@gradientedge/cdk-utils 8.70.0 → 8.72.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/src/lib/construct/site-with-ecs-backend/main.js +9 -4
  2. package/dist/src/lib/manager/aws/iam-manager.d.ts +6 -0
  3. package/dist/src/lib/manager/aws/iam-manager.js +12 -0
  4. package/package.json +1 -1
  5. package/src/lib/construct/site-with-ecs-backend/main.ts +12 -4
  6. package/src/lib/manager/aws/iam-manager.ts +13 -0
package/dist/src/lib/construct/site-with-ecs-backend/main.js CHANGED
@@ -146,9 +146,10 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
146
146
  */
147
147
  resolveSiteDomainNames() {
148
148
  /* the internal domain name used by ELB */
149
- this.siteInternalDomainName = this.isProductionStage()
150
- ? `${this.props.siteSubDomain}-internal.${this.fullyQualifiedDomainName}`
151
- : `${this.props.siteSubDomain}-internal-${this.props.stage}.${this.fullyQualifiedDomainName}`;
149
+ this.siteInternalDomainName =
150
+ this.isProductionStage() || this.props.skipStageForARecords
151
+ ? `${this.props.siteSubDomain}-internal.${this.fullyQualifiedDomainName}`
152
+ : `${this.props.siteSubDomain}-internal-${this.props.stage}.${this.fullyQualifiedDomainName}`;
152
153
  /* the external domain name exposed to CloudFront */
153
154
  this.siteExternalDomainName =
154
155
  this.isProductionStage() || this.props.skipStageForARecords
@@ -231,7 +232,9 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
231
232
  enableECSManagedTags: true,
232
233
  serviceName: `${this.id}-${this.props.stage}`,
233
234
  cpu: this.props.siteTask.cpu,
234
- loadBalancerName: `${this.id}-${this.props.stage}`,
235
+ loadBalancerName: this.props.siteTask.loadBalancerName
236
+ ? `${this.props.siteTask.loadBalancerName}-${this.props.stage}`
237
+ : `${this.id}-${this.props.stage}`,
235
238
  certificate: this.siteRegionalCertificate,
236
239
  domainName: this.siteInternalDomainName,
237
240
  domainZone: this.siteHostedZone,
@@ -309,6 +312,8 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
309
312
  /* allow access to/from EFS from Fargate ECS service */
310
313
  this.siteFileSystem.connections.allowDefaultPortFrom(this.siteEcsService.connections);
311
314
  this.siteFileSystem.connections.allowDefaultPortTo(this.siteEcsService.connections);
315
+ /* add EFS permissions to ECS Role */
316
+ this.siteEcsRole.addToPolicy(new iam.PolicyStatement(this.iamManager.statementForWriteEfs([this.siteFileSystem.fileSystemArn])));
312
317
  /* add the efs volume to ecs task definition */
313
318
  this.siteEcsTaskDefinition.addVolume({
314
319
  name: `${this.id}-fs`,
package/dist/src/lib/manager/aws/iam-manager.d.ts CHANGED
@@ -100,6 +100,12 @@ export declare class IamManager {
100
100
  * @param {string[]} resourceArns list of ARNs to allow access to
101
101
  */
102
102
  statementForCloudfrontInvalidation(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
103
+ /**
104
+ * @summary Method to create iam statement to access efs
105
+ * @param {common.CommonConstruct} scope scope in which this resource is defined
106
+ * @param {string[]} resourceArns list of ARNs to allow access to
107
+ */
108
+ statementForWriteEfs(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
103
109
  /**
104
110
  * @summary Method to create iam policy to invalidate cloudfront cache
105
111
  * @param {string[]} resourceArns list of ARNs to allow access to
package/dist/src/lib/manager/aws/iam-manager.js CHANGED
@@ -214,6 +214,18 @@ class IamManager {
214
214
  resources: resourceArns ?? ['*'],
215
215
  });
216
216
  }
217
+ /**
218
+ * @summary Method to create iam statement to access efs
219
+ * @param {common.CommonConstruct} scope scope in which this resource is defined
220
+ * @param {string[]} resourceArns list of ARNs to allow access to
221
+ */
222
+ statementForWriteEfs(resourceArns) {
223
+ return new iam.PolicyStatement({
224
+ effect: iam.Effect.ALLOW,
225
+ actions: ['elasticfilesystem:*'],
226
+ resources: resourceArns ?? ['*'],
227
+ });
228
+ }
217
229
  /**
218
230
  * @summary Method to create iam policy to invalidate cloudfront cache
219
231
  * @param {string[]} resourceArns list of ARNs to allow access to
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gradientedge/cdk-utils",
3
- "version": "8.70.0",
3
+ "version": "8.72.0",
4
4
  "description": "Utilities for AWS CDK provisioning",
5
5
  "main": "dist/index.js",
6
6
  "engines": {
package/src/lib/construct/site-with-ecs-backend/main.ts CHANGED
@@ -159,9 +159,10 @@ export class SiteWithEcsBackend extends CommonConstruct {
159
159
  */
160
160
  protected resolveSiteDomainNames() {
161
161
  /* the internal domain name used by ELB */
162
- this.siteInternalDomainName = this.isProductionStage()
163
- ? `${this.props.siteSubDomain}-internal.${this.fullyQualifiedDomainName}`
164
- : `${this.props.siteSubDomain}-internal-${this.props.stage}.${this.fullyQualifiedDomainName}`
162
+ this.siteInternalDomainName =
163
+ this.isProductionStage() || this.props.skipStageForARecords
164
+ ? `${this.props.siteSubDomain}-internal.${this.fullyQualifiedDomainName}`
165
+ : `${this.props.siteSubDomain}-internal-${this.props.stage}.${this.fullyQualifiedDomainName}`
165
166
 
166
167
  /* the external domain name exposed to CloudFront */
167
168
  this.siteExternalDomainName =
@@ -260,7 +261,9 @@ export class SiteWithEcsBackend extends CommonConstruct {
260
261
  enableECSManagedTags: true,
261
262
  serviceName: `${this.id}-${this.props.stage}`,
262
263
  cpu: this.props.siteTask.cpu,
263
- loadBalancerName: `${this.id}-${this.props.stage}`,
264
+ loadBalancerName: this.props.siteTask.loadBalancerName
265
+ ? `${this.props.siteTask.loadBalancerName}-${this.props.stage}`
266
+ : `${this.id}-${this.props.stage}`,
264
267
  certificate: this.siteRegionalCertificate,
265
268
  domainName: this.siteInternalDomainName,
266
269
  domainZone: this.siteHostedZone,
@@ -355,6 +358,11 @@ export class SiteWithEcsBackend extends CommonConstruct {
355
358
  this.siteFileSystem.connections.allowDefaultPortFrom(this.siteEcsService.connections)
356
359
  this.siteFileSystem.connections.allowDefaultPortTo(this.siteEcsService.connections)
357
360
 
361
+ /* add EFS permissions to ECS Role */
362
+ this.siteEcsRole.addToPolicy(
363
+ new iam.PolicyStatement(this.iamManager.statementForWriteEfs([this.siteFileSystem.fileSystemArn]))
364
+ )
365
+
358
366
  /* add the efs volume to ecs task definition */
359
367
  this.siteEcsTaskDefinition.addVolume({
360
368
  name: `${this.id}-fs`,
package/src/lib/manager/aws/iam-manager.ts CHANGED
@@ -208,6 +208,19 @@ export class IamManager {
208
208
  })
209
209
  }
210
210
 
211
+ /**
212
+ * @summary Method to create iam statement to access efs
213
+ * @param {common.CommonConstruct} scope scope in which this resource is defined
214
+ * @param {string[]} resourceArns list of ARNs to allow access to
215
+ */
216
+ public statementForWriteEfs(resourceArns?: string[]) {
217
+ return new iam.PolicyStatement({
218
+ effect: iam.Effect.ALLOW,
219
+ actions: ['elasticfilesystem:*'],
220
+ resources: resourceArns ?? ['*'],
221
+ })
222
+ }
223
+
211
224
  /**
212
225
  * @summary Method to create iam policy to invalidate cloudfront cache
213
226
  * @param {string[]} resourceArns list of ARNs to allow access to