Merge branch 'main' into security-hub-ecr-3

aws · Mar 28, 2023 · 6c8de2d · 6c8de2d
2 parents d677019 + 3c98d1e
commit 6c8de2d
Show file tree

Hide file tree

Showing 34 changed files with 5,829 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-ecs/README.md b/packages/@aws-cdk/aws-ecs/README.md
@@ -1360,3 +1360,18 @@ const customService = new ecs.FargateService(this, 'CustomizedService', {
   },
 });
 ```
+
+## Enable pseudo-terminal (TTY) allocation
+
+You can allocate a pseudo-terminal (TTY) for a container passing `pseudoTerminal` option while adding the container
+to the task definition.
+This maps to Tty option in the ["Create a container section"](https://docs.docker.com/engine/api/v1.38/#operation/ContainerCreate)
+of the [Docker Remote API](https://docs.docker.com/engine/api/v1.38/) and the --tty option to [`docker run`](https://docs.docker.com/engine/reference/commandline/run/).
+
+```ts
+const taskDefinition = new ecs.Ec2TaskDefinition(this, 'TaskDef');
+taskDefinition.addContainer('TheContainer', {
+  image: ecs.ContainerImage.fromRegistry('example-image'),
+  pseudoTerminal: true
+});
+```
diff --git a/packages/@aws-cdk/aws-ecs/lib/container-definition.ts b/packages/@aws-cdk/aws-ecs/lib/container-definition.ts
@@ -349,6 +349,15 @@ export interface ContainerDefinitionOptions {
    * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_systemcontrols
    */
   readonly systemControls?: SystemControl[];
+
+  /**
+   * When this parameter is true, a TTY is allocated. This parameter maps to Tty in the "Create a container section" of the
+   * Docker Remote API and the --tty option to `docker run`.
+   *
+   * @default - false
+   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_pseudoterminal
+   */
+  readonly pseudoTerminal?: boolean;
 }
 
 /**
@@ -445,6 +454,11 @@ export class ContainerDefinition extends Construct {
    */
   private readonly inferenceAcceleratorResources: string[] = [];
 
+  /**
+   * Specifies whether a TTY must be allocated for this container.
+   */
+  public readonly pseudoTerminal?: boolean;
+
   /**
    * The configured container links
    */
@@ -512,6 +526,8 @@ export class ContainerDefinition extends Construct {
     if (props.inferenceAcceleratorResources) {
       this.addInferenceAcceleratorResource(...props.inferenceAcceleratorResources);
     }
+
+    this.pseudoTerminal = props.pseudoTerminal;
   }
 
   /**
@@ -756,6 +772,7 @@ export class ContainerDefinition extends Construct {
       name: this.containerName,
       portMappings: cdk.Lazy.any({ produce: () => this.portMappings.map(renderPortMapping) }, { omitEmptyArray: true }),
       privileged: this.props.privileged,
+      pseudoTerminal: this.props.pseudoTerminal,
       readonlyRootFilesystem: this.props.readonlyRootFilesystem,
       repositoryCredentials: this.imageConfig.repositoryCredentials,
       startTimeout: this.props.startTimeout && this.props.startTimeout.toSeconds(),

diff --git a/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts
@@ -305,6 +305,7 @@ describe('container definition', () => {
         gpuCount: 256,
         hostname: 'host.example.com',
         privileged: true,
+        pseudoTerminal: true,
         readonlyRootFilesystem: true,
         startTimeout: cdk.Duration.millis(2000),
         stopTimeout: cdk.Duration.millis(5000),
@@ -441,6 +442,7 @@ describe('container definition', () => {
             MemoryReservation: 512,
             Name: 'Example Container',
             Privileged: true,
+            PseudoTerminal: true,
             ReadonlyRootFilesystem: true,
             ResourceRequirements: [
               {

diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts
@@ -264,6 +264,7 @@ describe('ec2 task definition', () => {
         logging: new ecs.AwsLogDriver({ streamPrefix: 'prefix' }),
         memoryReservationMiB: 1024,
         privileged: true,
+        pseudoTerminal: true,
         readonlyRootFilesystem: true,
         secrets: {
           SECRET: ecs.Secret.fromSecretsManager(secret),
@@ -389,6 +390,7 @@ describe('ec2 task definition', () => {
             MemoryReservation: 1024,
             Name: 'web',
             Privileged: true,
+            PseudoTerminal: true,
             ReadonlyRootFilesystem: true,
             Secrets: [
               {

diff --git a/...teg.pseudo-terminal.js.snapshot/PseudoTerminalDefaultTestDeployAssert1B88B826.assets.json b/...teg.pseudo-terminal.js.snapshot/PseudoTerminalDefaultTestDeployAssert1B88B826.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "30.1.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "PseudoTerminalDefaultTestDeployAssert1B88B826.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
diff --git a/...g.pseudo-terminal.js.snapshot/PseudoTerminalDefaultTestDeployAssert1B88B826.template.json b/...g.pseudo-terminal.js.snapshot/PseudoTerminalDefaultTestDeployAssert1B88B826.template.json
@@ -0,0 +1,36 @@
+{
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/...-ecs/test/ec2/integ.pseudo-terminal.js.snapshot/aws-ecs-integ-pseudo-terminal.assets.json b/...-ecs/test/ec2/integ.pseudo-terminal.js.snapshot/aws-ecs-integ-pseudo-terminal.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "30.1.0",
+  "files": {
+    "9b1c5a27bfd1f10bf81e372c212b17c4def357247c4c40d64b7c0657fccb4943": {
+      "source": {
+        "path": "aws-ecs-integ-pseudo-terminal.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "9b1c5a27bfd1f10bf81e372c212b17c4def357247c4c40d64b7c0657fccb4943.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}