profile
viewpoint
Shiv Lakshminarayan shivlaks @aws Vancouver, BC 🇨🇦

construct-catalog/catalog 45

Catalog for aggregating CDK Constructs

shivlaks/aws-toolkit-vscode 0

AWS Toolkit for Visual Studio Code, an extension for working with AWS services including AWS Lambda.

shivlaks/rfcs 0

RFCs for changes to Rust

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 50bea8057241eb9e52bea481925f4a83a49df0fc

fix up import

view details

push time in 4 days

issue commentaws/aws-cdk

aws-step-function-tasks: Allow removing launchType from RunEcsEc2Task

@mb-dev

The recommended workaround for coverage that isn't quite supported in the aws-stepfunctions-tasks module is to supply the needed ASL as a custom state.

We're still discussing options, but are not convinced that the stop-gap needs to be introduced directly into the task or folded into the EcsEc2LaunchTarget / EcsFargateLaunchTarget classes yet.

launchtarget as a whole should likely be something we can omit. Can you help me better understand the EC2 / Fargate specific parameters that would need to be supplied (with the omission of launch target). I don't mind the constant idea but will want to better understand what the ASL looks like for these use cases.

mb-dev

comment created time in 4 days

pull request commentaws/aws-cdk

fix(cli): unable to update stacks in ROLLBACK_COMPLETE

picking this up, will update the PR as I go

eladb

comment created time in 4 days

PR opened aws/aws-cdk

Reviewers
feat(stepfunctions): task for invoking a Step Functions activity worker @aws-cdk/aws-stepfunctions-tasks

Replacement class for InvokeActivity which currently uses the embedded task.

The notable changes are:

  • This change merges task and service integration level properties by extending TaskStateBase, similar to all the other task states.
  • activity is now a property in the new class and not specified in the constructor

I've left the current tests intact for fidelity and updated the README


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

+296 -0

0 comment

7 changed files

pr created time in 5 days

create barnchaws/aws-cdk

branch : shivlaks/sfn-activity-worker

created branch time in 5 days

Pull request review commentaws/aws-cdk

fix(elasticloadbalancingv2): dualstack ALB missing default IPv6 ingress rule

 export class ApplicationListener extends BaseListener implements IApplicationLis     if (props.open !== false) {       this.connections.allowDefaultPortFrom(ec2.Peer.anyIpv4(), `Allow from anyone on port ${port}`);     }++    if (props.open !== false && this.loadBalancer.ipAddressType === IpAddressType.DUAL_STACK) {+      this.connections.allowDefaultPortFrom(ec2.Peer.anyIpv6(), `Allow from anyone on port ${port}`);+    }

why not just nest the if (this.loadBalancer.ipAddressType === ... condition into the if statement above?

it helps with readibility to keep the related logic in the same control flow block and saves on checking props.open a second time

BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

fix(elasticloadbalancingv2): dualstack ALB missing default IPv6 ingress rule

 export = {     test.done();   }, +  'Listener default to open - Dualstack'(test: Test) {
  'Listener default to open - IPv4 and IPv6 (dualstack)'(test: Test) {
BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

fix(elasticloadbalancingv2): dualstack ALB missing default IPv6 ingress rule

 export class ApplicationLoadBalancer extends BaseLoadBalancer implements IApplic       ipAddressType: props.ipAddressType,     }); +    this.ipAddressType = props.ipAddressType || IpAddressType.IPV4;
    this.ipAddressType = props.ipAddressType ?? IpAddressType.IPV4;

preferred to use nullish coalescing now that we're on TypeScript 3.7+

BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

fix(elasticloadbalancingv2): dualstack ALB missing default IPv6 ingress rule

+#!/usr/bin/env node+import * as ec2 from '@aws-cdk/aws-ec2';+import * as cdk from '@aws-cdk/core';+import * as elbv2 from '../lib';++/* Credit to @TrueBrain and @misterjoshua for the IPv6 workaround */

is there an issue or comment this can point to instead

BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

fix(elasticloadbalancingv2): dualstack ALB missing default IPv6 ingress rule

 export interface IApplicationLoadBalancer extends ILoadBalancerV2, ec2.IConnecta    */   readonly vpc?: ec2.IVpc; +  /**+   * The IP Address Type for this load balancer+   */+  readonly ipAddressType?: IpAddressType;

include an @default doc so consumer can easily figure out behaviour when unset

   *
   * @default IpAddresstype.IPV4
   */
  readonly ipAddressType?: IpAddressType;
BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

fix(elasticloadbalancingv2): dualstack ALB missing default IPv6 ingress rule

+#!/usr/bin/env node+import * as ec2 from '@aws-cdk/aws-ec2';+import * as cdk from '@aws-cdk/core';+import * as elbv2 from '../lib';++/* Credit to @TrueBrain and @misterjoshua for the IPv6 workaround */+const valueOrDie = <T, C extends T = T>(value: T | undefined, err: Error): C => {+  if (value === undefined) { throw err; }+  return value as C;+};++/**+ * Integration test to deployability and use of dualstack ALB. Creates an ALB

consider renaming this test file to integ.alb.dualstack or something similar

BryanPan342

comment created time in 5 days

PR opened aws/aws-cdk

Reviewers
chore(stepfunctions): mark the task class as deprecated

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

+4 -0

0 comment

1 changed file

pr created time in 5 days

Pull request review commentaws/aws-cdk

feat(ec2): setting natGateways=0 w/ no subnet config blocks construction of VPC

 nodeunitShim({       test.done();     }, -    'natGateways = 0 requires there to be no PRIVATE subnets'(test: Test) {+    'natGateways = 0 requires there to be no configured PRIVATE subnets'(test: Test) {       const stack = getTestStack();       test.throws(() => {         new Vpc(stack, 'VPC', {           natGateways: 0,+          subnetConfiguration: [+            {+              name: 'public',+              subnetType: SubnetType.PUBLIC,+            },+            {+              name: 'private',+              subnetType: SubnetType.PRIVATE,+            },+          ],         });       }, /make sure you don't configure any PRIVATE subnets/);       test.done();      }, +    'natGateways = 0 constructs with ISOLATED subnet'(test: Test) {+      const stack = getTestStack();+      new Vpc(stack, 'VPC', {+        natGateways: 0,+      });+      expect(stack).to(haveResource('AWS::EC2::Subnet', hasTags([{+        Key: 'aws-cdk:subnet-type',+        Value: 'Isolated',+      }])));+      test.done();+    },++    'unspecified natGateways constructs with PRIVATE subnet'(test: Test) {

reword from unspecified, something about it sounds ominous to me - maybe default or unset as some of the other tests in this file use.

Default is 1 NAT gateway per AZ right?

BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

feat(ec2): setting natGateways=0 w/ no subnet config blocks construction of VPC

 export class Vpc extends VpcBase {      this.vpcId = this.resource.ref; -    this.subnetConfiguration = ifUndefined(props.subnetConfiguration, Vpc.DEFAULT_SUBNETS);+    // If natGateways = 0 ==> no private subnets, made them isolated instead

nit: I think your code is self-documenting (with a command-click or two) and this comment is not really needed.

BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

feat(ec2): setting natGateways=0 w/ no subnet config blocks construction of VPC

 nodeunitShim({       test.done();     }, -    'natGateways = 0 requires there to be no PRIVATE subnets'(test: Test) {+    'natGateways = 0 requires there to be no configured PRIVATE subnets'(test: Test) {

suggest renaming this to be clearer

    'natGateways = 0 throws if PRIVATE subnets are configured'(test: Test) {
BryanPan342

comment created time in 5 days

Pull request review commentaws/aws-cdk

feat(ec2): setting natGateways=0 w/ no subnet config blocks construction of VPC

 distinguishes three different subnet types:   connected to from other instances in the same VPC. A default VPC configuration   will not include isolated subnets, -A default VPC configuration will create public and private subnets, but not-isolated subnets. See *Advanced Subnet Configuration* below for information-on how to change the default subnet configuration.++A default VPC configuration will create public and **private** subnets. However, if `natGateways:0` **and** `subnetConfiguration` is undefined, default VPC configuration will create public and **isolated** subnets. See *Advanced Subnet Configuration* below for information on how to change the default subnet configuration.

line break at 80 characters to be consistent with this README.

also: you can include an anchor link to Advanced Subnet Configuration

A default VPC configuration will create public and **private** subnets. However, if `natGateways:0` **and** `subnetConfiguration` is undefined, default VPC configuration will create public and **isolated** subnets. See [*Advanced Subnet Configuration*](#advanced-subnet-configuration) below for information on how to change the default subnet configuration.
BryanPan342

comment created time in 5 days

create barnchaws/aws-cdk

branch : shivlaks/sfn-deprecate-task

created branch time in 5 days

PR opened aws/aws-cdk

chore(stepfunctions): minor updates to README @aws-cdk/aws-stepfunctions

removed Typescript prefix ahead of example as we translate code snippets for each of our supported languages in the module overview.

dropped the Future Work section since 2 of these items have been completed and the other is being tracked in GitHub issues. This aligns with other README sections for our modules.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

+2 -11

0 comment

1 changed file

pr created time in 5 days

create barnchaws/aws-cdk

branch : shivlaks/sfn-readme-update

created branch time in 5 days

issue commentaws/aws-cdk

route53.HostedZone.fromLookup returned error

@BryanPan342 I think the primary issue is confusion on when to use which API and the pre-requisites for each (local vs. requiring environment configuration). To reduce friction and avoid this common point of confusion, we need to shore up the README

Additionally, there's also fromHostedZoneId(...) and fromHostedZoneName(...) which will return an IHostedZone with just the ZoneId or the ZoneName field present. This is also done without having make an API call so it can be done entirely locally.

fromHostedZoneAttributes() returns an IHostedZone with both the hostedZoneId and the zoneName

finally, there's fromLookup() which populates context by making a service call to AWS through a context provider and stores it in cdk.context.json. If this is performed once and saved, subsequent calls will be cached and will not require making a service call.

If the entry does not exist in cdk.context.json, then it requires an environment to be configured and takes the attributes and performs an API call to determine which exact HostedZone is deployed and updates its behavior accordingly.

If hostedZoneNameServers property from an IHostedZone is desired, fromLookup() is the only fromXxX method that will support it.

gsm1011

comment created time in 5 days

issue commentaws/aws-cdk

Docker build fails for creating local CDK dev environment

@am29d @logemann absolutely agree. I'm already on it (PR to improve the documentation of CONTRIBUTING, let me know if you'd like to write it. I'm happy to yield way to avoid duplication of effort)

logemann

comment created time in 6 days

issue commentaws/aws-cdk

aws-step-function-tasks: Allow removing launchType from RunEcsEc2Task

@mb-dev launchType was never really exposed as a property (with the old classes or with the new implementation) The thinking was to associate launchTarget closely to launchType.

I was thinking of introducing something like IEcsCapacityProvider to add the capability to specify capacity providers. Users would specify either capacity providers or a launch target (which would become optional).

const runTask = new tasks.EcsRunTask(stack, 'Run', {
    integrationPattern: sfn.IntegrationPattern.RUN_JOB,
    cluster,
    taskDefinition,
    capacityProviders: [new tasks.EcsEc2CapacityProvider({
      ...
    })],
  });

and adding types for EcsFargateCapacityProvider and EcsEc2CapacityProvider classes to help populate that list of capacity providers.

what do you think?

mb-dev

comment created time in 6 days

issue commentaws/aws-cdk

aws-step-function-tasks: Allow removing launchType from RunEcsEc2Task

per @mb-dev in comment

@shivlaks what alarmed me is that the PR makes the definition depend more on launch type than before. launchTarget sounds like launchType, and it's tied to either EC2/Fargate. I am not sure if it will be clear how to express a undefined launchType while still specifying parameters to be used at creation.

Currently no launchType might look like:

const runTask = new tasks.EcsRunTask(stack, 'Run', {
    integrationPattern: sfn.IntegrationPattern.RUN_JOB,
    cluster,
    taskDefinition,
    launchTarget: new tasks.EcsEc2LaunchTarget({
      launchType: undefined,
    }),
  });

If launchTarget would be named something like clusterConfiguration it might be easier to parse.

mb-dev

comment created time in 6 days

pull request commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

If launchTarget would be named something like clusterConfiguration it might be easier to parse.

Then again, I realize I am late in commenting - this PR is pretty far along. If you have an idea for a clear syntax that can be introduced in a follow up PR, that will be great. Thanks!

That's a fair point, let's continue this conversation in #7967 and get ahead of the potential usability issue / user confusion

shivlaks

comment created time in 6 days

issue commentaws/aws-cdk

aws-step-function-tasks: Allow removing launchType from RunEcsEc2Task

@mb-dev PR incoming once I merge in #8451 to make launchType optional. Step Functions does not support specifying capacityProviderStrategy as a parameter.

As per documentation you've referenced

If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.

Although this unlocks some usage, it's still incomplete until users can supply a capacity provider strategy. Since we're limited I'm inclined to agree with your suggested stop-gap. It will still be compatible when capacityProviderStrategy can be supplied

mb-dev

comment created time in 6 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 98af0200153452b8520689cc229c6ed216d2306f

add comment to describe behaviour of placement constraints

view details

push time in 6 days

issue commentaws/aws-cdk

[aws-stepfunctions-tasks] StepFunctionsStartExecution should receive a JSON Path at name instead a fixed string

I'm dropping the bug label from this as I believe JsonPath can be provided for the name property. If that's not the case, let me know and we can revisit.

jindriago-scf

comment created time in 6 days

issue commentaws/aws-cdk

[aws-stepfunctions-tasks] StepFunctionsStartExecution should receive a JSON Path at name instead a fixed string

@jindriago-scf - you should be able to reference task input and assign it to your name with something like the following to assign it the value of your order id.

name=stepfunctions.Data.string_at("$.order.id")

note that Data will be changing to JsonString

jindriago-scf

comment created time in 6 days

issue commentaws/aws-cdk

aws-step-function-tasks: Allow removing launchType from RunEcsEc2Task

since RunEcsEc2Task and RunEcsFargateTask are going to be marked as @deprecated, this feature should be introduced in RunTask

mb-dev

comment created time in 6 days

pull request commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

@mb-dev - just saw that you'd already created #7967 a while back. I'll create a PR to introduce that change. I'd like to keep the scope of this PR contained so we can iterate and keep things moving.

I don't believe capacityProviderStrategy is currently modeled in runTask and we'd need to do that ahead of making launchType optional

shivlaks

comment created time in 6 days

pull request commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

@mb-dev - going from required to optional is not a breaking change. My initial instinct is that we can introduce that change when it's more fleshed out or in a follow-on PR.

Is there a use case this would preclude today? In that case, I'd push for implementing it (probably in a follow-up PR as well)

shivlaks

comment created time in 6 days

issue commentaws/aws-cdk

[aws-stepfunctions-tasks] SageMakerCreateTrainingJob AlgorithmSpecification missing EnableSageMakerMetricsTimeSeries

@Samrose-Ahmed thanks for the report. This is an experimental service integration so likely has other feature gaps. I'm removing the bug label and adding feature so we can track exposing these properties.

Samrose-Ahmed

comment created time in 6 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * Subnets to place the task's ENIs+   *+   * @default - Private subnets.+   *   Public subnets if assignPublicIp is set.+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, _cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isFargateCompatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isEc2Compatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    if (!cluster?.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies ?? []).map((c) => c.toJson().map(uppercaseKeys)))),

Also, should all this transformation be a method on PlacementConstraints and PlacementStrategy, or is this specific to this SFN task?

(no need to change it here but curious)

it currently is, but it's internal to that module as we wouldn't want to export it either. This transformation (of flattening and upper casing) seems to be done in a few places in our repo. I'm not addressing it in this PR, but there's probably a cleanup activity to follow up on

shivlaks

comment created time in 7 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * Subnets to place the task's ENIs+   *+   * @default - Private subnets.+   *   Public subnets if assignPublicIp is set.+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, _cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isFargateCompatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isEc2Compatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    if (!cluster?.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies ?? []).map((c) => c.toJson().map(uppercaseKeys)))),

missed this comment, thanks for the ping. sure I'll add a comment with an example

shivlaks

comment created time in 7 days

push eventaws/aws-cdk

AWS CDK Team

commit sha e64fd55e8fe2dab4e866bbd5405e8dc4da942e46

chore(release): 1.47.0

view details

mergify[bot]

commit sha c2b499a5869b96e7eb80ba2ddfc10211c9cc7393

chore(release): 1.47.0 (#8719) See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.47.0/CHANGELOG.md)

view details

Romain Marcadier

commit sha 99c3397d2018d8276907bde7fbe97c77d914cefa

chore(release): merge release/1.47.0 to master

view details

Shiv Lakshminarayan

commit sha 30cac2b30bc2528ea309a4b62591a25ebefcc0d9

chore(stepfunctions-tasks): update tests to use 'JsonPath' instead of 'Data' class (#8730) Motivation: We recently added the `JsonPath` class in #8647 However, re-work for Dynamo was in flight and added some classes that don't leverage the new class yet and `Data` has now been marked deprecated ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Martin Grund

commit sha 8914899aafcaa28d8b7ca2d2901f86b016179b50

fix(elbv2): Add missing accounts to ELBv2 Log Delivery. (#8715) This patch adds the missing regional accounts for two regions to the configuration of the ELBv2 package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Niranjan Jayakar

commit sha 32b54a504357922e55ac98850a8e4acc9a0349f5

fix(cognito): cannot add multiple route53 targets to the same user pool domain (#8622) The root cause here is that calling `cloudFrontDomainName` getter on `UserPoolDomain` results in creating a custom resource with a fixed node id. This resulted in the error - "There is already a Construct with name 'CloudFrontDomainName' in UserPoolDomain". Changed the logic around so that the `CustomResource` construct is only created on first call to the getter, and is reused on subsequent calls. fixes #8603 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Shiv Lakshminarayan

commit sha 2662db3218387a6264b37190c231e3b0006eb6b6

fix(cli): post install warnings are not clearly visible when running cdk init (#8723) Modified initialization of git and post install steps to the end of the init process. Changed the current messages to use `warning` which will display them in yellow and updated guidance text. Closes #8720 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

dependabot-preview[bot]

commit sha 3b5640e9b1c41ec464d31c426f0dfadc4c296239

chore(deps): bump aws-sdk from 2.704.0 to 2.705.0 (#8744) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.704.0 to 2.705.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.704.0...v2.705.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Eli Polonsky

commit sha 10bd8e49709330624eee5f2c2662dee11e19e130

fix(s3-notifications): broken permissions query in `LambdaDestination` (#8741) A lambda function has a special `permissionsNode` property that should be used when adding or querying permissions. When using a `LambdaDestination`, we used `fn.node` for the permissions query, while the `fn.addPermission` function was adding the permissions to the `permissionsNode`. Fixes #8538 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Daniel Neilson

commit sha 7490deef3390f024dede3da8b95bcec6140ce1be

feat(ec2): `Volume` construct (#8219) This adds an L2 construct for AWS::EC2:Volume that supports encryption with a customer-owned KMS key, or service-owned key. It provides methods for importing an existing Volume to the stack, and for granting `AttachVolume` and `DetachVolume` to a role. ---- Resolves https://github.com/aws/aws-cdk/issues/8218 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Pahud Hsieh

commit sha 127547a8d64c25fef7c330abee06fd890354afec

feat(efs): Filesystem.addAccessPoint() (#8737) feat(efs): addAccessPoint() support for efs FileSystem ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Romain Marcadier

commit sha fa4196b11a4b843af1401cbcfd3fe075986ec5c0

feat(cli): support multiple verbosity levels (#8749) Adds support for a "trace" verbosity level (achieved by passing `--verbose` or `-v` multiple times); and use this new verbosity for the AWS SDK logging, which is otherwise a little too present.

view details

Romain Marcadier

commit sha 53c359a06d17d20a645d14d6cd3ff79e80820b83

docs: tweak docstring for ServiceProps.namespace (#8756) It used to confusingly indicate it represents a namespace ID, whereas a whole `INamespace` is expected.

view details

Romain Marcadier

commit sha 88f8e1e9475c66114796dd2840c67a3f4e11f57f

fix(cli): unable to use "legacy" bootstrap with --public-access-block-configuration=false (#8755) Fixes an invalid CloudFormation template generated for the legacy bootstrap stack when opting out of the S3 public access blocking configuration. Fixes #8728 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

dependabot-preview[bot]

commit sha d2ae4bc35b6d79262da037d431e321c77e178524

chore(deps): bump aws-sdk from 2.705.0 to 2.706.0 (#8758) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.705.0 to 2.706.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.705.0...v2.706.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Bryan Pan

commit sha 87e265114590d8fcc69e18b42d777b8ca201307c

fix(route53-targets): A/AAAA Alias Record to ELB cannot resolve IPv6 addresses (#8747) **[ISSUE]** Route53 A/AAAA Alias Record created by CDK didn't add prefix 'dualstack' to the dnsName of ElasticLoadBalancer as suggested in [documentation](https://aws.amazon.com/de/premiumsupport/knowledge-center/alias-resource-record-set-route53-cli/), resulting in inability to resolve IPv6 records (outcome consistent with these [docs](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-internet-facing-load-balancers.html)). **[APPROACH]** Joined prefix: _dualstack_ to DNS of ELB targets to resolve IPv6 records. Example: > If ELB DNS name is `ALB-xxxxxxxx.us-west-2.elb.amazonaws.com`, > Route53 A/AAAA Alias Record will create Alias Target `dualstack.ALB-xxxxxxxx.us-west-2.elb.amazonaws.com` **[NOTE]** Ignoring the case of using `ApiGatewayDomain(domainName)` because the prefix of 'dualstack' should be added in the `domainName` parameter. ``` new route53.ARecord(this, 'AliasRecord', { zone, target: route53.RecordTarget.fromAlias(new alias.ApiGatewayDomain(domainName)), }); ``` If creating an ApiGatewayDomain for ELB, endpoint for ELB with prefix 'dualstack' should be declared there, not within route53 package. Fixes #6271 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

dependabot-preview[bot]

commit sha 3d5d2b22a0a8419c60a6fcd46839a36ad2961bda

chore(deps): bump eslint-plugin-import from 2.21.2 to 2.22.0 (#8761) Bumps [eslint-plugin-import](https://github.com/benmosher/eslint-plugin-import) from 2.21.2 to 2.22.0. - [Release notes](https://github.com/benmosher/eslint-plugin-import/releases) - [Changelog](https://github.com/benmosher/eslint-plugin-import/blob/master/CHANGELOG.md) - [Commits](https://github.com/benmosher/eslint-plugin-import/compare/v2.21.2...v2.22.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Jonathan Goldwasser

commit sha 991024d7b2b73db5d951a2f36f3c4d9bb395e0b8

chore(pkglint): ignore cdk.out and .cdk.staging (#8709) Those directories can contain `package.json` files coming for bundled assets (integ tests) that should never be linted. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

dependabot-preview[bot]

commit sha 14e5063d7dd63eb447ce5fa2a2f7093156a29d78

chore(deps-dev): bump nock from 12.0.3 to 13.0.0 (#8772) Bumps [nock](https://github.com/nock/nock) from 12.0.3 to 13.0.0. - [Release notes](https://github.com/nock/nock/releases) - [Changelog](https://github.com/nock/nock/blob/master/CHANGELOG.md) - [Commits](https://github.com/nock/nock/compare/v12.0.3...v13.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Pahud Hsieh

commit sha 3a6353e5953e6adf841bce93eadbaea531eba409

chore(eks): support Inf1 instances (#8379) chore(eks): support inf1 instances Amazon EKS supports Inferentia Instances today(see [Infrerentia Support](https://docs.aws.amazon.com/eks/latest/userguide/inferentia-support.html) and the doc [update](https://twitter.com/aws_doc/status/1268567994394968066)). This PR allows to create Amazon EKS worker nodes with `Inf1` instances. - Add `Inf1` instances support ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

push time in 7 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): evaluate expression as a task construct

 export interface Event {  *  * @experimental  */-export class EvaluateExpression implements sfn.IStepFunctionsTask {-  constructor(private readonly props: EvaluateExpressionProps) {+export class EvaluateExpression extends sfn.TaskStateBase {+  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private readonly evalFn: lambda.SingletonFunction;++  constructor(scope: cdk.Construct, id: string, private readonly props: EvaluateExpressionProps) {+    super(scope, id, props);++    this.evalFn = createEvalFn(this.props.runtime || lambda.Runtime.NODEJS_10_X, this);++    this.taskPolicies = [+      new iam.PolicyStatement({+        resources: [this.evalFn.functionArn],+        actions: ['lambda:InvokeFunction'],+      }),+    ];   } -  public bind(task: sfn.Task): sfn.StepFunctionsTaskConfig {+  protected renderTask(): any {

updated to internal in #8768

shivlaks

comment created time in 7 days

push eventaws/aws-cdk

Dzhuneyt

commit sha 5135fd5e8282afd6a302987bed0bb1243ed8d558

Update README.md

view details

dependabot-preview[bot]

commit sha 195b838015585fa93f20bd5d62d7e77394d77570

chore(deps-dev): bump @types/node from 10.17.25 to 10.17.26 (#8524) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 10.17.25 to 10.17.26. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Shiv Lakshminarayan

commit sha 52bdfe90616b880523a0c9ccb1c1675cde4b78aa

chore(lambda-nodejs): update README sample code to use dangling comma

view details

dependabot-preview[bot]

commit sha 36844e27cc02e098e00bd0e9b9c2723e30bcbf79

chore(deps-dev): bump fast-check from 1.25.0 to 1.25.1 (#8557) Bumps [fast-check](https://github.com/dubzzz/fast-check) from 1.25.0 to 1.25.1. - [Release notes](https://github.com/dubzzz/fast-check/releases) - [Changelog](https://github.com/dubzzz/fast-check/blob/master/CHANGELOG.md) - [Commits](https://github.com/dubzzz/fast-check/compare/v1.25.0...v1.25.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

dependabot-preview[bot]

commit sha beb381b822007348a7fd3e71818f8942452060e3

chore(deps): bump aws-sdk from 2.691.0 to 2.697.0 (#8554) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.691.0 to 2.697.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.691.0...v2.697.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

dependabot-preview[bot]

commit sha 4baf26e82503ec256d2ac792f87c4a1975375104

chore(deps-dev): bump jszip from 3.4.0 to 3.5.0 (#8559) Bumps [jszip](https://github.com/Stuk/jszip) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/Stuk/jszip/releases) - [Changelog](https://github.com/Stuk/jszip/blob/master/CHANGES.md) - [Commits](https://github.com/Stuk/jszip/compare/v3.4.0...v3.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

dependabot-preview[bot]

commit sha 49d9752990d2b5ace395b279cd0cc821f5e1da4d

chore(deps): bump eslint-plugin-import from 2.20.2 to 2.21.2 (#8560) Bumps [eslint-plugin-import](https://github.com/benmosher/eslint-plugin-import) from 2.20.2 to 2.21.2. - [Release notes](https://github.com/benmosher/eslint-plugin-import/releases) - [Changelog](https://github.com/benmosher/eslint-plugin-import/blob/master/CHANGELOG.md) - [Commits](https://github.com/benmosher/eslint-plugin-import/compare/v2.20.2...v2.21.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Neta Nir

commit sha 5db96a2746cb290ef73e1202a8786730ded71ef9

chore: standardize calls to fs.readFileSync to work with all @types/node (#8534) In [`mainfest.ts`](https://github.com/aws/aws-cdk/blob/master/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts#L31) we call `fs.readFileSync` with encoding set to `UTF-8`: ``` fs.readFileSync(filePath, 'UTF-8') ``` Which works with `@type/node` <= `13.x` as the method signature has 3 overload: ```typescript function readFileSync(path: PathLike | number, options?: { encoding?: null; flag?: string; } | null): Buffer; function readFileSync(path: PathLike | number, options: { encoding: string; flag?: string; } | string): string; function readFileSync(path: PathLike | number, options?: { encoding?: string | null; flag?: string; } | string | null): string | Buffer; ``` > see [@types/node@13](https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/node/v13/fs.d.ts) which is the one we currently [use](https://github.com/aws/aws-cdk/blob/master/yarn.lock#L1538) Due to TypeScript structural typing the call in `manifest.ts` matches the second overload, however in `@types/node@14` the `encoding` value must be in lower case to match the [BufferEncoding](https://github.com/DefinitelyTyped/DefinitelyTyped/blob/c8cde12e761213859f29df8e83b09b5965a89528/types/node/globals.d.ts#L173) enum. This commit changes all `fs.readFileSync` calls to: ```typescript fs.readFileSync(filePath, { encoding: 'utf-8' }) ``` Which work with all version of `@types/node` ### Why do I care? Well, this breaks when linking the CDK locally (using the lovely [`link-all`](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md#linking-against-this-repository)) and using it with an application that declares dependency on `@types/node` >= 14. Addtionaly this will break when we upgrade `@types/node` from 13 to 14 (should we be using 13?) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Somaya

commit sha 9826f9980b2bc89c9db3ee05fb88589d55d3ec47

chore(certificate-manager): change naming from Amazon to AWS (#8503) chore(certificate-manager): change naming from Amazon to AWS Certificate Manager's naming should match the official AWS naming: https://aws.amazon.com/certificate-manager/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Somaya

commit sha bd1c7fe49cf900e7a9d4038560af63a2d09c73a6

chore(custom-resources): fix broken links in readme (#8564) chore(custom-resources): fix broken links in readme Closes #8539 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Mathieu Dumais-Savard

commit sha 1e6a8e99d1d14fe0c68fd84392385f347aeb7be6

fix(apigateway): deployment fails when domain name has uppercase letters (#8456) Api Gateway doesn't accept domain name with upercase letters as per [its documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#aws-resource-apigateway-domainname-properties). This lead me to find out at CF deployment that my stack had an issue when this could have been discovered at build time. fixes #8428 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Neta Nir

commit sha 02752d3cdf1e6b4f2672133b0f9e23960d829cfc

chore(core): verify stack artifacts are written in topological order (#8515) Add a test to verify stacks are serialized to the manifest file in a topological order, based on their dependencies. By adding this test we are committing to maintain the topological order of the stacks in the manifest file, allowing users to consume it without needing to sort the stacks. Note that all of the CDK toolkit commands such as `cdk list` and `cdk deploy` already assume this and do not sort stacks upon execution. > see [`cdk list`](https://github.com/aws/aws-cdk/blob/master/packages/aws-cdk/lib/cdk-toolkit.ts#L264) and [`cdk deploy`](https://github.com/aws/aws-cdk/blob/master/packages/aws-cdk/lib/cdk-toolkit.ts#L111) for reference I have initially added the test in `cx-api` module but after more consideration I think it is better suited in the `core` module since we want to verify this behavior in the context of a CDK application. I have left both tests in this PR for the sake of discussion in the event the reviewer thinks this actually fits better in `cx-api`. helps https://github.com/aws/aws-cdk/issues/8436 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Pahud Hsieh

commit sha e4e827044848d858d63371b092b8b382e9624266

feat(globalaccelerator): support Accelerator, Listener and EndpointGroup (#8221) feat(globalaccelerator): support Accelerator, Listener and EndpointGroup - Add `Accelerator`, `Listener` and `EndpointGroup` resources - support `addEndpoint`, `addLoadBalancer`, `addElasticIpAddress` and `addEc2Instance` to add any supported endpoint into the `EndpointGroup` Closes #5527 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Rico Huijbers

commit sha cad66499aa9944ab088d87987c9e82aafd841319

fix(cli): bootstrapping cannot be retried (#8577) We used to failing if the bootstrap stack was not either missing or in a completely successful state. Specifically, recoverable states like `ROLLBACK_COMPLETE` or `UPDATE_ROLLBACK_COMPLETE` were treated as failure conditions, even though the `deployStack()` that would be called later knows how to recover from those. Fix the unnecessary pessimism. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Niranjan Jayakar

commit sha 1d9d88b66cb5ddd1399c4894c9c434ca089996b9

chore: option to skip the next directory in foreach.sh (#8477) When running arbitrary commands using `foreach.sh`, packages may fail because the commands do not work for good reason. For example, if the command relies on the use of 'cdk-build' but the package does not use 'cdk-build', this will fail. Depending on the intention with which this script was invoked, it may be acceptable for this package to be skipped, and continue with the execution. The `--skip` option offers this functionality where running `foreach.sh --skip` will simply remove the package from the queue, allowing the script to continue with the rest of the packages. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Niranjan Jayakar

commit sha f69cdfdcfcb95252fe44a312313e1f7b25fee50b

feat(cognito): user pool client - disable OAuth easily (#8496) Currently, the defaults for the `UserPoolClient` sets up OAuth flows and scopes. If a user wishes to not use OAuth, they have to explicitly set a number of properties to `undefined` and use the escape hatch to control a property that does not have direct access at the L2 construct. See attached issue for details on how this is painful. A new property `disableOAuth` allows a user control this. closes #8429 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Adam Ruka

commit sha 2fc5372c437fd02b000a4b1f976e4999620ef4b5

feat(cfn-include): add support for CreationPolicy and UpdatePolicy resource attributes (#8457) This allows us to correctly ingest templates that use those two attributes. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Nick Lynch

commit sha 4611e690014204d0895045d75e8821f3de3e9470

feat(kms): import an Alias by name (#8299) Supports importing an Alias by alias name only, without the underlying reference to the Key ARN. Useful in scenarios where only the alias is needed in a reference by a Construct. fixes #5953 ---- Tested via a simple repro script: ```ts const key = kms.Alias.fromAliasName(this, 'myKey', 'alias/myTestKey'); new cloudtrail.Trail(this, 'CloudTrail', { sendToCloudWatchLogs: true, kmsKey: key }); ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Somaya

commit sha a5ab297723bbb80dbf291a22a47a84dbb47c27b6

chore: update stale gh action ancient issue check to 1 year (#8562) chore: update stale gh action ancient issue check to 1 year The gh action was previously checking for issues that were 2 years old. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Penghao He

commit sha 9f771f737af7a8c965d997dc35108259706f1eba

chore(ecs): update default value for assignPublicIp in docstring (#8594) ---- fixes #6182. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

push time in 7 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha f35ec4bc4f90527a7c966f66d531c4bec29bede2

remove errant trailing whitespace

view details

push time in 7 days

PR opened aws/aws-cdk

Reviewers
chore(stepfunctions): make renderTask internal for the task state and derived classes @aws-cdk/aws-stepfunctions @aws-cdk/aws-stepfunctions-tasks

renderTask() has been marked internal and renamed to _renderTask() to align with naming convention of internal APIs

Motivation: users do not directly need to interact or use this API. It's responsible for rendering all Amazon States Language (ASL) properties for service integrations to Step Functions.

the toStateJson() API is public on the State class and can be used in tests for users that want to look at a task state's configuration.

the partial configuration that comes from _renderTask() is included in the toStateJson() API.


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

+85 -22

0 comment

21 changed files

pr created time in 8 days

create barnchaws/aws-cdk

branch : shivlaks/sfn-rendertask-internal

created branch time in 8 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST

that's a great suggestion @nija-at I went ahead and made it required. that way we're not boxed into a corner and we can offer a sensible default (which may still turn out to be LATEST) without breaking users.

shivlaks

comment created time in 8 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha d660d0c27d7efd9218ee26b63af9a3695d8e0587

make platformVersion required as we don't want to box ourselves in by defaulting to latest

view details

Shiv Lakshminarayan

commit sha b123be8d77f828556186d25018cdb78c8089fb3a

update docstring

view details

push time in 8 days

issue commentaws/aws-cdk

Make bucket encryption optional for bootstrap

@ConradMearns thanks for the quick response. seems like this is certainly a feature request as there's currently no path forward for you without having to muck around with the template

so the entire BucketEncryption key is problematic and not just properties within it.

ConradMearns

comment created time in 9 days

issue commentaws/aws-cdk

Make bucket encryption optional for bootstrap

@ConradMearns There was a bug in disabling the public-access-block-configuration implementation.

just wanted to confirm whether the fix shipped in #8755 would work for your use case or whether the entire property needs to be omitted. From the sounds of it, it seems like it might, but I haven't quite tested that yet myself.

ConradMearns

comment created time in 9 days

Pull request review commentaws/aws-cdk

fix(route53-targets): A/AAAA Alias Record to ELB cannot resolve IPv6 addresses

 export class LoadBalancerTarget implements route53.IAliasRecordTarget {   public bind(_record: route53.IRecordSet): route53.AliasRecordTargetConfig {     return {       hostedZoneId: this.loadBalancer.loadBalancerCanonicalHostedZoneId,-      dnsName: this.loadBalancer.loadBalancerDnsName,+      dnsName: cdk.Fn.join('.', ['dualstack', this.loadBalancer.loadBalancerDnsName]),

even better, let's go with that!

BryanPan342

comment created time in 9 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints || []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies || []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern || sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    this.validateLaunchTarget();++    for (const override of this.props.containerOverrides || []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }++    this.taskPolicies = this.makePolicyStatements();+  }++  protected renderTask(): any {+    if (this.networkConfiguration !== undefined) {+      // Make sure we have a security group if we're using AWSVPC networking+      this.securityGroup = this.securityGroup ?? new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: this.props.cluster.vpc });+      this.connections.addSecurityGroup(this.securityGroup);+    }++    return {+      Resource: integrationResourceArn('ecs', 'runTask', this.integrationPattern),+      Parameters: sfn.FieldUtils.renderObject({+        Cluster: this.props.cluster.clusterArn,+        TaskDefinition: this.props.taskDefinition.taskDefinitionArn,+        NetworkConfiguration: this.networkConfiguration,+        Overrides: renderOverrides(this.props.containerOverrides),+        ...this.props.launchTarget.bind(this).parameters,+      }),+    };+  }++  private configureAwsVpcNetworking() {+    const subnetSelection = this.props.subnets ?? { subnetType: this.props.assignPublicIp ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE };++    this.networkConfiguration = {+      AwsvpcConfiguration: {+        AssignPublicIp: this.props.assignPublicIp ? (this.props.assignPublicIp ? 'ENABLED' : 'DISABLED') : undefined,+        Subnets: this.props.cluster.vpc.selectSubnets(subnetSelection).subnetIds,+        SecurityGroups: cdk.Lazy.listValue({ produce: () => [this.securityGroup!.securityGroupId] }),+      },+    };+  }++  private validateLaunchTarget() {+    if (this.props.launchTarget instanceof EcsFargateLaunchTarget) {+      this.validateFargateLaunchType();+    }++    if (this.props.launchTarget instanceof EcsEc2LaunchTarget) {+      this.validateEc2LaunchType();+    }++    if (!this.props.taskDefinition.defaultContainer) {+      throw new Error('A TaskDefinition must have at least one essential container');+    }+  }++  private validateEc2LaunchType() {+    if (!this.props.cluster.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    if (this.props.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC) {+      this.configureAwsVpcNetworking();+    } else {+      // Either None, Bridge or Host networking. Copy SecurityGroup from ASG.+      this.validateNoNetworkingProps();+      this.connections.addSecurityGroup(...this.props.cluster.connections.securityGroups);+    }+  }++  private validateNoNetworkingProps() {+    if (this.props.subnets !== undefined || this.props.securityGroup !== undefined) {+      throw new Error('vpcPlacement and securityGroup can only be used in AwsVpc networking mode');+    }+  }++  private validateFargateLaunchType() {+    if (!this.props.taskDefinition.isFargateCompatible) {+      throw new Error('Supplied TaskDefinition is not configured for compatibility with Fargate');+    }++    this.configureAwsVpcNetworking();+  }++  private makePolicyStatements(): iam.PolicyStatement[] {+    const stack = cdk.Stack.of(this);++    // https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html+    const policyStatements = [+      new iam.PolicyStatement({+        actions: ['ecs:RunTask'],+        resources: [this.props.taskDefinition.taskDefinitionArn],+      }),+      new iam.PolicyStatement({+        actions: ['ecs:StopTask', 'ecs:DescribeTasks'],+        resources: ['*'],+      }),+      new iam.PolicyStatement({+        actions: ['iam:PassRole'],+        resources: cdk.Lazy.listValue({ produce: () => this.taskExecutionRoles().map((r) => r.roleArn) }),

you're absolutely right, dropped it

shivlaks

comment created time in 9 days

issue commentaws/aws-cdk

[stepfunctions] CustomState loses explicit null fields from parsed JSON

@erik-telesoftas are you able to use the special value DISCARD as we would with other states? I believe this concern of the null not translating to other languages did come up, I'll take a look at the Java experience and see what we can do to address this bug!

erik-telesoftas

comment created time in 9 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 54baf07eecfeebffd9b15f72475f632cf3abc9e4

drop unnecessary Lazy call for task/execution role

view details

push time in 9 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha bae805177324a2b8aacec7f4ba637654be8b0148

modify securityGroup to be securityGroups of type ec2.ISecurityGroup[]

view details

push time in 9 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * Subnets to place the task's ENIs+   *+   * @default - Private subnets.+   *   Public subnets if assignPublicIp is set.+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig;

done

shivlaks

comment created time in 9 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 062ec0b227384440ab566dcf5789cb6d87d68bac

add LaunchTargetBindOptions

view details

push time in 9 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * Subnets to place the task's ENIs+   *+   * @default - Private subnets.+   *   Public subnets if assignPublicIp is set.+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, _cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isFargateCompatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isEc2Compatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    if (!cluster?.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern ?? sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    if (!this.props.taskDefinition.defaultContainer) {+      throw new Error('A TaskDefinition must have at least one essential container');+    }++    if (this.props.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC) {+      this.configureAwsVpcNetworking();+    } else {+      // Either None, Bridge or Host networking. Copy SecurityGroup from ASG.+      this.validateNoNetworkingProps();+      this.connections.addSecurityGroup(...this.props.cluster.connections.securityGroups);

updated

shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha e9b10be655d5c7218e4761ca04b8f49289f46b7b

use customer provided security group when supplied

view details

Shiv Lakshminarayan

commit sha 11fe124d41bd80824729128a6ac7fd4d62c08d6e

Merge branch 'shivlaks/sfn-ecs-tasks' of https://github.com/aws/aws-cdk into shivlaks/sfn-ecs-tasks

view details

push time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * Subnets to place the task's ENIs+   *+   * @default - Private subnets.+   *   Public subnets if assignPublicIp is set.+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;
  1. It should be but it isn't - will fix that up
  2. It wasn't on my radar, but absolutely it should be - will keep that in mind when i come across security groups in the future
shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 6323faed2c04fc60fe29343b730d5bb8c242a93e

Apply suggestions from code review Co-authored-by: Niranjan Jayakar <nija@amazon.com>

view details

push time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * Subnets to place the task's ENIs+   *+   * @default - Private subnets.+   *   Public subnets if assignPublicIp is set.+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, _cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isFargateCompatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isEc2Compatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    if (!cluster?.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern ?? sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {

I think that's a good idea, but we can't yet. Currently, JsonPath will allow you to retrieve the task token field, but should probably add the containsTaskToken method for convenience

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * Subnets to place the task's ENIs+   *+   * @default - Private subnets.+   *   Public subnets if assignPublicIp is set.+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, _cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isFargateCompatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask, taskDefinition: ecs.ITaskDefinition, cluster?: ecs.ICluster): EcsLaunchTargetConfig {+    if (!taskDefinition.isEc2Compatible) {+      throw new Error('Supplied TaskDefinition is not compatible with Fargate');+    }++    if (!cluster?.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies ?? []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern ?? sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    if (!this.props.taskDefinition.defaultContainer) {+      throw new Error('A TaskDefinition must have at least one essential container');+    }++    if (this.props.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC) {+      this.configureAwsVpcNetworking();+    } else {+      // Either None, Bridge or Host networking. Copy SecurityGroup from ASG.+      this.validateNoNetworkingProps();+      this.connections.addSecurityGroup(...this.props.cluster.connections.securityGroups);+    }++    for (const override of this.props.containerOverrides ?? []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }

I thought so too, but containers is a protected property and not public

shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha bedce79189aa8d933e9fd4425e58d2f61e25ccd9

Apply suggestions from code review Co-authored-by: Niranjan Jayakar <nija@amazon.com>

view details

push time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;

It would definitely be nicer and to avoid having the linter exception as well. I've tried to do the same for all the other service integrations (use IBlah).

In this case, I couldn't think of a nicer way forward without some changes to ITaskDefinition itself or requesting additional params

shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 8bfe251092e09f6f302e3b502a777d93abd192a0

grab parameters from the bind when rendering task

view details

push time in 10 days

issue commentaws/aws-cdk

stepfunctions tasks x EMR - service integration improvements

@fmcmac thank you for adding that information! It was not on my radar but absolutely belongs here.

This is the right place to collect anything we're missing, modeled incorrectly, presents a usability issue, etc. We likely need to rewrite/redesign parts of the integration to start driving it towards the direction of stability.

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

fix(route53-targets): add prefix: 'dualstack' to elb target's DNS

 export class ClassicLoadBalancerTarget implements route53.IAliasRecordTarget {   }    public bind(_record: route53.IRecordSet): route53.AliasRecordTargetConfig {+    const delimiter: string = '.';+    const prefix: string[] = ['dualstack'];     return {       hostedZoneId: this.loadBalancer.loadBalancerCanonicalHostedZoneNameId,-      dnsName: this.loadBalancer.loadBalancerDnsName,+      dnsName: cdk.Fn.join(delimiter, prefix.concat([this.loadBalancer.loadBalancerDnsName])),
      dnsName: cdk.Fn.join('.', ['dualstack', this.loadBalancer.loadBalancerDnsName]),
BryanPan342

comment created time in 10 days

Pull request review commentaws/aws-cdk

fix(route53-targets): add prefix: 'dualstack' to elb target's DNS

 export class LoadBalancerTarget implements route53.IAliasRecordTarget {   }    public bind(_record: route53.IRecordSet): route53.AliasRecordTargetConfig {+    const delimiter: string = '.';+    const prefix: string[] = ['dualstack'];     return {       hostedZoneId: this.loadBalancer.loadBalancerCanonicalHostedZoneId,-      dnsName: this.loadBalancer.loadBalancerDnsName,+      dnsName: cdk.Fn.join(delimiter, prefix.concat([this.loadBalancer.loadBalancerDnsName])),

same changes as suggested in classic

BryanPan342

comment created time in 10 days

Pull request review commentaws/aws-cdk

fix(route53-targets): add prefix: 'dualstack' to elb target's DNS

 export class ClassicLoadBalancerTarget implements route53.IAliasRecordTarget {   }    public bind(_record: route53.IRecordSet): route53.AliasRecordTargetConfig {+    const delimiter: string = '.';+    const prefix: string[] = ['dualstack'];

it's okay to keep these in-place. it's more readable that way. we can always assign it later if we have a need for reusability. save on premature optimization for now.

BryanPan342

comment created time in 10 days

Pull request review commentaws/aws-cdk

fix(route53-targets): add prefix: 'dualstack' to elb target's DNS

 anymatch@^3.0.3:     normalize-path "^3.0.0"     picomatch "^2.0.4" +app-root-path@^2.2.1:

revert changes to yarn.lock - when installing run the install script or use yarn install --frozen-lockfile

BryanPan342

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints || []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies || []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern || sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    this.validateLaunchTarget();++    for (const override of this.props.containerOverrides || []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }++    this.taskPolicies = this.makePolicyStatements();+  }++  protected renderTask(): any {+    if (this.networkConfiguration !== undefined) {+      // Make sure we have a security group if we're using AWSVPC networking+      this.securityGroup = this.securityGroup ?? new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: this.props.cluster.vpc });+      this.connections.addSecurityGroup(this.securityGroup);+    }++    return {+      Resource: integrationResourceArn('ecs', 'runTask', this.integrationPattern),+      Parameters: sfn.FieldUtils.renderObject({+        Cluster: this.props.cluster.clusterArn,+        TaskDefinition: this.props.taskDefinition.taskDefinitionArn,+        NetworkConfiguration: this.networkConfiguration,+        Overrides: renderOverrides(this.props.containerOverrides),+        ...this.props.launchTarget.bind(this).parameters,+      }),+    };+  }++  private configureAwsVpcNetworking() {+    const subnetSelection = this.props.subnets ?? { subnetType: this.props.assignPublicIp ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE };++    this.networkConfiguration = {+      AwsvpcConfiguration: {+        AssignPublicIp: this.props.assignPublicIp ? (this.props.assignPublicIp ? 'ENABLED' : 'DISABLED') : undefined,+        Subnets: this.props.cluster.vpc.selectSubnets(subnetSelection).subnetIds,+        SecurityGroups: cdk.Lazy.listValue({ produce: () => [this.securityGroup!.securityGroupId] }),+      },+    };+  }++  private validateLaunchTarget() {+    if (this.props.launchTarget instanceof EcsFargateLaunchTarget) {+      this.validateFargateLaunchType();+    }++    if (this.props.launchTarget instanceof EcsEc2LaunchTarget) {+      this.validateEc2LaunchType();+    }++    if (!this.props.taskDefinition.defaultContainer) {+      throw new Error('A TaskDefinition must have at least one essential container');+    }+  }++  private validateEc2LaunchType() {+    if (!this.props.cluster.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    if (this.props.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC) {+      this.configureAwsVpcNetworking();+    } else {+      // Either None, Bridge or Host networking. Copy SecurityGroup from ASG.+      this.validateNoNetworkingProps();+      this.connections.addSecurityGroup(...this.props.cluster.connections.securityGroups);+    }+  }++  private validateNoNetworkingProps() {+    if (this.props.subnets !== undefined || this.props.securityGroup !== undefined) {+      throw new Error('vpcPlacement and securityGroup can only be used in AwsVpc networking mode');

updated the error message. vpcPlacement was also updated to vpcSubnets a long time ago.

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints || []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies || []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern || sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    this.validateLaunchTarget();++    for (const override of this.props.containerOverrides || []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }++    this.taskPolicies = this.makePolicyStatements();+  }++  protected renderTask(): any {+    if (this.networkConfiguration !== undefined) {+      // Make sure we have a security group if we're using AWSVPC networking+      this.securityGroup = this.securityGroup ?? new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: this.props.cluster.vpc });+      this.connections.addSecurityGroup(this.securityGroup);+    }

moved it into configureAwsVpcNetworking

shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 3c7e3bb99cdad53193e279d3b5639baa99ecea03

reorder methods for easier readability

view details

push time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 1525f3e32503e52128c86ab2fb3487c59b287c4d

modify incorrect default doc

view details

push time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };

I think as the consuming class of the bind, EcsRunTask is in control of collisions and how it wants to handle them. Either it would set it's properties and then spread the bind provided properties or the inverse of that depending on the desired behaviour. strongly typing this takes away some of the power of usage that seems pretty commonplace in our repo.

started to try this. got hit with Method and non-static non-readonly property names must use camelCase: LaunchType when I try to use PascalCase for property names. Is this still something you want me to pursue?

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise

it's documented incorrectly, good catch :)

shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha ad4da0df34f5b29dabfab4fa4c1862ee3ec9af34

move validation into bind method

view details

push time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints || []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies || []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern || sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    this.validateLaunchTarget();++    for (const override of this.props.containerOverrides || []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }++    this.taskPolicies = this.makePolicyStatements();+  }++  protected renderTask(): any {+    if (this.networkConfiguration !== undefined) {+      // Make sure we have a security group if we're using AWSVPC networking+      this.securityGroup = this.securityGroup ?? new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: this.props.cluster.vpc });+      this.connections.addSecurityGroup(this.securityGroup);+    }++    return {+      Resource: integrationResourceArn('ecs', 'runTask', this.integrationPattern),+      Parameters: sfn.FieldUtils.renderObject({+        Cluster: this.props.cluster.clusterArn,+        TaskDefinition: this.props.taskDefinition.taskDefinitionArn,+        NetworkConfiguration: this.networkConfiguration,+        Overrides: renderOverrides(this.props.containerOverrides),+        ...this.props.launchTarget.bind(this).parameters,+      }),+    };+  }++  private configureAwsVpcNetworking() {

sure, that sounds like a good guiding principle

shivlaks

comment created time in 10 days

issue commentaws/aws-cdk

(stepfunctions): Problem with `Choice` and `afterwards()` with loop in state machine

hey @edisongustavo - what's the desired state machine flow you're trying to get to. What would be ideal authoring workflow?

Would it be possible to share a visual representation / ASL definition of the desired state machine?

I want to make sure I understand your readability issue first before I think of suggestions or potential improvement(s) on the CDK side of things.

edisongustavo

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 9078d9764b1418a0cd7f9967f917102d9271e94f

Apply suggestions from code review Co-authored-by: Niranjan Jayakar <nija@amazon.com>

view details

push time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints || []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies || []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern || sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    this.validateLaunchTarget();++    for (const override of this.props.containerOverrides || []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }++    this.taskPolicies = this.makePolicyStatements();+  }++  protected renderTask(): any {+    if (this.networkConfiguration !== undefined) {+      // Make sure we have a security group if we're using AWSVPC networking+      this.securityGroup = this.securityGroup ?? new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: this.props.cluster.vpc });+      this.connections.addSecurityGroup(this.securityGroup);+    }++    return {+      Resource: integrationResourceArn('ecs', 'runTask', this.integrationPattern),+      Parameters: sfn.FieldUtils.renderObject({+        Cluster: this.props.cluster.clusterArn,+        TaskDefinition: this.props.taskDefinition.taskDefinitionArn,+        NetworkConfiguration: this.networkConfiguration,+        Overrides: renderOverrides(this.props.containerOverrides),+        ...this.props.launchTarget.bind(this).parameters,+      }),+    };+  }++  private configureAwsVpcNetworking() {+    const subnetSelection = this.props.subnets ?? { subnetType: this.props.assignPublicIp ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE };++    this.networkConfiguration = {+      AwsvpcConfiguration: {+        AssignPublicIp: this.props.assignPublicIp ? (this.props.assignPublicIp ? 'ENABLED' : 'DISABLED') : undefined,+        Subnets: this.props.cluster.vpc.selectSubnets(subnetSelection).subnetIds,+        SecurityGroups: cdk.Lazy.listValue({ produce: () => [this.securityGroup!.securityGroupId] }),+      },+    };+  }++  private validateLaunchTarget() {+    if (this.props.launchTarget instanceof EcsFargateLaunchTarget) {+      this.validateFargateLaunchType();+    }++    if (this.props.launchTarget instanceof EcsEc2LaunchTarget) {+      this.validateEc2LaunchType();+    }++    if (!this.props.taskDefinition.defaultContainer) {+      throw new Error('A TaskDefinition must have at least one essential container');+    }+  }++  private validateEc2LaunchType() {+    if (!this.props.cluster.hasEc2Capacity) {

good catch, it was there and i must have lost it =/

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints || []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies || []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern || sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    this.validateLaunchTarget();++    for (const override of this.props.containerOverrides || []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }++    this.taskPolicies = this.makePolicyStatements();+  }++  protected renderTask(): any {+    if (this.networkConfiguration !== undefined) {+      // Make sure we have a security group if we're using AWSVPC networking+      this.securityGroup = this.securityGroup ?? new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: this.props.cluster.vpc });+      this.connections.addSecurityGroup(this.securityGroup);+    }++    return {+      Resource: integrationResourceArn('ecs', 'runTask', this.integrationPattern),+      Parameters: sfn.FieldUtils.renderObject({+        Cluster: this.props.cluster.clusterArn,+        TaskDefinition: this.props.taskDefinition.taskDefinitionArn,+        NetworkConfiguration: this.networkConfiguration,+        Overrides: renderOverrides(this.props.containerOverrides),+        ...this.props.launchTarget.bind(this).parameters,+      }),+    };+  }++  private configureAwsVpcNetworking() {+    const subnetSelection = this.props.subnets ?? { subnetType: this.props.assignPublicIp ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE };++    this.networkConfiguration = {+      AwsvpcConfiguration: {+        AssignPublicIp: this.props.assignPublicIp ? (this.props.assignPublicIp ? 'ENABLED' : 'DISABLED') : undefined,+        Subnets: this.props.cluster.vpc.selectSubnets(subnetSelection).subnetIds,+        SecurityGroups: cdk.Lazy.listValue({ produce: () => [this.securityGroup!.securityGroupId] }),+      },+    };+  }++  private validateLaunchTarget() {+    if (this.props.launchTarget instanceof EcsFargateLaunchTarget) {+      this.validateFargateLaunchType();+    }++    if (this.props.launchTarget instanceof EcsEc2LaunchTarget) {+      this.validateEc2LaunchType();+    }

yeah, they'll also need the task definition - sounds good

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

 export interface ContainerOverride {   /**    * Name of the container inside the task definition    */-  readonly containerName: string;+  readonly containerDefinition: ContainerDefinition;

i hear you. I was reusing the base types that are shared across the old and new implementations which is where this property is changing. An alternative is to introduce a new base type for ContainerOverride with the modified property.

I believe the migration path to modifying names to definitions is reasonable in this case.

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST

I think you have a reasonable point here still. It is done in ecs-patterns but patterns can be opinionated.

another thing to [consider] (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html#platform-version-considerations)

LATEST currently maps to 1.3.0 1.4.0 has been out since May 28, 2020 but is not LATEST yet

what would you recommend here - default of 1.4.0 or LATEST ? copy @MrArnoldPalmer

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;

gotcha, thanks! ... but it's not used (yet at least)

shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha e2d8dc63e63730544b32d3c26ac1af18215687e2

PR feedback

view details

push time in 10 days

Pull request review commentaws/aws-cdk

fix(cli): post install warnings are not clearly visible when running cdk init

 async function postInstallTypescript(canUseNetwork: boolean, cwd: string) {   const command = 'npm';    if (!canUseNetwork) {-    print(`Please run ${colors.green(`${command} install`)}!`);+    warning(`Please run ${colors.green(`${command} install`)}!`);     return;   }    print(`Executing ${colors.green(`${command} install`)}...`);   try {     await execute(command, ['install'], { cwd });   } catch (e) {-    throw new Error(`${colors.green(`${command} install`)} failed: ` + e.message);+    warning(`${command} install failed: ` + e.message);+    warning(`Please run ${command} install`);

it is, it would succeed if it was a 500, and wouldn't otherwise. I think it's reasonable to drop it for now and add it later if it's helpful.

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

fix(cli): post install warnings are not clearly visible when running cdk init

 async function postInstallPython(cwd: string) {   try {     await execute(python, ['-m venv', '.env'], { cwd });   } catch (e) {-    print('Unable to create virtualenv automatically');-    print(`Please run ${colors.green(python + ' -m venv .env')}!`);+    warning('Unable to create virtualenv automatically');+    warning(`Please run ${colors.green(python + ' -m venv .env')}!`);

done

shivlaks

comment created time in 10 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 11a2af70e7ac409a1f7cc013acac0648a23fbdba

PR feedback

view details

push time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {+  /**+   * Fargate platform version to run this service on+   *+   * Unless you have specific compatibility requirements, you don't need to+   * specify this.+   *+   * @default FargatePlatformVersion.LATEST+   */+  readonly platformVersion?: ecs.FargatePlatformVersion;+}++/**+ * Options to run an ECS task on EC2 in StepFunctions and ECS+ */+export interface EcsEc2LaunchTargetOptions {+  /**+   * Placement constraints+   *+   * @default  - None+   */+  readonly placementConstraints?: ecs.PlacementConstraint[];++  /**+   * Placement strategies+   *+   * @default - None+   */+  readonly placementStrategies?: ecs.PlacementStrategy[];+}++/**+ * Configuration for running an ECS task on Fargate+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-fargate+ */+export class EcsFargateLaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsFargateLaunchTargetOptions) {}++  /**+   * Called when the Fargate launch type configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'FARGATE',+        PlatformVersion: this.options?.platformVersion,+      },+    };+  }+}++/**+ * Configuration for running an ECS task on EC2+ *+ * @see https://docs.aws.amazon.com/AmazonECS/latest/userguide/launch_types.html#launch-type-ec2+ */+export class EcsEc2LaunchTarget implements IEcsLaunchTarget {+  constructor(private readonly options?: EcsEc2LaunchTargetOptions) {}+  /**+   * Called when the EC2 launch type is configured on RunTask+   */+  public bind(_task: EcsRunTask): EcsLaunchTargetConfig {+    return {+      parameters: {+        LaunchType: 'EC2',+        PlacementConstraints: noEmpty(flatten((this.options?.placementConstraints || []).map((c) => c.toJson().map(uppercaseKeys)))),+        PlacementStrategy: noEmpty(flatten((this.options?.placementStrategies || []).map((c) => c.toJson().map(uppercaseKeys)))),+      },+    };++    function uppercaseKeys(obj: { [key: string]: any }): { [key: string]: any } {+      const ret: { [key: string]: any } = {};+      for (const key of Object.keys(obj)) {+        ret[key.slice(0, 1).toUpperCase() + key.slice(1)] = obj[key];+      }+      return ret;+    }++    function flatten<A>(xs: A[][]): A[] {+      return Array.prototype.concat([], ...xs);+    }++    function noEmpty<A>(xs: A[]): A[] | undefined {+      if (xs.length === 0) {+        return undefined;+      }+      return xs;+    }+  }+}++/**+ * Run a Task on ECS or Fargate+ */+export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {+  private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [+    sfn.IntegrationPattern.REQUEST_RESPONSE,+    sfn.IntegrationPattern.RUN_JOB,+    sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN,+  ];++  /**+   * Manage allowed network traffic for this service+   */+  public readonly connections: ec2.Connections = new ec2.Connections();++  protected readonly taskMetrics?: sfn.TaskMetricsConfig;+  protected readonly taskPolicies?: iam.PolicyStatement[];++  private securityGroup?: ec2.ISecurityGroup;+  private networkConfiguration?: any;+  private readonly integrationPattern: sfn.IntegrationPattern;++  constructor(scope: cdk.Construct, id: string, private readonly props: EcsRunTaskProps) {+    super(scope, id, props);+    this.integrationPattern = props.integrationPattern || sfn.IntegrationPattern.REQUEST_RESPONSE;++    validatePatternSupported(this.integrationPattern, EcsRunTask.SUPPORTED_INTEGRATION_PATTERNS);++    if (this.integrationPattern === sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN && !sfn.FieldUtils.containsTaskToken(props.containerOverrides)) {+      throw new Error('Task Token is required in `containerOverrides` for callback. Use Context.taskToken to set the token.');+    }++    this.validateLaunchTarget();++    for (const override of this.props.containerOverrides || []) {+      const name = override.containerDefinition.containerName;+      if (!cdk.Token.isUnresolved(name)) {+        const cont = this.props.taskDefinition.node.tryFindChild(name);+        if (!cont) {+          throw new Error(`Overrides mention container with name '${name}', but no such container in task definition`);+        }+      }+    }++    this.taskPolicies = this.makePolicyStatements();+  }++  protected renderTask(): any {+    if (this.networkConfiguration !== undefined) {+      // Make sure we have a security group if we're using AWSVPC networking+      this.securityGroup = this.securityGroup ?? new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: this.props.cluster.vpc });+      this.connections.addSecurityGroup(this.securityGroup);+    }++    return {+      Resource: integrationResourceArn('ecs', 'runTask', this.integrationPattern),+      Parameters: sfn.FieldUtils.renderObject({+        Cluster: this.props.cluster.clusterArn,+        TaskDefinition: this.props.taskDefinition.taskDefinitionArn,+        NetworkConfiguration: this.networkConfiguration,+        Overrides: renderOverrides(this.props.containerOverrides),+        ...this.props.launchTarget.bind(this).parameters,+      }),+    };+  }++  private configureAwsVpcNetworking() {+    const subnetSelection = this.props.subnets ?? { subnetType: this.props.assignPublicIp ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE };++    this.networkConfiguration = {+      AwsvpcConfiguration: {+        AssignPublicIp: this.props.assignPublicIp ? (this.props.assignPublicIp ? 'ENABLED' : 'DISABLED') : undefined,+        Subnets: this.props.cluster.vpc.selectSubnets(subnetSelection).subnetIds,+        SecurityGroups: cdk.Lazy.listValue({ produce: () => [this.securityGroup!.securityGroupId] }),+      },+    };+  }++  private validateLaunchTarget() {+    if (this.props.launchTarget instanceof EcsFargateLaunchTarget) {+      this.validateFargateLaunchType();+    }++    if (this.props.launchTarget instanceof EcsEc2LaunchTarget) {+      this.validateEc2LaunchType();+    }++    if (!this.props.taskDefinition.defaultContainer) {+      throw new Error('A TaskDefinition must have at least one essential container');+    }+  }++  private validateEc2LaunchType() {+    if (!this.props.cluster.hasEc2Capacity) {+      throw new Error('Cluster for this service needs Ec2 capacity. Call addXxxCapacity() on the cluster.');+    }++    if (this.props.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC) {+      this.configureAwsVpcNetworking();+    } else {+      // Either None, Bridge or Host networking. Copy SecurityGroup from ASG.+      this.validateNoNetworkingProps();+      this.connections.addSecurityGroup(...this.props.cluster.connections.securityGroups);+    }+  }++  private validateNoNetworkingProps() {+    if (this.props.subnets !== undefined || this.props.securityGroup !== undefined) {+      throw new Error('vpcPlacement and securityGroup can only be used in AwsVpc networking mode');+    }+  }++  private validateFargateLaunchType() {+    if (!this.props.taskDefinition.isFargateCompatible) {+      throw new Error('Supplied TaskDefinition is not configured for compatibility with Fargate');+    }++    this.configureAwsVpcNetworking();+  }++  private makePolicyStatements(): iam.PolicyStatement[] {+    const stack = cdk.Stack.of(this);++    // https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html+    const policyStatements = [+      new iam.PolicyStatement({+        actions: ['ecs:RunTask'],+        resources: [this.props.taskDefinition.taskDefinitionArn],+      }),+      new iam.PolicyStatement({+        actions: ['ecs:StopTask', 'ecs:DescribeTasks'],+        resources: ['*'],+      }),+      new iam.PolicyStatement({+        actions: ['iam:PassRole'],+        resources: cdk.Lazy.listValue({ produce: () => this.taskExecutionRoles().map((r) => r.roleArn) }),

not really something I've changed, but I'll dig up the rationale behind the original decision. What's the recommendation and why?

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;+}++/**+ * Configuration options for the ECS launch type+ */+export interface EcsLaunchTargetConfig {+  /**+   * Additional parameters to pass to the base task+   *+   * @default - No additional parameters passed+   */+  readonly parameters?: { [key: string]: any };+}++/**+ * Properties to define an ECS service+ */+export interface EcsFargateLaunchTargetOptions {

why is it implied? Nothing precludes other service integrations in Step Functions from being able to run on Fargate. i.e. EKS integration might happen down the road one day and might have it's own Fargate launch options. I wasn't

confident that the launch options will be consistent across the service integrations. The service prefix might help with clarity when using the class though

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;++  /**+   * Container setting overrides+   *+   * Key is the name of the container to override, value is the+   * values you want to override.+   *+   * @default - No overrides+   */+  readonly containerOverrides?: ContainerOverride[];++  /**+   * In what subnets to place the task's ENIs+   *+   * @default - Private subnet if assignPublicIp, public subnets otherwise+   */+  readonly subnets?: ec2.SubnetSelection;++  /**+   * Existing security group to use for the tasks+   *+   * @default - A new security group is created+   */+  readonly securityGroup?: ec2.ISecurityGroup;++  /**+   * Assign public IP addresses to each task+   *+   * @default false+   */+  readonly assignPublicIp?: boolean;++  /**+   * An Amazon ECS launch type determines the type of infrastructure on which your+   * tasks and services are hosted.+   *+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+   */+  readonly launchTarget: IEcsLaunchTarget;+}++/**+ * An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.+ * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html+ */+export interface IEcsLaunchTarget {+  /**+   * called when the ECS launch target is configured on RunTask+   */+  bind(_task: EcsRunTask): EcsLaunchTargetConfig;

can you explain the rationale here? we have both in all over the code base.

shivlaks

comment created time in 10 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

 export interface ContainerOverride {   /**    * Name of the container inside the task definition    */-  readonly containerName: string;+  readonly containerDefinition: ContainerDefinition;

agreed, it's not a change I originally wanted to make. However, I think this is the class name we want ContainerOverride and this was the change suggested in the previous iteration. The breaking change was introduced based on that suggestion.

What do you recommend here?

shivlaks

comment created time in 11 days

Pull request review commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

+import * as ec2 from '@aws-cdk/aws-ec2';+import * as ecs from '@aws-cdk/aws-ecs';+import * as iam from '@aws-cdk/aws-iam';+import * as sfn from '@aws-cdk/aws-stepfunctions';+import * as cdk from '@aws-cdk/core';+import { ContainerOverride } from '..';+import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';++/**+ * Basic properties for ECS Tasks+ */+export interface EcsRunTaskProps extends sfn.TaskStateBaseProps {+  /**+   * The ECS cluster to run the task on+   */+  readonly cluster: ecs.ICluster;++  /**+   * [disable-awslint:ref-via-interface]+   * Task Definition used for running tasks in the service.+   *+   * Note: this must be TaskDefinition, and not ITaskDefinition,+   * as it requires properties that are not known for imported task definitions+   */+  readonly taskDefinition: ecs.TaskDefinition;

The comment explains why it shouldn't be ITaskDefinition - does it help to spell out the specific properties that we require that are not captured in ITaskDefinition?

shivlaks

comment created time in 11 days

Pull request review commentaws/aws-cdk

fix(cli): post install warnings are not clearly visible when running cdk init

 async function postInstallTypescript(canUseNetwork: boolean, cwd: string) {   const command = 'npm';    if (!canUseNetwork) {-    print(`Please run ${colors.green(`${command} install`)}!`);+    warning(`Please run ${colors.green(`${command} install`)}!`);

good call

shivlaks

comment created time in 11 days

pull request commentaws/aws-cdk

feat(stepfunctions-tasks): task construct to call `RunJob` on ECS

perfect, thanks for the review @MrArnoldPalmer - i added the do-not-merge label so we don't accidentally merge anyways. I'm sure @nija-at will have further notes and I want to make sure I address all feedback :)

shivlaks

comment created time in 11 days

push eventaws/aws-cdk

Shiv Lakshminarayan

commit sha 15693b357062077436def48559310722cda5e47f

update sfn.Data -> sfn.JsonPath

view details

push time in 11 days

push eventaws/aws-cdk

dependabot-preview[bot]

commit sha b27d5a3ca76e0ce23d8e3ff5c57241e9d4bcff5d

chore(deps): bump aws-sdk from 2.699.0 to 2.701.0 (#8682) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.699.0 to 2.701.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.699.0...v2.701.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

dependabot-preview[bot]

commit sha 2b6099456a69b6de72832f07c972f30625378cc8

chore(deps-dev): bump @types/lodash from 4.14.155 to 4.14.156 (#8687) Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.14.155 to 4.14.156. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

dependabot-preview[bot]

commit sha 2024f169ea44fed0578dfd7191c6a23e77713d0c

chore(deps): bump ts-jest from 26.1.0 to 26.1.1 (#8688) Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 26.1.0 to 26.1.1. - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/master/CHANGELOG.md) - [Commits](https://github.com/kulshekhar/ts-jest/compare/v26.1.0...v26.1.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Hyeonsoo David Lee

commit sha 6b5d77b452bccb35564d6acee118112156149eb0

fix(appsync): Not to throw an Error even if 'additionalAuthorizationModes' is undefined (#8673) fix(appsync): Not to throw an Error even if 'additionalAuthorizationModes' is undefined fixes #8666 #8668 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

dependabot-preview[bot]

commit sha cb3b861eca1d57ef9f4a3bef33fade440a1bf5c7

chore(deps): bump @typescript-eslint/eslint-plugin from 3.3.0 to 3.4.0 (#8693) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v3.4.0/packages/eslint-plugin) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

dependabot-preview[bot]

commit sha f048e4ec67dce24a76a9262990c30a5e21106bf0

chore(deps): bump aws-sdk from 2.701.0 to 2.702.0 (#8694) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.701.0 to 2.702.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.701.0...v2.702.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Elad Ben-Israel

commit sha 7e2be93b2068052e60914f674ed5f86766373c81

chore: incorporate cdk-assets-schema into cloud-assembly-schema (#8482) assets.json is part of the cloud assembly and as such we want to make sure it's schema and compatibility is managed together with the cloud assembly manifest. To do that, we extended the cloud assembly schema "root" to include two keys `manifest` and `assets` and incorporated all the types from cdk-assets-schema into the JSON schema. Now we can leverage the compatibility checks and versioning from cloud-assembly-schema instead of the ones we had in cdk-assets-schema. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Pahud Hsieh

commit sha dde0ef52cc0cdbc40fd212f518f3cee4f30450b9

feat(efs): access point (#8631) This PR adds the [Amazon EFS Access Point ](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html)construct support. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

dependabot-preview[bot]

commit sha 61434ebd5bf46158ea16f5c4a45955074a65f83e

chore(deps): bump aws-sdk from 2.702.0 to 2.703.0 (#8704) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.702.0 to 2.703.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.702.0...v2.703.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

dependabot-preview[bot]

commit sha 9568bf7cae1e634b9736378c3660515ede5f4b17

chore(deps): bump uuid from 8.1.0 to 8.2.0 (#8705) Bumps [uuid](https://github.com/uuidjs/uuid) from 8.1.0 to 8.2.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v8.1.0...v8.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

Rico Huijbers

commit sha 6e6b23e329d8a1b6455210768371a5ab9de478ef

fix(cli): cannot change policies or trust after initial bootstrap (#8677) Our nested stack deployment optimizer only used to look at template differences in order to be able to skip deployments. This has been enhanced over time, but stack parameters were still not included in the evaluation. The new bootstrapping experience relies heavily on parameters to configure important aspects such as policies and trust. However, due to the stack deployment skipping, you would not be able to reconfigure trust or policies after the initial deployment. Now takes parameters into account as well. Relates to #8571, relates to #6582, fixes #6581. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Romain Marcadier

commit sha 6166a70800caff8530f55a14fd8e71ca9dd4e9f8

chore: make @aws-cdk/cdk-assets-schema/index.d.ts a module (#8708) For otherwise, an integration test that tries to import everything breaks.

view details

Shiv Lakshminarayan

commit sha a7cb3b7633c433ecb0619c030914bfa497ee39bc

feat(stepfunctions-tasks): task constructs to call DynamoDB APIs (#8466) Replaces the implementation to call DynamoDb from within a task to merge state level properties as a construct. Notable changes: * APIs require an `ITable` to be supplied instead of `tableName` * `partitionKey` and `sortKey` are now represented as `key` * Rationale: aligning with the SDK for making these calls to Dynamo * `DynamoAttributeValue` is now a struct rather than a class * Rationale: the `withX` methods don't translate to every language and with a struct a fluent builder will be generated with a more idiomatic syntax for the language being used Refactored where it seemed sensible. Test expectations have not changed with the exception of the tableName being a reference. Verified the integration test. Closes #8108 BREAKING CHANGE: `Dynamo*` tasks no longer implement`IStepFunctionsTask` and have been replaced byconstructs that can be instantiated directly. See README for examples ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Adam Ruka

commit sha d9c4f5e67c54e1a2a436978fbc28fffd92b24cd6

feat(cfn-include): support logical id overrides (#8529) Previously, we created the Tokens needed for references like `Ref` and `Fn::GetAtt` without actually referencing the created L1s in the template, just by their logical IDs. That's not strictly correct, because users of `CfnInclude` can call `overrideLogicalId()` on the CloudFormation elements retrieved from the template, and we need to make sure to also reflect that in all references to that resource. Change the code converting from CloudFormation to CDK values to actually retrieve the appropriate L1 objects when encountering expressions like `Ref` and `Fn::GetAtt`. This also gives us correctly working cross-stack references for free. Related to #7375 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Romain Marcadier

commit sha e512a4057b21d32432d4dc7ac14ae7caa812265d

fix(toolkit): CLI tool fails on CloudFormation Throttling (#8711) The CDK (particularly, `cdk deploy`) might crash after getting throttled by CloudFormation, after the default configured 6 retries has been reached. This changes the retry configuration of the CloudFormation client (and only that one) to allow up to 10 retries with a backoff base of 1 second. This makes the maximum back-off about 17 minutes, which I hope would be plenty enough even for the 1 TPM calls. This should allow heavily parallel deployments on the same account and region to avoid getting killed by a throttle; but will reduce the responsiveness of the progress UI. Additionaly, configured a custom logger for the SDK, which would log the SDK calls to the console when running in debug mode, allowing the users to gain visibility on more information for troubleshooting purposes. Fixes #5637

view details

Neta Nir

commit sha 4917c04a23852608c4c697bff02a1085fdfd4b8c

feat(ec2): add 6xlarge InstanceSize (#8701) closes https://github.com/aws/aws-cdk/issues/8690 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Jonathan Goldwasser

commit sha d09c121e84c0c106f25a129066b0990fb237b841

fix(backup): vault name may exceed 50 characters (#8653) Remove `AWS::StackName` from the CDK generated vault name, it's already included in the `uniqueId`. BREAKING CHANGE: existing vaults that use a generated name will be replaced but existing recovery points won't be lost. The default vault removal policy is `RETAIN` and if it was set to `DESTROY` the deployment will fail because vault with recovery points cannot be deleted. Fixes #8627 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Shiv Lakshminarayan

commit sha 67978a1cc92c9e7bea389e533b893efedd204c66

feat(stepfunctions): class for working with Json paths to retrieve state machine data and context (#8647) merges the shared functionality of the `Data` and `Context` classes as there is overlap. From a user's perspective, working with paths is more idiomatic without having to think about state machine Data vs. task Context ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

Somaya

commit sha 509133373679fe514be5b4ce8d58988e3eecdd90

chore: small updates to auto label/assign action (#8722) chore: small updates auto label/assign action - remove pull request check since github actions don't work on forks - run action when issue is edited - change issue template to brackets instead of parens ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

view details

dependabot-preview[bot]

commit sha ccd577ebc2913db1aeae27940119650c5a55d684

chore(deps-dev): bump @types/lodash from 4.14.156 to 4.14.157 (#8725) Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.14.156 to 4.14.157. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

view details

push time in 11 days

PR opened aws/aws-cdk

chore(stepfunctions-tasks): update tests to use 'JsonPath' instead of 'Data' class @aws-cdk/aws-stepfunctions-tasks

Motivation:

We recently added the JsonPath class in #8647

However, re-work for Dynamo was in flight and added some classes that don't leverage the new class yet and Data has now been marked deprecated


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

+8 -8

0 comment

6 changed files

pr created time in 11 days

create barnchaws/aws-cdk

branch : shivlaks/sfn-jsonpath-chore

created branch time in 11 days

pull request commentaws/aws-cdk

fix(cli): diff against multiple stacks should fail if any have a diff

@polothy thanks for the gentle prod - writing up that integ test this week

polothy

comment created time in 11 days

issue commentaws/aws-cdk

init: failed virtualenv for python should print errors in red or not print Welcome message

@MrArnoldPalmer @rothgar I moved the post installation steps towards the end so they'll be the last things you see when you init a template. Modified the messages to be warnings rather than errors, which would show up as yellow.

I'm not strongly opinionated that it must be yellow, but it feels reasonable given there are steps to reconcile and the project was still initialized. thoughts? feel free to comment on #8723 directly

rothgar

comment created time in 11 days

PR opened aws/aws-cdk

fix(cli): post install warnings are not clearly visible when running cdk init

Modified initialization of git and post install steps to the end of the init process. Changed the current messages to use warning which will display them in yellow and updated guidance text.

Closes #8720


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

+20 -11

0 comment

1 changed file

pr created time in 11 days

create barnchaws/aws-cdk

branch : shivlaks/cli-postinstall-warnings

created branch time in 11 days

issue commentaws/aws-cdk

Profile based credentials don't work with credential_process

marking as p1 to prioritize a fix

prencher

comment created time in 11 days

more