UNPKG

cdk-efs-assets

Version:

Amazon EFS assets from Github repositories or S3 buckets

github.com/pahud/cdk-efs-assets

pahud/cdk-efs-assets

90 lines 11.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.EfsFargateTask = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const cdk = require("aws-cdk-lib"); const ec2 = require("aws-cdk-lib/aws-ec2"); const ecs = require("aws-cdk-lib/aws-ecs"); const aws_iam_1 = require("aws-cdk-lib/aws-iam"); const aws_logs_1 = require("aws-cdk-lib/aws-logs"); const secretsmanager = require("aws-cdk-lib/aws-secretsmanager"); const constructs_1 = require("constructs"); /** * Represents the AWS Fargate task with EFS and secret manager support */ class EfsFargateTask extends constructs_1.Construct { constructor(scope, id, props) { super(scope, id); const stack = cdk.Stack.of(scope); const task = new ecs.FargateTaskDefinition(stack, `TaskDefinition${id}`, { cpu: 256, memoryLimitMiB: 512, }); this.task = task; task.addVolume({ name: 'efs-data', efsVolumeConfiguration: { fileSystemId: props.accessPoint.fileSystem.fileSystemId, authorizationConfig: { accessPointId: props.accessPoint.accessPointId, }, transitEncryption: 'ENABLED', }, }); let secret; if (props.secret?.id) { // format the arn e.g. 'arn:aws:secretsmanager:eu-west-1:111111111111:secret:MySecret'; const secretPartialArn = stack.formatArn({ service: 'secretsmanager', resource: 'secret', resourceName: props.secret?.id, arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, }); secret = secretsmanager.Secret.fromSecretAttributes(stack, 'GithubSecret', { secretPartialArn, }); // allow task to read the secret secret.grantRead(task.taskRole); } const logGroup = new aws_logs_1.LogGroup(stack, `LogGroup${id}`, { retention: aws_logs_1.RetentionDays.ONE_DAY, removalPolicy: cdk.RemovalPolicy.DESTROY, }); new cdk.CfnOutput(stack, `LogGroup${id}Output`, { value: logGroup.logGroupName }); const syncWorker = task.addContainer('SyncWorker', { logging: new ecs.AwsLogDriver({ streamPrefix: 'SyncWorker', logGroup, }), ...props.syncContainer, }); syncWorker.addMountPoints({ containerPath: props.efsMountTarget ?? '/mnt/efsmount', sourceVolume: 'efs-data', readOnly: false, }); task.addToExecutionRolePolicy(new aws_iam_1.PolicyStatement({ actions: [ 'elasticfilesystem:ClientMount', 'elasticfilesystem:ClientWrite', ], resources: [ stack.formatArn({ service: 'elasticfilesystem', resource: 'file-system', arnFormat: cdk.ArnFormat.SLASH_RESOURCE_NAME, resourceName: props.accessPoint.fileSystem.fileSystemId, }), ], })); // create a default security group for the fargate task this.securityGroup = new ec2.SecurityGroup(stack, `FargateSecurityGroup${id}`, { vpc: props.vpc }); // allow fargate ingress to the efs filesystem props.accessPoint.fileSystem.connections.allowFrom(this.securityGroup, ec2.Port.tcp(2049)); } } exports.EfsFargateTask = EfsFargateTask; _a = JSII_RTTI_SYMBOL_1; EfsFargateTask[_a] = { fqn: "cdk-efs-assets.EfsFargateTask", version: "0.3.95" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWZzLWZhcmdhdGUtdGFzay5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9lZnMtZmFyZ2F0ZS10YXNrLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsbUNBQW1DO0FBQ25DLDJDQUEyQztBQUMzQywyQ0FBMkM7QUFFM0MsaURBQXNEO0FBQ3RELG1EQUErRDtBQUMvRCxpRUFBaUU7QUFDakUsMkNBQXVDO0FBZ0J2Qzs7R0FFRztBQUNILE1BQWEsY0FBZSxTQUFRLHNCQUFTO0lBRzNDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBMEI7UUFDbEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUVsQyxNQUFNLElBQUksR0FBRyxJQUFJLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxLQUFLLEVBQUUsaUJBQWlCLEVBQUUsRUFBRSxFQUFFO1lBQ3ZFLEdBQUcsRUFBRSxHQUFHO1lBQ1IsY0FBYyxFQUFFLEdBQUc7U0FDcEIsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFFakIsSUFBSSxDQUFDLFNBQVMsQ0FBQztZQUNiLElBQUksRUFBRSxVQUFVO1lBQ2hCLHNCQUFzQixFQUFFO2dCQUN0QixZQUFZLEVBQUUsS0FBSyxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUMsWUFBWTtnQkFDdkQsbUJBQW1CLEVBQUU7b0JBQ25CLGFBQWEsRUFBRSxLQUFLLENBQUMsV0FBVyxDQUFDLGFBQWE7aUJBQy9DO2dCQUNELGlCQUFpQixFQUFFLFNBQVM7YUFDN0I7U0FDRixDQUFDLENBQUM7UUFFSCxJQUFJLE1BQTBDLENBQUM7UUFFL0MsSUFBSSxLQUFLLENBQUMsTUFBTSxFQUFFLEVBQUUsRUFBRTtZQUNwQix1RkFBdUY7WUFDdkYsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDO2dCQUN2QyxPQUFPLEVBQUUsZ0JBQWdCO2dCQUN6QixRQUFRLEVBQUUsUUFBUTtnQkFDbEIsWUFBWSxFQUFFLEtBQUssQ0FBQyxNQUFNLEVBQUUsRUFBRTtnQkFDOUIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsbUJBQW1CO2FBQzdDLENBQUMsQ0FBQztZQUNILE1BQU0sR0FBRyxjQUFjLENBQUMsTUFBTSxDQUFDLG9CQUFvQixDQUFDLEtBQUssRUFBRSxjQUFjLEVBQUU7Z0JBQ3pFLGdCQUFnQjthQUNqQixDQUFDLENBQUM7WUFDSCxnQ0FBZ0M7WUFDaEMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7U0FDakM7UUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLG1CQUFRLENBQUMsS0FBSyxFQUFFLFdBQVcsRUFBRSxFQUFFLEVBQUU7WUFDcEQsU0FBUyxFQUFFLHdCQUFhLENBQUMsT0FBTztZQUNoQyxhQUFhLEVBQUUsR0FBRyxDQUFDLGFBQWEsQ0FBQyxPQUFPO1NBQ3pDLENBQUMsQ0FBQztRQUVILElBQUksR0FBRyxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsV0FBVyxFQUFFLFFBQVEsRUFBRSxFQUFFLEtBQUssRUFBRSxRQUFRLENBQUMsWUFBWSxFQUFFLENBQUMsQ0FBQztRQUVsRixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFlBQVksRUFBRTtZQUNqRCxPQUFPLEVBQUUsSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDO2dCQUM1QixZQUFZLEVBQUUsWUFBWTtnQkFDMUIsUUFBUTthQUNULENBQUM7WUFDRixHQUFHLEtBQUssQ0FBQyxhQUFhO1NBQ3ZCLENBQUMsQ0FBQztRQUVILFVBQVUsQ0FBQyxjQUFjLENBQUM7WUFDeEIsYUFBYSxFQUFFLEtBQUssQ0FBQyxjQUFjLElBQUksZUFBZTtZQUN0RCxZQUFZLEVBQUUsVUFBVTtZQUN4QixRQUFRLEVBQUUsS0FBSztTQUNoQixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsd0JBQXdCLENBQUMsSUFBSSx5QkFBZSxDQUFDO1lBQ2hELE9BQU8sRUFBRTtnQkFDUCwrQkFBK0I7Z0JBQy9CLCtCQUErQjthQUNoQztZQUNELFNBQVMsRUFBRTtnQkFDVCxLQUFLLENBQUMsU0FBUyxDQUFDO29CQUNkLE9BQU8sRUFBRSxtQkFBbUI7b0JBQzVCLFFBQVEsRUFBRSxhQUFhO29CQUN2QixTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxtQkFBbUI7b0JBQzVDLFlBQVksRUFBRSxLQUFLLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxZQUFZO2lCQUN4RCxDQUFDO2FBQ0g7U0FDRixDQUFDLENBQUMsQ0FBQztRQUVKLHVEQUF1RDtRQUN2RCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksR0FBRyxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsdUJBQXVCLEVBQUUsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEtBQUssQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBRW5HLDhDQUE4QztRQUM5QyxLQUFLLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUU3RixDQUFDOztBQXJGSCx3Q0FzRkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBjZGsgZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0ICogYXMgZWMyIGZyb20gJ2F3cy1jZGstbGliL2F3cy1lYzInO1xuaW1wb3J0ICogYXMgZWNzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1lY3MnO1xuaW1wb3J0ICogYXMgZWZzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1lZnMnO1xuaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgeyBMb2dHcm91cCwgUmV0ZW50aW9uRGF5cyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1sb2dzJztcbmltcG9ydCAqIGFzIHNlY3JldHNtYW5hZ2VyIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zZWNyZXRzbWFuYWdlcic7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IEdpdGh1YlNlY3JldCB9IGZyb20gJy4vc3luY2VkLWFjY2Vzcy1wb2ludCc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgRWZzRmFyZ2F0ZVRhc2tQcm9wcyB7XG4gIHJlYWRvbmx5IGFjY2Vzc1BvaW50OiBlZnMuQWNjZXNzUG9pbnQ7XG4gIHJlYWRvbmx5IHNlY3JldD86IEdpdGh1YlNlY3JldDtcbiAgcmVhZG9ubHkgc3luY0NvbnRhaW5lcjogZWNzLkNvbnRhaW5lckRlZmluaXRpb25PcHRpb25zO1xuICByZWFkb25seSB2cGM6IGVjMi5JVnBjO1xuICAvKipcbiAgICogRUZTIG1vdW50IHRhcmdldCBpbiB0aGUgY29udGFpbmVyXG4gICAqXG4gICAqIEBkZWZhdWx0IC9tbnQvZWZzbW91bnRcbiAgICovXG4gIHJlYWRvbmx5IGVmc01vdW50VGFyZ2V0Pzogc3RyaW5nO1xufVxuXG4vKipcbiAqIFJlcHJlc2VudHMgdGhlIEFXUyBGYXJnYXRlIHRhc2sgd2l0aCBFRlMgYW5kIHNlY3JldCBtYW5hZ2VyIHN1cHBvcnRcbiAqL1xuZXhwb3J0IGNsYXNzIEVmc0ZhcmdhdGVUYXNrIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcmVhZG9ubHkgdGFzazogZWNzLkZhcmdhdGVUYXNrRGVmaW5pdGlvbjtcbiAgcmVhZG9ubHkgc2VjdXJpdHlHcm91cDogZWMyLlNlY3VyaXR5R3JvdXA7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBFZnNGYXJnYXRlVGFza1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHN0YWNrID0gY2RrLlN0YWNrLm9mKHNjb3BlKTtcblxuICAgIGNvbnN0IHRhc2sgPSBuZXcgZWNzLkZhcmdhdGVUYXNrRGVmaW5pdGlvbihzdGFjaywgYFRhc2tEZWZpbml0aW9uJHtpZH1gLCB7XG4gICAgICBjcHU6IDI1NixcbiAgICAgIG1lbW9yeUxpbWl0TWlCOiA1MTIsXG4gICAgfSk7XG5cbiAgICB0aGlzLnRhc2sgPSB0YXNrO1xuXG4gICAgdGFzay5hZGRWb2x1bWUoe1xuICAgICAgbmFtZTogJ2Vmcy1kYXRhJyxcbiAgICAgIGVmc1ZvbHVtZUNvbmZpZ3VyYXRpb246IHtcbiAgICAgICAgZmlsZVN5c3RlbUlkOiBwcm9wcy5hY2Nlc3NQb2ludC5maWxlU3lzdGVtLmZpbGVTeXN0ZW1JZCxcbiAgICAgICAgYXV0aG9yaXphdGlvbkNvbmZpZzoge1xuICAgICAgICAgIGFjY2Vzc1BvaW50SWQ6IHByb3BzLmFjY2Vzc1BvaW50LmFjY2Vzc1BvaW50SWQsXG4gICAgICAgIH0sXG4gICAgICAgIHRyYW5zaXRFbmNyeXB0aW9uOiAnRU5BQkxFRCcsXG4gICAgICB9LFxuICAgIH0pO1xuXG4gICAgbGV0IHNlY3JldDogc2VjcmV0c21hbmFnZXIuSVNlY3JldCB8IHVuZGVmaW5lZDtcblxuICAgIGlmIChwcm9wcy5zZWNyZXQ/LmlkKSB7XG4gICAgICAvLyBmb3JtYXQgdGhlIGFybiBlLmcuICdhcm46YXdzOnNlY3JldHNtYW5hZ2VyOmV1LXdlc3QtMToxMTExMTExMTExMTE6c2VjcmV0Ok15U2VjcmV0JztcbiAgICAgIGNvbnN0IHNlY3JldFBhcnRpYWxBcm4gPSBzdGFjay5mb3JtYXRBcm4oe1xuICAgICAgICBzZXJ2aWNlOiAnc2VjcmV0c21hbmFnZXInLFxuICAgICAgICByZXNvdXJjZTogJ3NlY3JldCcsXG4gICAgICAgIHJlc291cmNlTmFtZTogcHJvcHMuc2VjcmV0Py5pZCxcbiAgICAgICAgYXJuRm9ybWF0OiBjZGsuQXJuRm9ybWF0LkNPTE9OX1JFU09VUkNFX05BTUUsXG4gICAgICB9KTtcbiAgICAgIHNlY3JldCA9IHNlY3JldHNtYW5hZ2VyLlNlY3JldC5mcm9tU2VjcmV0QXR0cmlidXRlcyhzdGFjaywgJ0dpdGh1YlNlY3JldCcsIHtcbiAgICAgICAgc2VjcmV0UGFydGlhbEFybixcbiAgICAgIH0pO1xuICAgICAgLy8gYWxsb3cgdGFzayB0byByZWFkIHRoZSBzZWNyZXRcbiAgICAgIHNlY3JldC5ncmFudFJlYWQodGFzay50YXNrUm9sZSk7XG4gICAgfVxuXG4gICAgY29uc3QgbG9nR3JvdXAgPSBuZXcgTG9nR3JvdXAoc3RhY2ssIGBMb2dHcm91cCR7aWR9YCwge1xuICAgICAgcmV0ZW50aW9uOiBSZXRlbnRpb25EYXlzLk9ORV9EQVksXG4gICAgICByZW1vdmFsUG9saWN5OiBjZGsuUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIH0pO1xuXG4gICAgbmV3IGNkay5DZm5PdXRwdXQoc3RhY2ssIGBMb2dHcm91cCR7aWR9T3V0cHV0YCwgeyB2YWx1ZTogbG9nR3JvdXAubG9nR3JvdXBOYW1lIH0pO1xuXG4gICAgY29uc3Qgc3luY1dvcmtlciA9IHRhc2suYWRkQ29udGFpbmVyKCdTeW5jV29ya2VyJywge1xuICAgICAgbG9nZ2luZzogbmV3IGVjcy5Bd3NMb2dEcml2ZXIoe1xuICAgICAgICBzdHJlYW1QcmVmaXg6ICdTeW5jV29ya2VyJyxcbiAgICAgICAgbG9nR3JvdXAsXG4gICAgICB9KSxcbiAgICAgIC4uLnByb3BzLnN5bmNDb250YWluZXIsXG4gICAgfSk7XG5cbiAgICBzeW5jV29ya2VyLmFkZE1vdW50UG9pbnRzKHtcbiAgICAgIGNvbnRhaW5lclBhdGg6IHByb3BzLmVmc01vdW50VGFyZ2V0ID8/ICcvbW50L2Vmc21vdW50JyxcbiAgICAgIHNvdXJjZVZvbHVtZTogJ2Vmcy1kYXRhJyxcbiAgICAgIHJlYWRPbmx5OiBmYWxzZSxcbiAgICB9KTtcblxuICAgIHRhc2suYWRkVG9FeGVjdXRpb25Sb2xlUG9saWN5KG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgYWN0aW9uczogW1xuICAgICAgICAnZWxhc3RpY2ZpbGVzeXN0ZW06Q2xpZW50TW91bnQnLFxuICAgICAgICAnZWxhc3RpY2ZpbGVzeXN0ZW06Q2xpZW50V3JpdGUnLFxuICAgICAgXSxcbiAgICAgIHJlc291cmNlczogW1xuICAgICAgICBzdGFjay5mb3JtYXRBcm4oe1xuICAgICAgICAgIHNlcnZpY2U6ICdlbGFzdGljZmlsZXN5c3RlbScsXG4gICAgICAgICAgcmVzb3VyY2U6ICdmaWxlLXN5c3RlbScsXG4gICAgICAgICAgYXJuRm9ybWF0OiBjZGsuQXJuRm9ybWF0LlNMQVNIX1JFU09VUkNFX05BTUUsXG4gICAgICAgICAgcmVzb3VyY2VOYW1lOiBwcm9wcy5hY2Nlc3NQb2ludC5maWxlU3lzdGVtLmZpbGVTeXN0ZW1JZCxcbiAgICAgICAgfSksXG4gICAgICBdLFxuICAgIH0pKTtcblxuICAgIC8vIGNyZWF0ZSBhIGRlZmF1bHQgc2VjdXJpdHkgZ3JvdXAgZm9yIHRoZSBmYXJnYXRlIHRhc2tcbiAgICB0aGlzLnNlY3VyaXR5R3JvdXAgPSBuZXcgZWMyLlNlY3VyaXR5R3JvdXAoc3RhY2ssIGBGYXJnYXRlU2VjdXJpdHlHcm91cCR7aWR9YCwgeyB2cGM6IHByb3BzLnZwYyB9KTtcblxuICAgIC8vIGFsbG93IGZhcmdhdGUgaW5ncmVzcyB0byB0aGUgZWZzIGZpbGVzeXN0ZW1cbiAgICBwcm9wcy5hY2Nlc3NQb2ludC5maWxlU3lzdGVtLmNvbm5lY3Rpb25zLmFsbG93RnJvbSh0aGlzLnNlY3VyaXR5R3JvdXAsIGVjMi5Qb3J0LnRjcCgyMDQ5KSk7XG5cbiAgfVxufVxuIl19