@fjall/components-infrastructure 0.86.0 → 0.87.3

package/dist/lib/resources/aws/compute/ecs.d.ts

@@ -8,6 +8,7 @@ import { Certificate } from "aws-cdk-lib/aws-certificatemanager";
 import { type GeoLocation } from "aws-cdk-lib/aws-route53";
 import { Repository } from "aws-cdk-lib/aws-ecr";
 import { HostedZone as FjallHostedZone } from "../../../patterns/aws/hostedZone";
+import { type ConnectionSpec } from "../../../patterns/aws/interfaces/connector.js";
 import { type SecretImport } from "../secrets";
 export declare enum Protocol {
     HTTP = 0,
@@ -89,18 +90,18 @@ export interface EcsClusterContainerConfig {
     port?: number;
     /** Environment variables */
     environment?: Record<string, string>;
-    /** Secrets imported from other resources (AWS Secrets Manager) */
-    secretsImport?: {
-        [key: string]: SecretImport;
-    };
     /**
      * Secrets from AWS SSM Parameter Store.
      * Array of secret names that will be fetched from the service's SSM namespace.
      *
      * @example
-     * ssmSecrets: ["API_KEY", "DB_PASSWORD"]
+     * secrets: ["API_KEY", "DB_PASSWORD"]
      */
-    ssmSecrets?: string[];
+    secrets?: string[];
+    /** Secrets imported from other CDK resources (AWS Secrets Manager) */
+    secretsImport?: {
+        [key: string]: SecretImport;
+    };
     /** Command to run in the container */
     command?: string[];
     /** Entry point for the container */
@@ -216,10 +217,25 @@ export interface EcsServiceProps {
      */
     taskRoleManagedPolicies?: IManagedPolicy[];
     /**
-     * Resources this service needs to connect to (e.g., databases).
-     * Creates security group rules to allow traffic from this specific service only.
+     * Resources this service needs to connect to (e.g., databases, S3 buckets, SQS queues).
+     * Creates security group rules for IConnectable resources and IAM grants for IAM resources.
+     *
+     * Supports:
+     * - IConnectable: Security group resources (RDS, ECS, etc.)
+     * - IStorageConnector: S3 buckets (IAM grants)
+     * - IDynamoDBConnector: DynamoDB tables (IAM grants)
+     * - IQueueConnector: SQS queues (IAM grants)
+     * - ConnectionConfig: Explicit access level configuration
+     *
+     * @example
+     * connections: [
+     *   database,                              // Security group (RDS)
+     *   { resource: cache, access: "read" },   // Read-only DynamoDB
+     *   { resource: bucket, access: "write" }, // Write-only S3
+     *   { resource: queue, access: "consume" } // Consume-only SQS
+     * ]
      */
-    connections?: IConnectable[];
+    connections?: ConnectionSpec[];
     /**
      * Capacity provider for this service. REQUIRED.
      * Each service specifies its own capacity provider.
@@ -233,21 +249,20 @@ export interface EcsServiceProps {
     ec2Config?: Ec2CapacityConfig;
     /**
      * SSM Parameter Store path for secrets.
-     * If containers have ssmSecrets defined, this path is used as the base path.
+     * If containers have secrets defined, this path is used as the base path.
      * Format: /<app>/<cluster>/<service>
      *
      * @example
      * ssmSecretsPath: "/myapp/api-cluster/users"
      */
     ssmSecretsPath?: string;
-    /**
-     * Path to Dockerfile for building this service's image.
-     * Metadata for CLI build process, not used during CDK synthesis.
-     */
-    dockerfilePath?: string;
     /**
      * Docker build target stage for multi-stage Dockerfiles.
-     * Metadata for CLI build process, not used during CDK synthesis.
+     * When specified, appends `-<target>` to the image tag.
+     *
+     * @example
+     * // With dockerTarget: "api", image tag becomes: myservice-api-latest
+     * dockerTarget: "api"
      */
     dockerTarget?: string;
 }
@@ -259,7 +274,7 @@ export type EcsClusterProps = {
     clusterName: string;
     /**
      * Application name for SSM secrets namespace.
-     * Required when any container uses ssmSecrets without explicit ssmSecretsPath.
+     * Required when any container uses secrets without explicit ssmSecretsPath.
      * Used to build the path: /<appName>/<clusterName>/<serviceName>
      */
     appName?: string;
@@ -375,14 +390,6 @@ export default class EcsCluster extends Construct implements IConnectable {
     private registerServiceWithALB;
     private buildRoutingConditions;
     private addServiceScaling;
-    /**
-     * Checks if any service in the cluster uses EC2 capacity provider.
-     */
-    private hasAnyEc2Service;
-    /**
-     * Checks if any service in the cluster uses Fargate capacity provider.
-     */
-    private hasAnyFargateService;
     /**
      * Check if the VPC has NAT gateways.
      * - For Fjall Vpc: uses hasNatGateways property