@gradientedge/cdk-utils 8.39.0 → 8.41.0

package/app/api-destined-function/node_modules/.bin/mkdirp

@@ -6,12 +6,12 @@ case `uname` in
 esac
 
 if [ -z "$NODE_PATH" ]; then
-  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules"
+  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules"
 else
-  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.5/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules:$NODE_PATH"
+  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/mkdirp@2.1.6/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules:$NODE_PATH"
 fi
 if [ -x "$basedir/node" ]; then
-  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/cjs/src/bin.js" "$@"
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/cjs/src/bin.js" "$@"
 else
-  exec node  "$basedir/../../../../node_modules/.pnpm/mkdirp@2.1.5/node_modules/mkdirp/dist/cjs/src/bin.js" "$@"
+  exec node  "$basedir/../../../../node_modules/.pnpm/mkdirp@2.1.6/node_modules/mkdirp/dist/cjs/src/bin.js" "$@"
 fi

package/app/api-destined-function/node_modules/.bin/rimraf

@@ -6,12 +6,12 @@ case `uname` in
 esac
 
 if [ -z "$NODE_PATH" ]; then
-  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules"
+  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules"
 else
-  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.0/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules:$NODE_PATH"
+  export NODE_PATH="/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/cjs/src/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/cjs/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/rimraf@4.4.1/node_modules:/home/runner/work/cdk-utils/cdk-utils/node_modules/.pnpm/node_modules:$NODE_PATH"
 fi
 if [ -x "$basedir/node" ]; then
-  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/cjs/src/bin.js" "$@"
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/cjs/src/bin.js" "$@"
 else
-  exec node  "$basedir/../../../../node_modules/.pnpm/rimraf@4.4.0/node_modules/rimraf/dist/cjs/src/bin.js" "$@"
+  exec node  "$basedir/../../../../node_modules/.pnpm/rimraf@4.4.1/node_modules/rimraf/dist/cjs/src/bin.js" "$@"
 fi

package/app/api-destined-function/package.json

@@ -20,7 +20,7 @@
     "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "mkdirp": "^2.1.5",
-    "rimraf": "^4.4.0"
+    "mkdirp": "^2.1.6",
+    "rimraf": "^4.4.1"
   }
 }

package/dist/src/lib/common/construct.d.ts

@@ -30,6 +30,7 @@ export declare class CommonConstruct extends Construct {
     dynamodbManager: aws.DynamodbManager;
     ecrManager: aws.EcrManager;
     ecsManager: aws.EcsManager;
+    efsManager: aws.EfsManager;
     eksManager: aws.EksManager;
     elasticacheManager: aws.ElastiCacheManager;
     eventManager: aws.EventManager;

package/dist/src/lib/common/construct.js

@@ -55,6 +55,7 @@ class CommonConstruct extends constructs_1.Construct {
     dynamodbManager;
     ecrManager;
     ecsManager;
+    efsManager;
     eksManager;
     elasticacheManager;
     eventManager;
@@ -86,6 +87,7 @@ class CommonConstruct extends constructs_1.Construct {
         this.dynamodbManager = new aws.DynamodbManager();
         this.ecrManager = new aws.EcrManager();
         this.ecsManager = new aws.EcsManager();
+        this.efsManager = new aws.EfsManager();
         this.eksManager = new aws.EksManager();
         this.elasticacheManager = new aws.ElastiCacheManager();
         this.eventManager = new aws.EventManager();

package/dist/src/lib/construct/site-with-ecs-backend/main.d.ts

@@ -8,6 +8,7 @@ import * as iam from 'aws-cdk-lib/aws-iam';
 import * as logs from 'aws-cdk-lib/aws-logs';
 import * as route53 from 'aws-cdk-lib/aws-route53';
 import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as efs from 'aws-cdk-lib/aws-efs';
 import { Construct } from 'constructs';
 import { CommonConstruct } from '../../common';
 import { SiteWithEcsBackendProps } from '../../types';
@@ -51,6 +52,7 @@ export declare class SiteWithEcsBackend extends CommonConstruct {
     siteEcsListener: elb.ApplicationListener;
     siteEcsLoadBalancer: elb.ApplicationLoadBalancer;
     siteEcsTargetGroup: elb.ApplicationTargetGroup;
+    siteFileSystem: efs.FileSystem;
     siteLogBucket: s3.IBucket;
     siteOrigin: origins.HttpOrigin;
     siteDistribution: cloudfront.Distribution;

package/dist/src/lib/construct/site-with-ecs-backend/main.js

@@ -71,6 +71,7 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
     siteEcsListener;
     siteEcsLoadBalancer;
     siteEcsTargetGroup;
+    siteFileSystem;
     siteLogBucket;
     siteOrigin;
     siteDistribution;
@@ -270,6 +271,30 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
         this.siteEcsLoadBalancer = fargateService.loadBalancer;
         this.siteEcsTargetGroup = fargateService.targetGroup;
         fargateService.loadBalancer.logAccessLogs(this.siteLogBucket, 'alb');
+        /* if enabled, add efs with access point and mount */
+        if (this.props.siteFileSystem) {
+            this.siteFileSystem = this.efsManager.createFileSystem(`${this.id}-fs`, this, this.props.siteFileSystem, this.siteVpc, this.props.siteFileSystemAccessPoints);
+            /* allow access to EFS from Fargate ECS service */
+            this.siteFileSystem.connections.allowDefaultPortFrom(this.siteEcsService.connections);
+            /* add the efs volume to ecs task definition */
+            this.siteEcsTaskDefinition.addVolume({
+                name: `${this.id}-fs`,
+                efsVolumeConfiguration: {
+                    fileSystemId: this.siteFileSystem.fileSystemId,
+                    rootDirectory: this.props.siteFileSystem.rootDirectory,
+                    transitEncryption: this.props.siteFileSystem.transitEncryption,
+                    transitEncryptionPort: this.props.siteFileSystem.transitEncryptionPort,
+                    authorizationConfig: this.props.siteFileSystem.authorizationConfig,
+                },
+            });
+            if (this.props.siteTask.mountPoints && this.props.siteTask.mountPoints.length > 0) {
+                this.props.siteTask.mountPoints.forEach(mountPoint => this.siteEcsTaskDefinition.defaultContainer?.addMountPoints({
+                    containerPath: mountPoint.containerPath,
+                    readOnly: mountPoint.readOnly,
+                    sourceVolume: `${this.id}-fs`,
+                }));
+            }
+        }
         this.addCfnOutput(`${this.id}-loadBalancerArn`, this.siteEcsLoadBalancer.loadBalancerArn ?? '');
         this.addCfnOutput(`${this.id}-loadBalancerName`, this.siteEcsLoadBalancer.loadBalancerName ?? '');
         this.addCfnOutput(`${this.id}-loadBalancerFullName`, this.siteEcsLoadBalancer.loadBalancerFullName ?? '');

package/dist/src/lib/manager/aws/efs-manager.d.ts

@@ -0,0 +1,46 @@
+import * as common from '../../common';
+import * as types from '../../types/aws';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as efs from 'aws-cdk-lib/aws-efs';
+export declare const DEFAULT_CREATE_ACL: {
+    ownerUid: string;
+    ownerGid: string;
+    permissions: string;
+};
+export declare const DEFAULT_POSIX_USER: {
+    uid: string;
+    gid: string;
+};
+/**
+ * @stability stable
+ * @category cdk-utils.efs-manager
+ * @subcategory Construct
+ * @classdesc Provides operations on AWS Elastic File System.
+ * - A new instance of this class is injected into {@link common.CommonConstruct} constructor.
+ * - If a custom construct extends {@link common.CommonConstruct}, an instance is available within the context.
+ * @example
+ * import * as common from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends common.common.CommonConstruct {
+ *   constructor(parent: cdk.Construct, id: string, props: common.CommonStackProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.efsManager.createFileSystem('MyFileSystem', this, fileSystemProps, vpc)
+ *   }
+ * }
+ *
+ * @see [CDK EFS Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs-readme.html}
+ */
+export declare class EfsManager {
+    /**
+     * @summary Method to create an efs file system
+     * @param {string} id scoped id of the resource
+     * @param {common.CommonConstruct} scope scope in which this resource is defined
+     * @param {types.EfsFileSystemProps} props the file system props
+     * @param {ec2.IVpc} vpc the vpc to use for the file system
+     * @param {types.EfsAccessPointOptions[]} accessPointOptions optional access point configuration options for the file system
+     * @param {ec2.ISecurityGroup} securityGroup optional security groups to configure for the file system
+     * @param {ec2.SubnetSelection} vpcSubnets optional subnets to configure for the file system
+     */
+    createFileSystem(id: string, scope: common.CommonConstruct, props: types.EfsFileSystemProps, vpc: ec2.IVpc, accessPointOptions?: types.EfsAccessPointOptions[], securityGroup?: ec2.ISecurityGroup, vpcSubnets?: ec2.SubnetSelection): efs.FileSystem;
+}

package/dist/src/lib/manager/aws/efs-manager.js

@@ -0,0 +1,103 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EfsManager = exports.DEFAULT_POSIX_USER = exports.DEFAULT_CREATE_ACL = void 0;
+const efs = __importStar(require("aws-cdk-lib/aws-efs"));
+const cdk = __importStar(require("aws-cdk-lib"));
+const utils = __importStar(require("../../utils"));
+exports.DEFAULT_CREATE_ACL = {
+    ownerUid: '1000',
+    ownerGid: '1000',
+    permissions: '755',
+};
+exports.DEFAULT_POSIX_USER = {
+    uid: '1000',
+    gid: '1000',
+};
+/**
+ * @stability stable
+ * @category cdk-utils.efs-manager
+ * @subcategory Construct
+ * @classdesc Provides operations on AWS Elastic File System.
+ * - A new instance of this class is injected into {@link common.CommonConstruct} constructor.
+ * - If a custom construct extends {@link common.CommonConstruct}, an instance is available within the context.
+ * @example
+ * import * as common from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends common.common.CommonConstruct {
+ *   constructor(parent: cdk.Construct, id: string, props: common.CommonStackProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.efsManager.createFileSystem('MyFileSystem', this, fileSystemProps, vpc)
+ *   }
+ * }
+ *
+ * @see [CDK EFS Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs-readme.html}
+ */
+class EfsManager {
+    /**
+     * @summary Method to create an efs file system
+     * @param {string} id scoped id of the resource
+     * @param {common.CommonConstruct} scope scope in which this resource is defined
+     * @param {types.EfsFileSystemProps} props the file system props
+     * @param {ec2.IVpc} vpc the vpc to use for the file system
+     * @param {types.EfsAccessPointOptions[]} accessPointOptions optional access point configuration options for the file system
+     * @param {ec2.ISecurityGroup} securityGroup optional security groups to configure for the file system
+     * @param {ec2.SubnetSelection} vpcSubnets optional subnets to configure for the file system
+     */
+    createFileSystem(id, scope, props, vpc, accessPointOptions, securityGroup, vpcSubnets) {
+        if (!props)
+            throw `EFS props undefined for ${id}`;
+        const fileSystem = new efs.FileSystem(scope, `${id}`, {
+            ...props,
+            vpc,
+            securityGroup,
+            vpcSubnets,
+            fileSystemName: props.fileSystemName ? `${props.fileSystemName}-${scope.props.stage}` : undefined,
+            lifecyclePolicy: props.lifecyclePolicy ?? efs.LifecyclePolicy.AFTER_7_DAYS,
+            performanceMode: props.performanceMode ?? efs.PerformanceMode.GENERAL_PURPOSE,
+            outOfInfrequentAccessPolicy: props.outOfInfrequentAccessPolicy ?? efs.OutOfInfrequentAccessPolicy.AFTER_1_ACCESS,
+            removalPolicy: props.removalPolicy ?? cdk.RemovalPolicy.DESTROY,
+        });
+        utils.createCfnOutput(`${id}-fileSystemArn`, scope, fileSystem.fileSystemArn);
+        utils.createCfnOutput(`${id}-fileSystemId`, scope, fileSystem.fileSystemId);
+        /* provision access points if specified */
+        if (accessPointOptions && accessPointOptions.length > 0) {
+            for (const [index, accessPointOption] of accessPointOptions.entries()) {
+                if (!accessPointOption.path)
+                    throw `Undefined access point path for option: [${accessPointOption}], id: [${id}]`;
+                const accessPoint = fileSystem.addAccessPoint(`${id}-ap-${index}`, {
+                    path: accessPointOption.path,
+                    createAcl: accessPointOption.createAcl ?? exports.DEFAULT_CREATE_ACL,
+                    posixUser: accessPointOption.posixUser ?? exports.DEFAULT_POSIX_USER,
+                });
+                utils.createCfnOutput(`${id}-accessPointArn-${index}`, scope, accessPoint.accessPointArn);
+                utils.createCfnOutput(`${id}-accessPointId-${index}`, scope, accessPoint.accessPointId);
+            }
+        }
+        return fileSystem;
+    }
+}
+exports.EfsManager = EfsManager;

package/dist/src/lib/manager/aws/index.d.ts

@@ -8,6 +8,7 @@ export * from './codebuild-manager';
 export * from './dynamodb-manager';
 export * from './ecr-manager';
 export * from './ecs-manager';
+export * from './efs-manager';
 export * from './eks-manager';
 export * from './elasticache-manager';
 export * from './event-manager';

package/dist/src/lib/manager/aws/index.js

@@ -24,6 +24,7 @@ __exportStar(require("./codebuild-manager"), exports);
 __exportStar(require("./dynamodb-manager"), exports);
 __exportStar(require("./ecr-manager"), exports);
 __exportStar(require("./ecs-manager"), exports);
+__exportStar(require("./efs-manager"), exports);
 __exportStar(require("./eks-manager"), exports);
 __exportStar(require("./elasticache-manager"), exports);
 __exportStar(require("./event-manager"), exports);

package/dist/src/lib/types/aws/index.d.ts

@@ -12,6 +12,7 @@ import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns';
 import * as eks from 'aws-cdk-lib/aws-eks';
 import * as elasticache from 'aws-cdk-lib/aws-elasticache';
 import * as elb from 'aws-cdk-lib/aws-elasticloadbalancingv2';
+import * as efs from 'aws-cdk-lib/aws-efs';
 import * as events from 'aws-cdk-lib/aws-events';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as kms from 'aws-cdk-lib/aws-kms';
@@ -75,6 +76,8 @@ export interface SiteWithEcsBackendProps extends CommonStackProps {
     siteSubDomain: string;
     siteTask: EcsApplicationLoadBalancedFargateServiceProps;
     siteVpc: ec2.VpcProps;
+    siteFileSystem?: EfsFileSystemProps;
+    siteFileSystemAccessPoints?: EfsAccessPointOptions[];
     useExistingHostedZone: boolean;
     nodeEnv: string;
     logLevel: string;
@@ -589,6 +592,22 @@ export interface LogQueryWidgetProps extends watch.LogQueryWidgetProps {
     positionX: number;
     positionY: number;
 }
+/**
+ * @category cdk-utils.efs-manager
+ * @subcategory Properties
+ */
+export interface EfsFileSystemProps extends efs.FileSystemProps {
+    rootDirectory?: string;
+    transitEncryption?: string;
+    transitEncryptionPort?: number;
+    authorizationConfig?: ecs.AuthorizationConfig;
+}
+/**
+ * @category cdk-utils.efs-manager
+ * @subcategory Properties
+ */
+export interface EfsAccessPointOptions extends efs.AccessPointOptions {
+}
 /**
  * @category cdk-utils.ecs-manager
  * @subcategory Properties
@@ -609,6 +628,7 @@ export interface EcsTaskProps extends ecs.TaskDefinitionProps {
 export interface EcsApplicationLoadBalancedFargateServiceProps extends ecsPatterns.ApplicationLoadBalancedFargateServiceProps {
     healthCheck?: HealthCheck;
     logging?: ecs.AwsLogDriverProps;
+    mountPoints?: ecs.MountPoint[];
 }
 /**
  * @category cdk-utils.eks-manager

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.39.0",
+  "version": "8.41.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {
@@ -45,12 +45,12 @@
     }
   },
   "dependencies": {
-    "@types/lodash": "^4.14.191",
-    "@types/node": "^18.15.5",
+    "@types/lodash": "^4.14.192",
+    "@types/node": "^18.15.11",
     "app-root-path": "^3.1.0",
-    "aws-cdk-lib": "^2.69.0",
-    "@aws-sdk/client-secrets-manager": "^3.295.0",
-    "constructs": "^10.1.284",
+    "aws-cdk-lib": "^2.72.0",
+    "@aws-sdk/client-secrets-manager": "^3.301.0",
+    "constructs": "^10.1.296",
     "lodash": "^4.17.21",
     "moment": "^2.29.4",
     "nconf": "^0.12.0",
@@ -60,15 +60,15 @@
   "devDependencies": {
     "@babel/plugin-proposal-class-properties": "^7.18.6",
     "@types/jest": "^29.5.0",
-    "@typescript-eslint/eslint-plugin": "^5.56.0",
-    "@typescript-eslint/parser": "^5.56.0",
-    "aws-cdk": "^2.69.0",
+    "@typescript-eslint/eslint-plugin": "^5.57.0",
+    "@typescript-eslint/parser": "^5.57.0",
+    "aws-cdk": "^2.72.0",
     "babel-eslint": "^10.1.0",
     "better-docs": "^2.7.2",
     "codecov": "^3.8.3",
     "commitizen": "^4.3.0",
     "dotenv": "^16.0.3",
-    "eslint": "^8.36.0",
+    "eslint": "^8.37.0",
     "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-import": "^2.27.5",
     "husky": "^8.0.3",
@@ -78,10 +78,10 @@
     "jsdoc": "^4.0.2",
     "jsdoc-babel": "^0.5.0",
     "jsdoc-mermaid": "^1.0.0",
-    "prettier": "^2.8.6",
+    "prettier": "^2.8.7",
     "prettier-plugin-organize-imports": "^3.2.2",
-    "rimraf": "^4.4.0",
-    "semantic-release": "^20.1.3",
+    "rimraf": "^4.4.1",
+    "semantic-release": "^21.0.0",
     "taffydb": "^2.7.3",
     "ts-jest": "^29.0.5",
     "ts-node": "^10.9.1",

package/src/lib/common/construct.ts

@@ -3,6 +3,7 @@ import { Construct } from 'constructs'
 import * as aws from '../manager/aws'
 import * as types from '../types'
 import * as utils from '../utils'
+import { EfsManager } from '../manager/aws/efs-manager'
 
 /**
  * @stability stable
@@ -32,6 +33,7 @@ export class CommonConstruct extends Construct {
   dynamodbManager: aws.DynamodbManager
   ecrManager: aws.EcrManager
   ecsManager: aws.EcsManager
+  efsManager: aws.EfsManager
   eksManager: aws.EksManager
   elasticacheManager: aws.ElastiCacheManager
   eventManager: aws.EventManager
@@ -65,6 +67,7 @@ export class CommonConstruct extends Construct {
     this.dynamodbManager = new aws.DynamodbManager()
     this.ecrManager = new aws.EcrManager()
     this.ecsManager = new aws.EcsManager()
+    this.efsManager = new aws.EfsManager()
     this.eksManager = new aws.EksManager()
     this.elasticacheManager = new aws.ElastiCacheManager()
     this.eventManager = new aws.EventManager()

package/src/lib/construct/site-with-ecs-backend/main.ts

@@ -10,6 +10,7 @@ import * as iam from 'aws-cdk-lib/aws-iam'
 import * as logs from 'aws-cdk-lib/aws-logs'
 import * as route53 from 'aws-cdk-lib/aws-route53'
 import * as s3 from 'aws-cdk-lib/aws-s3'
+import * as efs from 'aws-cdk-lib/aws-efs'
 import { Construct } from 'constructs'
 import { CommonConstruct } from '../../common'
 import { SiteWithEcsBackendProps } from '../../types'
@@ -55,6 +56,7 @@ export class SiteWithEcsBackend extends CommonConstruct {
   siteEcsListener: elb.ApplicationListener
   siteEcsLoadBalancer: elb.ApplicationLoadBalancer
   siteEcsTargetGroup: elb.ApplicationTargetGroup
+  siteFileSystem: efs.FileSystem
   siteLogBucket: s3.IBucket
   siteOrigin: origins.HttpOrigin
   siteDistribution: cloudfront.Distribution
@@ -296,6 +298,42 @@ export class SiteWithEcsBackend extends CommonConstruct {
 
     fargateService.loadBalancer.logAccessLogs(this.siteLogBucket, 'alb')
 
+    /* if enabled, add efs with access point and mount */
+    if (this.props.siteFileSystem) {
+      this.siteFileSystem = this.efsManager.createFileSystem(
+        `${this.id}-fs`,
+        this,
+        this.props.siteFileSystem,
+        this.siteVpc,
+        this.props.siteFileSystemAccessPoints
+      )
+
+      /* allow access to EFS from Fargate ECS service */
+      this.siteFileSystem.connections.allowDefaultPortFrom(this.siteEcsService.connections)
+
+      /* add the efs volume to ecs task definition */
+      this.siteEcsTaskDefinition.addVolume({
+        name: `${this.id}-fs`,
+        efsVolumeConfiguration: {
+          fileSystemId: this.siteFileSystem.fileSystemId,
+          rootDirectory: this.props.siteFileSystem.rootDirectory,
+          transitEncryption: this.props.siteFileSystem.transitEncryption,
+          transitEncryptionPort: this.props.siteFileSystem.transitEncryptionPort,
+          authorizationConfig: this.props.siteFileSystem.authorizationConfig,
+        },
+      })
+
+      if (this.props.siteTask.mountPoints && this.props.siteTask.mountPoints.length > 0) {
+        this.props.siteTask.mountPoints.forEach(mountPoint =>
+          this.siteEcsTaskDefinition.defaultContainer?.addMountPoints({
+            containerPath: mountPoint.containerPath,
+            readOnly: mountPoint.readOnly,
+            sourceVolume: `${this.id}-fs`,
+          })
+        )
+      }
+    }
+
     this.addCfnOutput(`${this.id}-loadBalancerArn`, this.siteEcsLoadBalancer.loadBalancerArn ?? '')
     this.addCfnOutput(`${this.id}-loadBalancerName`, this.siteEcsLoadBalancer.loadBalancerName ?? '')
     this.addCfnOutput(`${this.id}-loadBalancerFullName`, this.siteEcsLoadBalancer.loadBalancerFullName ?? '')

package/src/lib/manager/aws/efs-manager.ts

@@ -0,0 +1,93 @@
+import * as common from '../../common'
+import * as types from '../../types/aws'
+import * as ec2 from 'aws-cdk-lib/aws-ec2'
+import * as efs from 'aws-cdk-lib/aws-efs'
+import * as cdk from 'aws-cdk-lib'
+import * as utils from '../../utils'
+
+export const DEFAULT_CREATE_ACL = {
+  ownerUid: '1000',
+  ownerGid: '1000',
+  permissions: '755',
+}
+
+export const DEFAULT_POSIX_USER = {
+  uid: '1000',
+  gid: '1000',
+}
+
+/**
+ * @stability stable
+ * @category cdk-utils.efs-manager
+ * @subcategory Construct
+ * @classdesc Provides operations on AWS Elastic File System.
+ * - A new instance of this class is injected into {@link common.CommonConstruct} constructor.
+ * - If a custom construct extends {@link common.CommonConstruct}, an instance is available within the context.
+ * @example
+ * import * as common from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends common.common.CommonConstruct {
+ *   constructor(parent: cdk.Construct, id: string, props: common.CommonStackProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.efsManager.createFileSystem('MyFileSystem', this, fileSystemProps, vpc)
+ *   }
+ * }
+ *
+ * @see [CDK EFS Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs-readme.html}
+ */
+export class EfsManager {
+  /**
+   * @summary Method to create an efs file system
+   * @param {string} id scoped id of the resource
+   * @param {common.CommonConstruct} scope scope in which this resource is defined
+   * @param {types.EfsFileSystemProps} props the file system props
+   * @param {ec2.IVpc} vpc the vpc to use for the file system
+   * @param {types.EfsAccessPointOptions[]} accessPointOptions optional access point configuration options for the file system
+   * @param {ec2.ISecurityGroup} securityGroup optional security groups to configure for the file system
+   * @param {ec2.SubnetSelection} vpcSubnets optional subnets to configure for the file system
+   */
+  public createFileSystem(
+    id: string,
+    scope: common.CommonConstruct,
+    props: types.EfsFileSystemProps,
+    vpc: ec2.IVpc,
+    accessPointOptions?: types.EfsAccessPointOptions[],
+    securityGroup?: ec2.ISecurityGroup,
+    vpcSubnets?: ec2.SubnetSelection
+  ) {
+    if (!props) throw `EFS props undefined for ${id}`
+
+    const fileSystem = new efs.FileSystem(scope, `${id}`, {
+      ...props,
+      vpc,
+      securityGroup,
+      vpcSubnets,
+      fileSystemName: props.fileSystemName ? `${props.fileSystemName}-${scope.props.stage}` : undefined,
+      lifecyclePolicy: props.lifecyclePolicy ?? efs.LifecyclePolicy.AFTER_7_DAYS,
+      performanceMode: props.performanceMode ?? efs.PerformanceMode.GENERAL_PURPOSE,
+      outOfInfrequentAccessPolicy: props.outOfInfrequentAccessPolicy ?? efs.OutOfInfrequentAccessPolicy.AFTER_1_ACCESS,
+      removalPolicy: props.removalPolicy ?? cdk.RemovalPolicy.DESTROY,
+    })
+
+    utils.createCfnOutput(`${id}-fileSystemArn`, scope, fileSystem.fileSystemArn)
+    utils.createCfnOutput(`${id}-fileSystemId`, scope, fileSystem.fileSystemId)
+
+    /* provision access points if specified */
+    if (accessPointOptions && accessPointOptions.length > 0) {
+      for (const [index, accessPointOption] of accessPointOptions.entries()) {
+        if (!accessPointOption.path) throw `Undefined access point path for option: [${accessPointOption}], id: [${id}]`
+        const accessPoint = fileSystem.addAccessPoint(`${id}-ap-${index}`, {
+          path: accessPointOption.path,
+          createAcl: accessPointOption.createAcl ?? DEFAULT_CREATE_ACL,
+          posixUser: accessPointOption.posixUser ?? DEFAULT_POSIX_USER,
+        })
+
+        utils.createCfnOutput(`${id}-accessPointArn-${index}`, scope, accessPoint.accessPointArn)
+        utils.createCfnOutput(`${id}-accessPointId-${index}`, scope, accessPoint.accessPointId)
+      }
+    }
+
+    return fileSystem
+  }
+}

package/src/lib/manager/aws/index.ts

@@ -8,6 +8,7 @@ export * from './codebuild-manager'
 export * from './dynamodb-manager'
 export * from './ecr-manager'
 export * from './ecs-manager'
+export * from './efs-manager'
 export * from './eks-manager'
 export * from './elasticache-manager'
 export * from './event-manager'

package/src/lib/types/aws/index.ts

@@ -12,6 +12,7 @@ import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'
 import * as eks from 'aws-cdk-lib/aws-eks'
 import * as elasticache from 'aws-cdk-lib/aws-elasticache'
 import * as elb from 'aws-cdk-lib/aws-elasticloadbalancingv2'
+import * as efs from 'aws-cdk-lib/aws-efs'
 import * as events from 'aws-cdk-lib/aws-events'
 import * as iam from 'aws-cdk-lib/aws-iam'
 import * as kms from 'aws-cdk-lib/aws-kms'
@@ -78,6 +79,8 @@ export interface SiteWithEcsBackendProps extends CommonStackProps {
   siteSubDomain: string
   siteTask: EcsApplicationLoadBalancedFargateServiceProps
   siteVpc: ec2.VpcProps
+  siteFileSystem?: EfsFileSystemProps
+  siteFileSystemAccessPoints?: EfsAccessPointOptions[]
   useExistingHostedZone: boolean
   nodeEnv: string
   logLevel: string
@@ -625,6 +628,23 @@ export interface LogQueryWidgetProps extends watch.LogQueryWidgetProps {
   positionY: number
 }
 
+/**
+ * @category cdk-utils.efs-manager
+ * @subcategory Properties
+ */
+export interface EfsFileSystemProps extends efs.FileSystemProps {
+  rootDirectory?: string
+  transitEncryption?: string
+  transitEncryptionPort?: number
+  authorizationConfig?: ecs.AuthorizationConfig
+}
+
+/**
+ * @category cdk-utils.efs-manager
+ * @subcategory Properties
+ */
+export interface EfsAccessPointOptions extends efs.AccessPointOptions {}
+
 /**
  * @category cdk-utils.ecs-manager
  * @subcategory Properties
@@ -647,6 +667,7 @@ export interface EcsApplicationLoadBalancedFargateServiceProps
   extends ecsPatterns.ApplicationLoadBalancedFargateServiceProps {
   healthCheck?: HealthCheck
   logging?: ecs.AwsLogDriverProps
+  mountPoints?: ecs.MountPoint[]
 }
 
 /**