Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(aws-batch): Support omitting ComputeEnvironment security groups s…
…o that they can be specified in Launch Template (#21579) HPC Batch applications frequently require Elastic Fabric Adapters for low-latency networking. Currently, the `ComputeEnvironment` construct always automatically defines a set of `SecurityGroupIds` in the CloudFormation it generates, and this prevents the stack deploying if the LaunchTemplate contains network interface definitions; Batch does not allow SecurityGroups at the `ComputeEnvironment` level if there are network interfaces defined in the `CfnLaunchTemplate`. Since we do not currently have support for network interfaces this PR adds a new boolean property in `launchTemplate` called `useNetworkInterfaceSecurityGroups`. When this is enabled we will assume that security groups are being provided by the launch template. A long term solution may be to: - Add support for network interfaces in the L2 ec2.LaunchTemplate construct. - Update the batch.ComputeEnvironment construct to take a ILaunchTemplate instead of the name/id. - Check the ILaunchTemplate for whether the ComputeEnvironment needs to create any security groups. closes #21577 ---- ### All Submissions: * [yes] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [no] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [yes] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [yes] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information