Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(examples): use dedicated subnets in All-In-AWS-Infrastructure-Basic example #598

Merged
merged 1 commit into from
Oct 8, 2021
Merged

feat(examples): use dedicated subnets in All-In-AWS-Infrastructure-Basic example #598

merged 1 commit into from
Oct 8, 2021

Conversation

jusiskin
Copy link
Contributor

@jusiskin jusiskin commented Oct 7, 2021
edited
Loading

Summary

In #576, RFDK was modified to automatically configure Deadline Secrets Management identity registration settings based on the subnets used by RFDK Deadline constructs. This sets up the rules with least-privilege such that the farm will always function, but in order to further scope-down the identity registration settings rules, RFDK users should deploy RFDK Deadline constructs into their own dedicated subnets.

This PR modifies the All-In-AWS-Infrastructure-Basic example CDK applications to use dedicated subnets as we now recommend in our documentation.

Updated the Deadline README.md to point to the example for a reference implementation.

Testing

Built and deployed Python and TypeScript example apps and verified that:

  • Python
    • All instances are deployed in the proper subnets
    • The Render Queue ALB is deployed in its own dedicated subnets
    • RFDK creates Deadline Secrets Management identity registration settings for only the subnets involved
    • End-to-end UBL render using SM succeeds
  • TypeScript
    • All instances are deployed in the proper subnets
    • The Render Queue ALB is deployed in its own dedicated subnets
    • RFDK creates Deadline Secrets Management identity registration settings for only the subnets involved
    • End-to-end UBL render using SM succeeds

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@jusiskin jusiskin added the contribution/core This is a PR that came from AWS. label Oct 7, 2021
@horsmand horsmand self-requested a review October 7, 2021 18:54
horsmand
horsmand suggested changes Oct 7, 2021
View reviewed changes
Copy link
Contributor

@horsmand horsmand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did a quick pass. Looks good!

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/lib/service-tier.ts Show resolved Hide resolved
jericht
jericht previously approved these changes Oct 7, 2021
View reviewed changes
Copy link
Contributor

@jericht jericht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@jusiskin jusiskin marked this pull request as ready for review October 8, 2021 19:39
@jusiskin jusiskin merged commit 7aaec14 into aws:feature_enable_secret_manager Oct 8, 2021
@jusiskin jusiskin deleted the examples_dedicated_subnets branch October 8, 2021 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@horsmand horsmand horsmand approved these changes

@jericht jericht jericht approved these changes

Assignees
No one assigned
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jusiskin @horsmand @jericht