(aws-ecs): Give Cluster a grant method for the task protection API #26233

SamStephens · 2023-07-05T01:21:43Z

Describe the feature

In order for ECS tasks to interact with the task protection API, the task role needs permissions on the API.

It would be nice if ECS Cluster used the standard grantX pattern and provided a method similar to grantTaskProtection.

Use Case

To simplify declaring my tasks need permissions on the task protection API.

Proposed Solution

Currently my setup for the permissions is:

        cluster_task_arn = Stack.of(self).format_arn(
            service='ecs',
            resource='task',
            resource_name=f'{fargate_cluster.cluster_name}/*'
        )
        fargate_task_definition.add_to_task_role_policy(
            aws_iam.PolicyStatement(
                actions=["ecs:UpdateTaskProtection"],
                resources=[cluster_task_arn],
            )
        )

With this feature I'd expect to do something like

fargate_cluster.grant_task_protection(fargate_task_definition.task_role)

Other Information

See also my request for an arnForTasks method

Acknowledgements

I may be able to implement this feature request
This feature might incur a breaking change

CDK version used

2.85.0

Environment details (OS name and version, etc.)

Ubuntu (Windows Subsystem for Linux)

The text was updated successfully, but these errors were encountered:

pahud · 2023-07-05T19:18:21Z

Sounds great and thank you for your PR.

… IAM entities (#28486) Added a `grantTaskProtection` method to the ECS (Elastic Container Service) Cluster. This method grants ECS tasks the necessary permissions to interact with the task protection API. Closes #26233 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2023-12-27T16:18:47Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

… IAM entities (aws#28486) Added a `grantTaskProtection` method to the ECS (Elastic Container Service) Cluster. This method grants ECS tasks the necessary permissions to interact with the task protection API. Closes aws#26233 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

SamStephens added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 5, 2023

github-actions bot added the @aws-cdk/aws-ecs Related to Amazon Elastic Container label Jul 5, 2023

SamStephens mentioned this issue Jul 5, 2023

(aws-ecs): Give Cluster a method that provides task ARNs #26232

Closed

2 tasks

pahud added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jul 5, 2023

github-actions bot mentioned this issue Aug 1, 2023

Monthly PRs metrics report - July 2023 #26582

Closed

badmintoncryer mentioned this issue Dec 25, 2023

feat(ecs): enable cluster to grant task protection API permissions to IAM entities #28486

Merged

mergify bot closed this as completed in #28486 Dec 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(aws-ecs): Give Cluster a grant method for the task protection API #26233

(aws-ecs): Give Cluster a grant method for the task protection API #26233

SamStephens commented Jul 5, 2023

pahud commented Jul 5, 2023

github-actions bot commented Dec 27, 2023