aws-samples · sirbmatthews · May 29, 2024
diff --git a/python/ecs/fargate-service-with-efs/README.md b/python/ecs/fargate-service-with-efs/README.md
@@ -0,0 +1,57 @@
+# Fargate Service using EFS
+This example creates a Public Facing load balanced Fargate service with an EFS Filesystem mount to demo the
+recently added feature to Fargate.
+
+Is based on this blog post: https://aws.amazon.com/blogs/aws/amazon-ecs-supports-efs/
+
+## Build
+
+To manually create a virtualenv on MacOS and Linux:
+
+```
+$ python3 -m venv .venv
+```
+
+After the init process completes and the virtualenv is created, you can use the following
+step to activate your virtualenv.
+
+```
+$ source .venv/bin/activate
+```
+
+If you are a Windows platform, you would activate the virtualenv like this:
+
+```
+% .venv\Scripts\activate.bat
+```
+
+Once the virtualenv is activated, you can install the required dependencies.
+
+```
+$ pip install -r requirements.txt
+```
+
+At this point you can now synthesize the CloudFormation template for this code.
+
+```
+$ cdk synth
+```
+
+You can now begin exploring the source code, contained in the hello directory.
+There is also a very trivial test included that can be run like this:
+
+```
+$ pytest
+```
+
+To add additional dependencies, for example other CDK libraries, just add to
+your requirements.txt file and rerun the `pip install -r requirements.txt`
+command.
+
+## Useful commands
+
+ * `cdk ls`          list all stacks in the app
+ * `cdk synth`       emits the synthesized CloudFormation template
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `cdk diff`        compare deployed stack with current state
+ * `cdk docs`        open CDK documentation
diff --git a/python/ecs/fargate-service-with-efs/app.py b/python/ecs/fargate-service-with-efs/app.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python3
+
+import aws_cdk as cdk
+
+from fargate_service_with_efs.fargate_service_with_efs_stack import FargateServiceWithEfsStack
+
+
+app = cdk.App()
+FargateServiceWithEfsStack(app, "FargateServiceWithEfsStack")
+
+app.synth()
diff --git a/python/ecs/fargate-service-with-efs/cdk.json b/python/ecs/fargate-service-with-efs/cdk.json
@@ -0,0 +1,68 @@
+{
+  "app": "python3 app.py",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "requirements*.txt",
+      "source.bat",
+      "**/__init__.py",
+      "python/__pycache__",
+      "tests"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true
+  }
+}
diff --git a/python/ecs/fargate-service-with-efs/fargate_service_with_efs/__init__.py b/python/ecs/fargate-service-with-efs/fargate_service_with_efs/__init__.py
diff --git a/...n/ecs/fargate-service-with-efs/fargate_service_with_efs/fargate_service_with_efs_stack.py b/...n/ecs/fargate-service-with-efs/fargate_service_with_efs/fargate_service_with_efs_stack.py
@@ -0,0 +1,89 @@
+from constructs import Construct
+from aws_cdk import (
+    Duration, Stack,
+    aws_iam as iam,
+    aws_ecs as ecs,
+    aws_ecs_patterns as ecs_patterns,
+    aws_efs as efs,
+    aws_ec2 as ec2
+)
+
+class FargateServiceWithEfsStack(Stack):
+
+    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+
+        vpc = ec2.Vpc(
+            self, 'Vpc', 
+            max_azs = 2
+        )
+
+        ecsCluster = ecs.Cluster(
+            self, 'EcsCluster',
+            vpc = vpc 
+        )
+
+        fileSystem = efs.FileSystem(
+            self, 'MyEfsFileSystem', 
+            vpc = vpc,
+            encrypted = True,
+            lifecycle_policy = efs.LifecyclePolicy.AFTER_14_DAYS,
+            performance_mode = efs.PerformanceMode.GENERAL_PURPOSE,
+            throughput_mode = efs.ThroughputMode.BURSTING,
+        )
+
+        fileSystem.add_to_resource_policy(
+            iam.PolicyStatement(
+                actions = ['elasticfilesystem:ClientMount'],
+                principals = [iam.AnyPrincipal()],
+                conditions = { 
+                     'Bool' : {'elasticfilesystem:AccessedViaMountTarget':'true' }
+                }
+            )
+        )
+
+        taskDefinition = ecs.FargateTaskDefinition(
+            self, 'MyTaskDefinition', 
+            memory_limit_mib = 512,
+            cpu = 256,
+        )
+
+        taskDefinition.add_volume(
+            name = 'uploads',
+            efs_volume_configuration = ecs.EfsVolumeConfiguration(
+                file_system_id = fileSystem.file_system_id
+            )
+        )
+
+        containerDefinition = ecs.ContainerDefinition(
+            self, 'MyContainerDefinition',
+            image = ecs.ContainerImage.from_registry('coderaiser/cloudcmd'),
+            task_definition = taskDefinition,
+
+        )
+
+        containerDefinition.add_mount_points(
+            ecs.MountPoint( 
+                source_volume = 'uploads',
+                container_path = '/uploads',
+                read_only = False,
+            )
+        )
+
+        containerDefinition.add_port_mappings(
+            ecs.PortMapping(container_port = 8000)
+        )
+
+        albFargateService = ecs_patterns.ApplicationLoadBalancedFargateService(
+            self, 'Service01',
+            cluster = ecsCluster,
+            task_definition = taskDefinition,
+            desired_count = 2,
+
+        )
+
+        albFargateService.target_group.set_attribute('deregistration_delay.timeout_seconds', '30')
+
+        #  Allow access to EFS from Fargate ECS
+        fileSystem.grant_root_access(albFargateService.task_definition.task_role.grant_principal)
+        fileSystem.connections.allow_default_port_from(albFargateService.service.connections)
diff --git a/python/ecs/fargate-service-with-efs/requirements.txt b/python/ecs/fargate-service-with-efs/requirements.txt
@@ -0,0 +1,2 @@
+aws-cdk-lib==2.142.1
+constructs>=10.0.0,<11.0.0