Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-ecs): Support TLS on ServiceConnect services #32583

Closed
2 tasks
jwilson-anonyome opened this issue Dec 19, 2024 · 2 comments · Fixed by #32605
Closed
2 tasks

(aws-ecs): Support TLS on ServiceConnect services #32583

jwilson-anonyome opened this issue Dec 19, 2024 · 2 comments · Fixed by #32605
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@jwilson-anonyome
Copy link

Describe the feature

Service Connect permits TLS between (traffic encryption) for connections to services (e.g. from ALB to a service in ECS)

This can be enabled with the console, or with Cloudformation, but it seems not yet with CDK

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/enable-service-connect-tls.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-serviceconnectservice.html

Can we get a "TLS" option added to ServiceConnectService?

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.ServiceConnectService.html

Use Case

I need to be able to use CDK to secure internal connections to ECS/Fargate services

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.172.0

Environment details (OS name and version, etc.)

CDK running on macos or alpine linux
@jwilson-anonyome jwilson-anonyome added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Dec 19, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ecs Related to Amazon Elastic Container label Dec 19, 2024
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Dec 19, 2024
@khushail khushail self-assigned this Dec 19, 2024
@khushail
Copy link
Contributor

khushail commented Dec 19, 2024
edited
Loading

Thanks @jwilson-anonyome for requesting this. Checking CDK Code, seems like prop could be added in this interface -
ServiceConnectService -

aws-cdk/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts

Line 194 in f8e6207

export interface ServiceConnectService {

Marking it as P2 as team won't be available to work on it immediately but it would be on their radar. Also contributions from community are welcome. Thanks.

@khushail khushail added effort/small Small work item – less than a day of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Dec 19, 2024
@khushail khushail removed their assignment Dec 19, 2024
@ren-yamanashi ren-yamanashi mentioned this issue Dec 20, 2024
Merged
1 task
This was referenced Jan 1, 2025
Closed
Closed
Closed
mergify bot pushed a commit that referenced this issue Jan 31, 2025
@ren-yamanashi
feat(ecs): add tls property to a ServiceConnectService (#32605)
d32baf6 
### Issue # (if applicable)

Closes #32583 

### Reason for this change

ServiceConnectService in ECS did not support the `tls` property.

### Description of changes

- Added `tls` property to ServiceConnectService(interface) in ECS(BaseService)
- modified implementation to allow specifying ServiceConnectService tls in the `enableServiceConnect` method

### Description of how you validated changes

Added unit  tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@mergify mergify bot closed this as completed in #32605 Jan 31, 2025
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 31, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ecs): add tls property to a ServiceConnectService ren-yamanashi/aws-cdk
2 participants
@khushail @jwilson-anonyome