UNPKG

@pulumi/awsx

Version:

[![Actions Status](https://github.com/pulumi/pulumi-awsx/workflows/master/badge.svg)](https://github.com/pulumi/pulumi-awsx/actions) [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fur

pulumi.com

pulumi/pulumi-awsx

146 lines • 7.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
"use strict"; // Copyright 2016-2018, Pulumi Corporation. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. Object.defineProperty(exports, "__esModule", { value: true }); exports.TaskDefinition = void 0; const aws = require("@pulumi/aws"); const pulumi = require("@pulumi/pulumi"); const ecssdk = require("@aws-sdk/client-ecs"); const role = require("../role"); const container_1 = require("./container"); const utils = require("../utils"); class TaskDefinition extends pulumi.ComponentResource { constructor(type, name, isFargate, args, opts) { super(type, name, {}, opts); /** * Mapping from container in this task to the ELB listener exposing it through a load balancer. * Only present if a listener was provided in [Container.portMappings] or in * [Container.applicationListener] or [Container.networkListener]. */ this.listeners = {}; this.applicationListeners = {}; this.networkListeners = {}; this.logGroup = args.logGroup === null ? undefined : args.logGroup ? args.logGroup : new aws.cloudwatch.LogGroup(name, { retentionInDays: 1, }, { parent: this }); this.taskRole = args.taskRole === null ? undefined : args.taskRole ? args.taskRole : TaskDefinition.createTaskRole(`${name}-task`, /*assumeRolePolicy*/ undefined, /*policyArns*/ undefined, { parent: this }); this.executionRole = args.executionRole === null ? undefined : args.executionRole ? args.executionRole : TaskDefinition.createExecutionRole(`${name}-execution`, /*assumeRolePolicy*/ undefined, /*policyArns*/ undefined, { parent: this }); this.containers = args.containers; const containerDefinitions = computeContainerDefinitions(this, name, args.vpc, this.containers, this.applicationListeners, this.networkListeners, this.logGroup); this.listeners = { ...this.applicationListeners, ...this.networkListeners }; const containerString = containerDefinitions.apply(d => JSON.stringify(d)); const defaultFamily = containerString.apply(s => name + "-" + utils.sha1hash(pulumi.getStack() + containerString)); const family = utils.ifUndefined(args.family, defaultFamily); this.taskDefinition = new aws.ecs.TaskDefinition(name, { ...args, family: family, taskRoleArn: this.taskRole ? this.taskRole.arn : undefined, executionRoleArn: this.executionRole ? this.executionRole.arn : undefined, containerDefinitions: containerString, }, { parent: this }); this.run = createRunFunction(isFargate, this.taskDefinition.arn); } /** * Creates the [taskRole] for a [TaskDefinition] if not provided explicitly. If * [assumeRolePolicy] is provided it will be used when creating the task, otherwise * [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used * to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultTaskRolePolicyARNs] will * be used. */ static createTaskRole(name, assumeRolePolicy, policyArns, opts) { return role.createRole(name, assumeRolePolicy || TaskDefinition.defaultRoleAssumeRolePolicy(), policyArns || TaskDefinition.defaultTaskRolePolicyARNs(), opts); } /** * Creates the [executionRole] for a [TaskDefinition] if not provided explicitly. If * [assumeRolePolicy] is provided it will be used when creating the task, otherwise * [defaultRoleAssumeRolePolicy] will be used. If [policyArns] are provided, they will be used * to create [RolePolicyAttachment]s for the Role. Otherwise, [defaultExecutionRolePolicyARNs] will * be used. */ static createExecutionRole(name, assumeRolePolicy, policyArns, opts) { return role.createRole(name, assumeRolePolicy || TaskDefinition.defaultRoleAssumeRolePolicy(), policyArns || TaskDefinition.defaultExecutionRolePolicyARNs(), opts); } // The default ECS Task assume role policy for Task and Execution Roles static defaultRoleAssumeRolePolicy() { return { "Version": "2012-10-17", "Statement": [{ "Action": "sts:AssumeRole", "Principal": { "Service": "ecs-tasks.amazonaws.com", }, "Effect": "Allow", "Sid": "", }], }; } // Default policy arns for the Task role. static defaultTaskRolePolicyARNs() { return [ // Provides full access to Lambda aws.iam.ManagedPolicy.LambdaFullAccess, // Required for lambda compute to be able to run Tasks aws.iam.ManagedPolicy.AmazonECSFullAccess, ]; } // Default policy arns for the Execution role. static defaultExecutionRolePolicyARNs() { return [ "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole, ]; } } exports.TaskDefinition = TaskDefinition; const _ = utils.checkCompat(); function createRunFunction(isFargate, taskDefArn) { return async function run(params) { const ecs = new ecssdk.ECS(); const cluster = params.cluster; const clusterArn = cluster.id.get(); const securityGroupIds = cluster.securityGroups.map(g => g.id.get()); const publicSubnetIds = await cluster.vpc.publicSubnetIds; const subnetIds = publicSubnetIds.map(i => i.get()); const assignPublicIp = isFargate; // && !usePrivateSubnets; const assignPublicIpSdk = assignPublicIp ? "ENABLED" : "DISABLED"; // Run the task return ecs.runTask({ taskDefinition: taskDefArn.get(), launchType: isFargate ? "FARGATE" : "EC2", networkConfiguration: { awsvpcConfiguration: { assignPublicIp: assignPublicIpSdk, securityGroups: securityGroupIds, subnets: subnetIds, }, }, ...params, cluster: clusterArn, // Make sure to override the value of `params.cluster` }); }; } function computeContainerDefinitions(parent, name, vpc, containers, applicationListeners, networkListeners, logGroup) { const result = []; for (const containerName of Object.keys(containers)) { const container = containers[containerName]; result.push((0, container_1.computeContainerDefinition)(parent, name, vpc, containerName, container, applicationListeners, networkListeners, logGroup)); } return pulumi.all(result); } // Make sure our exported args shape is compatible with the overwrite shape we're trying to provide. const test1 = utils.checkCompat(); //# sourceMappingURL=taskDefinition.js.map