From 2a47f1309ec6f707e8205a49c909d3c14cc6c0c1 Mon Sep 17 00:00:00 2001 From: pattasai Date: Thu, 26 Jan 2023 16:30:51 -0500 Subject: [PATCH 1/7] added property and unit test --- packages/@aws-cdk/aws-cloud9/lib/environment.ts | 6 ++++++ .../@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-cloud9/lib/environment.ts b/packages/@aws-cdk/aws-cloud9/lib/environment.ts index 15d7390dd6ee5..f33299d450cc8 100644 --- a/packages/@aws-cdk/aws-cloud9/lib/environment.ts +++ b/packages/@aws-cdk/aws-cloud9/lib/environment.ts @@ -58,6 +58,11 @@ export enum ImageId { * Properties for Ec2Environment */ export interface Ec2EnvironmentProps { + /** + * OwnerArn + * @default + */ + readonly owner?: string; /** * The type of instance to connect to the environment. * @@ -182,6 +187,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { const c9env = new CfnEnvironmentEC2(this, 'Resource', { name: props.ec2EnvironmentName, description: props.description, + ownerArn: props.owner, instanceType: props.instanceType?.toString() ?? ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO).toString(), subnetId: this.vpc.selectSubnets(vpcSubnets).subnetIds[0], repositories: props.clonedRepositories ? props.clonedRepositories.map(r => ({ diff --git a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts index 948cfa5bee9ec..045b6c1792900 100644 --- a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts +++ b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts @@ -79,9 +79,9 @@ test('throw error when subnetSelection not specified and the provided VPC has no test('can use CodeCommit repositories', () => { // WHEN const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo'); - new cloud9.Ec2Environment(stack, 'C9Env', { vpc, + owner: 'xyz', clonedRepositories: [ cloud9.CloneRepository.fromCodeCommit(repo, '/src'), ], @@ -90,6 +90,7 @@ test('can use CodeCommit repositories', () => { // THEN Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { InstanceType: 't2.micro', + OwnerArn: 'xyz', Repositories: [ { PathComponent: '/src', From 43ded094410aaf473a065fb8598ccbe583eccdda Mon Sep 17 00:00:00 2001 From: pattasai Date: Tue, 31 Jan 2023 09:08:17 -0500 Subject: [PATCH 2/7] owner_props --- .../@aws-cdk/aws-cloud9/lib/environment.ts | 51 +++++++++++++++++-- .../test/cloud9.environment.test.ts | 46 +++++++++++++++-- 2 files changed, 89 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-cloud9/lib/environment.ts b/packages/@aws-cdk/aws-cloud9/lib/environment.ts index f33299d450cc8..1143a1891be7b 100644 --- a/packages/@aws-cdk/aws-cloud9/lib/environment.ts +++ b/packages/@aws-cdk/aws-cloud9/lib/environment.ts @@ -1,5 +1,6 @@ import * as codecommit from '@aws-cdk/aws-codecommit'; import * as ec2 from '@aws-cdk/aws-ec2'; +import { IUser } from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnEnvironmentEC2 } from '../lib/cloud9.generated'; @@ -53,16 +54,17 @@ export enum ImageId { */ UBUNTU_18_04 = 'ubuntu-18.04-x86_64' } - /** * Properties for Ec2Environment */ export interface Ec2EnvironmentProps { /** - * OwnerArn - * @default + * The type of owner environment. + * + * @default - string */ - readonly owner?: string; + readonly owner?: Owner; + /** * The type of instance to connect to the environment. * @@ -142,6 +144,13 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { return new Import(scope, id); } + /** + * The Environment Owner of the ownerarn + * + * @attribute + */ + public readonly owner?: Owner; + /** * The environment name of this Cloud9 environment * @@ -175,6 +184,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { super(scope, id); this.vpc = props.vpc; + this.owner = props.owner; if (!props.subnetSelection && this.vpc.publicSubnets.length === 0) { throw new Error('no subnetSelection specified and no public subnet found in the vpc, please specify subnetSelection'); } @@ -187,7 +197,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { const c9env = new CfnEnvironmentEC2(this, 'Resource', { name: props.ec2EnvironmentName, description: props.description, - ownerArn: props.owner, + ownerArn: props.owner?.ownerArn, instanceType: props.instanceType?.toString() ?? ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO).toString(), subnetId: this.vpc.selectSubnets(vpcSubnets).subnetIds[0], repositories: props.clonedRepositories ? props.clonedRepositories.map(r => ({ @@ -223,3 +233,34 @@ export class CloneRepository { private constructor(public readonly repositoryUrl: string, public readonly pathComponent: string) {} } + +/** + * The class for different types of owners + */ +export class Owner { + /** + * import from Owner Iuser + * + * @param user environment owner can be an IAM user. + */ + public static user(user: IUser): Owner { + return { ownerArn: user.userArn }; + } + + /** + * import from Owner account root + * + * @param accountId environment owner can be a root account. + */ + public static accountRoot(accountId: string): Owner { + return { ownerArn: `arn:aws:iam::${accountId}:root` }; + } + + /** + * import owenrArn + * + * @param ownerArn of environment owner. + */ + private constructor(public readonly ownerArn: string) {} +} + diff --git a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts index 045b6c1792900..3ae43ce7930d3 100644 --- a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts +++ b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts @@ -1,9 +1,10 @@ import { Match, Template } from '@aws-cdk/assertions'; import * as codecommit from '@aws-cdk/aws-codecommit'; import * as ec2 from '@aws-cdk/aws-ec2'; +import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; import * as cloud9 from '../lib'; -import { ConnectionType, ImageId } from '../lib'; +import { ConnectionType, ImageId, Owner } from '../lib'; let stack: cdk.Stack; let vpc: ec2.IVpc; @@ -79,9 +80,49 @@ test('throw error when subnetSelection not specified and the provided VPC has no test('can use CodeCommit repositories', () => { // WHEN const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo'); + const user = new iam.User(stack, 'User'); new cloud9.Ec2Environment(stack, 'C9Env', { vpc, - owner: 'xyz', + clonedRepositories: [ + cloud9.CloneRepository.fromCodeCommit(repo, '/src'), + ], + imageId: cloud9.ImageId.AMAZON_LINUX_2, + owner: Owner.user(user), + }); + // THEN + + Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { + InstanceType: 't2.micro', + Repositories: [ + { + PathComponent: '/src', + RepositoryUrl: { + 'Fn::Join': [ + '', + [ + 'https://git-codecommit.', + { + Ref: 'AWS::Region', + }, + '.', + { + Ref: 'AWS::URLSuffix', + }, + '/v1/repos/foo', + ], + ], + }, + }, + ], + }); +}); + +test('can use CodeCommit repo', () => { + // WHEN + const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo'); + new cloud9.Ec2Environment(stack, 'C9Env', { + vpc, + owner: Owner.accountRoot('12345678'), clonedRepositories: [ cloud9.CloneRepository.fromCodeCommit(repo, '/src'), ], @@ -90,7 +131,6 @@ test('can use CodeCommit repositories', () => { // THEN Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { InstanceType: 't2.micro', - OwnerArn: 'xyz', Repositories: [ { PathComponent: '/src', From 85e85a745dd5e133cfde19b132926f7edbb963ec Mon Sep 17 00:00:00 2001 From: pattasai Date: Thu, 2 Feb 2023 17:33:30 -0500 Subject: [PATCH 3/7] support setting environment owner --- packages/@aws-cdk/aws-cloud9/README.md | 54 +++++++++++++++---- .../@aws-cdk/aws-cloud9/lib/environment.ts | 30 +++++------ packages/@aws-cdk/aws-cloud9/package.json | 2 + .../test/cloud9.environment.test.ts | 52 ++++++++---------- 4 files changed, 80 insertions(+), 58 deletions(-) diff --git a/packages/@aws-cdk/aws-cloud9/README.md b/packages/@aws-cdk/aws-cloud9/README.md index 84b00eb03218e..1b017efe20d85 100644 --- a/packages/@aws-cdk/aws-cloud9/README.md +++ b/packages/@aws-cdk/aws-cloud9/README.md @@ -23,19 +23,19 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. -AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a -browser. It includes a code editor, debugger, and terminal. Cloud9 comes prepackaged with essential tools for popular -programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your -development machine to start new projects. Since your Cloud9 IDE is cloud-based, you can work on your projects from your -office, home, or anywhere using an internet-connected machine. Cloud9 also provides a seamless experience for developing -serverless applications enabling you to easily define resources, debug, and switch between local and remote execution of -serverless applications. With Cloud9, you can quickly share your development environment with your team, enabling you to pair +AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a +browser. It includes a code editor, debugger, and terminal. Cloud9 comes prepackaged with essential tools for popular +programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your +development machine to start new projects. Since your Cloud9 IDE is cloud-based, you can work on your projects from your +office, home, or anywhere using an internet-connected machine. Cloud9 also provides a seamless experience for developing +serverless applications enabling you to easily define resources, debug, and switch between local and remote execution of +serverless applications. With Cloud9, you can quickly share your development environment with your team, enabling you to pair program and track each other's inputs in real time. ## Creating EC2 Environment -EC2 Environments are defined with `Ec2Environment`. To create an EC2 environment in the private subnet, specify +EC2 Environments are defined with `Ec2Environment`. To create an EC2 environment in the private subnet, specify `subnetSelection` with private `subnetType`. @@ -52,7 +52,7 @@ new cloud9.Ec2Environment(this, 'Cloud9Env2', { imageId: cloud9.ImageId.AMAZON_LINUX_2, }); -// or specify in a different subnetSelection +// or specify in a different subnetSelection const c9env = new cloud9.Ec2Environment(this, 'Cloud9Env3', { vpc, subnetSelection: { @@ -104,3 +104,39 @@ new cloud9.Ec2Environment(this, 'C9Env', { imageId: cloud9.ImageId.AMAZON_LINUX_2, }); ``` + +## Specifying Owners +`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user + +### AccountRoot + +```ts +new cloud9.Ec2Environment(this, 'C9Env', { + // provides root account id. + owner: cloud9.Owner.AccountRoot('root account id') +}) +``` + +### Iam User + +```ts +import * as iam from '@aws-cdk/aws-iam'; + +const user = new iam.User(stack, 'User'); +// provides an iam user. +new cloud9.Ec2Environment(this, 'C9Env', { + owner: cloud9.Owner.User(user) +}) +``` + +### create a new Cloud9 environment with an owner as an Iam User. + +```ts +const user = new iam.User(stack, 'User'); +declare const vpc: ec2.Vpc; +new cloud9.Ec2Environment(this, 'C9Env', { + vpc, + imageId: cloud9.ImageId.AMAZON_LINUX_2, + owner: cloud9.Owner.User(user) +}); +``` \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloud9/lib/environment.ts b/packages/@aws-cdk/aws-cloud9/lib/environment.ts index 1143a1891be7b..eb4ac059fd653 100644 --- a/packages/@aws-cdk/aws-cloud9/lib/environment.ts +++ b/packages/@aws-cdk/aws-cloud9/lib/environment.ts @@ -59,9 +59,8 @@ export enum ImageId { */ export interface Ec2EnvironmentProps { /** - * The type of owner environment. + * Owner of the environment. * - * @default - string */ readonly owner?: Owner; @@ -143,14 +142,6 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { } return new Import(scope, id); } - - /** - * The Environment Owner of the ownerarn - * - * @attribute - */ - public readonly owner?: Owner; - /** * The environment name of this Cloud9 environment * @@ -184,7 +175,6 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { super(scope, id); this.vpc = props.vpc; - this.owner = props.owner; if (!props.subnetSelection && this.vpc.publicSubnets.length === 0) { throw new Error('no subnetSelection specified and no public subnet found in the vpc, please specify subnetSelection'); } @@ -236,31 +226,35 @@ export class CloneRepository { /** * The class for different types of owners + * + * */ export class Owner { /** * import from Owner Iuser * - * @param user environment owner can be an IAM user. + * User need to have AWSCloud9Administrator permissions + * @see https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-about + * + * @param user the User object to use as the environment owner */ - public static user(user: IUser): Owner { + public static User(user: IUser): Owner { return { ownerArn: user.userArn }; } + /** * import from Owner account root * - * @param accountId environment owner can be a root account. + * @param accountId the AccountId to use as the environment owner. */ - public static accountRoot(accountId: string): Owner { + public static AccountRoot(accountId: string): Owner { return { ownerArn: `arn:aws:iam::${accountId}:root` }; } /** - * import owenrArn * * @param ownerArn of environment owner. */ private constructor(public readonly ownerArn: string) {} -} - +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloud9/package.json b/packages/@aws-cdk/aws-cloud9/package.json index c52e71087c1e2..b76154609d311 100644 --- a/packages/@aws-cdk/aws-cloud9/package.json +++ b/packages/@aws-cdk/aws-cloud9/package.json @@ -92,6 +92,7 @@ "dependencies": { "@aws-cdk/aws-codecommit": "0.0.0", "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/core": "0.0.0", "constructs": "^10.0.0" }, @@ -99,6 +100,7 @@ "peerDependencies": { "@aws-cdk/aws-codecommit": "0.0.0", "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/core": "0.0.0", "constructs": "^10.0.0" }, diff --git a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts index 3ae43ce7930d3..6eccb3e11814d 100644 --- a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts +++ b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts @@ -80,17 +80,14 @@ test('throw error when subnetSelection not specified and the provided VPC has no test('can use CodeCommit repositories', () => { // WHEN const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo'); - const user = new iam.User(stack, 'User'); new cloud9.Ec2Environment(stack, 'C9Env', { vpc, clonedRepositories: [ cloud9.CloneRepository.fromCodeCommit(repo, '/src'), ], imageId: cloud9.ImageId.AMAZON_LINUX_2, - owner: Owner.user(user), }); // THEN - Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { InstanceType: 't2.micro', Repositories: [ @@ -117,41 +114,34 @@ test('can use CodeCommit repositories', () => { }); }); -test('can use CodeCommit repo', () => { +test('environment owner can be an IAM user', () => { // WHEN - const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo'); + const user = new iam.User(stack, 'User', { + userName: 'testUser', + }); new cloud9.Ec2Environment(stack, 'C9Env', { vpc, - owner: Owner.accountRoot('12345678'), - clonedRepositories: [ - cloud9.CloneRepository.fromCodeCommit(repo, '/src'), - ], imageId: cloud9.ImageId.AMAZON_LINUX_2, + owner: Owner.User(user), }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { - InstanceType: 't2.micro', - Repositories: [ - { - PathComponent: '/src', - RepositoryUrl: { - 'Fn::Join': [ - '', - [ - 'https://git-codecommit.', - { - Ref: 'AWS::Region', - }, - '.', - { - Ref: 'AWS::URLSuffix', - }, - '/v1/repos/foo', - ], - ], - }, - }, - ], + OwnerArn: { + 'Fn::GetAtt': ['User00B015A1', 'Arn'], + }, + }); +}); + +test('environment owner can be account root', () => { + // WHEN + new cloud9.Ec2Environment(stack, 'C9Env', { + vpc, + imageId: cloud9.ImageId.AMAZON_LINUX_2, + owner: Owner.AccountRoot('12345678'), + }); + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { + OwnerArn: 'arn:aws:iam::12345678:root', }); }); From c52b45e6424361c4434986e4dc5ad1170ec3631b Mon Sep 17 00:00:00 2001 From: pattasai Date: Fri, 3 Feb 2023 09:50:10 -0500 Subject: [PATCH 4/7] support setting environment owner --- packages/@aws-cdk/aws-cloud9/README.md | 5 +++-- packages/@aws-cdk/aws-cloud9/lib/environment.ts | 5 +++-- packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-cloud9/README.md b/packages/@aws-cdk/aws-cloud9/README.md index 1b017efe20d85..a1298caa2f2e8 100644 --- a/packages/@aws-cdk/aws-cloud9/README.md +++ b/packages/@aws-cdk/aws-cloud9/README.md @@ -106,6 +106,7 @@ new cloud9.Ec2Environment(this, 'C9Env', { ``` ## Specifying Owners + `Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user ### AccountRoot @@ -129,7 +130,7 @@ new cloud9.Ec2Environment(this, 'C9Env', { }) ``` -### create a new Cloud9 environment with an owner as an Iam User. +### create a new Cloud9 environment with an owner as an Iam User ```ts const user = new iam.User(stack, 'User'); @@ -139,4 +140,4 @@ new cloud9.Ec2Environment(this, 'C9Env', { imageId: cloud9.ImageId.AMAZON_LINUX_2, owner: cloud9.Owner.User(user) }); -``` \ No newline at end of file +``` diff --git a/packages/@aws-cdk/aws-cloud9/lib/environment.ts b/packages/@aws-cdk/aws-cloud9/lib/environment.ts index eb4ac059fd653..154bbb7aa5fe3 100644 --- a/packages/@aws-cdk/aws-cloud9/lib/environment.ts +++ b/packages/@aws-cdk/aws-cloud9/lib/environment.ts @@ -61,6 +61,7 @@ export interface Ec2EnvironmentProps { /** * Owner of the environment. * + * @default - If this value is not specified, the owner defaults to this environment's creator */ readonly owner?: Owner; @@ -238,7 +239,7 @@ export class Owner { * * @param user the User object to use as the environment owner */ - public static User(user: IUser): Owner { + public static user(user: IUser): Owner { return { ownerArn: user.userArn }; } @@ -248,7 +249,7 @@ export class Owner { * * @param accountId the AccountId to use as the environment owner. */ - public static AccountRoot(accountId: string): Owner { + public static accountRoot(accountId: string): Owner { return { ownerArn: `arn:aws:iam::${accountId}:root` }; } diff --git a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts index 6eccb3e11814d..69210bf01a135 100644 --- a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts +++ b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts @@ -122,7 +122,7 @@ test('environment owner can be an IAM user', () => { new cloud9.Ec2Environment(stack, 'C9Env', { vpc, imageId: cloud9.ImageId.AMAZON_LINUX_2, - owner: Owner.User(user), + owner: Owner.user(user), }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { @@ -137,7 +137,7 @@ test('environment owner can be account root', () => { new cloud9.Ec2Environment(stack, 'C9Env', { vpc, imageId: cloud9.ImageId.AMAZON_LINUX_2, - owner: Owner.AccountRoot('12345678'), + owner: Owner.accountRoot('12345678'), }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', { From a695cd5beb862526feac8244036fc6900e6e18d2 Mon Sep 17 00:00:00 2001 From: pattasai Date: Fri, 3 Feb 2023 10:23:24 -0500 Subject: [PATCH 5/7] support setting environment owner --- packages/@aws-cdk/aws-cloud9/README.md | 26 +++++++------------ .../@aws-cdk/aws-cloud9/lib/environment.ts | 11 +++++--- 2 files changed, 16 insertions(+), 21 deletions(-) diff --git a/packages/@aws-cdk/aws-cloud9/README.md b/packages/@aws-cdk/aws-cloud9/README.md index a1298caa2f2e8..a15ad2b3e239d 100644 --- a/packages/@aws-cdk/aws-cloud9/README.md +++ b/packages/@aws-cdk/aws-cloud9/README.md @@ -107,37 +107,29 @@ new cloud9.Ec2Environment(this, 'C9Env', { ## Specifying Owners -`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user +Every Cloud9 Environment has an **owner**. An owner has full control over the environment, and can invite additional members to the environment for collaboration purposes. For more information, see [Working with shared environments in AWS Cloud9](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html)). -### AccountRoot +By default, the owner will be the identity that creates the Environment, which is most likely your CloudFormation Execution Role when the Environment is created using CloudFormation. Provider a value for the `owner` property to assign a different owner, either a specific IAM User or the AWS Account Root User. + +`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user (but using the account root user is not recommended, see [environment sharing best practices](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-best-practices)). + +### To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()` ```ts new cloud9.Ec2Environment(this, 'C9Env', { // provides root account id. - owner: cloud9.Owner.AccountRoot('root account id') + owner: cloud9.Owner.AccountRoot('111111111') }) ``` -### Iam User +### To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy ```ts import * as iam from '@aws-cdk/aws-iam'; const user = new iam.User(stack, 'User'); -// provides an iam user. +user.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCloud9Administrator')); new cloud9.Ec2Environment(this, 'C9Env', { owner: cloud9.Owner.User(user) }) ``` - -### create a new Cloud9 environment with an owner as an Iam User - -```ts -const user = new iam.User(stack, 'User'); -declare const vpc: ec2.Vpc; -new cloud9.Ec2Environment(this, 'C9Env', { - vpc, - imageId: cloud9.ImageId.AMAZON_LINUX_2, - owner: cloud9.Owner.User(user) -}); -``` diff --git a/packages/@aws-cdk/aws-cloud9/lib/environment.ts b/packages/@aws-cdk/aws-cloud9/lib/environment.ts index 154bbb7aa5fe3..d1e4565f786ff 100644 --- a/packages/@aws-cdk/aws-cloud9/lib/environment.ts +++ b/packages/@aws-cdk/aws-cloud9/lib/environment.ts @@ -61,7 +61,9 @@ export interface Ec2EnvironmentProps { /** * Owner of the environment. * - * @default - If this value is not specified, the owner defaults to this environment's creator + * The owner has full control of the environment and can invite additional members. + * + * @default - The identity that CloudFormation executes under will be the owner */ readonly owner?: Owner; @@ -143,6 +145,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { } return new Import(scope, id); } + /** * The environment name of this Cloud9 environment * @@ -226,13 +229,13 @@ export class CloneRepository { } /** - * The class for different types of owners + * An environment owner * * */ export class Owner { /** - * import from Owner Iuser + * Make an IAM user the environment owner * * User need to have AWSCloud9Administrator permissions * @see https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-about @@ -245,7 +248,7 @@ export class Owner { /** - * import from Owner account root + * Make the Account Root User the environment owner (not recommended) * * @param accountId the AccountId to use as the environment owner. */ From beaf73c2ee37d5355fbebd26745915b91d09cbac Mon Sep 17 00:00:00 2001 From: pattasai Date: Mon, 6 Feb 2023 10:13:52 -0500 Subject: [PATCH 6/7] fix readme error --- packages/@aws-cdk/aws-cloud9/README.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-cloud9/README.md b/packages/@aws-cdk/aws-cloud9/README.md index a15ad2b3e239d..69e0f2347335a 100644 --- a/packages/@aws-cdk/aws-cloud9/README.md +++ b/packages/@aws-cdk/aws-cloud9/README.md @@ -116,9 +116,12 @@ By default, the owner will be the identity that creates the Environment, which i ### To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()` ```ts +declare const vpc: ec2.Vpc; new cloud9.Ec2Environment(this, 'C9Env', { - // provides root account id. - owner: cloud9.Owner.AccountRoot('111111111') + vpc, + imageId: cloud9.ImageId.AMAZON_LINUX_2, + + owner: cloud9.Owner.accountRoot('111111111') }) ``` @@ -127,9 +130,13 @@ new cloud9.Ec2Environment(this, 'C9Env', { ```ts import * as iam from '@aws-cdk/aws-iam'; -const user = new iam.User(stack, 'User'); +const user = new iam.User(this, 'user'); user.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCloud9Administrator')); +declare const vpc: ec2.Vpc; new cloud9.Ec2Environment(this, 'C9Env', { - owner: cloud9.Owner.User(user) + vpc, + imageId: cloud9.ImageId.AMAZON_LINUX_2, + + owner: cloud9.Owner.user(user) }) ``` From 4f014c157ed0eae0d73ef9b5a77c3dd4174a5490 Mon Sep 17 00:00:00 2001 From: pattasai Date: Wed, 8 Feb 2023 10:33:51 -0500 Subject: [PATCH 7/7] fix readme --- packages/@aws-cdk/aws-cloud9/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-cloud9/README.md b/packages/@aws-cdk/aws-cloud9/README.md index 69e0f2347335a..f87860ae71b3d 100644 --- a/packages/@aws-cdk/aws-cloud9/README.md +++ b/packages/@aws-cdk/aws-cloud9/README.md @@ -113,7 +113,7 @@ By default, the owner will be the identity that creates the Environment, which i `Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user (but using the account root user is not recommended, see [environment sharing best practices](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-best-practices)). -### To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()` +To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()` ```ts declare const vpc: ec2.Vpc; @@ -125,7 +125,7 @@ new cloud9.Ec2Environment(this, 'C9Env', { }) ``` -### To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy +To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy ```ts import * as iam from '@aws-cdk/aws-iam';