Skip to content

Commit

Permalink
Remove task definition role
Browse files Browse the repository at this point in the history
Remove task execution role
Remove BlockchainListener prefix from cdk
  • Loading branch information
fedecastelli committed Feb 6, 2023
1 parent c57bb08 commit 8075a84
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 62 deletions.
16 changes: 0 additions & 16 deletions API.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

55 changes: 9 additions & 46 deletions src/blockchain-listener.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import * as path from 'path';
import { aws_ec2 as ec2, aws_ecs as ecs, aws_events as events, aws_iam as iam, aws_logs as logs, RemovalPolicy } from 'aws-cdk-lib';
import { aws_ec2 as ec2, aws_ecs as ecs, aws_events as events, aws_logs as logs, RemovalPolicy } from 'aws-cdk-lib';
import { Construct } from 'constructs';

/**
Expand Down Expand Up @@ -54,13 +54,6 @@ export class BlockchainListener extends Construct {

private readonly ecsCluster: ecs.Cluster;
private readonly ecsTaskDefinition: ecs.TaskDefinition;

/**
* The AWS IAM Role used by the ECS Fargate Task while running. It's the IAM Role you have to update if you need
* to add more permissions to the ECS Fargate Task.
*/
public readonly ecsTaskDefinitionIAMRole: iam.Role;
private readonly ecsTaskDefinitionExecutionIAMRole: iam.Role;
/**
* The blockchain listener docker container. It gives you the control to set environment variables, if it's necessary
*/
Expand All @@ -71,12 +64,12 @@ export class BlockchainListener extends Construct {
// create a new Event Bridge Bus in which the ECS container is allowed to send events
this.eventBus = new events.EventBus(
this,
'BlockchainListenerEventBus',
'EventBus',
{},
);
this.ecsLogGroup = new logs.LogGroup(
this,
'BlockchainListenerLogGroup',
'LogGroup',
{
retention: logs.RetentionDays.TWO_WEEKS,
removalPolicy: RemovalPolicy.DESTROY,
Expand All @@ -85,7 +78,7 @@ export class BlockchainListener extends Construct {
// TODO: create vpc optional
this.vpc = new ec2.Vpc(
this,
'BlockchainListenerVPC',
'VPC',
{
natGateways: 0,
natGatewayProvider: undefined,
Expand All @@ -94,7 +87,7 @@ export class BlockchainListener extends Construct {
);
this.securityGroup = new ec2.SecurityGroup(
this,
'BlockchainListenerSecurityGroup',
'SecurityGroup',
{
vpc: this.vpc,
description: 'Security group used by the Blockchain Listener',
Expand All @@ -105,45 +98,17 @@ export class BlockchainListener extends Construct {
// create the cluster in which the fargate task will run in
this.ecsCluster = new ecs.Cluster(
this,
'BlockchainListenerECSCluster',
'ECSCluster',
{
enableFargateCapacityProviders: true,
containerInsights: false,
vpc: this.vpc,
},
);
// the IAM role used by the ecs task while running
this.ecsTaskDefinitionIAMRole = new iam.Role(
this,
'BlockchainListenerECSTaskDefinitionIamRole',
{
assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
description: 'IAM Role used by the Blockchain Listener ECS Task Definition to listen to blockchain ' +
'events and send events to the correct Event Bridge Bus',
path: '/',
},
);
// the IAM role used by the ecs task while starting
this.ecsTaskDefinitionExecutionIAMRole = new iam.Role(
this,
'BlockchainListenerECSTaskDefinitionExecutionIamRole',
{
assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
description: "IAM Role used as execution role by the Blockchain Role. It's the role used to start the task",
path: '/',
managedPolicies: [
iam.ManagedPolicy.fromManagedPolicyArn(
this,
'BlockchainListenerECSTaskExecutionRolePolicy',
'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
),
],
},
);
// the ecs task definition containing cpu architecture, cpu and memory
this.ecsTaskDefinition = new ecs.TaskDefinition(
this,
'BlockchainListenerTaskDefinition',
'ECSTaskDefinition',
{
cpu: '256',
memoryMiB: '512',
Expand All @@ -153,13 +118,11 @@ export class BlockchainListener extends Construct {
},
compatibility: ecs.Compatibility.FARGATE,
networkMode: ecs.NetworkMode.AWS_VPC,
taskRole: this.ecsTaskDefinitionIAMRole,
executionRole: this.ecsTaskDefinitionExecutionIAMRole,
},
);
// add the container with the docker image built locally
this.blockchainListenerContainer = this.ecsTaskDefinition.addContainer(
'BlockchainListenerECSTaskDefinitionContainer',
'ECSTaskDefinitionContainer',
{
image: ecs.ContainerImage.fromAsset(path.resolve(__dirname, props.containerImageDirectory)),
logging: ecs.LogDriver.awsLogs({ logGroup: this.ecsLogGroup, streamPrefix: 'ecs' }),
Expand All @@ -171,7 +134,7 @@ export class BlockchainListener extends Construct {
// create a new ecs service to keep 1 instance always running
new ecs.FargateService(
this,
'BlockchainListenerECSService',
'ECSService',
{
cluster: this.ecsCluster,
taskDefinition: this.ecsTaskDefinition,
Expand Down

0 comments on commit 8075a84

Please sign in to comment.