From 4605d405674170d5c9aed18ffd7adef200032088 Mon Sep 17 00:00:00 2001 From: wafuwafu13 Date: Thu, 14 Mar 2024 20:37:17 +0000 Subject: [PATCH 1/2] fix(ecs-patterns): resolve not being able to create ECS service in integ.alb-fargate-service-command-entry-point --- ...efaultTestDeployAssert84DAACDF.assets.json | 2 +- ...lb-fargate-cmd-entrypoint-test.assets.json | 6 +- ...-fargate-cmd-entrypoint-test.template.json | 186 +++++++++------ .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 23 +- .../tree.json | 213 ++++++++++++------ ...alb-fargate-service-command-entry-point.ts | 14 +- 8 files changed, 301 insertions(+), 147 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json index 161b98e729347..afee9f7a14240 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.assets.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json index e2efe1199559d..6d1891e78b9f3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json @@ -1,7 +1,7 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { - "bd5c4694c4fe13248b11699dfcee108b7c5a6835e60b9f68628928a30689fa29": { + "72ddf678ef0945cb964beb1869bfb95dc8f7d1e5162f39df6c617f96f7b95c13": { "source": { "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "bd5c4694c4fe13248b11699dfcee108b7c5a6835e60b9f68628928a30689fa29.json", + "objectKey": "72ddf678ef0945cb964beb1869bfb95dc8f7d1e5162f39df6c617f96f7b95c13.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json index aff60e08182b5..4b84d6bbd104e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json @@ -18,9 +18,6 @@ "VpcPublicSubnet1Subnet5C2D37C4": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -44,21 +41,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTable6C95E38E": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTableAssociation97140677": { @@ -75,12 +75,12 @@ "VpcPublicSubnet1DefaultRoute3DA9E72A": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } }, "DependsOn": [ @@ -102,15 +102,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "Tags": [ { "Key": "Name", @@ -126,9 +126,6 @@ "VpcPublicSubnet2Subnet691E08A3": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -152,21 +149,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet2RouteTable94F7E489": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet2RouteTableAssociationDD5762D8": { @@ -183,12 +183,12 @@ "VpcPublicSubnet2DefaultRoute97F91067": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" } }, "DependsOn": [ @@ -210,15 +210,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "Tags": [ { "Key": "Name", @@ -234,9 +234,6 @@ "VpcPrivateSubnet1Subnet536B997A": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -260,21 +257,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableB2C5B500": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { @@ -291,21 +291,18 @@ "VpcPrivateSubnet1DefaultRouteBE02A9ED": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, "VpcPrivateSubnet2Subnet3788AAA1": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -329,21 +326,24 @@ "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet2RouteTableA678073B": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { @@ -360,12 +360,12 @@ "VpcPrivateSubnet2DefaultRoute060D2087": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" } } }, @@ -383,17 +383,42 @@ "VpcVPCGWBF912B6E": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "InternetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" } } }, "TestFargateCluster0BF869F3": { "Type": "AWS::ECS::Cluster" }, + "SecurityGroupDD263621": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:32768-65535", + "FromPort": 32768, + "IpProtocol": "tcp", + "ToPort": 65535 + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, "ALBFargateServiceWithCommandAndEntryPointLB353EA7CA": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { @@ -410,6 +435,12 @@ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", "GroupId" ] + }, + { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] } ], "Subnets": [ @@ -450,13 +481,6 @@ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGrouptoawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11801B449FAA": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { - "GroupId": { - "Fn::GetAtt": [ - "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", - "GroupId" - ] - }, - "IpProtocol": "tcp", "Description": "Load balancer to target", "DestinationSecurityGroupId": { "Fn::GetAtt": [ @@ -465,6 +489,13 @@ ] }, "FromPort": 80, + "GroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", + "GroupId" + ] + }, + "IpProtocol": "tcp", "ToPort": 80 } }, @@ -526,15 +557,14 @@ "ContainerDefinitions": [ { "Command": [ - "/usr/sbin/apache2", - "-D", - "FOREGROUND" + "/bin/sh -c \"echo '

Amazon ECS Sample App

' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "EntryPoint": [ - "/bin/bash" + "sh", + "-c" ], "Essential": true, - "Image": "amazon/amazon-ecs-sample", + "Image": "public.ecr.aws/docker/library/httpd:2.4", "LogConfiguration": { "LogDriver": "awslogs", "Options": { @@ -708,7 +738,6 @@ "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointLBSecurityGroup886E70918046DDBFE6": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { - "IpProtocol": "tcp", "Description": "Load balancer to target", "FromPort": 80, "GroupId": { @@ -717,6 +746,7 @@ "GroupId" ] }, + "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", @@ -728,6 +758,30 @@ "DependsOn": [ "ALBFargateServiceWithCommandAndEntryPointTaskDefTaskRole65CE9392" ] + }, + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B806B1E1C2D": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Load balancer to target", + "FromPort": 80, + "GroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "ToPort": 80 + }, + "DependsOn": [ + "ALBFargateServiceWithCommandAndEntryPointTaskDefTaskRole65CE9392" + ] } }, "Outputs": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out index f0b901e7c06e5..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"32.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json index 5e4bcf603026b..6cc5d28209e4a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "testCases": { "AlbFargateServiceWithCommandAndEntryPoint/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json index 487bb373d901d..1c0f702e01207 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "artifacts": { "aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bd5c4694c4fe13248b11699dfcee108b7c5a6835e60b9f68628928a30689fa29.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/72ddf678ef0945cb964beb1869bfb95dc8f7d1e5162f39df6c617f96f7b95c13.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -177,6 +178,12 @@ "data": "TestFargateCluster0BF869F3" } ], + "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "SecurityGroupDD263621" + } + ], "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/LB/Resource": [ { "type": "aws:cdk:logicalId", @@ -228,7 +235,10 @@ "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/TaskDef/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ALBFargateServiceWithCommandAndEntryPointTaskDefCD2C6236" + "data": "ALBFargateServiceWithCommandAndEntryPointTaskDefCD2C6236", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/TaskDef/web/LogGroup/Resource": [ @@ -267,6 +277,12 @@ "data": "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointLBSecurityGroup886E70918046DDBFE6" } ], + "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/Service/SecurityGroup/from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80": [ + { + "type": "aws:cdk:logicalId", + "data": "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupfromawsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B806B1E1C2D" + } + ], "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -295,6 +311,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AlbFargateServiceWithCommandAndEntryPointDefaultTestDeployAssert84DAACDF.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json index d1a001dceb12c..27e7a15da8ceb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json @@ -45,9 +45,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -71,7 +68,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -93,15 +93,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -134,12 +134,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } } }, @@ -174,15 +174,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "allocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "tags": [ { "key": "Name", @@ -212,9 +212,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -238,7 +235,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -260,15 +260,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -301,12 +301,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" } } }, @@ -341,15 +341,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "allocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "tags": [ { "key": "Name", @@ -379,9 +379,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -405,7 +402,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -427,15 +427,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -468,12 +468,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, @@ -498,9 +498,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -524,7 +521,10 @@ "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -546,15 +546,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/Vpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { @@ -587,12 +587,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" } } }, @@ -632,11 +632,11 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "internetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" } } }, @@ -673,6 +673,49 @@ "version": "0.0.0" } }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 32768, + "toPort": 65535, + "description": "from 0.0.0.0/0:32768-65535" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, "ALBFargateServiceWithCommandAndEntryPoint": { "id": "ALBFargateServiceWithCommandAndEntryPoint", "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint", @@ -700,6 +743,12 @@ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", "GroupId" ] + }, + { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] } ], "subnets": [ @@ -754,13 +803,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupEgress", "aws:cdk:cloudformation:props": { - "groupId": { - "Fn::GetAtt": [ - "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", - "GroupId" - ] - }, - "ipProtocol": "tcp", "description": "Load balancer to target", "destinationSecurityGroupId": { "Fn::GetAtt": [ @@ -769,6 +811,13 @@ ] }, "fromPort": 80, + "groupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", + "GroupId" + ] + }, + "ipProtocol": "tcp", "toPort": 80 } }, @@ -932,15 +981,14 @@ "containerDefinitions": [ { "command": [ - "/usr/sbin/apache2", - "-D", - "FOREGROUND" + "/bin/sh -c \"echo '

Amazon ECS Sample App

' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "entryPoint": [ - "/bin/bash" + "sh", + "-c" ], "essential": true, - "image": "amazon/amazon-ecs-sample", + "image": "public.ecr.aws/docker/library/httpd:2.4", "name": "web", "portMappings": [ { @@ -1215,7 +1263,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", "aws:cdk:cloudformation:props": { - "ipProtocol": "tcp", "description": "Load balancer to target", "fromPort": 80, "groupId": { @@ -1224,6 +1271,7 @@ "GroupId" ] }, + "ipProtocol": "tcp", "sourceSecurityGroupId": { "Fn::GetAtt": [ "ALBFargateServiceWithCommandAndEntryPointLBSecurityGroupD7099797", @@ -1237,6 +1285,35 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", "version": "0.0.0" } + }, + "from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80": { + "id": "from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/Service/SecurityGroup/from awsecsinteglbfargatecmdentrypointtestSecurityGroupECF7922B:80", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Load balancer to target", + "fromPort": 80, + "groupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "toPort": 80 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } } }, "constructInfo": { @@ -1291,7 +1368,7 @@ "path": "AlbFargateServiceWithCommandAndEntryPoint/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.3.0" } }, "DeployAssert": { @@ -1337,7 +1414,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts index 32e2c2ebf7cbe..0b780b7eb8264 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts @@ -13,9 +13,14 @@ const stack = new cdk.Stack( // Create VPC and cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(stack, 'TestFargateCluster', { vpc }); +const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { + vpc, + allowAllOutbound: true, +}); +securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcpRange(32768, 65535)); // Create ALB service with Command and EntryPoint -new ecsPatterns.ApplicationLoadBalancedFargateService( +const applicationLoadBalancedFargateService = new ecsPatterns.ApplicationLoadBalancedFargateService( stack, 'ALBFargateServiceWithCommandAndEntryPoint', { @@ -23,12 +28,13 @@ new ecsPatterns.ApplicationLoadBalancedFargateService( memoryLimitMiB: 512, cpu: 256, taskImageOptions: { - image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), - command: ['/usr/sbin/apache2', '-D', 'FOREGROUND'], - entryPoint: ['/bin/bash'], + image: ecs.ContainerImage.fromRegistry('public.ecr.aws/docker/library/httpd:2.4'), + command: ['/bin/sh -c \"echo \'

Amazon ECS Sample App

\' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"'], + entryPoint: ['sh', '-c'], }, }, ); +applicationLoadBalancedFargateService.loadBalancer.connections.addSecurityGroup(securityGroup); new integ.IntegTest(app, 'AlbFargateServiceWithCommandAndEntryPoint', { testCases: [stack], From f9cf184e21f83faee0a1c16ab175768709b9d822 Mon Sep 17 00:00:00 2001 From: wafuwafu13 Date: Thu, 21 Mar 2024 20:45:02 +0000 Subject: [PATCH 2/2] fix(ecs-patterns): restrict sg --- ...lb-fargate-cmd-entrypoint-test.assets.json | 4 +- ...-fargate-cmd-entrypoint-test.template.json | 34 ++++++++++----- .../manifest.json | 13 +++--- .../tree.json | 42 ++++++++++++++----- ...alb-fargate-service-command-entry-point.ts | 4 +- 5 files changed, 68 insertions(+), 29 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json index 6d1891e78b9f3..f0c30a25d7502 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "72ddf678ef0945cb964beb1869bfb95dc8f7d1e5162f39df6c617f96f7b95c13": { + "d5bc6608a501023f394e622f56da7bfa3d009cdcb254814891d1352b1e41bbbe": { "source": { "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "72ddf678ef0945cb964beb1869bfb95dc8f7d1e5162f39df6c617f96f7b95c13.json", + "objectKey": "d5bc6608a501023f394e622f56da7bfa3d009cdcb254814891d1352b1e41bbbe.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json index 4b84d6bbd104e..7adff19cc7449 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/aws-ecs-integ-lb-fargate-cmd-entrypoint-test.template.json @@ -398,20 +398,13 @@ "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", - "Description": "from 0.0.0.0/0:32768-65535", - "FromPort": 32768, + "Description": "from 0.0.0.0/0:80", + "FromPort": 80, "IpProtocol": "tcp", - "ToPort": 65535 + "ToPort": 80 } ], "VpcId": { @@ -419,6 +412,27 @@ } } }, + "SecurityGrouptoawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F1180E99BF818": { + "Type": "AWS::EC2::SecurityGroupEgress", + "Properties": { + "Description": "Load balancer to target", + "DestinationSecurityGroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "FromPort": 80, + "GroupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "ToPort": 80 + } + }, "ALBFargateServiceWithCommandAndEntryPointLB353EA7CA": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json index 1c0f702e01207..2af9e7724ebd3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/72ddf678ef0945cb964beb1869bfb95dc8f7d1e5162f39df6c617f96f7b95c13.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d5bc6608a501023f394e622f56da7bfa3d009cdcb254814891d1352b1e41bbbe.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -184,6 +184,12 @@ "data": "SecurityGroupDD263621" } ], + "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80": [ + { + "type": "aws:cdk:logicalId", + "data": "SecurityGrouptoawsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F1180E99BF818" + } + ], "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/LB/Resource": [ { "type": "aws:cdk:logicalId", @@ -235,10 +241,7 @@ "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/TaskDef/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ALBFargateServiceWithCommandAndEntryPointTaskDefCD2C6236", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] + "data": "ALBFargateServiceWithCommandAndEntryPointTaskDefCD2C6236" } ], "/aws-ecs-integ-lb-fargate-cmd-entrypoint-test/ALBFargateServiceWithCommandAndEntryPoint/TaskDef/web/LogGroup/Resource": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json index 27e7a15da8ceb..8488ff8dbd2af 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.js.snapshot/tree.json @@ -684,20 +684,13 @@ "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", "aws:cdk:cloudformation:props": { "groupDescription": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], "securityGroupIngress": [ { "cidrIp": "0.0.0.0/0", "ipProtocol": "tcp", - "fromPort": 32768, - "toPort": 65535, - "description": "from 0.0.0.0/0:32768-65535" + "fromPort": 80, + "toPort": 80, + "description": "from 0.0.0.0/0:80" } ], "vpcId": { @@ -709,6 +702,35 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", "version": "0.0.0" } + }, + "to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80": { + "id": "to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80", + "path": "aws-ecs-integ-lb-fargate-cmd-entrypoint-test/SecurityGroup/to awsecsinteglbfargatecmdentrypointtestALBFargateServiceWithCommandAndEntryPointServiceSecurityGroup6D1E5F11:80", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupEgress", + "aws:cdk:cloudformation:props": { + "description": "Load balancer to target", + "destinationSecurityGroupId": { + "Fn::GetAtt": [ + "ALBFargateServiceWithCommandAndEntryPointServiceSecurityGroupD154E880", + "GroupId" + ] + }, + "fromPort": 80, + "groupId": { + "Fn::GetAtt": [ + "SecurityGroupDD263621", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "toPort": 80 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupEgress", + "version": "0.0.0" + } } }, "constructInfo": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts index 0b780b7eb8264..72eba5604fb9f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts @@ -15,9 +15,9 @@ const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: const cluster = new ecs.Cluster(stack, 'TestFargateCluster', { vpc }); const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc, - allowAllOutbound: true, + allowAllOutbound: false, }); -securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcpRange(32768, 65535)); +securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(80)); // Create ALB service with Command and EntryPoint const applicationLoadBalancedFargateService = new ecsPatterns.ApplicationLoadBalancedFargateService(