@gradientedge/cdk-utils 8.71.0 → 8.72.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/src/lib/construct/site-with-ecs-backend/main.js +5 -1
  2. package/dist/src/lib/manager/aws/iam-manager.d.ts +6 -0
  3. package/dist/src/lib/manager/aws/iam-manager.js +12 -0
  4. package/package.json +1 -1
  5. package/src/lib/construct/site-with-ecs-backend/main.ts +8 -1
  6. package/src/lib/manager/aws/iam-manager.ts +13 -0
package/dist/src/lib/construct/site-with-ecs-backend/main.js CHANGED
@@ -232,7 +232,9 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
232
232
  enableECSManagedTags: true,
233
233
  serviceName: `${this.id}-${this.props.stage}`,
234
234
  cpu: this.props.siteTask.cpu,
235
- loadBalancerName: `${this.id}-${this.props.stage}`,
235
+ loadBalancerName: this.props.siteTask.loadBalancerName
236
+ ? `${this.props.siteTask.loadBalancerName}-${this.props.stage}`
237
+ : `${this.id}-${this.props.stage}`,
236
238
  certificate: this.siteRegionalCertificate,
237
239
  domainName: this.siteInternalDomainName,
238
240
  domainZone: this.siteHostedZone,
@@ -310,6 +312,8 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
310
312
  /* allow access to/from EFS from Fargate ECS service */
311
313
  this.siteFileSystem.connections.allowDefaultPortFrom(this.siteEcsService.connections);
312
314
  this.siteFileSystem.connections.allowDefaultPortTo(this.siteEcsService.connections);
315
+ /* add EFS permissions to ECS Role */
316
+ this.siteEcsRole.addToPolicy(new iam.PolicyStatement(this.iamManager.statementForWriteEfs([this.siteFileSystem.fileSystemArn])));
313
317
  /* add the efs volume to ecs task definition */
314
318
  this.siteEcsTaskDefinition.addVolume({
315
319
  name: `${this.id}-fs`,
package/dist/src/lib/manager/aws/iam-manager.d.ts CHANGED
@@ -100,6 +100,12 @@ export declare class IamManager {
100
100
  * @param {string[]} resourceArns list of ARNs to allow access to
101
101
  */
102
102
  statementForCloudfrontInvalidation(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
103
+ /**
104
+ * @summary Method to create iam statement to access efs
105
+ * @param {common.CommonConstruct} scope scope in which this resource is defined
106
+ * @param {string[]} resourceArns list of ARNs to allow access to
107
+ */
108
+ statementForWriteEfs(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
103
109
  /**
104
110
  * @summary Method to create iam policy to invalidate cloudfront cache
105
111
  * @param {string[]} resourceArns list of ARNs to allow access to
package/dist/src/lib/manager/aws/iam-manager.js CHANGED
@@ -214,6 +214,18 @@ class IamManager {
214
214
  resources: resourceArns ?? ['*'],
215
215
  });
216
216
  }
217
+ /**
218
+ * @summary Method to create iam statement to access efs
219
+ * @param {common.CommonConstruct} scope scope in which this resource is defined
220
+ * @param {string[]} resourceArns list of ARNs to allow access to
221
+ */
222
+ statementForWriteEfs(resourceArns) {
223
+ return new iam.PolicyStatement({
224
+ effect: iam.Effect.ALLOW,
225
+ actions: ['elasticfilesystem:*'],
226
+ resources: resourceArns ?? ['*'],
227
+ });
228
+ }
217
229
  /**
218
230
  * @summary Method to create iam policy to invalidate cloudfront cache
219
231
  * @param {string[]} resourceArns list of ARNs to allow access to
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gradientedge/cdk-utils",
3
- "version": "8.71.0",
3
+ "version": "8.72.0",
4
4
  "description": "Utilities for AWS CDK provisioning",
5
5
  "main": "dist/index.js",
6
6
  "engines": {
package/src/lib/construct/site-with-ecs-backend/main.ts CHANGED
@@ -261,7 +261,9 @@ export class SiteWithEcsBackend extends CommonConstruct {
261
261
  enableECSManagedTags: true,
262
262
  serviceName: `${this.id}-${this.props.stage}`,
263
263
  cpu: this.props.siteTask.cpu,
264
- loadBalancerName: `${this.id}-${this.props.stage}`,
264
+ loadBalancerName: this.props.siteTask.loadBalancerName
265
+ ? `${this.props.siteTask.loadBalancerName}-${this.props.stage}`
266
+ : `${this.id}-${this.props.stage}`,
265
267
  certificate: this.siteRegionalCertificate,
266
268
  domainName: this.siteInternalDomainName,
267
269
  domainZone: this.siteHostedZone,
@@ -356,6 +358,11 @@ export class SiteWithEcsBackend extends CommonConstruct {
356
358
  this.siteFileSystem.connections.allowDefaultPortFrom(this.siteEcsService.connections)
357
359
  this.siteFileSystem.connections.allowDefaultPortTo(this.siteEcsService.connections)
358
360
 
361
+ /* add EFS permissions to ECS Role */
362
+ this.siteEcsRole.addToPolicy(
363
+ new iam.PolicyStatement(this.iamManager.statementForWriteEfs([this.siteFileSystem.fileSystemArn]))
364
+ )
365
+
359
366
  /* add the efs volume to ecs task definition */
360
367
  this.siteEcsTaskDefinition.addVolume({
361
368
  name: `${this.id}-fs`,
package/src/lib/manager/aws/iam-manager.ts CHANGED
@@ -208,6 +208,19 @@ export class IamManager {
208
208
  })
209
209
  }
210
210
 
211
+ /**
212
+ * @summary Method to create iam statement to access efs
213
+ * @param {common.CommonConstruct} scope scope in which this resource is defined
214
+ * @param {string[]} resourceArns list of ARNs to allow access to
215
+ */
216
+ public statementForWriteEfs(resourceArns?: string[]) {
217
+ return new iam.PolicyStatement({
218
+ effect: iam.Effect.ALLOW,
219
+ actions: ['elasticfilesystem:*'],
220
+ resources: resourceArns ?? ['*'],
221
+ })
222
+ }
223
+
211
224
  /**
212
225
  * @summary Method to create iam policy to invalidate cloudfront cache
213
226
  * @param {string[]} resourceArns list of ARNs to allow access to