aws · mergify · Feb 8, 2023 · Jan 26, 2023 · Jan 31, 2023 · Feb 2, 2023
diff --git a/packages/@aws-cdk/aws-cloud9/lib/environment.ts b/packages/@aws-cdk/aws-cloud9/lib/environment.ts
@@ -1,5 +1,6 @@
 import * as codecommit from '@aws-cdk/aws-codecommit';
 import * as ec2 from '@aws-cdk/aws-ec2';
+import { IUser } from '@aws-cdk/aws-iam';
 import * as cdk from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { CfnEnvironmentEC2 } from '../lib/cloud9.generated';
@@ -53,11 +54,17 @@ export enum ImageId {
    */
   UBUNTU_18_04 = 'ubuntu-18.04-x86_64'
 }
-
 /**
  * Properties for Ec2Environment
  */
 export interface Ec2EnvironmentProps {
+  /**
+   * The type of owner environment.
+   *
+   * @default - string
+   */
+  readonly owner?: Owner;
+
   /**
    * The type of instance to connect to the environment.
    *
@@ -137,6 +144,13 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment {
     return new Import(scope, id);
   }
 
+  /**
+   * The Environment Owner of the ownerarn
+   *
+   * @attribute
+   */
+  public readonly owner?: Owner;
+
   /**
    * The environment name of this Cloud9 environment
    *
@@ -170,6 +184,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment {
     super(scope, id);
 
     this.vpc = props.vpc;
+    this.owner = props.owner;
     if (!props.subnetSelection && this.vpc.publicSubnets.length === 0) {
       throw new Error('no subnetSelection specified and no public subnet found in the vpc, please specify subnetSelection');
     }
@@ -182,6 +197,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment {
     const c9env = new CfnEnvironmentEC2(this, 'Resource', {
       name: props.ec2EnvironmentName,
       description: props.description,
+      ownerArn: props.owner?.ownerArn,
       instanceType: props.instanceType?.toString() ?? ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO).toString(),
       subnetId: this.vpc.selectSubnets(vpcSubnets).subnetIds[0],
       repositories: props.clonedRepositories ? props.clonedRepositories.map(r => ({
@@ -217,3 +233,34 @@ export class CloneRepository {
 
   private constructor(public readonly repositoryUrl: string, public readonly pathComponent: string) {}
 }
+
+/**
+ * The class for different types of owners
+ */
+export class Owner {
+  /**
+   * import from Owner Iuser
-   * import from Owner Iuser
+   * Make an IAM user the environment owner
-   * import from Owner Iuser
+   * Make an IAM user the environment owner
+   *
+   * @param user environment owner can be an IAM user.
+   */
+  public static user(user: IUser): Owner {
+    return { ownerArn: user.userArn };
+  }
+
+  /**
+   * import from Owner account root
-   * import from Owner account root
+   * Make the Account Root User the environment owner (not recommended)
-   * import from Owner account root
+   * Make the Account Root User the environment owner (not recommended)
+   *
+   * @param accountId environment owner can be a root account.
+   */
+  public static accountRoot(accountId: string): Owner {
+    return { ownerArn: `arn:aws:iam::${accountId}:root` };
+  }
+
+  /**
+   * import owenrArn
+   *
+   * @param ownerArn of environment owner.
+   */
+  private constructor(public readonly ownerArn: string) {}
+}
+
diff --git a/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts b/packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts
@@ -1,9 +1,10 @@
 import { Match, Template } from '@aws-cdk/assertions';
 import * as codecommit from '@aws-cdk/aws-codecommit';
 import * as ec2 from '@aws-cdk/aws-ec2';
+import * as iam from '@aws-cdk/aws-iam';
 import * as cdk from '@aws-cdk/core';
 import * as cloud9 from '../lib';
-import { ConnectionType, ImageId } from '../lib';
+import { ConnectionType, ImageId, Owner } from '../lib';
 
 let stack: cdk.Stack;
 let vpc: ec2.IVpc;
@@ -79,9 +80,49 @@ test('throw error when subnetSelection not specified and the provided VPC has no
 test('can use CodeCommit repositories', () => {
   // WHEN
   const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo');
+  const user = new iam.User(stack, 'User');
+  new cloud9.Ec2Environment(stack, 'C9Env', {
+    vpc,
+    clonedRepositories: [
+      cloud9.CloneRepository.fromCodeCommit(repo, '/src'),
+    ],
+    imageId: cloud9.ImageId.AMAZON_LINUX_2,
+    owner: Owner.user(user),
+  });
+  // THEN
+
+  Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', {
+    InstanceType: 't2.micro',
+    Repositories: [
+      {
+        PathComponent: '/src',
+        RepositoryUrl: {
+          'Fn::Join': [
+            '',
+            [
+              'https://git-codecommit.',
+              {
+                Ref: 'AWS::Region',
+              },
+              '.',
+              {
+                Ref: 'AWS::URLSuffix',
+              },
+              '/v1/repos/foo',
+            ],
+          ],
+        },
+      },
+    ],
+  });
+});
 
+test('can use CodeCommit repo', () => {
+  // WHEN
+  const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo');
   new cloud9.Ec2Environment(stack, 'C9Env', {
     vpc,
+    owner: Owner.accountRoot('12345678'),
     clonedRepositories: [
       cloud9.CloneRepository.fromCodeCommit(repo, '/src'),
     ],