diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts index 19a2501355223..03fca1240b846 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts @@ -91,6 +91,13 @@ export interface ApplicationLoadBalancedFargateServiceProps extends ApplicationL * @default - A new security group is created. */ readonly securityGroups?: ISecurityGroup[]; + + /** + * Whether to enable the ability to execute into a container. + * + * @default - undefined + */ + readonly enableExecuteCommand?: boolean; } /** @@ -174,6 +181,7 @@ export class ApplicationLoadBalancedFargateService extends ApplicationLoadBalanc circuitBreaker: props.circuitBreaker, securityGroups: props.securityGroups, vpcSubnets: props.taskSubnets, + enableExecuteCommand: props.enableExecuteCommand, }); this.addServiceAsTarget(this.service); } diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service-v2.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service-v2.ts index cad68a5a270ae..d8a46135a1464 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service-v2.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service-v2.ts @@ -1,4 +1,4 @@ -import { expect, haveResource, haveResourceLike } from '@aws-cdk/assert-internal'; +import { ABSENT, expect, haveResource, haveResourceLike } from '@aws-cdk/assert-internal'; import { Vpc } from '@aws-cdk/aws-ec2'; import * as ecs from '@aws-cdk/aws-ecs'; import { CompositePrincipal, Role, ServicePrincipal } from '@aws-cdk/aws-iam'; @@ -386,6 +386,74 @@ export = { test.done(); }, + + 'test with enableExecuteCommand set to true'(test: Test) { + // GIVEN + const stack = new Stack(); + const vpc = new Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + + // WHEN + new ApplicationLoadBalancedFargateService(stack, 'Service', { + cluster, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('test'), + }, + enableExecuteCommand: true, + }); + + // THEN - stack contains a service with execute-command enabled + expect(stack).to(haveResourceLike('AWS::ECS::Service', { + EnableExecuteCommand: true, + })); + + test.done(); + }, + + 'test with enableExecuteCommand omitted'(test: Test) { + // GIVEN + const stack = new Stack(); + const vpc = new Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + + // WHEN + new ApplicationLoadBalancedFargateService(stack, 'Service', { + cluster, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('test'), + }, + }); + + // THEN - stack contains a service with execute-command omitted + expect(stack).to(haveResourceLike('AWS::ECS::Service', { + EnableExecuteCommand: ABSENT, + })); + + test.done(); + }, + + 'test with enableExecuteCommand false'(test: Test) { + // GIVEN + const stack = new Stack(); + const vpc = new Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + + // WHEN + new ApplicationLoadBalancedFargateService(stack, 'Service', { + cluster, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('test'), + }, + enableExecuteCommand: false, + }); + + // THEN - stack contains a service with execute-command set to false + expect(stack).to(haveResourceLike('AWS::ECS::Service', { + EnableExecuteCommand: false, + })); + + test.done(); + }, }, 'When Network Load Balancer': {