UNPKG

@aws-cdk/aws-ecs

Version:

The CDK Construct Library for AWS::ECS

github.com/aws/aws-cdk

aws/aws-cdk

224 lines (223 loc) 5.91 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
import { Construct } from 'constructs'; import { CfnTaskDefinition } from './ecs.generated'; import { Construct as CoreConstruct } from '@aws-cdk/core'; /** * The properties for defining Linux-specific options that are applied to the container. */ export interface LinuxParametersProps { /** * Specifies whether to run an init process inside the container that forwards signals and reaps processes. * * @default false */ readonly initProcessEnabled?: boolean; /** * The value for the size (in MiB) of the /dev/shm volume. * * @default No shared memory. */ readonly sharedMemorySize?: number; } /** * Linux-specific options that are applied to the container. */ export declare class LinuxParameters extends CoreConstruct { /** * Whether the init process is enabled */ private readonly initProcessEnabled?; /** * The shared memory size. Not valid for Fargate launch type */ private readonly sharedMemorySize?; /** * Capabilities to be added */ private readonly capAdd; /** * Capabilities to be dropped */ private readonly capDrop; /** * Device mounts */ private readonly devices; /** * TmpFs mounts */ private readonly tmpfs; /** * Constructs a new instance of the LinuxParameters class. */ constructor(scope: Construct, id: string, props?: LinuxParametersProps); /** * Adds one or more Linux capabilities to the Docker configuration of a container. * * Only works with EC2 launch type. */ addCapabilities(...cap: Capability[]): void; /** * Removes one or more Linux capabilities to the Docker configuration of a container. * * Only works with EC2 launch type. */ dropCapabilities(...cap: Capability[]): void; /** * Adds one or more host devices to a container. */ addDevices(...device: Device[]): void; /** * Specifies the container path, mount options, and size (in MiB) of the tmpfs mount for a container. * * Only works with EC2 launch type. */ addTmpfs(...tmpfs: Tmpfs[]): void; /** * Renders the Linux parameters to a CloudFormation object. */ renderLinuxParameters(): CfnTaskDefinition.LinuxParametersProperty; } /** * A container instance host device. */ export interface Device { /** * The path inside the container at which to expose the host device. * * @default Same path as the host */ readonly containerPath?: string; /** * The path for the device on the host container instance. */ readonly hostPath: string; /** * The explicit permissions to provide to the container for the device. * By default, the container has permissions for read, write, and mknod for the device. * * @default Readonly */ readonly permissions?: DevicePermission[]; } /** * The details of a tmpfs mount for a container. */ export interface Tmpfs { /** * The absolute file path where the tmpfs volume is to be mounted. */ readonly containerPath: string; /** * The size (in MiB) of the tmpfs volume. */ readonly size: number; /** * The list of tmpfs volume mount options. For more information, see * [TmpfsMountOptions](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Tmpfs.html). */ readonly mountOptions?: TmpfsMountOption[]; } /** * A Linux capability */ export declare enum Capability { ALL = "ALL", AUDIT_CONTROL = "AUDIT_CONTROL", AUDIT_WRITE = "AUDIT_WRITE", BLOCK_SUSPEND = "BLOCK_SUSPEND", CHOWN = "CHOWN", DAC_OVERRIDE = "DAC_OVERRIDE", DAC_READ_SEARCH = "DAC_READ_SEARCH", FOWNER = "FOWNER", FSETID = "FSETID", IPC_LOCK = "IPC_LOCK", IPC_OWNER = "IPC_OWNER", KILL = "KILL", LEASE = "LEASE", LINUX_IMMUTABLE = "LINUX_IMMUTABLE", MAC_ADMIN = "MAC_ADMIN", MAC_OVERRIDE = "MAC_OVERRIDE", MKNOD = "MKNOD", NET_ADMIN = "NET_ADMIN", NET_BIND_SERVICE = "NET_BIND_SERVICE", NET_BROADCAST = "NET_BROADCAST", NET_RAW = "NET_RAW", SETFCAP = "SETFCAP", SETGID = "SETGID", SETPCAP = "SETPCAP", SETUID = "SETUID", SYS_ADMIN = "SYS_ADMIN", SYS_BOOT = "SYS_BOOT", SYS_CHROOT = "SYS_CHROOT", SYS_MODULE = "SYS_MODULE", SYS_NICE = "SYS_NICE", SYS_PACCT = "SYS_PACCT", SYS_PTRACE = "SYS_PTRACE", SYS_RAWIO = "SYS_RAWIO", SYS_RESOURCE = "SYS_RESOURCE", SYS_TIME = "SYS_TIME", SYS_TTY_CONFIG = "SYS_TTY_CONFIG", SYSLOG = "SYSLOG", WAKE_ALARM = "WAKE_ALARM" } /** * Permissions for device access */ export declare enum DevicePermission { /** * Read */ READ = "read", /** * Write */ WRITE = "write", /** * Make a node */ MKNOD = "mknod" } /** * The supported options for a tmpfs mount for a container. */ export declare enum TmpfsMountOption { DEFAULTS = "defaults", RO = "ro", RW = "rw", SUID = "suid", NOSUID = "nosuid", DEV = "dev", NODEV = "nodev", EXEC = "exec", NOEXEC = "noexec", SYNC = "sync", ASYNC = "async", DIRSYNC = "dirsync", REMOUNT = "remount", MAND = "mand", NOMAND = "nomand", ATIME = "atime", NOATIME = "noatime", DIRATIME = "diratime", NODIRATIME = "nodiratime", BIND = "bind", RBIND = "rbind", UNBINDABLE = "unbindable", RUNBINDABLE = "runbindable", PRIVATE = "private", RPRIVATE = "rprivate", SHARED = "shared", RSHARED = "rshared", SLAVE = "slave", RSLAVE = "rslave", RELATIME = "relatime", NORELATIME = "norelatime", STRICTATIME = "strictatime", NOSTRICTATIME = "nostrictatime", MODE = "mode", UID = "uid", GID = "gid", NR_INODES = "nr_inodes", NR_BLOCKS = "nr_blocks", MPOL = "mpol" }