Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(stepfunctions-tasks): EcsRunTask now uses taskDefinition family instead of ARN #12436

Merged
merged 6 commits into from
Jan 22, 2021
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion packages/@aws-cdk/aws-stepfunctions-tasks/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -435,6 +435,8 @@ CPU and memory. Similarly, when you scale down the task count, Amazon ECS must d
which tasks to terminate. You can apply task placement strategies and constraints to
customize how Amazon ECS places and terminates tasks. Learn more about [task placement](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement.html)

The latest ACTIVE revision of the passed task definition is used for running the task.

The following example runs a job from a task definition on EC2

```ts
Expand Down Expand Up @@ -488,7 +490,8 @@ isolation by design. Learn more about [Fargate](https://aws.amazon.com/fargate/)

The Fargate launch type allows you to run your containerized applications without the need
to provision and manage the backend infrastructure. Just register your task definition and
Fargate launches the container for you.
Fargate launches the container for you. The latest ACTIVE revision of the passed
task definition is used for running the task.
ayush987goyal marked this conversation as resolved.
Show resolved Hide resolved

The following example runs a job from a task definition on Fargate

Expand Down
19 changes: 17 additions & 2 deletions packages/@aws-cdk/aws-stepfunctions-tasks/lib/ecs/run-task.ts
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,7 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
Resource: integrationResourceArn('ecs', 'runTask', this.integrationPattern),
Parameters: sfn.FieldUtils.renderObject({
Cluster: this.props.cluster.clusterArn,
TaskDefinition: this.props.taskDefinition.taskDefinitionArn,
TaskDefinition: this.props.taskDefinition.family,
NetworkConfiguration: this.networkConfiguration,
Overrides: renderOverrides(this.props.containerOverrides),
...this.props.launchTarget.bind(this, { taskDefinition: this.props.taskDefinition, cluster: this.props.cluster }).parameters,
Expand Down Expand Up @@ -318,7 +318,7 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
const policyStatements = [
new iam.PolicyStatement({
actions: ['ecs:RunTask'],
resources: [this.props.taskDefinition.taskDefinitionArn],
resources: [this.getTaskDefinitionFamilyArn()],
}),
new iam.PolicyStatement({
actions: ['ecs:StopTask', 'ecs:DescribeTasks'],
Expand Down Expand Up @@ -348,6 +348,21 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
return policyStatements;
}

private getTaskDefinitionFamilyArn(): string {
let { resource, service, sep, resourceName } = cdk.Stack.of(this).parseArn(this.props.taskDefinition.taskDefinitionArn);
ayush987goyal marked this conversation as resolved.
Show resolved Hide resolved

if (resourceName) {
resourceName = resourceName.split(':')[0];
}
ayush987goyal marked this conversation as resolved.
Show resolved Hide resolved

return cdk.Stack.of(this).formatArn({
resource,
service,
sep,
resourceName,
});
}

private taskExecutionRoles(): iam.IRole[] {
// Need to be able to pass both Task and Execution role, apparently
const ret = new Array<iam.IRole>();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,6 @@
"ecs:Poll",
"ecs:StartTelemetrySession"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -91,7 +89,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -268,8 +268,6 @@
"ecs:DescribeContainerInstances",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -279,7 +277,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -330,21 +330,21 @@
"Code": {
"ZipFile": "import boto3, json, os, time\n\necs = boto3.client('ecs')\nautoscaling = boto3.client('autoscaling')\n\n\ndef lambda_handler(event, context):\n print(json.dumps(event))\n cluster = os.environ['CLUSTER']\n snsTopicArn = event['Records'][0]['Sns']['TopicArn']\n lifecycle_event = json.loads(event['Records'][0]['Sns']['Message'])\n instance_id = lifecycle_event.get('EC2InstanceId')\n if not instance_id:\n print('Got event without EC2InstanceId: %s', json.dumps(event))\n return\n\n instance_arn = container_instance_arn(cluster, instance_id)\n print('Instance %s has container instance ARN %s' % (lifecycle_event['EC2InstanceId'], instance_arn))\n\n if not instance_arn:\n return\n\n while has_tasks(cluster, instance_arn):\n time.sleep(10)\n\n try:\n print('Terminating instance %s' % instance_id)\n autoscaling.complete_lifecycle_action(\n LifecycleActionResult='CONTINUE',\n **pick(lifecycle_event, 'LifecycleHookName', 'LifecycleActionToken', 'AutoScalingGroupName'))\n except Exception as e:\n # Lifecycle action may have already completed.\n print(str(e))\n\n\ndef container_instance_arn(cluster, instance_id):\n \"\"\"Turn an instance ID into a container instance ARN.\"\"\"\n arns = ecs.list_container_instances(cluster=cluster, filter='ec2InstanceId==' + instance_id)['containerInstanceArns']\n if not arns:\n return None\n return arns[0]\n\n\ndef has_tasks(cluster, instance_arn):\n \"\"\"Return True if the instance is running tasks for the given cluster.\"\"\"\n instances = ecs.describe_container_instances(cluster=cluster, containerInstances=[instance_arn])['containerInstances']\n if not instances:\n return False\n instance = instances[0]\n\n if instance['status'] == 'ACTIVE':\n # Start draining, then try again later\n set_container_instance_to_draining(cluster, instance_arn)\n return True\n\n tasks = instance['runningTasksCount'] + instance['pendingTasksCount']\n print('Instance %s has %s tasks' % (instance_arn, tasks))\n\n return tasks > 0\n\n\ndef set_container_instance_to_draining(cluster, instance_arn):\n ecs.update_container_instances_state(\n cluster=cluster,\n containerInstances=[instance_arn], status='DRAINING')\n\n\ndef pick(dct, *keys):\n \"\"\"Pick a subset of a dict.\"\"\"\n return {k: v for k, v in dct.items() if k in keys}\n"
},
"Handler": "index.lambda_handler",
"Role": {
"Fn::GetAtt": [
"Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3",
"Arn"
]
},
"Runtime": "python3.6",
"Environment": {
"Variables": {
"CLUSTER": {
"Ref": "Ec2ClusterEE43E89D"
}
}
},
"Handler": "index.lambda_handler",
"Runtime": "python3.6",
"Tags": [
{
"Key": "Name",
Expand Down Expand Up @@ -640,7 +640,77 @@
"Action": "ecs:RunTask",
"Effect": "Allow",
"Resource": {
"Ref": "TaskDef54694570"
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":",
{
"Fn::Select": [
2,
{
"Fn::Split": [
":",
{
"Ref": "TaskDef54694570"
}
]
}
]
},
":test-region:12345678:",
{
"Fn::Select": [
0,
{
"Fn::Split": [
"/",
{
"Fn::Select": [
5,
{
"Fn::Split": [
":",
{
"Ref": "TaskDef54694570"
}
]
}
]
}
]
}
]
},
"/",
{
"Fn::Select": [
1,
{
"Fn::Split": [
"/",
{
"Fn::Select": [
5,
{
"Fn::Split": [
":",
{
"Ref": "TaskDef54694570"
}
]
}
]
}
]
}
]
}
]
]
}
},
{
Expand Down Expand Up @@ -724,11 +794,7 @@
"Arn"
]
},
"\",\"TaskDefinition\":\"",
{
"Ref": "TaskDef54694570"
},
"\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"TheContainer\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\"}}}}"
"\",\"TaskDefinition\":\"awssfntasksecsec2integTaskDefFAFE2BE7\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"TheContainer\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\"}}}}"
]
]
}
Expand All @@ -752,4 +818,4 @@
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,77 @@
"Action": "ecs:RunTask",
"Effect": "Allow",
"Resource": {
"Ref": "TaskDef54694570"
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":",
{
"Fn::Select": [
2,
{
"Fn::Split": [
":",
{
"Ref": "TaskDef54694570"
}
]
}
]
},
":test-region:12345678:",
{
"Fn::Select": [
0,
{
"Fn::Split": [
"/",
{
"Fn::Select": [
5,
{
"Fn::Split": [
":",
{
"Ref": "TaskDef54694570"
}
]
}
]
}
]
}
]
},
"/",
{
"Fn::Select": [
1,
{
"Fn::Split": [
"/",
{
"Fn::Select": [
5,
{
"Fn::Split": [
":",
{
"Ref": "TaskDef54694570"
}
]
}
]
}
]
}
]
}
]
]
}
},
{
Expand Down Expand Up @@ -273,11 +343,7 @@
"Arn"
]
},
"\",\"TaskDefinition\":\"",
{
"Ref": "TaskDef54694570"
},
"\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"subnet-e19455ca\",\"subnet-e0c24797\",\"subnet-ccd77395\"],\"SecurityGroups\":[\"",
"\",\"TaskDefinition\":\"awssfntasksecsfargateintegTaskDefD0F4AD10\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"subnet-e19455ca\",\"subnet-e0c24797\",\"subnet-ccd77395\"],\"SecurityGroups\":[\"",
{
"Fn::GetAtt": [
"FargateTaskSecurityGroup0BBB27CB",
Expand All @@ -302,4 +368,4 @@
}
}
}
}
}
Loading