From e9e3cc77f24c1c9a354dba5c6173e6c5e0e9c2d4 Mon Sep 17 00:00:00 2001 From: wafuwafu13 Date: Fri, 1 Mar 2024 13:32:53 +0000 Subject: [PATCH] fix(ecs-patterns): resolve not being able to create ecs service in integ.alb-ecs-service-command-entry-point --- ...efaultTestDeployAssert91EF33D6.assets.json | 2 +- ...s-integ-alb-ec2-cmd-entrypoint.assets.json | 6 +- ...integ-alb-ec2-cmd-entrypoint.template.json | 243 ++++++++----- .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 14 +- .../tree.json | 335 +++++++++++------- ...teg.alb-ecs-service-command-entry-point.ts | 19 +- 8 files changed, 380 insertions(+), 243 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/AlbEc2ServiceWithCommandAndEntryPointDefaultTestDeployAssert91EF33D6.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/AlbEc2ServiceWithCommandAndEntryPointDefaultTestDeployAssert91EF33D6.assets.json index 992a1ca046a18..32a34d9802ceb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/AlbEc2ServiceWithCommandAndEntryPointDefaultTestDeployAssert91EF33D6.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/AlbEc2ServiceWithCommandAndEntryPointDefaultTestDeployAssert91EF33D6.assets.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.assets.json index cac99007bc284..d15747773455e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.assets.json @@ -1,7 +1,7 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { - "f99d8d7aa012c2005302f24b0c6917d70f4ee968aa635522e17119347b9634ed": { + "96f1b91e7a099b720d86b3b88d975d45b769d67efd878163f884b12c11d81887": { "source": { "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f99d8d7aa012c2005302f24b0c6917d70f4ee968aa635522e17119347b9634ed.json", + "objectKey": "96f1b91e7a099b720d86b3b88d975d45b769d67efd878163f884b12c11d81887.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.template.json index ad3bab7008235..f968c57e6baae 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/aws-ecs-integ-alb-ec2-cmd-entrypoint.template.json @@ -18,9 +18,6 @@ "VpcPublicSubnet1Subnet5C2D37C4": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -44,21 +41,24 @@ "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTable6C95E38E": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTableAssociation97140677": { @@ -75,12 +75,12 @@ "VpcPublicSubnet1DefaultRoute3DA9E72A": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } }, "DependsOn": [ @@ -102,15 +102,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "Tags": [ { "Key": "Name", @@ -126,9 +126,6 @@ "VpcPublicSubnet2Subnet691E08A3": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -152,21 +149,24 @@ "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet2RouteTable94F7E489": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet2RouteTableAssociationDD5762D8": { @@ -183,12 +183,12 @@ "VpcPublicSubnet2DefaultRoute97F91067": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" } }, "DependsOn": [ @@ -210,15 +210,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "Tags": [ { "Key": "Name", @@ -234,9 +234,6 @@ "VpcPrivateSubnet1Subnet536B997A": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -260,21 +257,24 @@ "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableB2C5B500": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { @@ -291,21 +291,18 @@ "VpcPrivateSubnet1DefaultRouteBE02A9ED": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, "VpcPrivateSubnet2Subnet3788AAA1": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -329,21 +326,24 @@ "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet2RouteTableA678073B": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { @@ -360,12 +360,12 @@ "VpcPrivateSubnet2DefaultRoute060D2087": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" } } }, @@ -383,11 +383,11 @@ "VpcVPCGWBF912B6E": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "InternetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" } } }, @@ -408,10 +408,10 @@ "DefaultCapacityProviderStrategy": [] } }, - "AutoScalingGroupInstanceSecurityGroup9D2E0C5E": { + "SecurityGroupDD263621": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/InstanceSecurityGroup", + "GroupDescription": "aws-ecs-integ-alb-ec2-cmd-entrypoint/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -419,10 +419,13 @@ "IpProtocol": "-1" } ], - "Tags": [ + "SecurityGroupIngress": [ { - "Key": "Name", - "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup" + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:32768-65535", + "FromPort": 32768, + "IpProtocol": "tcp", + "ToPort": 65535 } ], "VpcId": { @@ -521,38 +524,79 @@ ] } }, - "AutoScalingGroupLaunchConfigDEEB160C": { - "Type": "AWS::AutoScaling::LaunchConfiguration", + "AutoScalingGroupLaunchTemplateCE2B3AFE": { + "Type": "AWS::EC2::LaunchTemplate", "Properties": { - "ImageId": { - "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "InstanceType": "t2.micro", - "IamInstanceProfile": { - "Ref": "AutoScalingGroupInstanceProfile342FAC7C" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "AutoScalingGroupInstanceSecurityGroup9D2E0C5E", - "GroupId" - ] - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash\necho ECS_CLUSTER=", + "LaunchTemplateData": { + "IamInstanceProfile": { + "Arn": { + "Fn::GetAtt": [ + "AutoScalingGroupInstanceProfile342FAC7C", + "Arn" + ] + } + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t2.micro", + "Monitoring": { + "Enabled": false + }, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + } + ], + "TagSpecifications": [ + { + "ResourceType": "instance", + "Tags": [ { - "Ref": "Ec2ClusterEE43E89D" - }, - " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" + "Key": "Name", + "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate" + } + ] + }, + { + "ResourceType": "volume", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate" + } ] + } + ], + "UserData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\necho ECS_CLUSTER=", + { + "Ref": "Ec2ClusterEE43E89D" + }, + " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" + ] + ] + } + } + }, + "TagSpecifications": [ + { + "ResourceType": "launch-template", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate" + } ] } - } + ] }, "DependsOn": [ "AutoScalingGroupInstanceRoleDefaultPolicy3DF09528", @@ -562,11 +606,19 @@ "AutoScalingGroupASG804C35BE": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { + "LaunchTemplate": { + "LaunchTemplateId": { + "Ref": "AutoScalingGroupLaunchTemplateCE2B3AFE" + }, + "Version": { + "Fn::GetAtt": [ + "AutoScalingGroupLaunchTemplateCE2B3AFE", + "LatestVersionNumber" + ] + } + }, "MaxSize": "1", "MinSize": "1", - "LaunchConfigurationName": { - "Ref": "AutoScalingGroupLaunchConfigDEEB160C" - }, "NewInstancesProtectedFromScaleIn": true, "Tags": [ { @@ -622,6 +674,12 @@ "ALBECSServiceWithCommandEntryPointLBSecurityGroupBA7F6FB5", "GroupId" ] + }, + { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] } ], "Subnets": [ @@ -726,18 +784,15 @@ "ContainerDefinitions": [ { "Command": [ - "/usr/sbin/apache2", - "-D", - "FOREGROUND" + "/bin/sh -c \"echo '

Amazon ECS Sample App

' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "Cpu": 256, "EntryPoint": [ - "/bin/bash", - "-l", + "sh", "-c" ], "Essential": true, - "Image": "amazon/amazon-ecs-sample", + "Image": "public.ecr.aws/docker/library/httpd:2.4", "LogConfiguration": { "LogDriver": "awslogs", "Options": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/cdk.out index f0b901e7c06e5..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"32.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/integ.json index cb9111a784095..89155479203b4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "testCases": { "AlbEc2ServiceWithCommandAndEntryPoint/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/manifest.json index 36c5ae5655f0a..f654a71a50186 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "artifacts": { "aws-ecs-integ-alb-ec2-cmd-entrypoint.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-ecs-integ-alb-ec2-cmd-entrypoint.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f99d8d7aa012c2005302f24b0c6917d70f4ee968aa635522e17119347b9634ed.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/96f1b91e7a099b720d86b3b88d975d45b769d67efd878163f884b12c11d81887.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -183,10 +184,10 @@ "data": "Ec2Cluster56240A3A" } ], - "/aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/InstanceSecurityGroup/Resource": [ + "/aws-ecs-integ-alb-ec2-cmd-entrypoint/SecurityGroup/Resource": [ { "type": "aws:cdk:logicalId", - "data": "AutoScalingGroupInstanceSecurityGroup9D2E0C5E" + "data": "SecurityGroupDD263621" } ], "/aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/InstanceRole/Resource": [ @@ -207,10 +208,10 @@ "data": "AutoScalingGroupInstanceProfile342FAC7C" } ], - "/aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchConfig": [ + "/aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate/Resource": [ { "type": "aws:cdk:logicalId", - "data": "AutoScalingGroupLaunchConfigDEEB160C" + "data": "AutoScalingGroupLaunchTemplateCE2B3AFE" } ], "/aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/ASG": [ @@ -331,6 +332,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AlbEc2ServiceWithCommandAndEntryPointDefaultTestDeployAssert91EF33D6.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/tree.json index ab1d5e7835c45..da35b30aa6012 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.js.snapshot/tree.json @@ -45,9 +45,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -71,7 +68,10 @@ "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -93,15 +93,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -134,12 +134,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } } }, @@ -174,15 +174,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "allocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "tags": [ { "key": "Name", @@ -212,9 +212,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -238,7 +235,10 @@ "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -260,15 +260,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -301,12 +301,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" } } }, @@ -341,15 +341,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "allocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "tags": [ { "key": "Name", @@ -379,9 +379,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -405,7 +402,10 @@ "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -427,15 +427,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -468,12 +468,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, @@ -498,9 +498,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -524,7 +521,10 @@ "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -546,15 +546,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/Vpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -587,12 +587,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" } } }, @@ -632,11 +632,11 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "internetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" } } }, @@ -695,50 +695,53 @@ "version": "0.0.0" } }, - "AutoScalingGroup": { - "id": "AutoScalingGroup", - "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup", + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/SecurityGroup", "children": { - "InstanceSecurityGroup": { - "id": "InstanceSecurityGroup", - "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/InstanceSecurityGroup", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/InstanceSecurityGroup/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/InstanceSecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "Name", - "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-ecs-integ-alb-ec2-cmd-entrypoint/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + ], + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 32768, + "toPort": 65535, + "description": "from 0.0.0.0/0:32768-65535" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", "version": "0.0.0" } - }, + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "AutoScalingGroup": { + "id": "AutoScalingGroup", + "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup", + "children": { "InstanceRole": { "id": "InstanceRole", "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/InstanceRole", @@ -882,45 +885,104 @@ "version": "0.0.0" } }, - "LaunchConfig": { - "id": "LaunchConfig", - "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchConfig", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::AutoScaling::LaunchConfiguration", - "aws:cdk:cloudformation:props": { - "imageId": { - "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "instanceType": "t2.micro", - "iamInstanceProfile": { - "Ref": "AutoScalingGroupInstanceProfile342FAC7C" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "AutoScalingGroupInstanceSecurityGroup9D2E0C5E", - "GroupId" - ] - } - ], - "userData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash\necho ECS_CLUSTER=", + "ImportedInstanceProfile": { + "id": "ImportedInstanceProfile", + "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/ImportedInstanceProfile", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "LaunchTemplate": { + "id": "LaunchTemplate", + "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::LaunchTemplate", + "aws:cdk:cloudformation:props": { + "launchTemplateData": { + "iamInstanceProfile": { + "arn": { + "Fn::GetAtt": [ + "AutoScalingGroupInstanceProfile342FAC7C", + "Arn" + ] + } + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t2.micro", + "monitoring": { + "enabled": false + }, + "securityGroupIds": [ { - "Ref": "Ec2ClusterEE43E89D" + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + } + ], + "tagSpecifications": [ + { + "resourceType": "instance", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate" + } + ] }, - " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" - ] + { + "resourceType": "volume", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate" + } + ] + } + ], + "userData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\necho ECS_CLUSTER=", + { + "Ref": "Ec2ClusterEE43E89D" + }, + " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" + ] + ] + } + } + }, + "tagSpecifications": [ + { + "resourceType": "launch-template", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-alb-ec2-cmd-entrypoint/AutoScalingGroup/LaunchTemplate" + } + ] + } ] } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.CfnLaunchConfiguration", + "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", "version": "0.0.0" } }, @@ -930,11 +992,19 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", "aws:cdk:cloudformation:props": { + "launchTemplate": { + "launchTemplateId": { + "Ref": "AutoScalingGroupLaunchTemplateCE2B3AFE" + }, + "version": { + "Fn::GetAtt": [ + "AutoScalingGroupLaunchTemplateCE2B3AFE", + "LatestVersionNumber" + ] + } + }, "maxSize": "1", "minSize": "1", - "launchConfigurationName": { - "Ref": "AutoScalingGroupLaunchConfigDEEB160C" - }, "newInstancesProtectedFromScaleIn": true, "tags": [ { @@ -1041,6 +1111,12 @@ "ALBECSServiceWithCommandEntryPointLBSecurityGroupBA7F6FB5", "GroupId" ] + }, + { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] } ], "subnets": [ @@ -1253,18 +1329,15 @@ "containerDefinitions": [ { "command": [ - "/usr/sbin/apache2", - "-D", - "FOREGROUND" + "/bin/sh -c \"echo '

Amazon ECS Sample App

' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "cpu": 256, "entryPoint": [ - "/bin/bash", - "-l", + "sh", "-c" ], "essential": true, - "image": "amazon/amazon-ecs-sample", + "image": "public.ecr.aws/docker/library/httpd:2.4", "memory": 512, "name": "web", "portMappings": [ @@ -1540,7 +1613,7 @@ "path": "AlbEc2ServiceWithCommandAndEntryPoint/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.3.0" } }, "DeployAssert": { @@ -1586,7 +1659,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts index 913f5fc3c308a..597770c238961 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts @@ -4,14 +4,19 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; -import { AUTOSCALING_GENERATE_LAUNCH_TEMPLATE } from 'aws-cdk-lib/cx-api'; -const app = new cdk.App({ postCliContext: { [AUTOSCALING_GENERATE_LAUNCH_TEMPLATE]: false } }); +const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-alb-ec2-cmd-entrypoint'); // Create VPC and ECS Cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(stack, 'Ec2Cluster', { vpc }); +const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { + vpc, + allowAllOutbound: true, +}); +securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcpRange(32768, 65535)); + const provider = new ecs.AsgCapacityProvider(stack, 'CapacityProvier', { autoScalingGroup: new autoscaling.AutoScalingGroup( stack, @@ -20,6 +25,7 @@ const provider = new ecs.AsgCapacityProvider(stack, 'CapacityProvier', { vpc, instanceType: new ec2.InstanceType('t2.micro'), machineImage: ecs.EcsOptimizedImage.amazonLinux2(), + securityGroup, }, ), capacityProviderName: 'test-capacity-provider', @@ -27,7 +33,7 @@ const provider = new ecs.AsgCapacityProvider(stack, 'CapacityProvier', { cluster.addAsgCapacityProvider(provider); // Create ALB service with Command and EntryPoint -new ecsPatterns.ApplicationLoadBalancedEc2Service( +const applicationLoadBalancedEc2Service = new ecsPatterns.ApplicationLoadBalancedEc2Service( stack, 'ALBECSServiceWithCommandEntryPoint', { @@ -35,9 +41,9 @@ new ecsPatterns.ApplicationLoadBalancedEc2Service( memoryLimitMiB: 512, cpu: 256, taskImageOptions: { - image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), - command: ['/usr/sbin/apache2', '-D', 'FOREGROUND'], - entryPoint: ['/bin/bash', '-l', '-c'], + image: ecs.ContainerImage.fromRegistry('public.ecr.aws/docker/library/httpd:2.4'), + command: ['/bin/sh -c \"echo \'

Amazon ECS Sample App

\' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"'], + entryPoint: ['sh', '-c'], }, capacityProviderStrategies: [ { @@ -48,6 +54,7 @@ new ecsPatterns.ApplicationLoadBalancedEc2Service( ], }, ); +applicationLoadBalancedEc2Service.loadBalancer.connections.addSecurityGroup(securityGroup); new integ.IntegTest(app, 'AlbEc2ServiceWithCommandAndEntryPoint', { testCases: [stack],