Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ecs-patterns): allow passthrough of security groups to service #10501

Merged
merged 3 commits into from
Sep 24, 2020
Merged

feat(ecs-patterns): allow passthrough of security groups to service #10501

merged 3 commits into from
Sep 24, 2020

Conversation

clementallen
Copy link
Contributor

Closes #8953

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@SomayaB SomayaB added the @aws-cdk/aws-ecs-patterns Related to ecs-patterns library label Sep 23, 2020
@clementallen clementallen force-pushed the clementallen/fargate-security-groups branch from ff12e4a to a3b51e5 Compare September 23, 2020 21:06
iamhopaul123
iamhopaul123 reviewed Sep 24, 2020
View reviewed changes
Copy link
Contributor

@iamhopaul123 iamhopaul123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Could you add manual test to double check if this feature works as we expect?

@clementallen
Copy link
Contributor Author

Looks great! Could you add manual test to double check if this feature works as we expect?

Thanks @iamhopaul123 - I'm not quite sure what you mean by adding a manual test? I've tested it with my own CDK projects and it works as expected.

@iamhopaul123
Copy link
Contributor

I've tested it with my own CDK projects and it works as expected.

That's exactly what I meant. Would you mind adding security groups option to ec2 pattern as well? Otherwise it might be a bit odd to see fargate supports passthrough of SGs but ec2 doesn't...

@clementallen
Copy link
Contributor Author

clementallen commented Sep 24, 2020
edited
Loading

@iamhopaul123

Would you mind adding security groups option to ec2 pattern as well

Sure can do, and to the other patterns too such as NLB Fargate, multiple target groups etc?

@iamhopaul123
Copy link
Contributor

that'll be great! thank you so much!

@clementallen
Copy link
Contributor Author

@iamhopaul123

I'm not hugely familiar with the non-fargate Ec2 patterns, but it seems the Ec2TaskDefinition needs a networkMode of AWS_VPC if a securityGroup is provided. Should I also allow that to be passed in from top level pattern?

@iamhopaul123
Copy link
Contributor

yeah that's true. But it should be already handled by ec2service so I don't think we should overkill the issue. At least we can be sure that i'll error out before deploying to the CFN.

@clementallen
Copy link
Contributor Author

@iamhopaul123 if networkMode isn't passed, it will error before deploying whenever a security group is provided, meaning there isn't much use providing one :)

Would it be okay if I raised a separate issue for the EC2 security groups and kept this MR focused on Fargate?

@iamhopaul123
Copy link
Contributor

Sounds good to me!

iamhopaul123
iamhopaul123 approved these changes Sep 24, 2020
View reviewed changes
Copy link
Contributor

@iamhopaul123 iamhopaul123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@mergify
Copy link
Contributor

mergify bot commented Sep 24, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 6c60d7f
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Sep 24, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit e349004 into aws:master Sep 24, 2020
@clementallen clementallen deleted the clementallen/fargate-security-groups branch September 24, 2020 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iamhopaul123 iamhopaul123 iamhopaul123 approved these changes

Assignees

@uttarasridhar uttarasridhar

Labels
@aws-cdk/aws-ecs-patterns Related to ecs-patterns library
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ecs-patterns] ApplicationLoadBalancedFargateService - how to add security group to Network Interface
5 participants
@clementallen @iamhopaul123 @aws-cdk-automation @uttarasridhar @SomayaB