diff --git a/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample-pipeline.ts b/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample-pipeline.ts index cfdf35751..94017bb68 100644 --- a/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample-pipeline.ts +++ b/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample-pipeline.ts @@ -5,8 +5,6 @@ import { BLEADbAuroraPgStack } from '../lib/blea-db-aurora-pg-stack'; import { BLEAECSAppStack } from '../lib/blea-ecsapp-stack'; import { BLEAMonitorAlarmStack } from '../lib/blea-monitor-alarm-stack'; import { BLEAChatbotStack } from '../lib/blea-chatbot-stack'; -import { BLEABuildContainerStack } from '../lib/blea-build-container-stack'; -import { BLEAECRStack } from '../lib/blea-ecr-stack'; import { BLEAWafStack } from '../lib/blea-waf-stack'; import { BLEAFrontendSimpleStack } from '../lib/blea-frontend-simple-stack'; import { BLEADashboardStack } from '../lib/blea-dashboard-stack'; @@ -102,31 +100,14 @@ export class BLEAPipelineStage extends cdk.Stage { // env: getProcEnv(), }); - // Container Repository - const ecr = new BLEAECRStack(this, `${pjPrefix}-ECR`, { - // TODO: will get "repositoryName" from parameters - repositoryName: 'apprepo', - alarmTopic: monitorAlarm.alarmTopic, - // env: getProcEnv(), - }); - - // Build Container Image - const build_container = new BLEABuildContainerStack(this, `${pjPrefix}-ContainerImage`, { - ecrRepository: ecr.repository, - // env: getProcEnv(), - }); - // Application Stack (LoadBalancer + Fargate) const ecsApp = new BLEAECSAppStack(this, `${pjPrefix}-ECSApp`, { myVpc: prodVpc.myVpc, appKey: appKey.kmsKey, - repository: ecr.repository, - imageTag: build_container.imageTag, alarmTopic: monitorAlarm.alarmTopic, webFront: front, // env: getProcEnv(), }); - ecsApp.addDependency(build_container); // Aurora const dbCluster = new BLEADbAuroraPgStack(this, `${pjPrefix}-DBAuroraPg`, { diff --git a/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample.ts b/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample.ts index 695997ca9..44b2b7cb7 100644 --- a/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample.ts +++ b/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-sample.ts @@ -5,12 +5,12 @@ import { BLEADbAuroraPgStack } from '../lib/blea-db-aurora-pg-stack'; import { BLEAECSAppStack } from '../lib/blea-ecsapp-stack'; import { BLEAMonitorAlarmStack } from '../lib/blea-monitor-alarm-stack'; import { BLEAChatbotStack } from '../lib/blea-chatbot-stack'; -import { BLEABuildContainerStack } from '../lib/blea-build-container-stack'; -import { BLEAECRStack } from '../lib/blea-ecr-stack'; import { BLEAWafStack } from '../lib/blea-waf-stack'; import { BLEAFrontendSimpleStack } from '../lib/blea-frontend-simple-stack'; import { BLEADashboardStack } from '../lib/blea-dashboard-stack'; import { BLEACanaryStack } from '../lib/blea-canary-stack'; +// import { BLEABuildContainerStack } from '../lib/blea-build-container-stack'; +// import { BLEAECRStack } from '../lib/blea-ecr-stack'; const pjPrefix = 'BLEA'; @@ -92,31 +92,36 @@ const front = new BLEAFrontendSimpleStack(app, `${pjPrefix}-SimpleFrontStack`, { env: getProcEnv(), }); -// Container Repository -const ecr = new BLEAECRStack(app, `${pjPrefix}-ECR`, { - // TODO: will get "repositoryName" from parameters - repositoryName: 'apprepo', - alarmTopic: monitorAlarm.alarmTopic, - env: getProcEnv(), -}); - -// Build Container Image -const build_container = new BLEABuildContainerStack(app, `${pjPrefix}-ContainerImage`, { - ecrRepository: ecr.repository, - env: getProcEnv(), -}); +// -- SAMPLE: Create your own ECR Repository and store your own image +// +// // Container Repository +// const ecr = new BLEAECRStack(app, `${pjPrefix}-ECR`, { +// // TODO: will get "repositoryName" from parameters +// repositoryName: 'apprepo', +// alarmTopic: monitorAlarm.alarmTopic, +// env: getProcEnv(), +// }); +// +// // Build Container Image (Don't forget add dependency to BLEAECSAppStack) +// const build_container = new BLEABuildContainerStack(app, `${pjPrefix}-ContainerImage`, { +// ecrRepository: ecr.repository, +// env: getProcEnv(), +// }); // Application Stack (LoadBalancer + Fargate) const ecsApp = new BLEAECSAppStack(app, `${pjPrefix}-ECSApp`, { myVpc: prodVpc.myVpc, appKey: appKey.kmsKey, - repository: ecr.repository, - imageTag: build_container.imageTag, alarmTopic: monitorAlarm.alarmTopic, webFront: front, env: getProcEnv(), + // -- SAMPLE: Pass your own ECR repository and your own image + // repository: ecr.repository, + // imageTag: build_container.imageTag, }); -ecsApp.addDependency(build_container); + +// -- SAMPLE: Need this when you use build_container +// ecsApp.addDependency(build_container); // Aurora const dbCluster = new BLEADbAuroraPgStack(app, `${pjPrefix}-DBAuroraPg`, { diff --git a/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-ssl-sample.ts b/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-ssl-sample.ts index 5065c2cff..6a844bc86 100644 --- a/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-ssl-sample.ts +++ b/usecases/guest-webapp-sample/bin/blea-guest-ecsapp-ssl-sample.ts @@ -5,8 +5,6 @@ import { BLEADbAuroraPgStack } from '../lib/blea-db-aurora-pg-stack'; import { BLEAECSAppStack } from '../lib/blea-ecsapp-stack'; import { BLEAMonitorAlarmStack } from '../lib/blea-monitor-alarm-stack'; import { BLEAChatbotStack } from '../lib/blea-chatbot-stack'; -import { BLEABuildContainerStack } from '../lib/blea-build-container-stack'; -import { BLEAECRStack } from '../lib/blea-ecr-stack'; import { BLEAWafStack } from '../lib/blea-waf-stack'; import { BLEAFrontendSslStack } from '../lib/blea-frontend-ssl-stack'; import { BLEADashboardStack } from '../lib/blea-dashboard-stack'; @@ -95,31 +93,14 @@ const front = new BLEAFrontendSslStack(app, `${pjPrefix}-SSLFrontStack`, { env: getProcEnv(), }); -// Container Repository -const ecr = new BLEAECRStack(app, `${pjPrefix}-ECR`, { - // TODO: will get "repositoryName" from parameters - repositoryName: 'apprepo', - alarmTopic: monitorAlarm.alarmTopic, - env: getProcEnv(), -}); - -// Build Container Image -const build_container = new BLEABuildContainerStack(app, `${pjPrefix}-ContainerImage`, { - ecrRepository: ecr.repository, - env: getProcEnv(), -}); - // Application Stack (LoadBalancer + Fargate) const ecsApp = new BLEAECSAppStack(app, `${pjPrefix}-ECSAppSSL`, { myVpc: prodVpc.myVpc, appKey: appKey.kmsKey, - repository: ecr.repository, - imageTag: build_container.imageTag, alarmTopic: monitorAlarm.alarmTopic, webFront: front, env: getProcEnv(), }); -ecsApp.addDependency(build_container); // Aurora const dbCluster = new BLEADbAuroraPgStack(app, `${pjPrefix}-DBAuroraPg`, { diff --git a/usecases/guest-webapp-sample/lib/blea-ecsapp-stack.ts b/usecases/guest-webapp-sample/lib/blea-ecsapp-stack.ts index 1bc87d23a..d6a76bcc2 100644 --- a/usecases/guest-webapp-sample/lib/blea-ecsapp-stack.ts +++ b/usecases/guest-webapp-sample/lib/blea-ecsapp-stack.ts @@ -17,10 +17,11 @@ import { IBLEAFrontend } from './blea-frontend-interface'; export interface BLEAECSAppStackProps extends cdk.StackProps { myVpc: ec2.Vpc; appKey: kms.IKey; - repository: ecr.Repository; - imageTag: string; alarmTopic: sns.Topic; webFront: IBLEAFrontend; + // -- SAMPLE: Receive your own ECR repository and your own image + // repository: ecr.Repository; + // imageTag: string; } export class BLEAECSAppStack extends cdk.Stack { @@ -45,6 +46,18 @@ export class BLEAECSAppStack extends cdk.Stack { const executionRole = new iam.Role(this, 'EcsTaskExecutionRole', { assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'), managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonECSTaskExecutionRolePolicy')], + inlinePolicies: { + ecrPullThroughCache: + // https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html#pull-through-cache-iam + new iam.PolicyDocument({ + statements: [ + new iam.PolicyStatement({ + actions: ['ecr:BatchImportUpstreamImage', 'ecr:CreateRepository'], + resources: ['*'], + }), + ], + }), + }, }); // Role for Container @@ -105,12 +118,32 @@ export class BLEAECSAppStack extends cdk.Stack { memoryLimitMiB: 512, }); + // Container Registry + // - Using pull through cache rules + // https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html + // ecrRepositoryPrefix must start with a letter and can only contain lowercase letters, numbers, hyphens, and underscores and max length is 20. + const ecrRepositoryPrefix = `ecr-${cdk.Stack.of(this).stackName.toLowerCase()}`; + new ecr.CfnPullThroughCacheRule(this, 'PullThroughCacheRule', { + ecrRepositoryPrefix: ecrRepositoryPrefix, + upstreamRegistryUrl: 'public.ecr.aws', + }); + // Container + const containerImage = 'docker/library/httpd'; const ecsContainer = ecsTask.addContainer('EcsApp', { - // -- SAMPLE: if you want to use your ECR repository, you can use like this. - image: ecs.ContainerImage.fromEcrRepository(props.repository, props.imageTag), - - // -- SAMPLE: if you want to use DockerHub, you can use like this. + // -- Option 1: If you want to use your ECR repository with pull through cache, you can use like this. + image: ecs.ContainerImage.fromEcrRepository( + ecr.Repository.fromRepositoryName(this, 'PullThrough', `${ecrRepositoryPrefix}/${containerImage}`), + 'latest', + ), + + // -- Option 2: If you want to use your ECR repository, you can use like this. + // -- You Need to create your repository and dockerimage, then pass it to this stack. + // image: ecs.ContainerImage.fromEcrRepository(props.repository, props.imageTag), + + // -- Option 3: If you want to use DockerHub, you can use like this. + // -- You need public access route to internet for ECS Task. + // -- See vpcSubnets property for new ecs.FargateService(). // image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"), environment: { @@ -156,8 +189,8 @@ export class BLEAECSAppStack extends cdk.Stack { //}, ], vpcSubnets: props.myVpc.selectSubnets({ - subnetGroupName: 'Private', // For public DockerHub - //subnetGroupName: 'Protected' // For your ECR. Need to use PrivateLinke for ECR + // subnetGroupName: 'Private', // For public DockerHub + subnetGroupName: 'Protected', // For your ECR. Need to use PrivateLinke for ECR }), securityGroups: [securityGroupForFargate], }); diff --git a/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample-pipeline.test.ts.snap b/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample-pipeline.test.ts.snap index 7d2ac8a2c..d259d9008 100644 --- a/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample-pipeline.test.ts.snap +++ b/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample-pipeline.test.ts.snap @@ -196,7 +196,7 @@ Object { }, \\"build\\": { \\"commands\\": [ - \\"cdk-assets --path \\\\\\"assembly-BLEA-Prod-Stage/BLEAProdStageBLEAContainerImage0D8D1EEB.assets.json\\\\\\" --verbose publish \\\\\\"80f730532f1195ed4fede75fbf8191acdfc52e6721de3b612c0c6a7eab1dbbc1:current_account-ap-northeast-1\\\\\\"\\" + \\"cdk-assets --path \\\\\\"assembly-BLEA-Prod-Stage/BLEAProdStageBLEAECSAppCanary23394634.assets.json\\\\\\" --verbose publish \\\\\\"1e64e462d93160eb5230b00e665705bfaf2299d9c302ab56dd093bccbe387c4f:current_account-ap-northeast-1\\\\\\"\\" ] } } @@ -232,94 +232,6 @@ Object { "Source": Object { "BuildSpec": "{ \\"version\\": \\"0.2\\", - \\"phases\\": { - \\"install\\": { - \\"commands\\": [ - \\"npm install -g cdk-assets@2\\" - ] - }, - \\"build\\": { - \\"commands\\": [ - \\"cdk-assets --path \\\\\\"assembly-BLEA-Prod-Stage/BLEAProdStageBLEAContainerImage0D8D1EEB.assets.json\\\\\\" --verbose publish \\\\\\"6dbd112fe448437b3438da4382c72fccbb7d2ee1543db222620d7447fffebc50:current_account-ap-northeast-1\\\\\\"\\" - ] - } - } -}", - "Type": "CODEPIPELINE", - }, - }, - "Type": "AWS::CodeBuild::Project", - }, - "BLEAProdPipelinepipelineAssetsFileAsset397ED5D36": Object { - "Properties": Object { - "Artifacts": Object { - "Type": "CODEPIPELINE", - }, - "Cache": Object { - "Type": "NO_CACHE", - }, - "Description": "Pipeline step BLEA-Prod-Pipeline/Pipeline/Assets/FileAsset3", - "EncryptionKey": "alias/aws/s3", - "Environment": Object { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:5.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER", - }, - "ServiceRole": Object { - "Fn::GetAtt": Array [ - "BLEAProdPipelinepipelineAssetsFileRoleC7F735E9", - "Arn", - ], - }, - "Source": Object { - "BuildSpec": "{ - \\"version\\": \\"0.2\\", - \\"phases\\": { - \\"install\\": { - \\"commands\\": [ - \\"npm install -g cdk-assets@2\\" - ] - }, - \\"build\\": { - \\"commands\\": [ - \\"cdk-assets --path \\\\\\"assembly-BLEA-Prod-Stage/BLEAProdStageBLEAECSAppCanary23394634.assets.json\\\\\\" --verbose publish \\\\\\"1e64e462d93160eb5230b00e665705bfaf2299d9c302ab56dd093bccbe387c4f:current_account-ap-northeast-1\\\\\\"\\" - ] - } - } -}", - "Type": "CODEPIPELINE", - }, - }, - "Type": "AWS::CodeBuild::Project", - }, - "BLEAProdPipelinepipelineAssetsFileAsset4DF5F9FC3": Object { - "Properties": Object { - "Artifacts": Object { - "Type": "CODEPIPELINE", - }, - "Cache": Object { - "Type": "NO_CACHE", - }, - "Description": "Pipeline step BLEA-Prod-Pipeline/Pipeline/Assets/FileAsset4", - "EncryptionKey": "alias/aws/s3", - "Environment": Object { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:5.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER", - }, - "ServiceRole": Object { - "Fn::GetAtt": Array [ - "BLEAProdPipelinepipelineAssetsFileRoleC7F735E9", - "Arn", - ], - }, - "Source": Object { - "BuildSpec": "{ - \\"version\\": \\"0.2\\", \\"phases\\": { \\"install\\": { \\"commands\\": [ @@ -586,34 +498,6 @@ Object { ], }, }, - Object { - "Action": Array [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "BLEAProdPipelinepipelineAssetsFileAsset397ED5D36", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "BLEAProdPipelinepipelineAssetsFileAsset4DF5F9FC3", - "Arn", - ], - }, - }, ], "Version": "2012-10-17", }, @@ -800,58 +684,6 @@ Object { }, "RunOrder": 1, }, - Object { - "ActionTypeId": Object { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1", - }, - "Configuration": Object { - "ProjectName": Object { - "Ref": "BLEAProdPipelinepipelineAssetsFileAsset397ED5D36", - }, - }, - "InputArtifacts": Array [ - Object { - "Name": "SynthStep_Output", - }, - ], - "Name": "FileAsset3", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "BLEAProdPipelinepipelineCodeBuildActionRole7FD4A92B", - "Arn", - ], - }, - "RunOrder": 1, - }, - Object { - "ActionTypeId": Object { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1", - }, - "Configuration": Object { - "ProjectName": Object { - "Ref": "BLEAProdPipelinepipelineAssetsFileAsset4DF5F9FC3", - }, - }, - "InputArtifacts": Array [ - Object { - "Name": "SynthStep_Output", - }, - ], - "Name": "FileAsset4", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "BLEAProdPipelinepipelineCodeBuildActionRole7FD4A92B", - "Arn", - ], - }, - "RunOrder": 1, - }, ], "Name": "Assets", }, @@ -1307,68 +1139,6 @@ Object { }, "RunOrder": 3, }, - Object { - "ActionTypeId": Object { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1", - }, - "Configuration": Object { - "ActionMode": "CHANGE_SET_REPLACE", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "ChangeSetName": "PipelineChange", - "RoleArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - Object { - "Ref": "AWS::AccountId", - }, - "-ap-northeast-1", - ], - ], - }, - "StackName": "BLEA-Prod-Stage-BLEA-ECR", - "TemplatePath": "SynthStep_Output::assembly-BLEA-Prod-Stage/BLEAProdStageBLEAECR33F72816.template.json", - }, - "InputArtifacts": Array [ - Object { - "Name": "SynthStep_Output", - }, - ], - "Name": "BLEA-ECR.Prepare", - "RoleArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":role/cdk-hnb659fds-deploy-role-", - Object { - "Ref": "AWS::AccountId", - }, - "-ap-northeast-1", - ], - ], - }, - "RunOrder": 3, - }, Object { "ActionTypeId": Object { "Category": "Deploy", @@ -1466,41 +1236,6 @@ Object { }, "RunOrder": 4, }, - Object { - "ActionTypeId": Object { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1", - }, - "Configuration": Object { - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange", - "StackName": "BLEA-Prod-Stage-BLEA-ECR", - }, - "Name": "BLEA-ECR.Deploy", - "RoleArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":role/cdk-hnb659fds-deploy-role-", - Object { - "Ref": "AWS::AccountId", - }, - "-ap-northeast-1", - ], - ], - }, - "RunOrder": 4, - }, Object { "ActionTypeId": Object { "Category": "Deploy", @@ -1567,15 +1302,15 @@ Object { ], ], }, - "StackName": "BLEA-Prod-Stage-BLEA-ContainerImage", - "TemplatePath": "SynthStep_Output::assembly-BLEA-Prod-Stage/BLEAProdStageBLEAContainerImage0D8D1EEB.template.json", + "StackName": "BLEA-Prod-Stage-BLEA-ECSAppCanary", + "TemplatePath": "SynthStep_Output::assembly-BLEA-Prod-Stage/BLEAProdStageBLEAECSAppCanary23394634.template.json", }, "InputArtifacts": Array [ Object { "Name": "SynthStep_Output", }, ], - "Name": "BLEA-ContainerImage.Prepare", + "Name": "BLEA-ECSAppCanary.Prepare", "RoleArn": Object { "Fn::Join": Array [ "", @@ -1629,15 +1364,15 @@ Object { ], ], }, - "StackName": "BLEA-Prod-Stage-BLEA-ECSAppCanary", - "TemplatePath": "SynthStep_Output::assembly-BLEA-Prod-Stage/BLEAProdStageBLEAECSAppCanary23394634.template.json", + "StackName": "BLEA-Prod-Stage-BLEA-ECSApp", + "TemplatePath": "SynthStep_Output::assembly-BLEA-Prod-Stage/BLEAProdStageBLEAECSAppF5C1E96D.template.json", }, "InputArtifacts": Array [ Object { "Name": "SynthStep_Output", }, ], - "Name": "BLEA-ECSAppCanary.Prepare", + "Name": "BLEA-ECSApp.Prepare", "RoleArn": Object { "Fn::Join": Array [ "", @@ -1660,41 +1395,6 @@ Object { }, "RunOrder": 5, }, - Object { - "ActionTypeId": Object { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1", - }, - "Configuration": Object { - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange", - "StackName": "BLEA-Prod-Stage-BLEA-ContainerImage", - }, - "Name": "BLEA-ContainerImage.Deploy", - "RoleArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":role/cdk-hnb659fds-deploy-role-", - Object { - "Ref": "AWS::AccountId", - }, - "-ap-northeast-1", - ], - ], - }, - "RunOrder": 6, - }, Object { "ActionTypeId": Object { "Category": "Deploy", @@ -1730,68 +1430,6 @@ Object { }, "RunOrder": 6, }, - Object { - "ActionTypeId": Object { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1", - }, - "Configuration": Object { - "ActionMode": "CHANGE_SET_REPLACE", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "ChangeSetName": "PipelineChange", - "RoleArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - Object { - "Ref": "AWS::AccountId", - }, - "-ap-northeast-1", - ], - ], - }, - "StackName": "BLEA-Prod-Stage-BLEA-ECSApp", - "TemplatePath": "SynthStep_Output::assembly-BLEA-Prod-Stage/BLEAProdStageBLEAECSAppF5C1E96D.template.json", - }, - "InputArtifacts": Array [ - Object { - "Name": "SynthStep_Output", - }, - ], - "Name": "BLEA-ECSApp.Prepare", - "RoleArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":role/cdk-hnb659fds-deploy-role-", - Object { - "Ref": "AWS::AccountId", - }, - "-ap-northeast-1", - ], - ], - }, - "RunOrder": 7, - }, Object { "ActionTypeId": Object { "Category": "Deploy", @@ -1825,7 +1463,7 @@ Object { ], ], }, - "RunOrder": 8, + "RunOrder": 6, }, Object { "ActionTypeId": Object { @@ -1887,7 +1525,7 @@ Object { ], ], }, - "RunOrder": 9, + "RunOrder": 7, }, Object { "ActionTypeId": Object { @@ -1922,7 +1560,7 @@ Object { ], ], }, - "RunOrder": 10, + "RunOrder": 8, }, Object { "ActionTypeId": Object { @@ -1984,7 +1622,7 @@ Object { ], ], }, - "RunOrder": 11, + "RunOrder": 9, }, Object { "ActionTypeId": Object { @@ -2019,7 +1657,7 @@ Object { ], ], }, - "RunOrder": 12, + "RunOrder": 10, }, ], "Name": "BLEA-Prod-Stage", diff --git a/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample.test.ts.snap b/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample.test.ts.snap index 186175021..5f8066148 100644 --- a/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample.test.ts.snap +++ b/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-sample.test.ts.snap @@ -368,22 +368,6 @@ Object { "Ref": "Vpc8378EB38", }, }, - "ExportsOutputRefVpcPrivateSubnet1Subnet536B997AFD4CC940": Object { - "Export": Object { - "Name": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet1Subnet536B997AFD4CC940", - }, - "Value": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "ExportsOutputRefVpcPrivateSubnet2Subnet3788AAA1380949A3": Object { - "Export": Object { - "Name": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet2Subnet3788AAA1380949A3", - }, - "Value": Object { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1", - }, - }, "ExportsOutputRefVpcProtectedSubnet1Subnet38ECE18AD245BDD6": Object { "Export": Object { "Name": "BLEA-Vpc:ExportsOutputRefVpcProtectedSubnet1Subnet38ECE18AD245BDD6", @@ -2747,545 +2731,6 @@ Object { `; exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 7`] = ` -Object { - "Outputs": Object { - "ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF": Object { - "Export": Object { - "Name": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", - }, - "Value": Object { - "Fn::GetAtt": Array [ - "apprepo60CBE1D0", - "Arn", - ], - }, - }, - "ExportsOutputRefapprepo60CBE1D08890BEDC": Object { - "Export": Object { - "Name": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - "Value": Object { - "Ref": "apprepo60CBE1D0", - }, - }, - }, - "Parameters": Object { - "BootstrapVersion": Object { - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", - "Type": "AWS::SSM::Parameter::Value", - }, - }, - "Resources": Object { - "apprepo60CBE1D0": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "ImageScanningConfiguration": Object { - "ScanOnPush": true, - }, - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::ECR::Repository", - "UpdateReplacePolicy": "Retain", - }, - "apprepoImageScanCompleteAA5AE0A9": Object { - "Properties": Object { - "EventPattern": Object { - "detail": Object { - "repository-name": Array [ - Object { - "Ref": "apprepo60CBE1D0", - }, - ], - "scan-status": Array [ - "COMPLETE", - ], - }, - "detail-type": Array [ - "ECR Image Scan", - ], - "source": Array [ - "aws.ecr", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::ImportValue": "BLEA-MonitorAlarm:ExportsOutputRefMonitorAlarmTopic9C746E8C5F969821", - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ - "1", - "2", - "3", - "4", - "5", - ], - Object { - "Ref": "BootstrapVersion", - }, - ], - }, - ], - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", - }, - ], - }, - }, -} -`; - -exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 8`] = ` -Object { - "Parameters": Object { - "BootstrapVersion": Object { - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", - "Type": "AWS::SSM::Parameter::Value", - }, - }, - "Resources": Object { - "AWS679f53fac002430cb0da5b7982bd22872D164C4C": Object { - "DependsOn": Array [ - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - "S3Key": "6dbd112fe448437b3438da4382c72fccbb7d2ee1543db222620d7447fffebc50.zip", - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", - "Arn", - ], - }, - "Runtime": "nodejs14.x", - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - "Timeout": 120, - }, - "Type": "AWS::Lambda::Function", - }, - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "sampleecsappproject2FB8FB9C": Object { - "Properties": Object { - "Artifacts": Object { - "Type": "NO_ARTIFACTS", - }, - "Cache": Object { - "Type": "NO_CACHE", - }, - "EncryptionKey": "alias/aws/s3", - "Environment": Object { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": Array [ - Object { - "Name": "AWS_DEFAULT_REGION", - "Type": "PLAINTEXT", - "Value": "ap-northeast-1", - }, - Object { - "Name": "AWS_ACCOUNT_ID", - "Type": "PLAINTEXT", - "Value": Object { - "Ref": "AWS::AccountId", - }, - }, - Object { - "Name": "IMAGE_TAG", - "Type": "PLAINTEXT", - "Value": "sample-ecs-app", - }, - Object { - "Name": "IMAGE_REPO_NAME", - "Type": "PLAINTEXT", - "Value": Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - }, - ], - "Image": "aws/codebuild/standard:4.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": true, - "Type": "LINUX_CONTAINER", - }, - "ServiceRole": Object { - "Fn::GetAtt": Array [ - "sampleecsappprojectRole65BC331E", - "Arn", - ], - }, - "Source": Object { - "Location": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - "/80f730532f1195ed4fede75fbf8191acdfc52e6721de3b612c0c6a7eab1dbbc1.zip", - ], - ], - }, - "Type": "S3", - }, - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::CodeBuild::Project", - }, - "sampleecsappprojectRole65BC331E": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "codebuild.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "sampleecsappprojectRoleDefaultPolicy539385CD": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::", - Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::", - Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - "/80f730532f1195ed4fede75fbf8191acdfc52e6721de3b612c0c6a7eab1dbbc1.zip", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/codebuild/", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/codebuild/", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - ":*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", - "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":codebuild:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":report-group/", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - "-*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:CompleteLayerUpload", - "ecr:InitiateLayerUpload", - "ecr:PutImage", - "ecr:UploadLayerPart", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:ecr:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "sampleecsappprojectRoleDefaultPolicy539385CD", - "Roles": Array [ - Object { - "Ref": "sampleecsappprojectRole65BC331E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "startBuild2A2C3416": Object { - "DeletionPolicy": "Delete", - "DependsOn": Array [ - "startBuildCustomResourcePolicy55D05B4A", - ], - "Properties": Object { - "Create": Object { - "Fn::Join": Array [ - "", - Array [ - "{\\"service\\":\\"CodeBuild\\",\\"action\\":\\"startBuild\\",\\"parameters\\":{\\"projectName\\":\\"", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - "\\"},\\"physicalResourceId\\":{\\"id\\":\\"", - Object { - "Fn::GetAtt": Array [ - "sampleecsappproject2FB8FB9C", - "Arn", - ], - }, - "\\"}}", - ], - ], - }, - "InstallLatestAwsSdk": true, - "ServiceToken": Object { - "Fn::GetAtt": Array [ - "AWS679f53fac002430cb0da5b7982bd22872D164C4C", - "Arn", - ], - }, - }, - "Type": "Custom::AWS", - "UpdateReplacePolicy": "Delete", - }, - "startBuildCustomResourcePolicy55D05B4A": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "codebuild:StartBuild", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "sampleecsappproject2FB8FB9C", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "startBuildCustomResourcePolicy55D05B4A", - "Roles": Array [ - Object { - "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ - "1", - "2", - "3", - "4", - "5", - ], - Object { - "Ref": "BootstrapVersion", - }, - ], - }, - ], - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", - }, - ], - }, - }, -} -`; - -exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 9`] = ` Object { "Outputs": Object { "ExportsOutputFnGetAttAlbTgUnHealthyHostCountD4A96E1AArnF5DDFCE6": Object { @@ -3697,41 +3142,13 @@ Object { "", Array [ Object { - "Fn::Select": Array [ - 4, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", - }, - ], - }, - ], + "Ref": "AWS::AccountId", }, - ".dkr.ecr.", - Object { - "Fn::Select": Array [ - 3, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", - }, - ], - }, - ], - }, - ".", + ".dkr.ecr.ap-northeast-1.", Object { "Ref": "AWS::URLSuffix", }, - "/", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - ":sample-ecs-app", + "/ecr-blea-ecsapp/docker/library/httpd:latest", ], ], }, @@ -3810,6 +3227,24 @@ Object { ], }, ], + "Policies": Array [ + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "ecr:BatchImportUpstreamImage", + "ecr:CreateRepository", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ecrPullThroughCache", + }, + ], "Tags": Array [ Object { "Key": "Environment", @@ -3831,7 +3266,20 @@ Object { ], "Effect": "Allow", "Resource": Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":ecr:ap-northeast-1:", + Object { + "Ref": "AWS::AccountId", + }, + ":repository/ecr-blea-ecsapp/docker/library/httpd", + ], + ], }, }, Object { @@ -3957,10 +3405,10 @@ Object { ], "Subnets": Array [ Object { - "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet1Subnet536B997AFD4CC940", + "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcProtectedSubnet1Subnet38ECE18AD245BDD6", }, Object { - "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet2Subnet3788AAA1380949A3", + "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcProtectedSubnet2SubnetC22C3325C694ECFB", }, ], }, @@ -4105,6 +3553,13 @@ Object { }, "Type": "AWS::ApplicationAutoScaling::ScalingPolicy", }, + "PullThroughCacheRule": Object { + "Properties": Object { + "EcrRepositoryPrefix": "ecr-blea-ecsapp", + "UpstreamRegistryUrl": "public.ecr.aws", + }, + "Type": "AWS::ECR::PullThroughCacheRule", + }, "SgFargateB5F998B7": Object { "Properties": Object { "GroupDescription": "BLEA-ECSApp/SgFargate", @@ -4176,7 +3631,7 @@ Object { } `; -exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 10`] = ` +exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 8`] = ` Object { "Outputs": Object { "ExportsOutputRefAurora2CBAB212533F1A7B": Object { @@ -4635,7 +4090,7 @@ Object { } `; -exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 11`] = ` +exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 9`] = ` Object { "Outputs": Object { "ExportsOutputFnGetAttcanaryDurationC40A61C8ArnEA607FBA": Object { @@ -5007,7 +4462,7 @@ Object { } `; -exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 12`] = ` +exports[`BLEA Guest Stacks GuestAccount ECS App Stacks 10`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { diff --git a/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-ssl-sample.test.ts.snap b/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-ssl-sample.test.ts.snap index 50eedd44d..1e391b6ad 100644 --- a/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-ssl-sample.test.ts.snap +++ b/usecases/guest-webapp-sample/test/__snapshots__/blea-guest-ecsapp-ssl-sample.test.ts.snap @@ -368,22 +368,6 @@ Object { "Ref": "Vpc8378EB38", }, }, - "ExportsOutputRefVpcPrivateSubnet1Subnet536B997AFD4CC940": Object { - "Export": Object { - "Name": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet1Subnet536B997AFD4CC940", - }, - "Value": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "ExportsOutputRefVpcPrivateSubnet2Subnet3788AAA1380949A3": Object { - "Export": Object { - "Name": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet2Subnet3788AAA1380949A3", - }, - "Value": Object { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1", - }, - }, "ExportsOutputRefVpcProtectedSubnet1Subnet38ECE18AD245BDD6": Object { "Export": Object { "Name": "BLEA-Vpc:ExportsOutputRefVpcProtectedSubnet1Subnet38ECE18AD245BDD6", @@ -3061,545 +3045,6 @@ Object { `; exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 7`] = ` -Object { - "Outputs": Object { - "ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF": Object { - "Export": Object { - "Name": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", - }, - "Value": Object { - "Fn::GetAtt": Array [ - "apprepo60CBE1D0", - "Arn", - ], - }, - }, - "ExportsOutputRefapprepo60CBE1D08890BEDC": Object { - "Export": Object { - "Name": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - "Value": Object { - "Ref": "apprepo60CBE1D0", - }, - }, - }, - "Parameters": Object { - "BootstrapVersion": Object { - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", - "Type": "AWS::SSM::Parameter::Value", - }, - }, - "Resources": Object { - "apprepo60CBE1D0": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "ImageScanningConfiguration": Object { - "ScanOnPush": true, - }, - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::ECR::Repository", - "UpdateReplacePolicy": "Retain", - }, - "apprepoImageScanCompleteAA5AE0A9": Object { - "Properties": Object { - "EventPattern": Object { - "detail": Object { - "repository-name": Array [ - Object { - "Ref": "apprepo60CBE1D0", - }, - ], - "scan-status": Array [ - "COMPLETE", - ], - }, - "detail-type": Array [ - "ECR Image Scan", - ], - "source": Array [ - "aws.ecr", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::ImportValue": "BLEA-MonitorAlarm:ExportsOutputRefMonitorAlarmTopic9C746E8C5F969821", - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ - "1", - "2", - "3", - "4", - "5", - ], - Object { - "Ref": "BootstrapVersion", - }, - ], - }, - ], - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", - }, - ], - }, - }, -} -`; - -exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 8`] = ` -Object { - "Parameters": Object { - "BootstrapVersion": Object { - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", - "Type": "AWS::SSM::Parameter::Value", - }, - }, - "Resources": Object { - "AWS679f53fac002430cb0da5b7982bd22872D164C4C": Object { - "DependsOn": Array [ - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - "S3Key": "6dbd112fe448437b3438da4382c72fccbb7d2ee1543db222620d7447fffebc50.zip", - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", - "Arn", - ], - }, - "Runtime": "nodejs14.x", - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - "Timeout": 120, - }, - "Type": "AWS::Lambda::Function", - }, - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "sampleecsappproject2FB8FB9C": Object { - "Properties": Object { - "Artifacts": Object { - "Type": "NO_ARTIFACTS", - }, - "Cache": Object { - "Type": "NO_CACHE", - }, - "EncryptionKey": "alias/aws/s3", - "Environment": Object { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": Array [ - Object { - "Name": "AWS_DEFAULT_REGION", - "Type": "PLAINTEXT", - "Value": "ap-northeast-1", - }, - Object { - "Name": "AWS_ACCOUNT_ID", - "Type": "PLAINTEXT", - "Value": Object { - "Ref": "AWS::AccountId", - }, - }, - Object { - "Name": "IMAGE_TAG", - "Type": "PLAINTEXT", - "Value": "sample-ecs-app", - }, - Object { - "Name": "IMAGE_REPO_NAME", - "Type": "PLAINTEXT", - "Value": Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - }, - ], - "Image": "aws/codebuild/standard:4.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": true, - "Type": "LINUX_CONTAINER", - }, - "ServiceRole": Object { - "Fn::GetAtt": Array [ - "sampleecsappprojectRole65BC331E", - "Arn", - ], - }, - "Source": Object { - "Location": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - "/80f730532f1195ed4fede75fbf8191acdfc52e6721de3b612c0c6a7eab1dbbc1.zip", - ], - ], - }, - "Type": "S3", - }, - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::CodeBuild::Project", - }, - "sampleecsappprojectRole65BC331E": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "codebuild.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Environment", - "Value": "Development", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "sampleecsappprojectRoleDefaultPolicy539385CD": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::", - Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::", - Object { - "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", - }, - "/80f730532f1195ed4fede75fbf8191acdfc52e6721de3b612c0c6a7eab1dbbc1.zip", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/codebuild/", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/codebuild/", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - ":*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", - "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":codebuild:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":report-group/", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - "-*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:CompleteLayerUpload", - "ecr:InitiateLayerUpload", - "ecr:PutImage", - "ecr:UploadLayerPart", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:ecr:ap-northeast-1:", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "sampleecsappprojectRoleDefaultPolicy539385CD", - "Roles": Array [ - Object { - "Ref": "sampleecsappprojectRole65BC331E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "startBuild2A2C3416": Object { - "DeletionPolicy": "Delete", - "DependsOn": Array [ - "startBuildCustomResourcePolicy55D05B4A", - ], - "Properties": Object { - "Create": Object { - "Fn::Join": Array [ - "", - Array [ - "{\\"service\\":\\"CodeBuild\\",\\"action\\":\\"startBuild\\",\\"parameters\\":{\\"projectName\\":\\"", - Object { - "Ref": "sampleecsappproject2FB8FB9C", - }, - "\\"},\\"physicalResourceId\\":{\\"id\\":\\"", - Object { - "Fn::GetAtt": Array [ - "sampleecsappproject2FB8FB9C", - "Arn", - ], - }, - "\\"}}", - ], - ], - }, - "InstallLatestAwsSdk": true, - "ServiceToken": Object { - "Fn::GetAtt": Array [ - "AWS679f53fac002430cb0da5b7982bd22872D164C4C", - "Arn", - ], - }, - }, - "Type": "Custom::AWS", - "UpdateReplacePolicy": "Delete", - }, - "startBuildCustomResourcePolicy55D05B4A": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "codebuild:StartBuild", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "sampleecsappproject2FB8FB9C", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "startBuildCustomResourcePolicy55D05B4A", - "Roles": Array [ - Object { - "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ - "1", - "2", - "3", - "4", - "5", - ], - Object { - "Ref": "BootstrapVersion", - }, - ], - }, - ], - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", - }, - ], - }, - }, -} -`; - -exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 9`] = ` Object { "Outputs": Object { "ExportsOutputFnGetAttAlbTgUnHealthyHostCountD4A96E1AArnF5DDFCE6": Object { @@ -4011,41 +3456,13 @@ Object { "", Array [ Object { - "Fn::Select": Array [ - 4, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", - }, - ], - }, - ], + "Ref": "AWS::AccountId", }, - ".dkr.ecr.", - Object { - "Fn::Select": Array [ - 3, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", - }, - ], - }, - ], - }, - ".", + ".dkr.ecr.ap-northeast-1.", Object { "Ref": "AWS::URLSuffix", }, - "/", - Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputRefapprepo60CBE1D08890BEDC", - }, - ":sample-ecs-app", + "/ecr-blea-ecsapp/docker/library/httpd:latest", ], ], }, @@ -4124,6 +3541,24 @@ Object { ], }, ], + "Policies": Array [ + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "ecr:BatchImportUpstreamImage", + "ecr:CreateRepository", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ecrPullThroughCache", + }, + ], "Tags": Array [ Object { "Key": "Environment", @@ -4145,7 +3580,20 @@ Object { ], "Effect": "Allow", "Resource": Object { - "Fn::ImportValue": "BLEA-ECR:ExportsOutputFnGetAttapprepo60CBE1D0ArnCF800CDF", + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":ecr:ap-northeast-1:", + Object { + "Ref": "AWS::AccountId", + }, + ":repository/ecr-blea-ecsapp/docker/library/httpd", + ], + ], }, }, Object { @@ -4271,10 +3719,10 @@ Object { ], "Subnets": Array [ Object { - "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet1Subnet536B997AFD4CC940", + "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcProtectedSubnet1Subnet38ECE18AD245BDD6", }, Object { - "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcPrivateSubnet2Subnet3788AAA1380949A3", + "Fn::ImportValue": "BLEA-Vpc:ExportsOutputRefVpcProtectedSubnet2SubnetC22C3325C694ECFB", }, ], }, @@ -4419,6 +3867,13 @@ Object { }, "Type": "AWS::ApplicationAutoScaling::ScalingPolicy", }, + "PullThroughCacheRule": Object { + "Properties": Object { + "EcrRepositoryPrefix": "ecr-blea-ecsapp", + "UpstreamRegistryUrl": "public.ecr.aws", + }, + "Type": "AWS::ECR::PullThroughCacheRule", + }, "SgFargateB5F998B7": Object { "Properties": Object { "GroupDescription": "BLEA-ECSApp/SgFargate", @@ -4490,7 +3945,7 @@ Object { } `; -exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 10`] = ` +exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 8`] = ` Object { "Outputs": Object { "ExportsOutputRefAurora2CBAB212533F1A7B": Object { @@ -4949,7 +4404,7 @@ Object { } `; -exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 11`] = ` +exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 9`] = ` Object { "Outputs": Object { "ExportsOutputFnGetAttcanaryDurationC40A61C8ArnEA607FBA": Object { @@ -5319,7 +4774,7 @@ Object { } `; -exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 12`] = ` +exports[`BLEA Guest Stacks GuestAccount ECS App SSL Stacks 10`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { diff --git a/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample-pipeline.test.ts b/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample-pipeline.test.ts index 04e9b0523..36cb7d1a2 100644 --- a/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample-pipeline.test.ts +++ b/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample-pipeline.test.ts @@ -10,8 +10,6 @@ import { BLEAChatbotStack } from '../lib/blea-chatbot-stack'; import { BLEAMonitorAlarmStack } from '../lib/blea-monitor-alarm-stack'; import { BLEAKeyAppStack } from '../lib/blea-key-app-stack'; import { BLEAVpcStack } from '../lib/blea-vpc-stack'; -import { BLEAECRStack } from '../lib/blea-ecr-stack'; -import { BLEABuildContainerStack } from '../lib/blea-build-container-stack'; import { BLEAECSAppStack } from '../lib/blea-ecsapp-stack'; import { BLEADbAuroraPgStack } from '../lib/blea-db-aurora-pg-stack'; import { BLEAWafStack } from '../lib/blea-waf-stack'; @@ -87,31 +85,14 @@ describe(`${pjPrefix} Stacks`, () => { env: procEnv, }); - // Container Repository - const ecr = new BLEAECRStack(this, `${pjPrefix}-ECR`, { - // TODO: will get "repositoryName" from parameters - repositoryName: 'apprepo', - alarmTopic: monitorAlarm.alarmTopic, - env: procEnv, - }); - - // Build Container Image - const build_container = new BLEABuildContainerStack(this, `${pjPrefix}-ContainerImage`, { - ecrRepository: ecr.repository, - env: procEnv, - }); - // Application Stack (LoadBalancer + Fargate) const ecsApp = new BLEAECSAppStack(this, `${pjPrefix}-ECSApp`, { myVpc: prodVpc.myVpc, appKey: appKey.kmsKey, - repository: ecr.repository, - imageTag: build_container.imageTag, alarmTopic: monitorAlarm.alarmTopic, webFront: front, env: procEnv, }); - ecsApp.addDependency(build_container); // Aurora const dbCluster = new BLEADbAuroraPgStack(this, `${pjPrefix}-DBAuroraPg`, { diff --git a/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample.test.ts b/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample.test.ts index 7b3b197bc..53dc3548e 100644 --- a/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample.test.ts +++ b/usecases/guest-webapp-sample/test/blea-guest-ecsapp-sample.test.ts @@ -7,8 +7,6 @@ import * as cdk_json from '../cdk.json'; import { BLEAMonitorAlarmStack } from '../lib/blea-monitor-alarm-stack'; import { BLEAKeyAppStack } from '../lib/blea-key-app-stack'; import { BLEAVpcStack } from '../lib/blea-vpc-stack'; -import { BLEAECRStack } from '../lib/blea-ecr-stack'; -import { BLEABuildContainerStack } from '../lib/blea-build-container-stack'; import { BLEAECSAppStack } from '../lib/blea-ecsapp-stack'; import { BLEADbAuroraPgStack } from '../lib/blea-db-aurora-pg-stack'; import { BLEAWafStack } from '../lib/blea-waf-stack'; @@ -72,31 +70,14 @@ describe(`${pjPrefix} Guest Stacks`, () => { env: procEnv, }); - // Container Repository - const ecr = new BLEAECRStack(app, `${pjPrefix}-ECR`, { - // TODO: will get "repositoryName" from parameters - repositoryName: 'apprepo', - alarmTopic: monitorAlarm.alarmTopic, - env: procEnv, - }); - - // Build Container Image - const build_container = new BLEABuildContainerStack(app, `${pjPrefix}-ContainerImage`, { - ecrRepository: ecr.repository, - env: procEnv, - }); - // Application Stack (LoadBalancer + Fargate) const ecsApp = new BLEAECSAppStack(app, `${pjPrefix}-ECSApp`, { myVpc: prodVpc.myVpc, appKey: appKey.kmsKey, - repository: ecr.repository, - imageTag: build_container.imageTag, alarmTopic: monitorAlarm.alarmTopic, webFront: front, env: procEnv, }); - ecsApp.addDependency(build_container); // Aurora const dbCluster = new BLEADbAuroraPgStack(app, `${pjPrefix}-DBAuroraPg`, { @@ -146,8 +127,6 @@ describe(`${pjPrefix} Guest Stacks`, () => { expect(Template.fromStack(prodVpc)).toMatchSnapshot(); expect(Template.fromStack(waf)).toMatchSnapshot(); expect(Template.fromStack(front)).toMatchSnapshot(); - expect(Template.fromStack(ecr)).toMatchSnapshot(); - expect(Template.fromStack(build_container)).toMatchSnapshot(); expect(Template.fromStack(ecsApp)).toMatchSnapshot(); expect(Template.fromStack(dbCluster)).toMatchSnapshot(); expect(Template.fromStack(appCanary)).toMatchSnapshot(); diff --git a/usecases/guest-webapp-sample/test/blea-guest-ecsapp-ssl-sample.test.ts b/usecases/guest-webapp-sample/test/blea-guest-ecsapp-ssl-sample.test.ts index 6544ea462..659f4bc6c 100644 --- a/usecases/guest-webapp-sample/test/blea-guest-ecsapp-ssl-sample.test.ts +++ b/usecases/guest-webapp-sample/test/blea-guest-ecsapp-ssl-sample.test.ts @@ -7,8 +7,6 @@ import * as cdk_json from '../cdk.json'; import { BLEAMonitorAlarmStack } from '../lib/blea-monitor-alarm-stack'; import { BLEAKeyAppStack } from '../lib/blea-key-app-stack'; import { BLEAVpcStack } from '../lib/blea-vpc-stack'; -import { BLEAECRStack } from '../lib/blea-ecr-stack'; -import { BLEABuildContainerStack } from '../lib/blea-build-container-stack'; import { BLEAECSAppStack } from '../lib/blea-ecsapp-stack'; import { BLEADbAuroraPgStack } from '../lib/blea-db-aurora-pg-stack'; import { BLEAWafStack } from '../lib/blea-waf-stack'; @@ -75,31 +73,14 @@ describe(`${pjPrefix} Guest Stacks`, () => { env: procEnv, }); - // Container Repository - const ecr = new BLEAECRStack(app, `${pjPrefix}-ECR`, { - // TODO: will get "repositoryName" from parameters - repositoryName: 'apprepo', - alarmTopic: monitorAlarm.alarmTopic, - env: procEnv, - }); - - // Build Container Image - const build_container = new BLEABuildContainerStack(app, `${pjPrefix}-ContainerImage`, { - ecrRepository: ecr.repository, - env: procEnv, - }); - // Application Stack (LoadBalancer + Fargate) const ecsApp = new BLEAECSAppStack(app, `${pjPrefix}-ECSApp`, { myVpc: prodVpc.myVpc, appKey: appKey.kmsKey, - repository: ecr.repository, - imageTag: build_container.imageTag, alarmTopic: monitorAlarm.alarmTopic, webFront: front, env: procEnv, }); - ecsApp.addDependency(build_container); // Aurora const dbCluster = new BLEADbAuroraPgStack(app, `${pjPrefix}-DBAuroraPg`, { @@ -149,8 +130,6 @@ describe(`${pjPrefix} Guest Stacks`, () => { expect(Template.fromStack(prodVpc)).toMatchSnapshot(); expect(Template.fromStack(waf)).toMatchSnapshot(); expect(Template.fromStack(front)).toMatchSnapshot(); - expect(Template.fromStack(ecr)).toMatchSnapshot(); - expect(Template.fromStack(build_container)).toMatchSnapshot(); expect(Template.fromStack(ecsApp)).toMatchSnapshot(); expect(Template.fromStack(dbCluster)).toMatchSnapshot(); expect(Template.fromStack(appCanary)).toMatchSnapshot();