Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apprunner: Allow instanceRole to be obtained from Service instances. #26089

Closed
1 of 2 tasks
kmkhr opened this issue Jun 22, 2023 · 2 comments · Fixed by #26130
Closed
1 of 2 tasks

apprunner: Allow instanceRole to be obtained from Service instances. #26089

kmkhr opened this issue Jun 22, 2023 · 2 comments · Fixed by #26130
Labels
@aws-cdk/aws-apprunner Related to the apprunner package effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@kmkhr
Copy link

kmkhr commented Jun 22, 2023

Describe the feature

Currently, instanceRole can only be set from the constructor.
If it is possible to retrieve it even after initialization like obtainExecutionRole in TaskDefinition of ECS, it would be useful to be able to grant privileges with the grant method.

Use Case

Use as follows:

declare const bucket: IBucket;

const service = new apprunner.Service(this, 'Service', {
    source: apprunner.Source.fromEcrPublic({
        imageConfiguration: { port: 8000 },
        imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
    }),
});

bucket.grantRead(service.obtainInstanceRole());

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.85.0

Environment details (OS name and version, etc.)

N/A
@kmkhr kmkhr added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jun 22, 2023
@github-actions github-actions bot added the @aws-cdk/aws-apprunner Related to the apprunner package label Jun 22, 2023
@pahud pahud self-assigned this Jun 22, 2023
@pahud
Copy link
Contributor

pahud commented Jun 22, 2023

Yeah maybe we can just expose the instanceRole to the surface and simply

bucket.grantRead(service.instanceRole);

@pahud pahud added p2 and removed feature-request A feature should be added or improved. labels Jun 22, 2023
@pahud pahud removed their assignment Jun 22, 2023
@pahud pahud added feature-request A feature should be added or improved. effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 22, 2023
@pahud pahud changed the title (@aws-cdk/aws-apprunner): Allow instanceRole to be obtained from Service instances. apprunner: Allow instanceRole to be obtained from Service instances. Jun 22, 2023
@lpizzinidev lpizzinidev mentioned this issue Jun 27, 2023
Merged
lpizzinidev added a commit to lpizzinidev/aws-cdk that referenced this issue Jun 28, 2023
@lpizzinidev
Merge branch 'main' into awsgh-26089
64b2611
lpizzinidev added a commit to lpizzinidev/aws-cdk that referenced this issue Jun 30, 2023
@lpizzinidev
Merge branch 'main' into awsgh-26089
0c62347
lpizzinidev added a commit to lpizzinidev/aws-cdk that referenced this issue Jul 15, 2023
@lpizzinidev
Merge branch 'main' into awsgh-26089
e66a4b9
lpizzinidev added a commit to lpizzinidev/aws-cdk that referenced this issue Jul 21, 2023
@lpizzinidev
Merge branch 'main' into awsgh-26089
69ecdcc
mergify bot added a commit to lpizzinidev/aws-cdk that referenced this issue Jul 24, 2023
@mergify
Merge branch 'main' into awsgh-26089
dfbe8d5
@mergify mergify bot closed this as completed in #26130 Jul 24, 2023
mergify bot pushed a commit that referenced this issue Jul 24, 2023
@lpizzinidev
feat(apprunner): make Service implement IGrantable (#26130)
6033c9a 
Implementing `IGrantable` for cases when it's needed to grant permissions to a `Service` instance.

For example:
```
declare const bucket: IBucket;

const service = new apprunner.Service(this, 'Service', {
    source: apprunner.Source.fromEcrPublic({
        imageConfiguration: { port: 8000 },
        imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
    }),
});

bucket.grantRead(service);
```

Closes #26089.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

This was referenced Jul 26, 2023
Closed
Closed
bmoffatt pushed a commit to bmoffatt/aws-cdk that referenced this issue Jul 29, 2023
@lpizzinidev @bmoffatt
feat(apprunner): make Service implement IGrantable (aws#26130)
45a1d6c 
Implementing `IGrantable` for cases when it's needed to grant permissions to a `Service` instance.

For example:
```
declare const bucket: IBucket;

const service = new apprunner.Service(this, 'Service', {
    source: apprunner.Source.fromEcrPublic({
        imageConfiguration: { port: 8000 },
        imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
    }),
});

bucket.grantRead(service);
```

Closes aws#26089.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-apprunner Related to the apprunner package effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(apprunner): make Service implement IGrantable lpizzinidev/aws-cdk
2 participants
@pahud @kmkhr