From c73e09a314fa5fa25e41700b6d8e0d7f5a7423a4 Mon Sep 17 00:00:00 2001 From: Calvin Combs Date: Wed, 9 Aug 2023 17:51:51 -0700 Subject: [PATCH 1/5] still getting access denied... --- .../aws-batch-alpha/lib/ecs-job-definition.ts | 10 +++++ .../test/ecs-job-definition.test.ts | 45 ++++++++++++++++++- 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts index e92cd58b9e914..14c17ee448571 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts @@ -3,6 +3,8 @@ import { Construct } from 'constructs'; import { CfnJobDefinition } from 'aws-cdk-lib/aws-batch'; import { EcsEc2ContainerDefinition, IEcsContainerDefinition } from './ecs-container-definition'; import { baseJobDefinitionProperties, IJobDefinition, JobDefinitionBase, JobDefinitionProps } from './job-definition-base'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import { IJobQueue } from './job-queue'; /** * A JobDefinition that uses ECS orchestration @@ -102,6 +104,14 @@ export class EcsJobDefinition extends JobDefinitionBase implements IEcsJobDefini this.jobDefinitionName = EcsJobDefinition.getJobDefinitionName(scope, this.jobDefinitionArn); } + public grantSubmitJob(identity: iam.IGrantable, queue: IJobQueue) { + iam.Grant.addToPrincipal({ + actions: ['batch:SubmitJob'], + grantee: identity, + resourceArns: [this.jobDefinitionArn, queue.jobQueueArn], + }); + } + private renderPlatformCapabilities() { if (this.container instanceof EcsEc2ContainerDefinition) { return [Compatibility.EC2]; diff --git a/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts index 8cf3711e76b6c..9839a6957298f 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts @@ -1,7 +1,9 @@ import { Template } from 'aws-cdk-lib/assertions'; import * as ecs from 'aws-cdk-lib/aws-ecs'; import { DefaultTokenResolver, Size, StringConcat, Stack, Tokenization } from 'aws-cdk-lib'; -import { Compatibility, EcsEc2ContainerDefinition, EcsFargateContainerDefinition, EcsJobDefinition } from '../lib'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import { Compatibility, EcsEc2ContainerDefinition, EcsFargateContainerDefinition, EcsJobDefinition, JobQueue, ManagedEc2EcsComputeEnvironment } from '../lib'; +import { Vpc } from 'aws-cdk-lib/aws-ec2'; test('EcsJobDefinition respects propagateTags', () => { // GIVEN @@ -127,3 +129,44 @@ test('JobDefinitionName is parsed from arn in imported job', () => { // THEN expect(importedJob.jobDefinitionName).toEqual('job-def-name'); }); + +test('grantSubmitJob() grants the job role the correct actions', () => { + // GIVEN + const stack = new Stack(); + const ecsJob = new EcsJobDefinition(stack, 'ECSJob', { + container: new EcsFargateContainerDefinition(stack, 'EcsContainer', { + cpu: 256, + memory: Size.mebibytes(2048), + image: ecs.ContainerImage.fromRegistry('foorepo/fooimage'), + }), + }); + const queue = new JobQueue(stack, 'queue'); + + queue.addComputeEnvironment( + new ManagedEc2EcsComputeEnvironment(stack, 'env', { + vpc: new Vpc(stack, 'VPC'), + }), + 1, + ); + + const user = new iam.User(stack, 'MyUser'); + + // WHEN + ecsJob.grantSubmitJob(user, queue); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [{ + Action: 'batch:SubmitJob', + Effect: 'Allow', + Resource: [ + { Ref: 'ECSJobFFFEA569' }, + { 'Fn::GetAtt': ['queue276F7297', 'JobQueueArn'] }, + ], + }], + Version: '2012-10-17', + }, + PolicyName: 'MyUserDefaultPolicy7B897426', + }); +}); From 287cd36937059c6ce23347b0804180f9838a5404 Mon Sep 17 00:00:00 2001 From: Calvin Combs Date: Fri, 11 Aug 2023 15:05:43 -0700 Subject: [PATCH 2/5] integ test --- .../aws-batch-alpha/lib/ecs-job-definition.ts | 3 + ...efaultTestDeployAssertE5BAAC9B.assets.json | 19 + ...aultTestDeployAssertE5BAAC9B.template.json | 36 + .../test/integ.grants.js.snapshot/cdk.out | 1 + .../test/integ.grants.js.snapshot/integ.json | 12 + .../integ.grants.js.snapshot/manifest.json | 303 +++++ .../stack.assets.json | 19 + .../stack.template.json | 671 ++++++++++ .../test/integ.grants.js.snapshot/tree.json | 1191 +++++++++++++++++ .../aws-batch-alpha/test/integ.grants.ts | 38 + 10 files changed, 2293 insertions(+) create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.template.json create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.assets.json create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.template.json create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-batch-alpha/test/integ.grants.ts diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts index 14c17ee448571..46893e4026e87 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-job-definition.ts @@ -104,6 +104,9 @@ export class EcsJobDefinition extends JobDefinitionBase implements IEcsJobDefini this.jobDefinitionName = EcsJobDefinition.getJobDefinitionName(scope, this.jobDefinitionArn); } + /** + * Grants the `batch:submitJob` permission to the identity on both this job definition and the `queue` + */ public grantSubmitJob(identity: iam.IGrantable, queue: IJobQueue) { iam.Grant.addToPrincipal({ actions: ['batch:SubmitJob'], diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json new file mode 100644 index 0000000000000..06d93773815c6 --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json @@ -0,0 +1,19 @@ +{ + "version": "33.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.template.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/cdk.out b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/cdk.out new file mode 100644 index 0000000000000..560dae10d018f --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"33.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/integ.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/integ.json new file mode 100644 index 0000000000000..ce3de06dcefa3 --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "33.0.0", + "testCases": { + "BatchEcsJobDefinitionTest/DefaultTest": { + "stacks": [ + "stack" + ], + "assertionStack": "BatchEcsJobDefinitionTest/DefaultTest/DeployAssert", + "assertionStackName": "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/manifest.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/manifest.json new file mode 100644 index 0000000000000..b5d6e283821d9 --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/manifest.json @@ -0,0 +1,303 @@ +{ + "version": "33.0.0", + "artifacts": { + "stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "stack.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0c8afaea64b37b6c143f96d8a69d57de3f487324a501b01a76df82b8f8bfee8d.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "stack.assets" + ], + "metadata": { + "/stack/vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcA2121C38" + } + ], + "/stack/vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1Subnet2E65531E" + } + ], + "/stack/vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1RouteTable48A2DF9B" + } + ], + "/stack/vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1RouteTableAssociation5D3F4579" + } + ], + "/stack/vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1DefaultRoute10708846" + } + ], + "/stack/vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1EIPDA49DCBE" + } + ], + "/stack/vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1NATGateway9C16659E" + } + ], + "/stack/vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2Subnet009B674F" + } + ], + "/stack/vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2RouteTableEB40D4CB" + } + ], + "/stack/vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2RouteTableAssociation21F81B59" + } + ], + "/stack/vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2DefaultRouteA1EC0F60" + } + ], + "/stack/vpc/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2EIP9B3743B1" + } + ], + "/stack/vpc/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2NATGateway9B8AE11A" + } + ], + "/stack/vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1Subnet934893E8" + } + ], + "/stack/vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1RouteTableB41A48CC" + } + ], + "/stack/vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1RouteTableAssociation67945127" + } + ], + "/stack/vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1DefaultRoute1AA8E2E5" + } + ], + "/stack/vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "/stack/vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2RouteTable7280F23E" + } + ], + "/stack/vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2RouteTableAssociation007E94D3" + } + ], + "/stack/vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2DefaultRouteB0E07F99" + } + ], + "/stack/vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcIGWE57CBDCA" + } + ], + "/stack/vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcVPCGW7984C166" + } + ], + "/stack/managedEc2CE/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "managedEc2CESecurityGroup7EB1D710" + } + ], + "/stack/managedEc2CE/InstanceProfileRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "managedEc2CEInstanceProfileRole58A9B8C3" + } + ], + "/stack/managedEc2CE/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "managedEc2CEInstanceProfile720729B7" + } + ], + "/stack/managedEc2CE/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "managedEc2CE195A935F" + } + ], + "/stack/joBBQ/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "joBBQ9FD52DAF" + } + ], + "/stack/EcsContainer/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EcsContainerExecutionRole3B199293" + } + ], + "/stack/EcsContainer/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EcsContainerExecutionRoleDefaultPolicy6F59CD37" + } + ], + "/stack/ECSJob/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSJobFFFEA569" + } + ], + "/stack/MyUser/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyUserDC45028B" + } + ], + "/stack/MyUser/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyUserDefaultPolicy7B897426" + } + ], + "/stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "stack" + }, + "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets" + ], + "metadata": { + "/BatchEcsJobDefinitionTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/BatchEcsJobDefinitionTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "BatchEcsJobDefinitionTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.assets.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.assets.json new file mode 100644 index 0000000000000..bca4fa976c29d --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "33.0.0", + "files": { + "0c8afaea64b37b6c143f96d8a69d57de3f487324a501b01a76df82b8f8bfee8d": { + "source": { + "path": "stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "0c8afaea64b37b6c143f96d8a69d57de3f487324a501b01a76df82b8f8bfee8d.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.template.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.template.json new file mode 100644 index 0000000000000..e72704f9aa3e7 --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/stack.template.json @@ -0,0 +1,671 @@ +{ + "Resources": { + "vpcA2121C38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc" + } + ] + } + }, + "vpcPublicSubnet1Subnet2E65531E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTable48A2DF9B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTableAssociation5D3F4579": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "vpcPublicSubnet1DefaultRoute10708846": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet1EIPDA49DCBE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1NATGateway9C16659E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1RouteTableAssociation5D3F4579" + ] + }, + "vpcPublicSubnet2Subnet009B674F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableEB40D4CB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableAssociation21F81B59": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "vpcPublicSubnet2DefaultRouteA1EC0F60": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet2EIP9B3743B1": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2NATGateway9B8AE11A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2RouteTableAssociation21F81B59" + ] + }, + "vpcPrivateSubnet1Subnet934893E8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "stack/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableB41A48CC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableAssociation67945127": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + }, + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + } + } + }, + "vpcPrivateSubnet2Subnet7031C2BA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "stack/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTable7280F23E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTableAssociation007E94D3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "vpcPrivateSubnet2DefaultRouteB0E07F99": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" + }, + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + } + } + }, + "vpcIGWE57CBDCA": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "stack/vpc" + } + ] + } + }, + "vpcVPCGW7984C166": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "managedEc2CESecurityGroup7EB1D710": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "stack/managedEc2CE/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "managedEc2CEInstanceProfileRole58A9B8C3": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "managedEc2CEInstanceProfile720729B7": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "managedEc2CEInstanceProfileRole58A9B8C3" + } + ] + } + }, + "managedEc2CE195A935F": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "ComputeResources": { + "AllocationStrategy": "BEST_FIT_PROGRESSIVE", + "InstanceRole": { + "Fn::GetAtt": [ + "managedEc2CEInstanceProfile720729B7", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "managedEc2CESecurityGroup7EB1D710", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Type": "EC2", + "UpdateToLatestImageVersion": true + }, + "ReplaceComputeEnvironment": false, + "State": "ENABLED", + "Type": "managed", + "UpdatePolicy": {} + } + }, + "joBBQ9FD52DAF": { + "Type": "AWS::Batch::JobQueue", + "Properties": { + "ComputeEnvironmentOrder": [ + { + "ComputeEnvironment": { + "Fn::GetAtt": [ + "managedEc2CE195A935F", + "ComputeEnvironmentArn" + ] + }, + "Order": 1 + } + ], + "Priority": 10, + "State": "ENABLED" + } + }, + "EcsContainerExecutionRole3B199293": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "EcsContainerExecutionRoleDefaultPolicy6F59CD37": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/batch/job:*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "EcsContainerExecutionRoleDefaultPolicy6F59CD37", + "Roles": [ + { + "Ref": "EcsContainerExecutionRole3B199293" + } + ] + } + }, + "ECSJobFFFEA569": { + "Type": "AWS::Batch::JobDefinition", + "Properties": { + "ContainerProperties": { + "Environment": [], + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "EcsContainerExecutionRole3B199293", + "Arn" + ] + }, + "Image": "foorepo/fooimage", + "ReadonlyRootFilesystem": false, + "ResourceRequirements": [ + { + "Type": "MEMORY", + "Value": "2048" + }, + { + "Type": "VCPU", + "Value": "256" + } + ] + }, + "PlatformCapabilities": [ + "EC2" + ], + "RetryStrategy": {}, + "Timeout": {}, + "Type": "container" + } + }, + "MyUserDC45028B": { + "Type": "AWS::IAM::User" + }, + "MyUserDefaultPolicy7B897426": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "batch:SubmitJob", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "joBBQ9FD52DAF", + "JobQueueArn" + ] + }, + { + "Ref": "ECSJobFFFEA569" + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MyUserDefaultPolicy7B897426", + "Users": [ + { + "Ref": "MyUserDC45028B" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/tree.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/tree.json new file mode 100644 index 0000000000000..e85ddc568c1cf --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.js.snapshot/tree.json @@ -0,0 +1,1191 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "stack": { + "id": "stack", + "path": "stack", + "children": { + "vpc": { + "id": "vpc", + "path": "stack/vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "stack/vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "stack/vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "stack/vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "stack/vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "stack/vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "stack/vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "stack/vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "subnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "stack/vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "routeTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "stack/vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "stack/vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "stack/vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "stack/vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "stack/vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "stack/vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "stack/vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "stack/vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "subnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "stack/vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "routeTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "stack/vpc/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "stack/vpc/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "stack/vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "stack/vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "stack/vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "stack/vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "stack/vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "stack/vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "subnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "stack/vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + }, + "routeTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "stack/vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "stack/vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "stack/vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "stack/vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "stack/vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "stack/vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "stack/vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "subnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "stack/vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" + }, + "routeTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "stack/vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "stack/vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "stack/vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "managedEc2CE": { + "id": "managedEc2CE", + "path": "stack/managedEc2CE", + "children": { + "SecurityGroup": { + "id": "SecurityGroup", + "path": "stack/managedEc2CE/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/managedEc2CE/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "stack/managedEc2CE/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceProfileRole": { + "id": "InstanceProfileRole", + "path": "stack/managedEc2CE/InstanceProfileRole", + "children": { + "ImportInstanceProfileRole": { + "id": "ImportInstanceProfileRole", + "path": "stack/managedEc2CE/InstanceProfileRole/ImportInstanceProfileRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "stack/managedEc2CE/InstanceProfileRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "stack/managedEc2CE/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "managedEc2CEInstanceProfileRole58A9B8C3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "stack/managedEc2CE/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "computeResources": { + "maxvCpus": 256, + "type": "EC2", + "updateToLatestImageVersion": true, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "managedEc2CESecurityGroup7EB1D710", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "minvCpus": 0, + "instanceRole": { + "Fn::GetAtt": [ + "managedEc2CEInstanceProfile720729B7", + "Arn" + ] + }, + "instanceTypes": [ + "optimal" + ], + "allocationStrategy": "BEST_FIT_PROGRESSIVE" + }, + "replaceComputeEnvironment": false, + "state": "ENABLED", + "type": "managed", + "updatePolicy": {} + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch-alpha.ManagedEc2EcsComputeEnvironment", + "version": "0.0.0" + } + }, + "joBBQ": { + "id": "joBBQ", + "path": "stack/joBBQ", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/joBBQ/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::JobQueue", + "aws:cdk:cloudformation:props": { + "computeEnvironmentOrder": [ + { + "computeEnvironment": { + "Fn::GetAtt": [ + "managedEc2CE195A935F", + "ComputeEnvironmentArn" + ] + }, + "order": 1 + } + ], + "priority": 10, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.CfnJobQueue", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch-alpha.JobQueue", + "version": "0.0.0" + } + }, + "EcsContainer": { + "id": "EcsContainer", + "path": "stack/EcsContainer", + "children": { + "ExecutionRole": { + "id": "ExecutionRole", + "path": "stack/EcsContainer/ExecutionRole", + "children": { + "ImportExecutionRole": { + "id": "ImportExecutionRole", + "path": "stack/EcsContainer/ExecutionRole/ImportExecutionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "stack/EcsContainer/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "stack/EcsContainer/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/EcsContainer/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/batch/job:*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "EcsContainerExecutionRoleDefaultPolicy6F59CD37", + "roles": [ + { + "Ref": "EcsContainerExecutionRole3B199293" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "batchDefaultLogGroup": { + "id": "batchDefaultLogGroup", + "path": "stack/EcsContainer/batchDefaultLogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch-alpha.EcsEc2ContainerDefinition", + "version": "0.0.0" + } + }, + "ECSJob": { + "id": "ECSJob", + "path": "stack/ECSJob", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/ECSJob/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::JobDefinition", + "aws:cdk:cloudformation:props": { + "containerProperties": { + "image": "foorepo/fooimage", + "environment": [], + "executionRoleArn": { + "Fn::GetAtt": [ + "EcsContainerExecutionRole3B199293", + "Arn" + ] + }, + "readonlyRootFilesystem": false, + "resourceRequirements": [ + { + "type": "MEMORY", + "value": "2048" + }, + { + "type": "VCPU", + "value": "256" + } + ] + }, + "platformCapabilities": [ + "EC2" + ], + "retryStrategy": {}, + "timeout": {}, + "type": "container" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.CfnJobDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch-alpha.EcsJobDefinition", + "version": "0.0.0" + } + }, + "MyUser": { + "id": "MyUser", + "path": "stack/MyUser", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/MyUser/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::User", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnUser", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "stack/MyUser/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/MyUser/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "batch:SubmitJob", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "joBBQ9FD52DAF", + "JobQueueArn" + ] + }, + { + "Ref": "ECSJobFFFEA569" + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "MyUserDefaultPolicy7B897426", + "users": [ + { + "Ref": "MyUserDC45028B" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.User", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "BatchEcsJobDefinitionTest": { + "id": "BatchEcsJobDefinitionTest", + "path": "BatchEcsJobDefinitionTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "BatchEcsJobDefinitionTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "BatchEcsJobDefinitionTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "BatchEcsJobDefinitionTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "BatchEcsJobDefinitionTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "BatchEcsJobDefinitionTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.ts b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.ts new file mode 100644 index 0000000000000..4317263d4331c --- /dev/null +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.grants.ts @@ -0,0 +1,38 @@ +import { Vpc } from 'aws-cdk-lib/aws-ec2'; +import { App, Stack, Size } from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as batch from '../lib'; +import { ManagedEc2EcsComputeEnvironment } from '../lib'; +import * as ecs from 'aws-cdk-lib/aws-ecs'; + +const app = new App(); +const stack = new Stack(app, 'stack'); +const vpc = new Vpc(stack, 'vpc', { restrictDefaultSecurityGroup: false }); + +const queue = new batch.JobQueue(stack, 'joBBQ', { + computeEnvironments: [{ + computeEnvironment: new ManagedEc2EcsComputeEnvironment(stack, 'managedEc2CE', { + vpc, + }), + order: 1, + }], + priority: 10, +}); + +const ecsJob = new batch.EcsJobDefinition(stack, 'ECSJob', { + container: new batch.EcsEc2ContainerDefinition(stack, 'EcsContainer', { + cpu: 256, + memory: Size.mebibytes(2048), + image: ecs.ContainerImage.fromRegistry('foorepo/fooimage'), + }), +}); + +const user = new iam.User(stack, 'MyUser'); +ecsJob.grantSubmitJob(user, queue); + +new integ.IntegTest(app, 'BatchEcsJobDefinitionTest', { + testCases: [stack], +}); + +app.synth(); From afec0c299c1e4d5504e41ab88a702d21b1535eb3 Mon Sep 17 00:00:00 2001 From: Calvin Combs Date: Fri, 11 Aug 2023 15:09:05 -0700 Subject: [PATCH 3/5] readme --- packages/@aws-cdk/aws-batch-alpha/README.md | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/packages/@aws-cdk/aws-batch-alpha/README.md b/packages/@aws-cdk/aws-batch-alpha/README.md index 6e76d196450db..cea3285fba11b 100644 --- a/packages/@aws-cdk/aws-batch-alpha/README.md +++ b/packages/@aws-cdk/aws-batch-alpha/README.md @@ -653,3 +653,31 @@ B => 2 vCPU - WAITING In this situation, Batch will allocate **Job A** to compute resource #1 because it is the most cost efficient resource that matches the vCPU requirement. However, with this `BEST_FIT` strategy, **Job B** will not be allocated to our other available compute resource even though it is strong enough to handle it. Instead, it will wait until the first job is finished processing or wait a similar `m5.xlarge` resource to be provisioned. The alternative would be to use the `BEST_FIT_PROGRESSIVE` strategy in order for the remaining job to be handled in larger containers regardless of vCPU requirement and costs. + +### Permissions + +You can grant any Principal the `batch:submitJob` permission on both a job definition and a job queue like this: + +```ts +import * as cdk from 'aws-cdk-lib'; +new batch.EcsJobDefinition(this, 'JobDefn', { + container: new batch.EcsEc2ContainerDefinition(this, 'containerDefn', { + image: ecs.ContainerImage.fromRegistry('public.ecr.aws/amazonlinux/amazonlinux:latest'), + memory: cdk.Size.mebibytes(2048), + cpu: 256, + }), +}); + +new batch.JobQueue(this, 'JobQueue', { + computeEnvironments: [{ + computeEnvironment: new ManagedEc2EcsComputeEnvironment(this, 'managedEc2CE', { + vpc, + }), + order: 1, + }], + priority: 10, +}); + +const user = new iam.User(this, 'MyUser'); +ecsJob.grantSubmitJob(user, queue); +``` \ No newline at end of file From fb41291df280fca0f47d66ab86ff09a23a0ce34a Mon Sep 17 00:00:00 2001 From: Calvin Combs Date: Fri, 11 Aug 2023 15:45:05 -0700 Subject: [PATCH 4/5] \n --- packages/@aws-cdk/aws-batch-alpha/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-batch-alpha/README.md b/packages/@aws-cdk/aws-batch-alpha/README.md index cea3285fba11b..309d8e6b8be72 100644 --- a/packages/@aws-cdk/aws-batch-alpha/README.md +++ b/packages/@aws-cdk/aws-batch-alpha/README.md @@ -680,4 +680,4 @@ new batch.JobQueue(this, 'JobQueue', { const user = new iam.User(this, 'MyUser'); ecsJob.grantSubmitJob(user, queue); -``` \ No newline at end of file +``` From ce8381833e359b190984e309c97649bc5e64922b Mon Sep 17 00:00:00 2001 From: Calvin Combs Date: Mon, 14 Aug 2023 10:50:14 -0700 Subject: [PATCH 5/5] rosetta --- packages/@aws-cdk/aws-batch-alpha/README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-batch-alpha/README.md b/packages/@aws-cdk/aws-batch-alpha/README.md index 309d8e6b8be72..bcbc51bd9a7a2 100644 --- a/packages/@aws-cdk/aws-batch-alpha/README.md +++ b/packages/@aws-cdk/aws-batch-alpha/README.md @@ -660,7 +660,11 @@ You can grant any Principal the `batch:submitJob` permission on both a job defin ```ts import * as cdk from 'aws-cdk-lib'; -new batch.EcsJobDefinition(this, 'JobDefn', { +import * as iam from 'aws-cdk-lib/aws-iam'; + +declare const vpc: ec2.IVpc; + +const ecsJob = new batch.EcsJobDefinition(this, 'JobDefn', { container: new batch.EcsEc2ContainerDefinition(this, 'containerDefn', { image: ecs.ContainerImage.fromRegistry('public.ecr.aws/amazonlinux/amazonlinux:latest'), memory: cdk.Size.mebibytes(2048), @@ -668,9 +672,9 @@ new batch.EcsJobDefinition(this, 'JobDefn', { }), }); -new batch.JobQueue(this, 'JobQueue', { +const queue = new batch.JobQueue(this, 'JobQueue', { computeEnvironments: [{ - computeEnvironment: new ManagedEc2EcsComputeEnvironment(this, 'managedEc2CE', { + computeEnvironment: new batch.ManagedEc2EcsComputeEnvironment(this, 'managedEc2CE', { vpc, }), order: 1,