Skip to content

Commit

Permalink
fix(ecs-patterns): queue service grant permission automatically (#6110)
Browse files Browse the repository at this point in the history
Co-authored-by: Piradeep Kandasamy <piradeep91@gmail.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
  • Loading branch information
3 people authored Feb 5, 2020
1 parent d9a043b commit 0d0794e
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,14 @@ export abstract class QueueProcessingServiceBase extends Construct {
});
}

/**
* Grant SQS permissions to an ECS service.
* @param service the ECS/Fargate service to which to grant SQS permissions
*/
protected grantPermissionsToService(service: BaseService) {
this.sqsQueue.grantConsumeMessages(service.taskDefinition.taskRole);
}

/**
* Returns the default cluster.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,5 +100,6 @@ export class QueueProcessingEc2Service extends QueueProcessingServiceBase {
enableECSManagedTags: props.enableECSManagedTags,
});
this.configureAutoscalingForService(this.service);
this.grantPermissionsToService(this.service);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -94,5 +94,6 @@ export class QueueProcessingFargateService extends QueueProcessingServiceBase {
enableECSManagedTags: props.enableECSManagedTags,
});
this.configureAutoscalingForService(this.service);
this.grantPermissionsToService(this.service);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,30 @@ export = {

expect(stack).to(haveResource("AWS::SQS::Queue"));

expect(stack).to(haveResource("AWS::IAM::Policy", {
PolicyDocument: {
Statement: [
{
Action: [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:GetQueueUrl",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes"
],
Effect: "Allow",
Resource: {
"Fn::GetAtt": [
"ServiceEcsProcessingQueueC266885C",
"Arn"
]
}
}
],
Version: "2012-10-17"
}
}));

expect(stack).to(haveResourceLike('AWS::ECS::TaskDefinition', {
ContainerDefinitions: [
{
Expand Down

0 comments on commit 0d0794e

Please sign in to comment.