From 6faa60e6a91e86e8d426b82e480b0c5e684a1c84 Mon Sep 17 00:00:00 2001 From: Hirotaka Tagawa / wafuwafu13 Date: Thu, 21 Mar 2024 21:23:02 +0000 Subject: [PATCH] fix(ecs-patterns): integ test unable to create ECS service (#29490) ### Issue # (if applicable) part of https://github.com/aws/aws-cdk/pull/29186#issuecomment-1959231406 same as https://github.com/aws/aws-cdk/pull/29333 ### Reason for this change CFN stack gets stuck after `yarn integ` because of not being able to create ECS service. ``` AWS::ECS::Service | CREATE_IN_PROGRESS ``` ``` $ aws ecs describe-tasks --cluster aws-ecs-integ-lb-fargate-cmd-entrypoint-xxx --tasks xxxxxxxxxxxxxxx | jq '.tasks[].stopCode' "EssentialContainerExited" ``` ### Description of changes Change `taskImageOptions` `image`, `command`, `entryPoint` and add security group. Ref: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/example_task_definitions.html#example_task_definition-webserver ### Description of how you validated changes Pass integration tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert84DAACDF.assets.json | 2 +- ...lb-fargate-cmd-entrypoint-test.assets.json | 6 +- ...-fargate-cmd-entrypoint-test.template.json | 200 ++++++++++----- .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 24 +- .../tree.json | 235 +++++++++++++----- ...alb-fargate-service-command-entry-point.ts | 14 +- 8 files changed, 339 insertions(+), 146 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json index 161b98e729347..afee9f7a14240 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json index e2efe1199559d..f0c30a25d7502 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json @@ -1,7 +1,7 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { - "bd5c4694c4fe13248b11699dfcee108b7c5a6835e60b9f68628928a30689fa29": { + "d5bc6608a501023f394e622f56da7bfa3d009cdcb254814891d1352b1e41bbbe": { "source": { "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "bd5c4694c4fe13248b11699dfcee108b7c5a6835e60b9f68628928a30689fa29.json", + "objectKey": "d5bc6608a501023f394e622f56da7bfa3d009cdcb254814891d1352b1e41bbbe.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json index aff60e08182b5..7adff19cc7449 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json @@ -18,9 +18,6 @@ "VpcPublicSubnet1Subnet5C2D37C4": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -44,21 +41,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTable6C95E38E": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTableAssociation97140677": { @@ -75,12 +75,12 @@ "VpcPublicSubnet1DefaultRoute3DA9E72A": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } }, "DependsOn": [ @@ -102,15 +102,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "Tags": [ { "Key": "Name", @@ -126,9 +126,6 @@ "VpcPublicSubnet2Subnet691E08A3": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -152,21 +149,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet2RouteTable94F7E489": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet2RouteTableAssociationDD5762D8": { @@ -183,12 +183,12 @@ "VpcPublicSubnet2DefaultRoute97F91067": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" } }, "DependsOn": [ @@ -210,15 +210,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "Tags": [ { "Key": "Name", @@ -234,9 +234,6 @@ "VpcPrivateSubnet1Subnet536B997A": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -260,21 +257,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableB2C5B500": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { @@ -291,21 +291,18 @@ "VpcPrivateSubnet1DefaultRouteBE02A9ED": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, "VpcPrivateSubnet2Subnet3788AAA1": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -329,21 +326,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet2RouteTableA678073B": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { @@ -360,12 +360,12 @@ "VpcPrivateSubnet2DefaultRoute060D2087": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" } } }, @@ -383,17 +383,56 @@ "VpcVPCGWBF912B6E": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "InternetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" } } }, "TestFargateCluster0BF869F3": { "Type": "AWS::ECS::Cluster" }, + "SecurityGroupDD263621": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:80", + "FromPort": 80, + "IpProtocol": "tcp", + "ToPort": 80 + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "SecurityGrouptoawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F1180E99BF818": { + "Type": "AWS::EC2::SecurityGroupEgress", + "Properties": { + "Description": "Load balancer to target", + "DestinationSecurityGroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "FromPort": 80, + "GroupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "ToPort": 80 + } + }, "ALBFargateServiceWithCommandAndEntryPointLB353EA7CA": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { @@ -410,6 +449,12 @@ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", "GroupId" ] + }, + { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] } ], "Subnets": [ @@ -450,13 +495,6 @@ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGrouptoawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11801B449FAA": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { - "GroupId": { - "Fn::GetAtt": [ - "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", - "GroupId" - ] - }, - "IpProtocol": "tcp", "Description": "Load balancer to target", "DestinationSecurityGroupId": { "Fn::GetAtt": [ @@ -465,6 +503,13 @@ ] }, "FromPort": 80, + "GroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", + "GroupId" + ] + }, + "IpProtocol": "tcp", "ToPort": 80 } }, @@ -526,15 +571,14 @@ "ContainerDefinitions": [ { "Command": [ - "/usr/sbin/apache2", - "-D", - "FOREGROUND" + "/bin/sh -c \"echo '

Amazon ECS Sample App

' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "EntryPoint": [ - "/bin/bash" + "sh", + "-c" ], "Essential": true, - "Image": "amazon/amazon-ecs-sample", + "Image": "public.ecr.aws/docker/library/httpd:2.4", "LogConfiguration": { "LogDriver": "awslogs", "Options": { @@ -708,7 +752,6 @@ "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointLBSecurityGroup886E70918046DDBFE6": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { - "IpProtocol": "tcp", "Description": "Load balancer to target", "FromPort": 80, "GroupId": { @@ -717,6 +760,7 @@ "GroupId" ] }, + "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", @@ -728,6 +772,30 @@ "DependsOn": [ "ALBFargateServiceWithCommandAndEntryPointTaskDefTaskRole65CE9392" ] + }, + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B806B1E1C2D": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Load balancer to target", + "FromPort": 80, + "GroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "ToPort": 80 + }, + "DependsOn": [ + "ALBFargateServiceWithCommandAndEntryPointTaskDefTaskRole65CE9392" + ] } }, "Outputs": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out index f0b901e7c06e5..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"32.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json index 5e4bcf603026b..6cc5d28209e4a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "testCases": { "AlbFargateServiceWithCommandAndEntryPoint/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json index 487bb373d901d..2af9e7724ebd3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "artifacts": { "aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bd5c4694c4fe13248b11699dfcee108b7c5a6835e60b9f68628928a30689fa29.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d5bc6608a501023f394e622f56da7bfa3d009cdcb254814891d1352b1e41bbbe.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -177,6 +178,18 @@ "data": "TestFargateCluster0BF869F3" } ], + "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "SecurityGroupDD263621" + } + ], + "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80": [ + { + "type": "aws:cdk:logicalId", + "data": "SecurityGrouptoawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F1180E99BF818" + } + ], "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/LB/Resource": [ { "type": "aws:cdk:logicalId", @@ -267,6 +280,12 @@ "data": "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointLBSecurityGroup886E70918046DDBFE6" } ], + "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/Service/SecurityGroup/from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80": [ + { + "type": "aws:cdk:logicalId", + "data": "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B806B1E1C2D" + } + ], "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -295,6 +314,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json index d1a001dceb12c..8488ff8dbd2af 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json @@ -45,9 +45,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -71,7 +68,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -93,15 +93,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -134,12 +134,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } } }, @@ -174,15 +174,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "allocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "tags": [ { "key": "Name", @@ -212,9 +212,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -238,7 +235,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -260,15 +260,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -301,12 +301,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" } } }, @@ -341,15 +341,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "allocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "tags": [ { "key": "Name", @@ -379,9 +379,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -405,7 +402,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -427,15 +427,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -468,12 +468,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, @@ -498,9 +498,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -524,7 +521,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -546,15 +546,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -587,12 +587,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" } } }, @@ -632,11 +632,11 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "internetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" } } }, @@ -673,6 +673,71 @@ "version": "0.0.0" } }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 80, + "toPort": 80, + "description": "from 0.0.0.0/0:80" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + }, + "to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80": { + "id": "to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupEgress", + "aws:cdk:cloudformation:props": { + "description": "Load balancer to target", + "destinationSecurityGroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "fromPort": 80, + "groupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "toPort": 80 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupEgress", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, "ALBFargateServiceWithCommandAndEntryPoint": { "id": "ALBFargateServiceWithCommandAndEntryPoint", "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint", @@ -700,6 +765,12 @@ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", "GroupId" ] + }, + { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] } ], "subnets": [ @@ -754,13 +825,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupEgress", "aws:cdk:cloudformation:props": { - "groupId": { - "Fn::GetAtt": [ - "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", - "GroupId" - ] - }, - "ipProtocol": "tcp", "description": "Load balancer to target", "destinationSecurityGroupId": { "Fn::GetAtt": [ @@ -769,6 +833,13 @@ ] }, "fromPort": 80, + "groupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", + "GroupId" + ] + }, + "ipProtocol": "tcp", "toPort": 80 } }, @@ -932,15 +1003,14 @@ "containerDefinitions": [ { "command": [ - "/usr/sbin/apache2", - "-D", - "FOREGROUND" + "/bin/sh -c \"echo '

Amazon ECS Sample App

' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "entryPoint": [ - "/bin/bash" + "sh", + "-c" ], "essential": true, - "image": "amazon/amazon-ecs-sample", + "image": "public.ecr.aws/docker/library/httpd:2.4", "name": "web", "portMappings": [ { @@ -1215,7 +1285,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", "aws:cdk:cloudformation:props": { - "ipProtocol": "tcp", "description": "Load balancer to target", "fromPort": 80, "groupId": { @@ -1224,6 +1293,7 @@ "GroupId" ] }, + "ipProtocol": "tcp", "sourceSecurityGroupId": { "Fn::GetAtt": [ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", @@ -1237,6 +1307,35 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", "version": "0.0.0" } + }, + "from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80": { + "id": "from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/Service/SecurityGroup/from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Load balancer to target", + "fromPort": 80, + "groupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "toPort": 80 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } } }, "constructInfo": { @@ -1291,7 +1390,7 @@ "path": "AlbFargateServiceWithCommandAndEntryPoint/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.3.0" } }, "DeployAssert": { @@ -1337,7 +1436,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts index 32e2c2ebf7cbe..72eba5604fb9f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts @@ -13,9 +13,14 @@ const stack = new cdk.Stack( // Create VPC and cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(stack, 'TestFargateCluster', { vpc }); +const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { + vpc, + allowAllOutbound: false, +}); +securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(80)); // Create ALB service with Command and EntryPoint -new ecsPatterns.ApplicationLoadBalancedFargateService( +const applicationLoadBalancedFargateService = new ecsPatterns.ApplicationLoadBalancedFargateService( stack, 'ALBFargateServiceWithCommandAndEntryPoint', { @@ -23,12 +28,13 @@ new ecsPatterns.ApplicationLoadBalancedFargateService( memoryLimitMiB: 512, cpu: 256, taskImageOptions: { - image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), - command: ['/usr/sbin/apache2', '-D', 'FOREGROUND'], - entryPoint: ['/bin/bash'], + image: ecs.ContainerImage.fromRegistry('public.ecr.aws/docker/library/httpd:2.4'), + command: ['/bin/sh -c \"echo \'

Amazon ECS Sample App

\' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"'], + entryPoint: ['sh', '-c'], }, }, ); +applicationLoadBalancedFargateService.loadBalancer.connections.addSecurityGroup(securityGroup); new integ.IntegTest(app, 'AlbFargateServiceWithCommandAndEntryPoint', { testCases: [stack],