konokenj.cdk-api-mcp-server 0.48.0__py3-none-any.whl → 0.57.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- cdk_api_mcp_server/__about__.py +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-amplify-alpha/README.md +12 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-agentcore-alpha/README.md +1979 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-alpha/README.md +2 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/README.md +156 -69
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-imagebuilder-alpha/README.md +656 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-lambda-go-alpha/README.md +102 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-msk-alpha/README.md +38 -8
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-sagemaker-alpha/README.md +32 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/mixins-preview/README.md +182 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/README.md/README.md +2 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/README.md +34 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.api-with-authorizer-and-proxy.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.lambda-api.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.lambda-permission-consolidation.ts +55 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.spec-restapi.ts +1 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/README.md +93 -81
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/integ.stage.ts +20 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-authorizers/integ.iam.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-authorizers/integ.lambda.ts +2 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-authorizers/integ.user-pool.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/README.md +35 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.add-subroute-integration.ts +7 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.http-proxy.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda-connect-disconnect-trigger.ts +2 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda-permission-consolidation.ts +45 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda-proxy.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda.ts +4 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-appsync/integ.graphql-lambda-permission.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-appsync/integ.js-resolver.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/README.md +15 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/integ.managed-compute-environment-default-instance-class.ts +20 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/integ.core-custom-resources-node-18.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/integ.core-custom-resources-service-timeout.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/README.md +33 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/integ.function-url-origin-ip-address-type.ts +84 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/integ.origin-response-completion-timeout.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudtrail/integ.cloudtrail-data-events-only.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/README.md +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/integ.anomaly-detection-alarm.ts +44 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/README.md +0 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codepipeline-actions/integ.pipeline-elastic-beanstalk-deploy.ts +4 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cognito/README.md +2 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/README.md +125 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md +45 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.add-to-resource-policy.ts +97 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.compound.ts +32 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.policy.ts +21 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2.compound.ts +43 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/README.md +16 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.client-vpn-endpoint-disconnect-on-session-timeout.ts +65 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.vpc-flow-logs.ts +4 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr/README.md +41 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr/integ.tag-mutability-exclusion.ts +30 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/README.md +47 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts +5 -3
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-no-default-capacity-provider.ts +107 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts +32 -8
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-fargate-service-public-private-switch.ts +45 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md +103 -83
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-al2023-nodegroup.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-removal-policy.ts +31 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.fargate-cluster.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/README.md +34 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.alb-lambda-multi-value-headers.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.alb.oidc.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.nlb.security-group.ts +70 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2-actions/integ.cognito.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/README.md +22 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.firehose-delivery-stream.ts +51 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.managed-policy.ts +9 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.policy.ts +9 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesis/README.md +42 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesis/integ.stream-shard-level-monitoring.ts +47 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/README.md +156 -3
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.cloudwatch-logs-processors.ts +45 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.record-format-conversion-schema.ts +154 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.record-format-conversion.ts +178 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/README.md +39 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.binary-payload.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.logging-config.ts +8 -8
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.multi-tenancy.ts +24 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.params-and-secrets.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime-management.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime.fromasset.ts +19 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime.inlinecode.ts +11 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/integ.dependencies-pnpm.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/integ.function-exclude-smithy-models.ts +2 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/integ.nodejs.build.images.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/README.md +4 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.metricfilter-apply-on-transformed-logs.ts +29 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.subscriptionfilter.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-opensearchservice/integ.opensearch.ebs.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-opensearchservice/integ.opensearch.min.ts +1 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/README.md +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-cloudwatch-logs-exports.ts +56 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-data-api-to-imported-cluster.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-data-api.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/README.md +44 -31
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.private-hosted-zone-from-attributes.ts +41 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.zone-delegation-iam-stack.ts +66 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/README.md +65 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-big-response.ts +17 -6
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cloudfront.ts +20 -18
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-nested-stack-source.ts +7 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-stack-source.ts +6 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-stack-ssm-source.ts +7 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-data.ts +99 -59
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-deployed-bucket.ts +10 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-large-file.ts +23 -12
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-loggroup.ts +7 -2
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-efs.ts +77 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-empty.ts +69 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-multiple.ts +89 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-single.ts +77 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-signcontent.ts +11 -7
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-substitution-with-destination-key.ts +15 -8
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-substitution-with-role.ts +29 -14
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-substitution.ts +16 -8
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-basic.ts +65 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-config.ts +66 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-custom-subnets.ts +66 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-efs.ts +66 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-security-groups.ts +72 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-subnet-selection.ts +70 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment.ts +47 -69
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-secretsmanager/integ.secret.dynamic-reference-key.ts +38 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions/integ.sm-jsonpath-with-distributed-map-jsonata.ts +105 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/README.md +15 -4
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.call-aws-service-cross-region-lambda.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-arm64.ts +27 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-default.ts +25 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-mixed-arch.ts +35 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-x86.ts +27 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.invoke-json-path.ts +102 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/README.md +17 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary-runtime-validation.ts +43 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary.ts +2 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/README.md +56 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.aws-custom-resource.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.custom-resource-config-lambda-node-runtime.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.external-id.ts +80 -0
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.invoke-function-payload.ts +1 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +71 -10
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md +32 -1
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/interfaces/README.md +33 -0
- {konokenj_cdk_api_mcp_server-0.48.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/METADATA +2 -2
- {konokenj_cdk_api_mcp_server-0.48.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/RECORD +151 -106
- cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.kinesis-firehose-stream.ts +0 -33
- {konokenj_cdk_api_mcp_server-0.48.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/WHEEL +0 -0
- {konokenj_cdk_api_mcp_server-0.48.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/entry_points.txt +0 -0
- {konokenj_cdk_api_mcp_server-0.48.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/licenses/LICENSE.txt +0 -0
|
@@ -1306,6 +1306,21 @@ const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
|
|
|
1306
1306
|
});
|
|
1307
1307
|
```
|
|
1308
1308
|
|
|
1309
|
+
To control whether clients are automatically disconnected when the maximum session duration is reached, use the `disconnectOnSessionTimeout` prop.
|
|
1310
|
+
By default (`true`), clients are disconnected and must manually reconnect.
|
|
1311
|
+
Set to `false` to allow automatic reconnection attempts:
|
|
1312
|
+
|
|
1313
|
+
```ts fixture=client-vpn
|
|
1314
|
+
const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
|
|
1315
|
+
cidr: '10.100.0.0/16',
|
|
1316
|
+
serverCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id',
|
|
1317
|
+
clientCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/client-certificate-id',
|
|
1318
|
+
disconnectOnSessionTimeout: false, // Allow automatic reconnection attempts
|
|
1319
|
+
});
|
|
1320
|
+
```
|
|
1321
|
+
|
|
1322
|
+
Detail information about maximum VPN session duration timeout can be found in the [AWS documentation](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html).
|
|
1323
|
+
|
|
1309
1324
|
## Instances
|
|
1310
1325
|
|
|
1311
1326
|
You can use the `Instance` class to start up a single EC2 instance. For production setups, we recommend
|
|
@@ -1892,7 +1907,7 @@ You can configure [tag propagation on volume creation](https://docs.aws.amazon.c
|
|
|
1892
1907
|
|
|
1893
1908
|
#### Throughput on GP3 Volumes
|
|
1894
1909
|
|
|
1895
|
-
You can specify the `throughput` of a GP3 volume from 125 (default) to
|
|
1910
|
+
You can specify the `throughput` of a GP3 volume from 125 (default) to 2000.
|
|
1896
1911
|
|
|
1897
1912
|
```ts
|
|
1898
1913
|
new ec2.Volume(this, 'Volume', {
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { App, RemovalPolicy, Stack, StackProps, UnscopedValidationError } from 'aws-cdk-lib';
|
|
2
|
+
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
|
|
3
|
+
import * as ec2 from 'aws-cdk-lib/aws-ec2';
|
|
4
|
+
import * as logs from 'aws-cdk-lib/aws-logs';
|
|
5
|
+
import * as route53 from 'aws-cdk-lib/aws-route53';
|
|
6
|
+
import { IntegTest } from '@aws-cdk/integ-tests-alpha';
|
|
7
|
+
import { Construct } from 'constructs';
|
|
8
|
+
|
|
9
|
+
/**
|
|
10
|
+
* In order to test this you need to have a valid public hosted zone that you can use
|
|
11
|
+
* to validate the domain identity.
|
|
12
|
+
*/
|
|
13
|
+
const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID;
|
|
14
|
+
if (!hostedZoneId) throw new UnscopedValidationError('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.');
|
|
15
|
+
const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME;
|
|
16
|
+
if (!hostedZoneName) throw new UnscopedValidationError('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.');
|
|
17
|
+
|
|
18
|
+
interface TestStackProps extends StackProps {
|
|
19
|
+
hostedZoneId: string;
|
|
20
|
+
hostedZoneName: string;
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
class TestStack extends Stack {
|
|
24
|
+
constructor(scope: Construct, id: string, props: TestStackProps) {
|
|
25
|
+
super(scope, id, props);
|
|
26
|
+
|
|
27
|
+
const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
|
|
28
|
+
hostedZoneId: props.hostedZoneId,
|
|
29
|
+
zoneName: props.hostedZoneName,
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
const serverCertificate = new acm.Certificate(this, 'Certificate', {
|
|
33
|
+
domainName: `server.${props.hostedZoneName}`,
|
|
34
|
+
validation: acm.CertificateValidation.fromDns(hostedZone),
|
|
35
|
+
});
|
|
36
|
+
const clientCertificate = new acm.Certificate(this, 'ClientCertificate', {
|
|
37
|
+
domainName: `client.${props.hostedZoneName}`,
|
|
38
|
+
validation: acm.CertificateValidation.fromDns(hostedZone),
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 2, natGateways: 0 });
|
|
42
|
+
|
|
43
|
+
const logGroup = new logs.LogGroup(this, 'LogGroup', {
|
|
44
|
+
removalPolicy: RemovalPolicy.DESTROY,
|
|
45
|
+
});
|
|
46
|
+
|
|
47
|
+
vpc.addClientVpnEndpoint('Endpoint', {
|
|
48
|
+
cidr: '10.100.0.0/16',
|
|
49
|
+
serverCertificateArn: serverCertificate.certificateArn,
|
|
50
|
+
clientCertificateArn: clientCertificate.certificateArn,
|
|
51
|
+
logGroup,
|
|
52
|
+
disconnectOnSessionTimeout: false,
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
const app = new App();
|
|
58
|
+
new IntegTest(app, 'client-vpn-endpoint-integ', {
|
|
59
|
+
testCases: [
|
|
60
|
+
new TestStack(app, 'client-vpn-endpoint-stack', {
|
|
61
|
+
hostedZoneId,
|
|
62
|
+
hostedZoneName,
|
|
63
|
+
}),
|
|
64
|
+
],
|
|
65
|
+
});
|
|
@@ -72,6 +72,10 @@ class TestStack extends Stack {
|
|
|
72
72
|
destination: FlowLogDestination.toS3(),
|
|
73
73
|
});
|
|
74
74
|
|
|
75
|
+
vpc.addFlowLog('FlowLogsCloudwatch', {
|
|
76
|
+
destination: FlowLogDestination.toCloudWatchLogs(),
|
|
77
|
+
});
|
|
78
|
+
|
|
75
79
|
const bucket = new s3.Bucket(this, 'Bucket', {
|
|
76
80
|
removalPolicy: RemovalPolicy.DESTROY,
|
|
77
81
|
autoDeleteObjects: true,
|
|
@@ -121,12 +121,51 @@ By using these methods, you can grant specific operational permissions on the EC
|
|
|
121
121
|
|
|
122
122
|
### Image tag immutability
|
|
123
123
|
|
|
124
|
-
You can set tag immutability on images in
|
|
124
|
+
You can set tag immutability on images in your repository using the `imageTagMutability` construct prop.
|
|
125
125
|
|
|
126
126
|
```ts
|
|
127
127
|
new ecr.Repository(this, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });
|
|
128
128
|
```
|
|
129
129
|
|
|
130
|
+
#### Image tag mutability with exclusion filters
|
|
131
|
+
|
|
132
|
+
ECR supports more granular control over image tag mutability by allowing you to specify exclusion filters. This enables you to make your repository immutable while allowing specific tag patterns to remain mutable (or vice versa).
|
|
133
|
+
|
|
134
|
+
There are two new mutability options that work with exclusion filters:
|
|
135
|
+
|
|
136
|
+
- `MUTABLE_WITH_EXCLUSION`: Tags are mutable by default, except those matching the exclusion filters
|
|
137
|
+
- `IMMUTABLE_WITH_EXCLUSION`: Tags are immutable by default, except those matching the exclusion filters
|
|
138
|
+
|
|
139
|
+
Use `ImageTagMutabilityExclusionFilter.wildcard()` to create filters with wildcard patterns:
|
|
140
|
+
|
|
141
|
+
```ts
|
|
142
|
+
// Make all tags immutable except for those starting with 'dev-' or 'test-'
|
|
143
|
+
new ecr.Repository(this, 'Repo', {
|
|
144
|
+
imageTagMutability: ecr.TagMutability.IMMUTABLE_WITH_EXCLUSION,
|
|
145
|
+
imageTagMutabilityExclusionFilters: [
|
|
146
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('dev-*'),
|
|
147
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('test-*'),
|
|
148
|
+
],
|
|
149
|
+
});
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
```ts
|
|
153
|
+
// Make all tags mutable except for production releases
|
|
154
|
+
new ecr.Repository(this, 'Repo', {
|
|
155
|
+
imageTagMutability: ecr.TagMutability.MUTABLE_WITH_EXCLUSION,
|
|
156
|
+
imageTagMutabilityExclusionFilters: [
|
|
157
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('prod-*'),
|
|
158
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('release-v*'),
|
|
159
|
+
],
|
|
160
|
+
});
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
##### Exclusion filter pattern rules
|
|
164
|
+
|
|
165
|
+
- Patterns can contain alphanumeric characters, dots (.), underscores (_), hyphens (-), and asterisks (*) as wildcards
|
|
166
|
+
- Maximum pattern length is 128 characters
|
|
167
|
+
- You can specify up to 5 exclusion filters per repository
|
|
168
|
+
|
|
130
169
|
### Encryption
|
|
131
170
|
|
|
132
171
|
By default, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. For more control over the encryption for your Amazon ECR repositories, you can use server-side encryption with KMS keys stored in AWS Key Management Service (AWS KMS). Read more about this feature in the [ECR Developer Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html).
|
|
@@ -209,7 +248,7 @@ repository.addToResourcePolicy(new iam.PolicyStatement({
|
|
|
209
248
|
}));
|
|
210
249
|
```
|
|
211
250
|
|
|
212
|
-
##
|
|
251
|
+
## Import existing repository
|
|
213
252
|
|
|
214
253
|
You can import an existing repository into your CDK app using the `Repository.fromRepositoryArn`, `Repository.fromRepositoryName` or `Repository.fromLookup` method.
|
|
215
254
|
These methods take the ARN or the name of the repository and returns an `IRepository` object.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import * as cdk from 'aws-cdk-lib';
|
|
2
|
+
import { IntegTest } from '@aws-cdk/integ-tests-alpha';
|
|
3
|
+
import * as ecr from 'aws-cdk-lib/aws-ecr';
|
|
4
|
+
|
|
5
|
+
const app = new cdk.App();
|
|
6
|
+
const stack = new cdk.Stack(app, 'aws-ecr-tag-mutability-exclusion-stack');
|
|
7
|
+
|
|
8
|
+
new ecr.Repository(stack, 'ImmutableRepoWithExclusions', {
|
|
9
|
+
imageTagMutability: ecr.TagMutability.IMMUTABLE_WITH_EXCLUSION,
|
|
10
|
+
imageTagMutabilityExclusionFilters: [
|
|
11
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('dev-*'),
|
|
12
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('test-*'),
|
|
13
|
+
],
|
|
14
|
+
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
|
15
|
+
emptyOnDelete: true,
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
new ecr.Repository(stack, 'MutableRepoWithExclusions', {
|
|
19
|
+
imageTagMutability: ecr.TagMutability.MUTABLE_WITH_EXCLUSION,
|
|
20
|
+
imageTagMutabilityExclusionFilters: [
|
|
21
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('prod-*'),
|
|
22
|
+
ecr.ImageTagMutabilityExclusionFilter.wildcard('release-v*'),
|
|
23
|
+
],
|
|
24
|
+
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
|
25
|
+
emptyOnDelete: true,
|
|
26
|
+
});
|
|
27
|
+
|
|
28
|
+
new IntegTest(app, 'cdk-ecr-tag-mutability-exclusion-test', {
|
|
29
|
+
testCases: [stack],
|
|
30
|
+
});
|
|
@@ -1661,9 +1661,9 @@ new ecs.Ec2Service(this, 'EC2Service', {
|
|
|
1661
1661
|
|
|
1662
1662
|
### Managed Instances Capacity Providers
|
|
1663
1663
|
|
|
1664
|
-
Managed Instances Capacity Providers allow you to use AWS-managed EC2 instances for your ECS tasks while providing more control over instance selection than standard Fargate. AWS handles the instance lifecycle, patching, and maintenance while you can specify detailed instance requirements.
|
|
1664
|
+
Managed Instances Capacity Providers allow you to use AWS-managed EC2 instances for your ECS tasks while providing more control over instance selection than standard Fargate. AWS handles the instance lifecycle, patching, and maintenance while you can specify detailed instance requirements. You can define detailed instance requirements to control which types of instances are used for your workloads.
|
|
1665
1665
|
|
|
1666
|
-
|
|
1666
|
+
See [ECS documentation for Managed Instances Capacity Provider](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/managed-instances-capacity-providers-concept.html) for more documentation.
|
|
1667
1667
|
|
|
1668
1668
|
```ts
|
|
1669
1669
|
declare const vpc: ec2.Vpc;
|
|
@@ -1687,17 +1687,25 @@ const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICap
|
|
|
1687
1687
|
propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
|
|
1688
1688
|
});
|
|
1689
1689
|
|
|
1690
|
+
// Optionally configure security group rules using IConnectable interface
|
|
1691
|
+
miCapacityProvider.connections.allowFrom(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(80));
|
|
1692
|
+
|
|
1690
1693
|
// Add the capacity provider to the cluster
|
|
1691
1694
|
cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
|
|
1692
1695
|
|
|
1693
|
-
const taskDefinition = new ecs.
|
|
1696
|
+
const taskDefinition = new ecs.TaskDefinition(this, 'TaskDef', {
|
|
1697
|
+
memoryMiB: '512',
|
|
1698
|
+
cpu: '256',
|
|
1699
|
+
networkMode: ecs.NetworkMode.AWS_VPC,
|
|
1700
|
+
compatibility: ecs.Compatibility.MANAGED_INSTANCES,
|
|
1701
|
+
});
|
|
1694
1702
|
|
|
1695
1703
|
taskDefinition.addContainer('web', {
|
|
1696
1704
|
image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
|
|
1697
1705
|
memoryReservationMiB: 256,
|
|
1698
1706
|
});
|
|
1699
1707
|
|
|
1700
|
-
new ecs.
|
|
1708
|
+
new ecs.FargateService(this, 'FargateService', {
|
|
1701
1709
|
cluster,
|
|
1702
1710
|
taskDefinition,
|
|
1703
1711
|
minHealthyPercent: 100,
|
|
@@ -1758,6 +1766,41 @@ const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICap
|
|
|
1758
1766
|
onDemandMaxPricePercentageOverLowestPrice: 10,
|
|
1759
1767
|
},
|
|
1760
1768
|
});
|
|
1769
|
+
|
|
1770
|
+
```
|
|
1771
|
+
#### Note: Service Replacement When Migrating from LaunchType to CapacityProviderStrategy
|
|
1772
|
+
|
|
1773
|
+
**Understanding the Limitation**
|
|
1774
|
+
|
|
1775
|
+
The ECS [CreateService API](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html#ECS-CreateService-request-launchType) does not allow specifying both `launchType` and `capacityProviderStrategies` simultaneously. When you specify `capacityProviderStrategies`, the CDK uses those capacity providers instead of a launch type. This is a limitation of the ECS API and CloudFormation, not a CDK bug.
|
|
1776
|
+
|
|
1777
|
+
**Impact on Updates**
|
|
1778
|
+
|
|
1779
|
+
Because `launchType` is immutable during updates, switching from `launchType` to `capacityProviderStrategies` requires CloudFormation to replace the service. This means your existing service will be deleted and recreated with the new configuration. This behavior is expected and reflects the underlying API constraints.
|
|
1780
|
+
|
|
1781
|
+
**Workaround**
|
|
1782
|
+
|
|
1783
|
+
While we work on a long-term solution, you can use the following [escape hatch](https://docs.aws.amazon.com/cdk/v2/guide/cfn-layer.html) to preserve your service during the migration:
|
|
1784
|
+
|
|
1785
|
+
```ts
|
|
1786
|
+
declare const cluster: ecs.Cluster;
|
|
1787
|
+
declare const taskDefinition: ecs.TaskDefinition;
|
|
1788
|
+
declare const miCapacityProvider: ecs.ManagedInstancesCapacityProvider;
|
|
1789
|
+
|
|
1790
|
+
const service = new ecs.FargateService(this, 'Service', {
|
|
1791
|
+
cluster,
|
|
1792
|
+
taskDefinition,
|
|
1793
|
+
capacityProviderStrategies: [
|
|
1794
|
+
{
|
|
1795
|
+
capacityProvider: miCapacityProvider.capacityProviderName,
|
|
1796
|
+
weight: 1,
|
|
1797
|
+
},
|
|
1798
|
+
],
|
|
1799
|
+
});
|
|
1800
|
+
|
|
1801
|
+
// Escape hatch: Force launchType at the CloudFormation level to prevent service replacement
|
|
1802
|
+
const cfnService = service.node.defaultChild as ecs.CfnService;
|
|
1803
|
+
cfnService.launchType = 'FARGATE'; // or 'FARGATE_SPOT' depending on your capacity provider
|
|
1761
1804
|
```
|
|
1762
1805
|
|
|
1763
1806
|
### Cluster Default Provider Strategy
|
|
@@ -24,7 +24,7 @@ const infrastructureRole = new iam.Role(stack, 'InfrastructureRole', {
|
|
|
24
24
|
roleName: 'AmazonECSInfrastructureRoleForOmakase',
|
|
25
25
|
assumedBy: new iam.ServicePrincipal('ecs.amazonaws.com'),
|
|
26
26
|
managedPolicies: [
|
|
27
|
-
iam.ManagedPolicy.fromAwsManagedPolicyName('
|
|
27
|
+
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonECSInfrastructureRolePolicyForManagedInstances'),
|
|
28
28
|
],
|
|
29
29
|
});
|
|
30
30
|
|
|
@@ -32,7 +32,7 @@ const instanceRole = new iam.Role(stack, 'InstanceRole', {
|
|
|
32
32
|
roleName: 'AmazonECSInstanceRoleForOmakase',
|
|
33
33
|
assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
|
|
34
34
|
managedPolicies: [
|
|
35
|
-
iam.ManagedPolicy.fromAwsManagedPolicyName('
|
|
35
|
+
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonECSInstanceRolePolicyForManagedInstances'),
|
|
36
36
|
],
|
|
37
37
|
});
|
|
38
38
|
|
|
@@ -63,6 +63,9 @@ const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(stack, 'Mana
|
|
|
63
63
|
},
|
|
64
64
|
});
|
|
65
65
|
|
|
66
|
+
// Configure security group rules using IConnectable interface
|
|
67
|
+
miCapacityProvider.connections.allowFrom(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(80));
|
|
68
|
+
|
|
66
69
|
// Add FMI capacity provider to cluster
|
|
67
70
|
cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
|
|
68
71
|
cluster.addDefaultCapacityProviderStrategy([
|
|
@@ -106,7 +109,6 @@ new ecs.FargateService(stack, 'ManagedInstancesService', {
|
|
|
106
109
|
|
|
107
110
|
new integ.IntegTest(app, 'ManagedInstancesCapacityProviders', {
|
|
108
111
|
testCases: [stack],
|
|
109
|
-
regions: ['us-west-2'],
|
|
110
112
|
});
|
|
111
113
|
|
|
112
114
|
app.synth();
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
import * as ec2 from 'aws-cdk-lib/aws-ec2';
|
|
2
|
+
import * as iam from 'aws-cdk-lib/aws-iam';
|
|
3
|
+
import * as cdk from 'aws-cdk-lib';
|
|
4
|
+
import * as ecs from 'aws-cdk-lib/aws-ecs';
|
|
5
|
+
import * as integ from '@aws-cdk/integ-tests-alpha';
|
|
6
|
+
|
|
7
|
+
const app = new cdk.App({
|
|
8
|
+
postCliContext: {
|
|
9
|
+
'@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
|
|
10
|
+
'@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
|
|
11
|
+
'@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
|
|
12
|
+
},
|
|
13
|
+
});
|
|
14
|
+
const stack = new cdk.Stack(app, 'integ-managedinstances-no-default-capacity-provider');
|
|
15
|
+
|
|
16
|
+
const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
|
|
17
|
+
const cluster = new ecs.Cluster(stack, 'ManagedInstancesCluster', {
|
|
18
|
+
vpc,
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
// Create IAM roles required for FMI following Omakase specifications
|
|
22
|
+
const infrastructureRole = new iam.Role(stack, 'InfrastructureRole', {
|
|
23
|
+
roleName: 'InfrastructureRole',
|
|
24
|
+
assumedBy: new iam.ServicePrincipal('ecs.amazonaws.com'),
|
|
25
|
+
managedPolicies: [
|
|
26
|
+
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonECSInfrastructureRolePolicyForManagedInstances'),
|
|
27
|
+
],
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
const instanceRole = new iam.Role(stack, 'InstanceRole', {
|
|
31
|
+
roleName: 'InstanceRole',
|
|
32
|
+
assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
|
|
33
|
+
managedPolicies: [
|
|
34
|
+
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonECSInstanceRolePolicyForManagedInstances'),
|
|
35
|
+
],
|
|
36
|
+
});
|
|
37
|
+
|
|
38
|
+
infrastructureRole.grantPassRole(instanceRole);
|
|
39
|
+
|
|
40
|
+
const instanceProfile = new iam.InstanceProfile(stack, 'InstanceProfile', {
|
|
41
|
+
instanceProfileName: 'InstanceProfile',
|
|
42
|
+
role: instanceRole,
|
|
43
|
+
});
|
|
44
|
+
|
|
45
|
+
// Create a security group for FMI instances
|
|
46
|
+
const fmiSecurityGroup = new ec2.SecurityGroup(stack, 'ManagedInstancesSecurityGroup', {
|
|
47
|
+
vpc,
|
|
48
|
+
description: 'Security group for ManagedInstances capacity provider instances',
|
|
49
|
+
allowAllOutbound: true,
|
|
50
|
+
});
|
|
51
|
+
|
|
52
|
+
// Create MI Capacity Provider
|
|
53
|
+
const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(stack, 'ManagedInstancesCapacityProvider', {
|
|
54
|
+
infrastructureRole: infrastructureRole,
|
|
55
|
+
ec2InstanceProfile: instanceProfile,
|
|
56
|
+
subnets: vpc.privateSubnets,
|
|
57
|
+
securityGroups: [fmiSecurityGroup],
|
|
58
|
+
propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
|
|
59
|
+
instanceRequirements: {
|
|
60
|
+
vCpuCountMin: 1,
|
|
61
|
+
memoryMin: cdk.Size.gibibytes(2),
|
|
62
|
+
cpuManufacturers: [ec2.CpuManufacturer.INTEL],
|
|
63
|
+
acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
|
|
64
|
+
},
|
|
65
|
+
});
|
|
66
|
+
|
|
67
|
+
// Add FMI capacity provider to cluster
|
|
68
|
+
cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
|
|
69
|
+
|
|
70
|
+
// Create a task definition compatible with Managed Instances and Fargate
|
|
71
|
+
const taskDefinition = new ecs.TaskDefinition(stack, 'TaskDef', {
|
|
72
|
+
compatibility: ecs.Compatibility.FARGATE_AND_MANAGED_INSTANCES,
|
|
73
|
+
cpu: '256',
|
|
74
|
+
memoryMiB: '512',
|
|
75
|
+
networkMode: ecs.NetworkMode.AWS_VPC,
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
taskDefinition.addContainer('web', {
|
|
79
|
+
image: ecs.ContainerImage.fromRegistry('public.ecr.aws/docker/library/httpd:2.4'),
|
|
80
|
+
memoryLimitMiB: 512,
|
|
81
|
+
portMappings: [
|
|
82
|
+
{
|
|
83
|
+
containerPort: 80,
|
|
84
|
+
protocol: ecs.Protocol.TCP,
|
|
85
|
+
},
|
|
86
|
+
],
|
|
87
|
+
});
|
|
88
|
+
|
|
89
|
+
// Create a service using the MI capacity provider
|
|
90
|
+
new ecs.FargateService(stack, 'ManagedInstancesService', {
|
|
91
|
+
cluster,
|
|
92
|
+
taskDefinition,
|
|
93
|
+
capacityProviderStrategies: [
|
|
94
|
+
{
|
|
95
|
+
capacityProvider: miCapacityProvider.capacityProviderName,
|
|
96
|
+
weight: 1,
|
|
97
|
+
},
|
|
98
|
+
],
|
|
99
|
+
desiredCount: 1,
|
|
100
|
+
});
|
|
101
|
+
|
|
102
|
+
new integ.IntegTest(app, 'ManagedInstancesCapacityProviders', {
|
|
103
|
+
testCases: [stack],
|
|
104
|
+
regions: ['us-west-2'],
|
|
105
|
+
});
|
|
106
|
+
|
|
107
|
+
app.synth();
|
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts
CHANGED
|
@@ -2,6 +2,7 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
|
|
|
2
2
|
import * as cdk from 'aws-cdk-lib';
|
|
3
3
|
import { Construct } from 'constructs';
|
|
4
4
|
import * as ecs from 'aws-cdk-lib/aws-ecs';
|
|
5
|
+
import * as integ from '@aws-cdk/integ-tests-alpha';
|
|
5
6
|
|
|
6
7
|
const app = new cdk.App({
|
|
7
8
|
postCliContext: {
|
|
@@ -12,24 +13,29 @@ const app = new cdk.App({
|
|
|
12
13
|
},
|
|
13
14
|
});
|
|
14
15
|
|
|
15
|
-
class
|
|
16
|
-
|
|
17
|
-
super(scope, id, props);
|
|
18
|
-
|
|
16
|
+
class BaseEcsStack extends cdk.Stack {
|
|
17
|
+
protected createBaseResources() {
|
|
19
18
|
const vpc = new ec2.Vpc(this, 'VPC', { restrictDefaultSecurityGroup: false });
|
|
20
|
-
|
|
21
19
|
const cluster = new ecs.Cluster(this, 'EcsCluster', { vpc });
|
|
22
20
|
cluster.addCapacity('DefaultAutoScalingGroup', {
|
|
23
21
|
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
|
|
24
22
|
});
|
|
25
|
-
|
|
26
23
|
const taskDefinition = new ecs.Ec2TaskDefinition(this, 'TaskDef');
|
|
27
24
|
taskDefinition.addContainer('web', {
|
|
28
25
|
image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
|
|
29
26
|
memoryLimitMiB: 256,
|
|
30
27
|
});
|
|
28
|
+
return { vpc, cluster, taskDefinition };
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
// Test service with multiple placement strategies
|
|
33
|
+
class EcsWithStrategiesStack extends BaseEcsStack {
|
|
34
|
+
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
|
|
35
|
+
super(scope, id, props);
|
|
36
|
+
const { cluster, taskDefinition } = this.createBaseResources();
|
|
31
37
|
|
|
32
|
-
new ecs.Ec2Service(this, '
|
|
38
|
+
new ecs.Ec2Service(this, 'Service', {
|
|
33
39
|
cluster,
|
|
34
40
|
taskDefinition,
|
|
35
41
|
placementStrategies: [
|
|
@@ -40,6 +46,24 @@ class EcsStack extends cdk.Stack {
|
|
|
40
46
|
}
|
|
41
47
|
}
|
|
42
48
|
|
|
43
|
-
|
|
49
|
+
// Test service with empty placement strategies
|
|
50
|
+
class EcsWithEmptyStrategiesStack extends BaseEcsStack {
|
|
51
|
+
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
|
|
52
|
+
super(scope, id, props);
|
|
53
|
+
const { cluster, taskDefinition } = this.createBaseResources();
|
|
54
|
+
|
|
55
|
+
new ecs.Ec2Service(this, 'Service', {
|
|
56
|
+
cluster,
|
|
57
|
+
taskDefinition,
|
|
58
|
+
placementStrategies: [],
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
new integ.IntegTest(app, 'LambdaTest', {
|
|
63
|
+
testCases: [
|
|
64
|
+
new EcsWithStrategiesStack(app, 'ecs-placement-strategies-with-strategies'),
|
|
65
|
+
new EcsWithEmptyStrategiesStack(app, 'ecs-placement-strategies-empty'),
|
|
66
|
+
],
|
|
67
|
+
});
|
|
44
68
|
|
|
45
69
|
app.synth();
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import * as ec2 from 'aws-cdk-lib/aws-ec2';
|
|
2
|
+
import * as ecs from 'aws-cdk-lib/aws-ecs';
|
|
3
|
+
import * as cdk from 'aws-cdk-lib';
|
|
4
|
+
import * as integ from '@aws-cdk/integ-tests-alpha';
|
|
5
|
+
import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns';
|
|
6
|
+
|
|
7
|
+
const app = new cdk.App();
|
|
8
|
+
const stack = new cdk.Stack(app, 'aws-ecs-integ-alb-fargate-public-private-switch');
|
|
9
|
+
|
|
10
|
+
const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
|
|
11
|
+
const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc });
|
|
12
|
+
|
|
13
|
+
// Test private load balancer (the problematic case from the issue)
|
|
14
|
+
new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'PrivateALBFargateService', {
|
|
15
|
+
cluster,
|
|
16
|
+
memoryLimitMiB: 1024,
|
|
17
|
+
cpu: 512,
|
|
18
|
+
publicLoadBalancer: false, // This should create ECSPrivate target group
|
|
19
|
+
taskImageOptions: {
|
|
20
|
+
image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
|
|
21
|
+
},
|
|
22
|
+
});
|
|
23
|
+
|
|
24
|
+
// Test public load balancer for comparison
|
|
25
|
+
new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'PublicALBFargateService', {
|
|
26
|
+
cluster,
|
|
27
|
+
memoryLimitMiB: 1024,
|
|
28
|
+
cpu: 512,
|
|
29
|
+
publicLoadBalancer: true, // This should create ECS target group
|
|
30
|
+
taskImageOptions: {
|
|
31
|
+
image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
|
|
32
|
+
},
|
|
33
|
+
});
|
|
34
|
+
|
|
35
|
+
new integ.IntegTest(app, 'ALBFargatePublicPrivateSwitchTest', {
|
|
36
|
+
testCases: [stack],
|
|
37
|
+
allowDestroy: [
|
|
38
|
+
'PrivateALBFargateServiceLB3F43693F',
|
|
39
|
+
'PrivateALBFargateServiceLBPublicListenerECSPrivateGroup81AA5B8B',
|
|
40
|
+
'PublicALBFargateServiceLBBDD839E7',
|
|
41
|
+
'PublicALBFargateServiceLBPublicListenerECSGroupD991EA00',
|
|
42
|
+
],
|
|
43
|
+
});
|
|
44
|
+
|
|
45
|
+
app.synth();
|