dcl-ops-lib 6.0.10 → 6.0.12

package/acceptAlb.js

@@ -13,7 +13,7 @@ function makeSecurityGroupAccessibleFromSharedAlb(securityGroup, ruleName = "")
         fromPort: 65000,
         toPort: 0,
         protocol: "-1",
-        type: "egress",
+        type: "ingress",
     }, { deleteBeforeReplace: true });
 }
 exports.makeSecurityGroupAccessibleFromSharedAlb = makeSecurityGroupAccessibleFromSharedAlb;

package/accessTheInternet.js

@@ -15,7 +15,7 @@ const cloudflare = require("@pulumi/cloudflare");
 const utils_1 = require("./utils");
 /** Enables egress traffic to 0.0.0.0/0/all */
 function makeSecurityGroupAccessTheInternetV2(securityGroup, ruleName = "") {
-    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("access-internet-v2", ruleName), {
+    new aws.ec2.SecurityGroupRule((0, utils_1.withRuleName)("access-the-internet-v2", ruleName), {
         description: `Allow access to the internet`,
         securityGroupId: securityGroup.id,
         cidrBlocks: ["0.0.0.0/0"],

package/alb.js

@@ -23,8 +23,8 @@ const cache = {
 };
 exports.getAlb = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
     const dns = yield supra_1.supra.getOutputValue("dns");
-    const loadBalancer = yield supra_1.supra.getOutputValue("albInstance");
-    const elbValues = yield supra_1.supra.getOutputValue("elbValues");
+    const loadBalancer = yield supra_1.supra.requireOutputValue("albInstance");
+    const elbValues = yield supra_1.supra.requireOutputValue("elbValues");
     const alb = yield aws.lb.getLoadBalancer({ arn: loadBalancer.arn });
     const listener = yield aws.lb.getListener({ arn: elbValues.listenerArn });
     return { dns, alb, listener };

package/createFargateTask.d.ts

@@ -96,5 +96,6 @@ export type InternalServiceOptions = {
     dependsOn?: pulumi.Resource[];
     volumes?: pulumi.Input<aws.types.input.ecs.TaskDefinitionVolume[]>;
     team: string;
+    targetGroups: aws.alb.TargetGroup[];
 };
 export declare function createInternalService(config: InternalServiceOptions): Promise<import("@pulumi/aws/ecs/service").Service>;

package/createFargateTask.js

@@ -64,6 +64,11 @@ function getFargateExecutionRole(name, policyArnNamedMap) {
     const dependsOn = Object.values(policyArnNamedMap).filter(($) => $ instanceof pulumi.Resource);
     const role = new aws.iam.Role(name, { assumeRolePolicy }, { dependsOn });
     const policies = [];
+    // Default execution policy
+    policies.push(new aws.iam.RolePolicyAttachment(`${name}-default-execution-policy`, {
+        policyArn: "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+        role
+    }));
     Object.entries(policyArnNamedMap).forEach(([key, policyArn]) => {
         if (policyArn instanceof aws.iam.Policy) {
             policies.push(new aws.iam.RolePolicyAttachment(`${name}-${key}`, { role, policyArn: policyArn.arn }, { parent: role }));
@@ -196,6 +201,7 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
         (0, accessTheInternet_1.makeSecurityGroupAccessTheInternetV2)(taskSecurityGroup, serviceName);
         // make the container fully accessible from the bastion of the environment
         (0, acceptBastion_1.makeSecurityGroupAccessibleFromBastion)(taskSecurityGroup, serviceName);
+        const targetGroups = [];
         if (dontExpose) {
             const service = yield createInternalService({
                 serviceName,
@@ -222,6 +228,7 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
                 dependsOn,
                 volumes,
                 team,
+                targetGroups
             });
             return {
                 service,
@@ -229,10 +236,10 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
             };
         }
         const exposed = yield (0, exposePublicService_1.exposePublicService)(`${serviceName}-${version}`, hostname, dockerListeningPort, healthCheck, vpc.id, options.extraExposedServiceOptions, deregistrationDelay);
-        const extraALBMappingsExposed = [];
+        targetGroups.push(exposed.targetGroup);
         for (let extraALBMapping of extraALBMappings) {
             const exposedExtra = yield (0, exposePublicService_1.exposePublicService)(`${serviceName}-${extraALBMapping.dockerListeningPort}-${version}`, extraALBMapping.domain, extraALBMapping.dockerListeningPort, extraALBMapping.healthCheck, vpc.id, extraALBMapping.extraExposedServiceOptions);
-            extraALBMappingsExposed.push(exposedExtra.targetGroup);
+            targetGroups.push(exposedExtra.targetGroup);
             extraPortMappings.push({
                 containerPort: extraALBMapping.dockerListeningPort,
                 hostPort: extraALBMapping.dockerListeningPort,
@@ -268,14 +275,16 @@ function createFargateTask(serviceName, dockerImage, dockerListeningPort, enviro
             dependsOn,
             volumes,
             team,
+            targetGroups
         });
         return { endpoint: `https://${hostname}/`, service, exposed };
     });
 }
 exports.createFargateTask = createFargateTask;
 function createInternalService(config) {
+    var _a, _b;
     return __awaiter(this, void 0, void 0, function* () {
-        let { serviceName, cluster, securityGroups, ignoreServiceDiscovery, serviceDiscoveryPort, desiredCount, executionRole, taskRole, containerInfo, assignPublicIp, dependsOn, volumes, team, } = config;
+        let { serviceName, cluster, securityGroups, ignoreServiceDiscovery, serviceDiscoveryPort, desiredCount, executionRole, taskRole, containerInfo, assignPublicIp, dependsOn, volumes, team, targetGroups } = config;
         if (!desiredCount)
             desiredCount = 1;
         assignPublicIp = !!assignPublicIp;
@@ -306,6 +315,9 @@ function createInternalService(config) {
             taskRoleArn: taskRole === null || taskRole === void 0 ? void 0 : taskRole.arn,
             tags: { ServiceName: serviceName, Team: team },
             containerDefinitions: JSON.stringify([Object.assign(Object.assign({}, containerInfo), { logConfiguration: (0, exports.getDefaultLogs)(serviceName, logGroup) })]),
+            cpu: (_a = containerInfo.cpu) === null || _a === void 0 ? void 0 : _a.toString(),
+            memory: (_b = containerInfo.memoryReservation) === null || _b === void 0 ? void 0 : _b.toString(),
+            requiresCompatibilities: ["FARGATE"],
             networkMode: "awsvpc",
             volumes: volumes,
             family: (0, stack_1.getStackScopedName)(serviceName),
@@ -316,13 +328,20 @@ function createInternalService(config) {
             networkConfiguration: {
                 subnets: yield (0, network_1.getPrivateSubnetIds)(),
                 securityGroups: securityGroups,
-                assignPublicIp
             },
             serviceRegistries,
             desiredCount,
+            launchType: "FARGATE",
             enableEcsManagedTags: true,
             waitForSteadyState: false,
             taskDefinition: taskDefinition.arn,
+            loadBalancers: [
+                ...targetGroups.map((tg) => ({
+                    targetGroupArn: tg.arn,
+                    containerName: serviceName,
+                    containerPort: serviceDiscoveryPort,
+                }))
+            ]
         }, Object.assign(Object.assign({}, extraOpts), { dependsOn }));
     });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dcl-ops-lib",
-  "version": "6.0.10",
+  "version": "6.0.12",
   "scripts": {
     "build": "tsc && cp bin/* . && node test.js",
     "clean": "rm *.d.ts *.js *.js.map"

package/prometheus.js

@@ -29,7 +29,7 @@ function makeSecurityGroupAccessibleByPrometheus(securityGroup, fromPort = 0, to
         fromPort,
         toPort,
         protocol: "tcp",
-        type: "egress",
+        type: "ingress",
         securityGroupId: securityGroup.id,
     }, { deleteBeforeReplace: true });
 }