduledEventRule": { + "id": "ScheduledEventRule", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledEventRule", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledEventRule/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Events::Rule", + "aws:cdk:cloudformation:props": { + "scheduleExpression": "rate(1 minute)", + "state": "ENABLED", + "targets": [ + { + "id": "Target0", + "arn": { + "Fn::GetAtt": [ + "EcsCluster97242B84", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefEventsRoleE4A47A7F", + "Arn" + ] + }, + "ecsParameters": { + "taskCount": 2, + "taskDefinitionArn": { + "Ref": "ScheduledEc2Task2ScheduledTaskDef5A1A589E" + }, + "propagateTags": "TASK_DEFINITION", + "tagList": [ + { + "key": "my-tag", + "value": "my-tag-value" + } + ] + }, + "input": "{}" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.Rule", + "version": "0.0.0" + } + }, + "ScheduledTaskDef": { + "id": "ScheduledTaskDef", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/TaskRole", + "children": { + "ImportTaskRole": { + "id": "ImportTaskRole", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/TaskRole/ImportTaskRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "cpu": 1, + "essential": true, + "image": "amazon/amazon-ecs-sample", + "memory": 512, + "name": "differentName", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "ScheduledEc2Task2ScheduledTaskDefdifferentNameLogGroup576E34BD" + }, + "awslogs-stream-prefix": "ScheduledEc2Task2", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "environment": [ + { + "name": "TRIGGER", + "value": "CloudWatch Events" + } + ] + } + ], + "executionRoleArn": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80", + "Arn" + ] + }, + "family": "awsecsintegecsScheduledEc2Task2ScheduledTaskDef4390684D", + "networkMode": "bridge", + "requiresCompatibilities": [ + "EC2" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefTaskRoleF24CD72E", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "differentName": { + "id": "differentName", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/differentName", + "children": { + "LogGroup": { + "id": "LogGroup", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/differentName/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/differentName/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "0.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/ExecutionRole", + "children": { + "ImportExecutionRole": { + "id": "ImportExecutionRole", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/ExecutionRole/ImportExecutionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefdifferentNameLogGroup576E34BD", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ScheduledEc2Task2ScheduledTaskDefExecutionRoleDefaultPolicy70781945", + "roles": [ + { + "Ref": "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "EventsRole": { + "id": "EventsRole", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/EventsRole", + "children": { + "ImportEventsRole": { + "id": "ImportEventsRole", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/EventsRole/ImportEventsRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/EventsRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/EventsRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-ecs/ScheduledEc2Task2/ScheduledTaskDef/EventsRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "ecs:RunTask", + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "EcsCluster97242B84", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": { + "Ref": "ScheduledEc2Task2ScheduledTaskDef5A1A589E" + } + }, + { + "Action": "ecs:TagResource", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecs:", + { + "Ref": "AWS::Region" + }, + ":*:task/", + { + "Ref": "EcsCluster97242B84" + }, + "/*" + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ScheduledEc2Task2ScheduledTaskDefExecutionRoleC4A2CB80", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ScheduledEc2Task2ScheduledTaskDefEventsRoleDefaultPolicyF5EB7640", + "roles": [ + { + "Ref": "ScheduledEc2Task2ScheduledTaskDefEventsRoleE4A47A7F" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Ec2TaskDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs_patterns.ScheduledEc2Task", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-ecs-integ-ecs/BootstrapVersion", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.ts index a89fc863dd36b..fa37055b431f3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.ts @@ -38,6 +38,27 @@ class EventStack extends cdk.Stack { }, ], }); + + // New Scheduled Task with custom container name + new ScheduledEc2Task(this, 'ScheduledEc2Task2', { + cluster, + scheduledEc2TaskImageOptions: { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + containerName: 'differentName', + memoryLimitMiB: 512, + cpu: 1, + environment: { TRIGGER: 'CloudWatch Events' }, + }, + desiredTaskCount: 2, + schedule: events.Schedule.rate(cdk.Duration.minutes(1)), + propagateTags: ecs.PropagatedTagSource.TASK_DEFINITION, + tags: [ + { + key: 'my-tag', + value: 'my-tag-value', + }, + ], + }); /// !hide } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.assets.json index 1a66d063dacfa..50be59f580b7b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "e5cb42cc85fa33247fce2f77994956d0141cf81e49f2dcca1a598d3225d84a53": { + "de04b9df3a372c29acbe87af39fce37afa9e36fe30c2dc3a3cf1c3e49ff319bb": { "source": { "path": "aws-fargate-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e5cb42cc85fa33247fce2f77994956d0141cf81e49f2dcca1a598d3225d84a53.json", + "objectKey": "de04b9df3a372c29acbe87af39fce37afa9e36fe30c2dc3a3cf1c3e49ff319bb.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.template.json index 58f27aa6601c4..f742938f2a7fb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/aws-fargate-integ.template.json @@ -536,6 +536,326 @@ "Ref": "Vpc8378EB38" } } + }, + "ScheduledFargateTask2ScheduledEventRuleB28B6E89": { + "Type": "AWS::Events::Rule", + "Properties": { + "ScheduleExpression": "rate(2 minutes)", + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Fn::GetAtt": [ + "FargateCluster7CCD5F93", + "Arn" + ] + }, + "EcsParameters": { + "LaunchType": "FARGATE", + "NetworkConfiguration": { + "AwsVpcConfiguration": { + "AssignPublicIp": "DISABLED", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefSecurityGroup164B2B50", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + ] + } + }, + "PropagateTags": "TASK_DEFINITION", + "TagList": [ + { + "Key": "my-tag", + "Value": "my-tag-value" + } + ], + "TaskCount": 2, + "TaskDefinitionArn": { + "Ref": "ScheduledFargateTask2ScheduledTaskDef7C71FC91" + } + }, + "Id": "Target0", + "Input": "{}", + "RoleArn": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefEventsRoleDCCAD052", + "Arn" + ] + } + } + ] + } + }, + "ScheduledFargateTask2ScheduledTaskDefTaskRole98EC45BD": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ScheduledFargateTask2ScheduledTaskDef7C71FC91": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Environment": [ + { + "Name": "TRIGGER", + "Value": "CloudWatch Events" + } + ], + "Essential": true, + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" + }, + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "ScheduledFargateTask2ScheduledTaskDefdifferentNameLogGroup68793F8C" + }, + "awslogs-stream-prefix": "ScheduledFargateTask2", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "differentName" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539", + "Arn" + ] + }, + "Family": "awsfargateintegScheduledFargateTask2ScheduledTaskDef1F3A00F8", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefTaskRole98EC45BD", + "Arn" + ] + } + } + }, + "ScheduledFargateTask2ScheduledTaskDefdifferentNameLogGroup68793F8C": { + "Type": "AWS::Logs::LogGroup", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ScheduledFargateTask2ScheduledTaskDefExecutionRoleDefaultPolicyA3F7D935": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefdifferentNameLogGroup68793F8C", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ScheduledFargateTask2ScheduledTaskDefExecutionRoleDefaultPolicyA3F7D935", + "Roles": [ + { + "Ref": "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539" + } + ] + } + }, + "ScheduledFargateTask2ScheduledTaskDefEventsRoleDCCAD052": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ScheduledFargateTask2ScheduledTaskDefEventsRoleDefaultPolicyC878DEC4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "ecs:RunTask", + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "FargateCluster7CCD5F93", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": { + "Ref": "ScheduledFargateTask2ScheduledTaskDef7C71FC91" + } + }, + { + "Action": "ecs:TagResource", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecs:", + { + "Ref": "AWS::Region" + }, + ":*:task/", + { + "Ref": "FargateCluster7CCD5F93" + }, + "/*" + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefTaskRole98EC45BD", + "Arn" + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ScheduledFargateTask2ScheduledTaskDefEventsRoleDefaultPolicyC878DEC4", + "Roles": [ + { + "Ref": "ScheduledFargateTask2ScheduledTaskDefEventsRoleDCCAD052" + } + ] + } + }, + "ScheduledFargateTask2ScheduledTaskDefSecurityGroup164B2B50": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/manifest.json index 983405f77f89b..304fa12bc8762 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e5cb42cc85fa33247fce2f77994956d0141cf81e49f2dcca1a598d3225d84a53.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/de04b9df3a372c29acbe87af39fce37afa9e36fe30c2dc3a3cf1c3e49ff319bb.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -172,6 +172,60 @@ "data": "ScheduledFargateTaskScheduledTaskDefSecurityGroupE075BC19" } ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledEventRule/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledEventRuleB28B6E89" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDefTaskRole98EC45BD" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDef7C71FC91" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/differentName/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDefdifferentNameLogGroup68793F8C" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDefExecutionRoleDefaultPolicyA3F7D935" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/EventsRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDefEventsRoleDCCAD052" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/EventsRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDefEventsRoleDefaultPolicyC878DEC4" + } + ], + "/aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ScheduledFargateTask2ScheduledTaskDefSecurityGroup164B2B50" + } + ], "/aws-fargate-integ/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/tree.json index 65e577d34e4fb..a12207d8b916c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/tree.json @@ -938,6 +938,557 @@ "version": "0.0.0" } }, + "ScheduledFargateTask2": { + "id": "ScheduledFargateTask2", + "path": "aws-fargate-integ/ScheduledFargateTask2", + "children": { + "ScheduledEventRule": { + "id": "ScheduledEventRule", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledEventRule", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledEventRule/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Events::Rule", + "aws:cdk:cloudformation:props": { + "scheduleExpression": "rate(2 minutes)", + "state": "ENABLED", + "targets": [ + { + "id": "Target0", + "arn": { + "Fn::GetAtt": [ + "FargateCluster7CCD5F93", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefEventsRoleDCCAD052", + "Arn" + ] + }, + "ecsParameters": { + "taskCount": 2, + "taskDefinitionArn": { + "Ref": "ScheduledFargateTask2ScheduledTaskDef7C71FC91" + }, + "propagateTags": "TASK_DEFINITION", + "tagList": [ + { + "key": "my-tag", + "value": "my-tag-value" + } + ], + "launchType": "FARGATE", + "networkConfiguration": { + "awsVpcConfiguration": { + "subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "assignPublicIp": "DISABLED", + "securityGroups": [ + { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefSecurityGroup164B2B50", + "GroupId" + ] + } + ] + } + } + }, + "input": "{}" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.Rule", + "version": "0.0.0" + } + }, + "ScheduledTaskDef": { + "id": "ScheduledTaskDef", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/TaskRole", + "children": { + "ImportTaskRole": { + "id": "ImportTaskRole", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/TaskRole/ImportTaskRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "essential": true, + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" + }, + "name": "differentName", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "ScheduledFargateTask2ScheduledTaskDefdifferentNameLogGroup68793F8C" + }, + "awslogs-stream-prefix": "ScheduledFargateTask2", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "environment": [ + { + "name": "TRIGGER", + "value": "CloudWatch Events" + } + ] + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539", + "Arn" + ] + }, + "family": "awsfargateintegScheduledFargateTask2ScheduledTaskDef1F3A00F8", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefTaskRole98EC45BD", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "differentName": { + "id": "differentName", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/differentName", + "children": { + "AssetImage": { + "id": "AssetImage", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/differentName/AssetImage", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/differentName/AssetImage/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Repository": { + "id": "Repository", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/differentName/AssetImage/Repository", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/differentName/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/differentName/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "0.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/ExecutionRole", + "children": { + "ImportExecutionRole": { + "id": "ImportExecutionRole", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/ExecutionRole/ImportExecutionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefdifferentNameLogGroup68793F8C", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ScheduledFargateTask2ScheduledTaskDefExecutionRoleDefaultPolicyA3F7D935", + "roles": [ + { + "Ref": "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "EventsRole": { + "id": "EventsRole", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/EventsRole", + "children": { + "ImportEventsRole": { + "id": "ImportEventsRole", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/EventsRole/ImportEventsRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/EventsRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/EventsRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/EventsRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "ecs:RunTask", + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "FargateCluster7CCD5F93", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": { + "Ref": "ScheduledFargateTask2ScheduledTaskDef7C71FC91" + } + }, + { + "Action": "ecs:TagResource", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecs:", + { + "Ref": "AWS::Region" + }, + ":*:task/", + { + "Ref": "FargateCluster7CCD5F93" + }, + "/*" + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefExecutionRole03B3A539", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "ScheduledFargateTask2ScheduledTaskDefTaskRole98EC45BD", + "Arn" + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "ScheduledFargateTask2ScheduledTaskDefEventsRoleDefaultPolicyC878DEC4", + "roles": [ + { + "Ref": "ScheduledFargateTask2ScheduledTaskDefEventsRoleDCCAD052" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-fargate-integ/ScheduledFargateTask2/ScheduledTaskDef/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs_patterns.ScheduledFargateTask", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-fargate-integ/BootstrapVersion", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts index e72b074df240f..af8c11eb8b593 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts @@ -34,6 +34,27 @@ class EventStack extends cdk.Stack { }, ], }); + + // Create the scheduled task with container name + new ScheduledFargateTask(this, 'ScheduledFargateTask2', { + cluster, + scheduledFargateTaskImageOptions: { + image: new ecs.AssetImage(path.join(__dirname, '..', 'demo-image')), + containerName: 'differentName', + memoryLimitMiB: 512, + cpu: 256, + environment: { TRIGGER: 'CloudWatch Events' }, + }, + desiredTaskCount: 2, + schedule: events.Schedule.rate(cdk.Duration.minutes(2)), + propagateTags: ecs.PropagatedTagSource.TASK_DEFINITION, + tags: [ + { + key: 'my-tag', + value: 'my-tag-value', + }, + ], + }); } } diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/README.md b/packages/aws-cdk-lib/aws-ecs-patterns/README.md index 8fc43e63c08e1..21b4dbf755e18 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/README.md +++ b/packages/aws-cdk-lib/aws-ecs-patterns/README.md @@ -888,6 +888,22 @@ const applicationLoadBalancedFargateService = new ecsPatterns.ApplicationLoadBal }); ``` +### Customize Container Name for ScheduledFargateTask + +```ts +declare const cluster: ecs.Cluster; +const scheduledFargateTask = new ecsPatterns.ScheduledFargateTask(this, 'ScheduledFargateTask', { + cluster, + scheduledFargateTaskImageOptions: { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + containerName: 'customContainerName', + memoryLimitMiB: 512, + }, + schedule: appscaling.Schedule.expression('rate(1 minute)'), + platformVersion: ecs.FargatePlatformVersion.LATEST, +}); +``` + ### Set PlatformVersion for ScheduledFargateTask ```ts diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/scheduled-task-base.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/scheduled-task-base.ts index 55f2423a5529e..887e41b7ecea2 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/scheduled-task-base.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/scheduled-task-base.ts @@ -95,6 +95,13 @@ export interface ScheduledTaskImageProps { */ readonly image: ContainerImage; + /** + * Optional name for the container added + * + * @default - ScheduledContainer + */ + readonly containerName?: string; + /** * The command that is passed to the container. * diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/scheduled-ecs-task.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/scheduled-ecs-task.ts index bac551a7499de..284b48b9d88d6 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/scheduled-ecs-task.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/scheduled-ecs-task.ts @@ -103,9 +103,11 @@ export class ScheduledEc2Task extends ScheduledTaskBase { this.taskDefinition = props.scheduledEc2TaskDefinitionOptions.taskDefinition; } else if (props.scheduledEc2TaskImageOptions) { const taskImageOptions = props.scheduledEc2TaskImageOptions; + const containerName = taskImageOptions.containerName ?? 'ScheduledContainer'; // Create a Task Definition for the container to start, also creates a log driver this.taskDefinition = new Ec2TaskDefinition(this, 'ScheduledTaskDef'); - this.taskDefinition.addContainer('ScheduledContainer', { + + this.taskDefinition.addContainer(containerName, { image: taskImageOptions.image, memoryLimitMiB: taskImageOptions.memoryLimitMiB, memoryReservationMiB: taskImageOptions.memoryReservationMiB, diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/scheduled-fargate-task.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/scheduled-fargate-task.ts index bfd63a8fa2fc9..0d2b5f6fd7fea 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/scheduled-fargate-task.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/scheduled-fargate-task.ts @@ -73,12 +73,13 @@ export class ScheduledFargateTask extends ScheduledTaskBase { this.taskDefinition = props.scheduledFargateTaskDefinitionOptions.taskDefinition; } else if (props.scheduledFargateTaskImageOptions) { const taskImageOptions = props.scheduledFargateTaskImageOptions; + const containerName = taskImageOptions.containerName ?? 'ScheduledContainer'; this.taskDefinition = new FargateTaskDefinition(this, 'ScheduledTaskDef', { memoryLimitMiB: taskImageOptions.memoryLimitMiB || 512, cpu: taskImageOptions.cpu || 256, ephemeralStorageGiB: taskImageOptions.ephemeralStorageGiB, }); - this.taskDefinition.addContainer('ScheduledContainer', { + this.taskDefinition.addContainer(containerName, { image: taskImageOptions.image, command: taskImageOptions.command, environment: taskImageOptions.environment, diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/scheduled-ecs-task.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/scheduled-ecs-task.test.ts index 764d99d4216c0..b48d2a10aef0e 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/scheduled-ecs-task.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/scheduled-ecs-task.test.ts @@ -467,3 +467,84 @@ test('Scheduled Ec2 Task - with list of tags', () => { ], }); }); + +test('Can create a scheduled Ec2 Task - with customized container name', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 1 }); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + + cluster.addAsgCapacityProvider(new AsgCapacityProvider(stack, 'DefaultAutoScalingGroupProvider', { + autoScalingGroup: new AutoScalingGroup(stack, 'DefaultAutoScalingGroup', { + vpc, + instanceType: new ec2.InstanceType('t2.micro'), + machineImage: MachineImage.latestAmazonLinux(), + }), + })); + + new ScheduledEc2Task(stack, 'ScheduledEc2Task', { + cluster, + scheduledEc2TaskImageOptions: { + image: ecs.ContainerImage.fromRegistry('henk'), + containerName: 'ScheduledContainer1', + memoryLimitMiB: 512, + }, + schedule: events.Schedule.expression('rate(1 minute)'), + }); + + new ScheduledEc2Task(stack, 'ScheduledEc2Task2', { + cluster, + scheduledEc2TaskImageOptions: { + image: ecs.ContainerImage.fromRegistry('henk'), + containerName: 'ScheduledContainer2', + memoryLimitMiB: 512, + }, + schedule: events.Schedule.expression('rate(1 minute)'), + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { + ContainerDefinitions: [ + { + Essential: true, + Image: 'henk', + LogConfiguration: { + LogDriver: 'awslogs', + Options: { + 'awslogs-group': { + Ref: 'ScheduledEc2TaskScheduledTaskDefScheduledContainer1LogGroupE13E2953', + }, + 'awslogs-stream-prefix': 'ScheduledEc2Task', + 'awslogs-region': { + Ref: 'AWS::Region', + }, + }, + }, + Memory: 512, + Name: 'ScheduledContainer1', + }, + ], + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { + ContainerDefinitions: [ + { + Essential: true, + Image: 'henk', + LogConfiguration: { + LogDriver: 'awslogs', + Options: { + 'awslogs-group': { + Ref: 'ScheduledEc2Task2ScheduledTaskDefScheduledContainer2LogGroup2355D79B', + }, + 'awslogs-stream-prefix': 'ScheduledEc2Task2', + 'awslogs-region': { + Ref: 'AWS::Region', + }, + }, + }, + Memory: 512, + Name: 'ScheduledContainer2', + }, + ], + }); +}); diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts index 3e98cac7e023e..7300f3c16e908 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts @@ -584,3 +584,74 @@ test('Scheduled Fargate Task - with unused properties', () => { Annotations.fromStack(stack).hasWarning('/Default/ScheduledFargateTask', Match.stringLikeRegexp('Property \'runtimePlatform\' is ignored.')); }); +test('Can create a scheduled Fargate Task - with customized container name', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 1 }); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + + new ScheduledFargateTask(stack, 'ScheduledFargateTask', { + cluster, + scheduledFargateTaskImageOptions: { + image: ecs.ContainerImage.fromRegistry('henk'), + containerName: 'ScheduledContainer1', + memoryLimitMiB: 512, + }, + schedule: events.Schedule.expression('rate(1 minute)'), + }); + + new ScheduledFargateTask(stack, 'ScheduledFargateTask2', { + cluster, + scheduledFargateTaskImageOptions: { + image: ecs.ContainerImage.fromRegistry('henk'), + containerName: 'ScheduledContainer2', + memoryLimitMiB: 512, + }, + schedule: events.Schedule.expression('rate(1 minute)'), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { + ContainerDefinitions: [ + { + Essential: true, + Image: 'henk', + LogConfiguration: { + LogDriver: 'awslogs', + Options: { + 'awslogs-group': { + Ref: 'ScheduledFargateTaskScheduledTaskDefScheduledContainer1LogGroup8B9B3038', + }, + 'awslogs-stream-prefix': 'ScheduledFargateTask', + 'awslogs-region': { + Ref: 'AWS::Region', + }, + }, + }, + Name: 'ScheduledContainer1', + }, + ], + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { + ContainerDefinitions: [ + { + Essential: true, + Image: 'henk', + LogConfiguration: { + LogDriver: 'awslogs', + Options: { + 'awslogs-group': { + Ref: 'ScheduledFargateTask2ScheduledTaskDefScheduledContainer2LogGroupF8B295FB', + }, + 'awslogs-stream-prefix': 'ScheduledFargateTask2', + 'awslogs-region': { + Ref: 'AWS::Region', + }, + }, + }, + Name: 'ScheduledContainer2', + }, + ], + }); +}); From 8cb678b30155cedaa2613e9a35a8b5f0b145699a Mon Sep 17 00:00:00 2001 From: Mohamed ElAsmar Date: Tue, 28 May 2024 11:21:49 -0700 Subject: [PATCH 2/4] update readme with an example for ScheduledEc2Task --- .../aws-cdk-lib/aws-ecs-patterns/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/README.md b/packages/aws-cdk-lib/aws-ecs-patterns/README.md index 21b4dbf755e18..964324b8b4959 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/README.md +++ b/packages/aws-cdk-lib/aws-ecs-patterns/README.md @@ -904,6 +904,24 @@ const scheduledFargateTask = new ecsPatterns.ScheduledFargateTask(this, 'Schedul }); ``` +### Customize Container Name for ScheduledEc2Task + +```ts +declare const cluster: ecs.Cluster; +const ecsScheduledTask = new ecsPatterns.ScheduledEc2Task(this, 'ScheduledTask', { + cluster, + scheduledEc2TaskImageOptions: { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + containerName: 'customContainerName', + memoryLimitMiB: 256, + environment: { name: 'TRIGGER', value: 'CloudWatch Events' }, + }, + schedule: appscaling.Schedule.expression('rate(1 minute)'), + enabled: true, + ruleName: 'sample-scheduled-task-rule', +}); +``` + ### Set PlatformVersion for ScheduledFargateTask ```ts From 7bd3c63f9068f5c8c05448d5bb1f66d928bb6adf Mon Sep 17 00:00:00 2001 From: Mohamed ElAsmar Date: Fri, 31 May 2024 20:04:42 -0700 Subject: [PATCH 3/4] do not use the default method configuration if customer used None authorization type. --- ...efaultTestDeployAssert5491B2D1.assets.json | 19 + ...aultTestDeployAssert5491B2D1.template.json | 36 ++ .../cdk.out | 1 + .../integ.json | 12 + ...-overriding-default-authorizer.assets.json | 19 + ...verriding-default-authorizer.template.json | 272 +++++++++++ .../manifest.json | 173 +++++++ .../tree.json | 461 ++++++++++++++++++ ....api-with-overriding-default-authorizer.ts | 70 +++ .../aws-cdk-lib/aws-apigateway/lib/method.ts | 5 +- .../aws-apigateway/test/method.test.ts | 56 +++ 11 files changed, 1123 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets.json new file mode 100644 index 0000000000000..972130241b34e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integ.json new file mode 100644 index 0000000000000..e74f6e90acf13 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "apigateway-with-overriding-default-authorizer/DefaultTest": { + "stacks": [ + "integtest-restapi-with-overriding-default-authorizer" + ], + "assertionStack": "apigateway-with-overriding-default-authorizer/DefaultTest/DeployAssert", + "assertionStackName": "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.assets.json new file mode 100644 index 0000000000000..fcf8829b9a9af --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "d1b9f5b2f5a16dd3d551be97ea2814cf6d8f574c561523bdf07541d86d27934c": { + "source": { + "path": "integtest-restapi-with-overriding-default-authorizer.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "d1b9f5b2f5a16dd3d551be97ea2814cf6d8f574c561523bdf07541d86d27934c.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.template.json new file mode 100644 index 0000000000000..66236eb4e1b03 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/integtest-restapi-with-overriding-default-authorizer.template.json @@ -0,0 +1,272 @@ +{ + "Resources": { + "UserPool6BA7E5F2": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": false + }, + "AutoVerifiedAttributes": [ + "email" + ], + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "UsernameAttributes": [ + "email" + ], + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AuthorizerBD825682": { + "Type": "AWS::ApiGateway::Authorizer", + "Properties": { + "IdentitySource": "method.request.header.Authorization", + "Name": "integtestrestapiwithoverridingdefaultauthorizerAuthorizerF0743170", + "ProviderARNs": [ + { + "Fn::GetAtt": [ + "UserPool6BA7E5F2", + "Arn" + ] + } + ], + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "Type": "COGNITO_USER_POOLS" + } + }, + "ActionsApiGatewayF80386B7": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Name": "Actions-ApiGateway" + } + }, + "ActionsApiGatewayDeployment50B6E6A66403e42852ae63ad13a2b7635300f8a9": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "Automatically created by the RestApi construct", + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + }, + "DependsOn": [ + "ActionsApiGatewayANY11FE5E47", + "ActionsApiGatewayGET12E87C75", + "ActionsApiGatewayOPTIONS8EA1F997", + "AuthorizerBD825682" + ] + }, + "ActionsApiGatewayDeploymentStageprod812022BF": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ActionsApiGatewayDeployment50B6E6A66403e42852ae63ad13a2b7635300f8a9" + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "StageName": "prod" + } + }, + "ActionsApiGatewayOPTIONS8EA1F997": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "ApiKeyRequired": false, + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + }, + "StatusCode": "204" + } + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "Type": "MOCK" + }, + "MethodResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + }, + "StatusCode": "204" + } + ], + "ResourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "ActionsApiGatewayANY11FE5E47": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "ANY", + "Integration": { + "IntegrationResponses": [ + { + "StatusCode": "200" + } + ], + "PassthroughBehavior": "NEVER", + "RequestTemplates": { + "application/json": "{ \"statusCode\": 200 }" + }, + "Type": "MOCK" + }, + "MethodResponses": [ + { + "StatusCode": "200" + } + ], + "ResourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "ActionsApiGatewayGET12E87C75": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "AuthorizationScopes": [ + "scope" + ], + "AuthorizationType": "COGNITO_USER_POOLS", + "AuthorizerId": { + "Ref": "AuthorizerBD825682" + }, + "HttpMethod": "GET", + "Integration": { + "IntegrationResponses": [ + { + "StatusCode": "200" + } + ], + "PassthroughBehavior": "NEVER", + "RequestTemplates": { + "application/json": "{ \"statusCode\": 200 }" + }, + "Type": "MOCK" + }, + "MethodResponses": [ + { + "StatusCode": "200" + } + ], + "ResourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + } + }, + "Outputs": { + "ActionsApiGatewayEndpoint261B645B": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "ActionsApiGatewayF80386B7" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "ActionsApiGatewayDeploymentStageprod812022BF" + }, + "/" + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/manifest.json new file mode 100644 index 0000000000000..8df93a4b207a8 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/manifest.json @@ -0,0 +1,173 @@ +{ + "version": "36.0.0", + "artifacts": { + "integtest-restapi-with-overriding-default-authorizer.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtest-restapi-with-overriding-default-authorizer.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtest-restapi-with-overriding-default-authorizer": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtest-restapi-with-overriding-default-authorizer.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d1b9f5b2f5a16dd3d551be97ea2814cf6d8f574c561523bdf07541d86d27934c.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtest-restapi-with-overriding-default-authorizer.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtest-restapi-with-overriding-default-authorizer.assets" + ], + "metadata": { + "/integtest-restapi-with-overriding-default-authorizer/UserPool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPool6BA7E5F2" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Authorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AuthorizerBD825682" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayF80386B7" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Deployment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayDeployment50B6E6A66403e42852ae63ad13a2b7635300f8a9" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/DeploymentStage.prod/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayDeploymentStageprod812022BF" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Endpoint": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayEndpoint261B645B" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/OPTIONS": [ + { + "type": "aws:cdk:warning", + "data": "'AuthorizationScopes' can only be set when 'AuthorizationType' sets 'COGNITO_USER_POOLS'. Default to ignore the values set in 'AuthorizationScopes'. [ack: @aws-cdk/aws-apigateway:invalidAuthScope]" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/OPTIONS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayOPTIONS8EA1F997" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/ANY": [ + { + "type": "aws:cdk:warning", + "data": "'AuthorizationScopes' can only be set when 'AuthorizationType' sets 'COGNITO_USER_POOLS'. Default to ignore the values set in 'AuthorizationScopes'. [ack: @aws-cdk/aws-apigateway:invalidAuthScope]" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/ANY/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayANY11FE5E47" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/GET/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayGET12E87C75" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-restapi-with-overriding-default-authorizer/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-restapi-with-overriding-default-authorizer" + }, + "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "apigatewaywithoverridingdefaultauthorizerDefaultTestDeployAssert5491B2D1.assets" + ], + "metadata": { + "/apigateway-with-overriding-default-authorizer/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/apigateway-with-overriding-default-authorizer/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "apigateway-with-overriding-default-authorizer/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/tree.json new file mode 100644 index 0000000000000..00019e1e09667 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.js.snapshot/tree.json @@ -0,0 +1,461 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "integtest-restapi-with-overriding-default-authorizer": { + "id": "integtest-restapi-with-overriding-default-authorizer", + "path": "integtest-restapi-with-overriding-default-authorizer", + "children": { + "UserPool": { + "id": "UserPool", + "path": "integtest-restapi-with-overriding-default-authorizer/UserPool", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/UserPool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": false + }, + "autoVerifiedAttributes": [ + "email" + ], + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "usernameAttributes": [ + "email" + ], + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "version": "0.0.0" + } + }, + "Authorizer": { + "id": "Authorizer", + "path": "integtest-restapi-with-overriding-default-authorizer/Authorizer", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/Authorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Authorizer", + "aws:cdk:cloudformation:props": { + "identitySource": "method.request.header.Authorization", + "name": "integtestrestapiwithoverridingdefaultauthorizerAuthorizerF0743170", + "providerArns": [ + { + "Fn::GetAtt": [ + "UserPool6BA7E5F2", + "Arn" + ] + } + ], + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "type": "COGNITO_USER_POOLS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnAuthorizer", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CognitoUserPoolsAuthorizer", + "version": "0.0.0" + } + }, + "Actions-ApiGateway": { + "id": "Actions-ApiGateway", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::RestApi", + "aws:cdk:cloudformation:props": { + "name": "Actions-ApiGateway" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnRestApi", + "version": "0.0.0" + } + }, + "Deployment": { + "id": "Deployment", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Deployment", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Deployment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Deployment", + "aws:cdk:cloudformation:props": { + "description": "Automatically created by the RestApi construct", + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnDeployment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Deployment", + "version": "0.0.0" + } + }, + "DeploymentStage.prod": { + "id": "DeploymentStage.prod", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/DeploymentStage.prod", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/DeploymentStage.prod/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Stage", + "aws:cdk:cloudformation:props": { + "deploymentId": { + "Ref": "ActionsApiGatewayDeployment50B6E6A66403e42852ae63ad13a2b7635300f8a9" + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "stageName": "prod" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnStage", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Stage", + "version": "0.0.0" + } + }, + "Endpoint": { + "id": "Endpoint", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "Default": { + "id": "Default", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default", + "children": { + "OPTIONS": { + "id": "OPTIONS", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/OPTIONS", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/OPTIONS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "apiKeyRequired": false, + "authorizationType": "NONE", + "httpMethod": "OPTIONS", + "integration": { + "type": "MOCK", + "requestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "integrationResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + } + } + ] + }, + "methodResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + } + } + ], + "resourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + }, + "ANY": { + "id": "ANY", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/ANY", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/ANY/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "authorizationType": "NONE", + "httpMethod": "ANY", + "integration": { + "type": "MOCK", + "requestTemplates": { + "application/json": "{ \"statusCode\": 200 }" + }, + "passthroughBehavior": "NEVER", + "integrationResponses": [ + { + "statusCode": "200" + } + ] + }, + "methodResponses": [ + { + "statusCode": "200" + } + ], + "resourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + }, + "GET": { + "id": "GET", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/GET", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-overriding-default-authorizer/Actions-ApiGateway/Default/GET/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "authorizationScopes": [ + "scope" + ], + "authorizationType": "COGNITO_USER_POOLS", + "authorizerId": { + "Ref": "AuthorizerBD825682" + }, + "httpMethod": "GET", + "integration": { + "type": "MOCK", + "requestTemplates": { + "application/json": "{ \"statusCode\": 200 }" + }, + "passthroughBehavior": "NEVER", + "integrationResponses": [ + { + "statusCode": "200" + } + ] + }, + "methodResponses": [ + { + "statusCode": "200" + } + ], + "resourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.ResourceBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.RestApi", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-restapi-with-overriding-default-authorizer/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-restapi-with-overriding-default-authorizer/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "apigateway-with-overriding-default-authorizer": { + "id": "apigateway-with-overriding-default-authorizer", + "path": "apigateway-with-overriding-default-authorizer", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "apigateway-with-overriding-default-authorizer/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "apigateway-with-overriding-default-authorizer/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "apigateway-with-overriding-default-authorizer/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "apigateway-with-overriding-default-authorizer/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "apigateway-with-overriding-default-authorizer/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.ts new file mode 100644 index 0000000000000..794c3fb1bbc14 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-overriding-default-authorizer.ts @@ -0,0 +1,70 @@ +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cognito from 'aws-cdk-lib/aws-cognito'; +import * as agw from 'aws-cdk-lib/aws-apigateway'; +import { AuthorizationType, MockIntegration, PassthroughBehavior } from 'aws-cdk-lib/aws-apigateway'; + +/* + * Stack verification steps: + * * `curl -i ` should return HTTP code 200 + */ + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'integtest-restapi-with-overriding-default-authorizer'); + +// create a cognito user pool +const userPool = new cognito.UserPool(stack, 'UserPool', { + selfSignUpEnabled: true, + signInAliases: { + email: true, + }, +}); + +const authorizer = new agw.CognitoUserPoolsAuthorizer(stack, 'Authorizer', { + cognitoUserPools: [userPool], +}); + +const api = new agw.RestApi(stack, 'Actions-ApiGateway', { + defaultCorsPreflightOptions: { + allowOrigins: agw.Cors.ALL_ORIGINS, + maxAge: cdk.Duration.days(10), + }, + defaultMethodOptions: { + authorizer: authorizer, + authorizationType: agw.AuthorizationType.COGNITO, + authorizationScopes: ['scope'], + }, +}); + +api.root.addMethod('ANY', new MockIntegration({ + integrationResponses: [ + { statusCode: '200' }, + ], + passthroughBehavior: PassthroughBehavior.NEVER, + requestTemplates: { + 'application/json': '{ "statusCode": 200 }', + }, +}), { + methodResponses: [ + { statusCode: '200' }, + ], + authorizationType: AuthorizationType.NONE, +}); + +api.root.addMethod('GET', new MockIntegration({ + integrationResponses: [ + { statusCode: '200' }, + ], + passthroughBehavior: PassthroughBehavior.NEVER, + requestTemplates: { + 'application/json': '{ "statusCode": 200 }', + }, +}), { + methodResponses: [ + { statusCode: '200' }, + ], +}); + +new IntegTest(app, 'apigateway-with-overriding-default-authorizer', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/method.ts b/packages/aws-cdk-lib/aws-apigateway/lib/method.ts index 98cf76c06d4a2..841e1b70bc511 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/method.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/method.ts @@ -187,7 +187,10 @@ export class Method extends Resource { const options = props.options || {}; const defaultMethodOptions = props.resource.defaultMethodOptions || {}; - const authorizer = options.authorizer || defaultMethodOptions.authorizer; + // do not use the default authorizer config in case if the provided authorizer type is None + const authorizer = + options.authorizationType === AuthorizationType.NONE + && options.authorizer == undefined ? undefined : options.authorizer || defaultMethodOptions.authorizer; const authorizerId = authorizer?.authorizerId ? authorizer.authorizerId : undefined; const authorizationTypeOption = options.authorizationType || defaultMethodOptions.authorizationType; diff --git a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts index ad599dd86f19d..3c356d7ee8214 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts @@ -4,6 +4,7 @@ import * as iam from '../../aws-iam'; import * as lambda from '../../aws-lambda'; import * as cdk from '../../core'; import * as apigw from '../lib'; +import { AuthorizationType } from '../lib'; const DUMMY_AUTHORIZER: apigw.IAuthorizer = { authorizerId: 'dummyauthorizer', @@ -756,6 +757,61 @@ describe('method', () => { }); + test('Override Authorization Type config in the default method config to None', () => { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { + cloudWatchRole: false, + deploy: false, + defaultMethodOptions: { + authorizationType: apigw.AuthorizationType.COGNITO, + authorizer: DUMMY_AUTHORIZER, + authorizationScopes: ['DefaultAuth'], + }, + }); + + // WHEN + new apigw.Method(stack, 'OverrideDefaultAuthScopes', { + httpMethod: 'POST', + resource: api.root, + options: { + operationName: 'overrideDefaultAuthScopes', + authorizationType: AuthorizationType.NONE, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Method', { + OperationName: 'overrideDefaultAuthScopes', + AuthorizationType: AuthorizationType.NONE, + }); + + expect(Template.fromStack(stack).findResources('AWS::ApiGateway::Method', { + OperationName: 'overrideDefaultAuthScopes', + authorizer: DUMMY_AUTHORIZER, + })).toEqual({}); + + }); + + test('Add Method that override the default method config authorization type to None do not fail', () => { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { + cloudWatchRole: false, + deploy: false, + defaultMethodOptions: { + authorizationType: apigw.AuthorizationType.COGNITO, + authorizer: DUMMY_AUTHORIZER, + authorizationScopes: ['DefaultAuth'], + }, + }); + expect(() => { + api.root.addMethod('ANY', undefined, { + authorizationType: apigw.AuthorizationType.NONE, + }); + }).not.toThrow(/Authorization type is set to AWS_IAM which is different from what is required by the authorizer/); + }); + test.each([ [apigw.AuthorizationType.IAM, undefined], [apigw.AuthorizationType.NONE, undefined], From 9ea0b5cf7aaef0594606fea7461b40b8c696215a Mon Sep 17 00:00:00 2001 From: Mohamed ElAsmar Date: Fri, 31 May 2024 20:35:56 -0700 Subject: [PATCH 4/4] fix failing test --- packages/aws-cdk-lib/aws-apigateway/test/method.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts index 3c356d7ee8214..7cb2d63f59b08 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts @@ -698,9 +698,9 @@ describe('method', () => { expect(() => { restApi.root.addMethod('ANY', undefined, { - authorizationType: apigw.AuthorizationType.NONE, + authorizationType: apigw.AuthorizationType.IAM, }); - }).toThrow(/Authorization type is set to NONE which is different from what is required by the authorizer/); + }).toThrow(/Authorization type is set to AWS_IAM which is different from what is required by the authorizer/); });