Skip to content

Commit a409d63

Browse files
mergify[bot]mergify[bot]
authored
chore(release): 2.26.0 (#20525)
See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.26.0/CHANGELOG.md)
2 parents ae1cb4b + d86a4e4 commit a409d63

File tree

293 files changed

+7542
-4001
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

293 files changed

+7542
-4001
lines changed

CHANGELOG.md

+33
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,39 @@
22

33
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
44

5+
## [1.157.0](https://github.com/aws/aws-cdk/compare/v1.156.1...v1.157.0) (2022-05-20)
6+
7+
8+
### Features
9+
10+
* **cfnspec:** cloudformation spec v69.0.0 ([#20240](https://github.com/aws/aws-cdk/issues/20240)) ([e82b63f](https://github.com/aws/aws-cdk/commit/e82b63fc8880ecbd5e29d02e3e623cda3bbce1d6)) and ([#20331](https://github.com/aws/aws-cdk/issues/20331)) ([e9de4e9](https://github.com/aws/aws-cdk/commit/e9de4e9ab6bc44ff691238d91a8945c880a4d97c))
11+
* **cfnspec:** cloudformation spec v72.0.0 ([#20357](https://github.com/aws/aws-cdk/issues/20357)) ([c8fd84c](https://github.com/aws/aws-cdk/commit/c8fd84c12c726e216c10380f9fe7e5d55a892cdf))
12+
* **cli:** make ecr images immutable when created from cdk bootstrap ([#19937](https://github.com/aws/aws-cdk/issues/19937)) ([0ef4bb4](https://github.com/aws/aws-cdk/commit/0ef4bb4bf493a7e3b72b518841f676e91d014ba9)), closes [#18376](https://github.com/aws/aws-cdk/issues/18376)
13+
* **cloud9:** configure Connection Type of Ec2Environment ([#20250](https://github.com/aws/aws-cdk/issues/20250)) ([01708bc](https://github.com/aws/aws-cdk/commit/01708bc7cf842eab7e1d1fc58bf42e4724624c0a)), closes [#17027](https://github.com/aws/aws-cdk/issues/17027)
14+
* **cloudfront:** REST API origin ([#20335](https://github.com/aws/aws-cdk/issues/20335)) ([f7693e3](https://github.com/aws/aws-cdk/commit/f7693e3f981f60886c94fb61876a1e5e0f2c1a02))
15+
* **cognito:** `grant()` for user pool ([#20285](https://github.com/aws/aws-cdk/issues/20285)) ([10d13e4](https://github.com/aws/aws-cdk/commit/10d13e4bc1841721650f9ca9b6b16e18c219ea21))
16+
* **core:** allow disabling of LogicalID Metadata in case of large manifest ([#20433](https://github.com/aws/aws-cdk/pull/20433)) ([88ea829](https://github.com/aws/aws-cdk/commit/88ea829b5d0a64f51848474b6b9f006d1f729fb4)), closes [#20211](https://github.com/aws/aws-cdk/issues/20211)
17+
* **ec2:** more router types ([#20151](https://github.com/aws/aws-cdk/issues/20151)) ([33b983c](https://github.com/aws/aws-cdk/commit/33b983ca76c91f182e60dcab8c6ead6be4d4712d)), closes [#19057](https://github.com/aws/aws-cdk/issues/19057) [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html#aws-resource-ec2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html/issues/aws-resource-ec2)
18+
* **iam:** validate role path at build time ([#16165](https://github.com/aws/aws-cdk/issues/16165)) ([65a5a46](https://github.com/aws/aws-cdk/commit/65a5a46837c42b2538837a699267ec9cc46ddc51)), closes [#13747](https://github.com/aws/aws-cdk/issues/13747)
19+
* **integ-tests:** enhancements to integ-tests ([#20180](https://github.com/aws/aws-cdk/issues/20180)) ([3ff3fb7](https://github.com/aws/aws-cdk/commit/3ff3fb7c5ec9636022b3046036376c09a3166fb0))
20+
* **logs:** additional log retention periods ([#20347](https://github.com/aws/aws-cdk/issues/20347)) ([734faa5](https://github.com/aws/aws-cdk/commit/734faa5ae7489a511d5a00f255d7afd408db880c)), closes [#20346](https://github.com/aws/aws-cdk/issues/20346)
21+
* **s3:** add `noncurrentVersionsToRetain` property to lifecycle rule ([#20348](https://github.com/aws/aws-cdk/issues/20348)) ([85604d9](https://github.com/aws/aws-cdk/commit/85604d929978aa1c645dba8959d682892278f862)), closes [#19784](https://github.com/aws/aws-cdk/issues/19784)
22+
23+
24+
### Bug Fixes
25+
26+
* **amplify:** custom headers break with tokens ([#20395](https://github.com/aws/aws-cdk/issues/20395)) ([765f441](https://github.com/aws/aws-cdk/commit/765f44177298b645c88a29587b52619e91a8757c))
27+
* **apigateway:** arnForExecuteApi fails on tokenized path ([#20323](https://github.com/aws/aws-cdk/issues/20323)) ([f7732a1](https://github.com/aws/aws-cdk/commit/f7732a1b06927d84e79ea1c9fb671ad184a9efea)), closes [#20252](https://github.com/aws/aws-cdk/issues/20252)
28+
* **assets:** parallel docker image publishing fails on macOS ([#20117](https://github.com/aws/aws-cdk/issues/20117)) ([a58a803](https://github.com/aws/aws-cdk/commit/a58a8037b79636e9f973beff2483baecad73f15d)), closes [#20116](https://github.com/aws/aws-cdk/issues/20116)
29+
* **cfn-include:** allow CFN Functions in Tags ([#19923](https://github.com/aws/aws-cdk/issues/19923)) ([4df9a4f](https://github.com/aws/aws-cdk/commit/4df9a4fa9ef24266b2bcde378ecc112c7dcaf8aa)), closes [#16889](https://github.com/aws/aws-cdk/issues/16889)
30+
* **cli:** allow SSO profiles to be used as source profiles ([#20340](https://github.com/aws/aws-cdk/issues/20340)) ([a0b29e9](https://github.com/aws/aws-cdk/commit/a0b29e9f29775bfd94307a8975f5ba3a8faf05fa)), closes [#19897](https://github.com/aws/aws-cdk/issues/19897)
31+
* **cloudwatch-actions:** stack partition is hardcoded 'aws' in action arn ([#20224](https://github.com/aws/aws-cdk/issues/20224)) ([0eb6c3b](https://github.com/aws/aws-cdk/commit/0eb6c3bb5853194f8727fc2cd3b1c9acb6eea20f)), closes [#19765](https://github.com/aws/aws-cdk/issues/19765)
32+
* **eks:** Cluster.FromClusterAttributes ignores KubectlLambdaRole ([#20373](https://github.com/aws/aws-cdk/issues/20373)) ([7e824ab](https://github.com/aws/aws-cdk/commit/7e824ab40772dc888aec7986e343b12ec1032657)), closes [#20008](https://github.com/aws/aws-cdk/issues/20008)
33+
* **iam:** AccountPrincipal accepts values which aren't account IDs ([#20292](https://github.com/aws/aws-cdk/issues/20292)) ([d0163f8](https://github.com/aws/aws-cdk/commit/d0163f8a3d14e38f67b381c569b5bd3af92c4f51)), closes [#20288](https://github.com/aws/aws-cdk/issues/20288)
34+
* **pipelines:** specifying the Action Role for CodeBuild steps ([#18293](https://github.com/aws/aws-cdk/issues/18293)) ([719edfc](https://github.com/aws/aws-cdk/commit/719edfcb949828a423be2367b5c85b0e9a9c1c12)), closes [#18291](https://github.com/aws/aws-cdk/issues/18291) [#18291](https://github.com/aws/aws-cdk/issues/18291)
35+
* **rds:** tokens should not be lowercased ([#20287](https://github.com/aws/aws-cdk/issues/20287)) ([5429e55](https://github.com/aws/aws-cdk/commit/5429e55126db7556dd2eb2d5e30a50976b5f6ee4)), closes [#18802](https://github.com/aws/aws-cdk/issues/18802)
36+
* **secretsmanager:** automatic rotation cannot be disabled ([#18906](https://github.com/aws/aws-cdk/issues/18906)) ([c50d60c](https://github.com/aws/aws-cdk/commit/c50d60ca9417c771ca31cb330521e0e9f988e3fd)), closes [#18749](https://github.com/aws/aws-cdk/issues/18749)
37+
538
## [1.156.1](https://github.com/aws/aws-cdk/compare/v1.156.0...v1.156.1) (2022-05-12)
639

740
## [1.156.0](https://github.com/aws/aws-cdk/compare/v1.155.0...v1.156.0) (2022-05-11)

CHANGELOG.v2.alpha.md

+13
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,19 @@
22

33
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
44

5+
## [2.26.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.25.0-alpha.0...v2.26.0-alpha.0) (2022-05-27)
6+
7+
8+
### Features
9+
10+
* **apprunner:** VpcConnector construct ([#20471](https://github.com/aws/aws-cdk/issues/20471)) ([5052191](https://github.com/aws/aws-cdk/commit/50521911f22f433323d700db77530e883762138a))
11+
12+
13+
### Bug Fixes
14+
15+
* **integ-runner:** always resynth on deploy ([#20508](https://github.com/aws/aws-cdk/issues/20508)) ([7138057](https://github.com/aws/aws-cdk/commit/71380571b878a50fe4b754c7dac78da075a98242))
16+
* **integ-tests:** DeployAssert should be private ([#20466](https://github.com/aws/aws-cdk/issues/20466)) ([0f52813](https://github.com/aws/aws-cdk/commit/0f52813bcf6a48c352f697004a899461dd06935d))
17+
518
## [2.25.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.24.1-alpha.0...v2.25.0-alpha.0) (2022-05-20)
619

720

CHANGELOG.v2.md

+19
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,25 @@
22

33
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
44

5+
## [2.26.0](https://github.com/aws/aws-cdk/compare/v2.25.0...v2.26.0) (2022-05-27)
6+
7+
8+
### Features
9+
10+
* **aws-ecr-assets:** support the --platform option when building docker images ([#20439](https://github.com/aws/aws-cdk/issues/20439)) ([adc0368](https://github.com/aws/aws-cdk/commit/adc0368dc1f137aeaa4bd92de77028269e3a48f4)), closes [#12472](https://github.com/aws/aws-cdk/issues/12472) [#16770](https://github.com/aws/aws-cdk/issues/16770) [#16858](https://github.com/aws/aws-cdk/issues/16858)
11+
* **lambda:** validate function description length ([#20476](https://github.com/aws/aws-cdk/issues/20476)) ([de027e2](https://github.com/aws/aws-cdk/commit/de027e28ce5c95e70fed8874e6531eabba24521c)), closes [#20475](https://github.com/aws/aws-cdk/issues/20475)
12+
* **s3:** adds objectSizeGreaterThan property for s3 lifecycle rule ([#20425](https://github.com/aws/aws-cdk/issues/20425)) ([23690e4](https://github.com/aws/aws-cdk/commit/23690e40b1604839f99da8b8f96168dda8679c47)), closes [#20372](https://github.com/aws/aws-cdk/issues/20372)
13+
* **servicecatalog:** ProductStackHistory can retain old ProductStack iterations ([#20244](https://github.com/aws/aws-cdk/issues/20244)) ([1037b8c](https://github.com/aws/aws-cdk/commit/1037b8c7f58ccd162491b49d75954c38d685d67f))
14+
15+
16+
### Bug Fixes
17+
18+
* **core:** NestedStack defaultChild is undefined ([#20450](https://github.com/aws/aws-cdk/issues/20450)) ([0a49927](https://github.com/aws/aws-cdk/commit/0a49927e9e5bc250f339f664fa843fae2fab92ec)), closes [#11221](https://github.com/aws/aws-cdk/issues/11221)
19+
* **iam:** Role policies cannot grow beyond 10k ([#20400](https://github.com/aws/aws-cdk/issues/20400)) ([75bfce7](https://github.com/aws/aws-cdk/commit/75bfce70dbc57fe688c96b3c5cbb67fc4e6fcc56)), closes [#19276](https://github.com/aws/aws-cdk/issues/19276) [#19939](https://github.com/aws/aws-cdk/issues/19939) [#19835](https://github.com/aws/aws-cdk/issues/19835)
20+
* **lambda:** Fix typo in public subnet warning ([#20470](https://github.com/aws/aws-cdk/issues/20470)) ([85f4e29](https://github.com/aws/aws-cdk/commit/85f4e29e0551d71dd5f2f588584785cbc1ae7b72))
21+
* **pipelines:** too many CodeBuild steps inflate policy size ([#20396](https://github.com/aws/aws-cdk/issues/20396)) ([f334060](https://github.com/aws/aws-cdk/commit/f334060fca02e928bc4f5fdcfd45244060731d78)), closes [#20189](https://github.com/aws/aws-cdk/issues/20189) [#19276](https://github.com/aws/aws-cdk/issues/19276) [#19939](https://github.com/aws/aws-cdk/issues/19939) [#19835](https://github.com/aws/aws-cdk/issues/19835)
22+
* **s3-deployment:** default role does not get `PutAcl` permissions on… ([#20492](https://github.com/aws/aws-cdk/issues/20492)) ([3e6ec5c](https://github.com/aws/aws-cdk/commit/3e6ec5c48cff41cec2b32566990046fd704f4ec1))
23+
524
## [2.25.0](https://github.com/aws/aws-cdk/compare/v2.24.1...v2.25.0) (2022-05-20)
625

726

README.md

-1
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,6 @@ The CDK is available in the following languages:
2525
* Java ([Java ≥ 8](https://www.oracle.com/technetwork/java/javase/downloads/index.html) and [Maven ≥ 3.5.4](https://maven.apache.org/download.cgi))
2626
* .NET ([.NET Core ≥ 3.1](https://dotnet.microsoft.com/download))
2727
* Go ([Go ≥ 1.16.4](https://golang.org/))
28-
- Go is currently in developer preview and is not recommended for production use.
2928

3029
\
3130
Jump To:

packages/@aws-cdk/aws-apprunner/README.md

+26
Original file line numberDiff line numberDiff line change
@@ -134,3 +134,29 @@ ECR image repositories (but not for ECR Public repositories). If not defined, a
134134
when required.
135135

136136
See [App Runner IAM Roles](https://docs.aws.amazon.com/apprunner/latest/dg/security_iam_service-with-iam.html#security_iam_service-with-iam-roles) for more details.
137+
138+
## VPC Connector
139+
140+
To associate an App Runner service with a custom VPC, define `vpcConnector` for the service.
141+
142+
```ts
143+
import * as ec2 from '@aws-cdk/aws-ec2';
144+
145+
const vpc = new ec2.Vpc(this, 'Vpc', {
146+
cidr: '10.0.0.0/16',
147+
});
148+
149+
const vpcConnector = new apprunner.VpcConnector(this, 'VpcConnector', {
150+
vpc,
151+
vpcSubnets: vpc.selectSubnets({ subnetType: ec2.SubnetType.PUBLIC }),
152+
vpcConnectorName: 'MyVpcConnector',
153+
});
154+
155+
new apprunner.Service(this, 'Service', {
156+
source: apprunner.Source.fromEcrPublic({
157+
imageConfiguration: { port: 8000 },
158+
imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
159+
}),
160+
vpcConnector,
161+
});
162+
```

packages/@aws-cdk/aws-apprunner/lib/index.ts

+1
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
11
// AWS::AppRunner CloudFormation Resources:
22
export * from './apprunner.generated';
33
export * from './service';
4+
export * from './vpc-connector';

packages/@aws-cdk/aws-apprunner/lib/service.ts

+14
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import * as iam from '@aws-cdk/aws-iam';
44
import * as cdk from '@aws-cdk/core';
55
import { Construct } from 'constructs';
66
import { CfnService } from './apprunner.generated';
7+
import { IVpcConnector } from './vpc-connector';
78

89
/**
910
* The image repository types
@@ -524,6 +525,13 @@ export interface ServiceProps {
524525
* @default - auto-generated if undefined.
525526
*/
526527
readonly serviceName?: string;
528+
529+
/**
530+
* Settings for an App Runner VPC connector to associate with the service.
531+
*
532+
* @default - no VPC connector, uses the DEFAULT egress type instead
533+
*/
534+
readonly vpcConnector?: IVpcConnector;
527535
}
528536

529537
/**
@@ -792,6 +800,12 @@ export class Service extends cdk.Resource {
792800
imageRepository: source.imageRepository ? this.renderImageRepository() : undefined,
793801
codeRepository: source.codeRepository ? this.renderCodeConfiguration() : undefined,
794802
},
803+
networkConfiguration: {
804+
egressConfiguration: {
805+
egressType: this.props.vpcConnector ? 'VPC' : 'DEFAULT',
806+
vpcConnectorArn: this.props.vpcConnector?.vpcConnectorArn,
807+
},
808+
},
795809
});
796810

797811
// grant required privileges for the role

packages/@aws-cdk/aws-apprunner/lib/vpc-connector.ts

+154
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,154 @@
1+
import * as ec2 from '@aws-cdk/aws-ec2';
2+
import { Connections } from '@aws-cdk/aws-ec2';
3+
import * as cdk from '@aws-cdk/core';
4+
import { Construct } from 'constructs';
5+
import { CfnVpcConnector } from './apprunner.generated';
6+
7+
/**
8+
* Properties of the AppRunner VPC Connector
9+
*/
10+
export interface VpcConnectorProps {
11+
/**
12+
* The VPC for the VPC Connector.
13+
*/
14+
readonly vpc: ec2.IVpc;
15+
16+
/**
17+
* Where to place the VPC Connector within the VPC.
18+
*
19+
* @default - Private subnets.
20+
*/
21+
readonly vpcSubnets?: ec2.SubnetSelection;
22+
23+
/**
24+
* A list of IDs of security groups that App Runner should use for access to AWS resources under the specified subnets.
25+
*
26+
* @default - a new security group will be created in the specified VPC
27+
*/
28+
readonly securityGroups?: ec2.ISecurityGroup[];
29+
30+
/**
31+
* The name for the VpcConnector.
32+
*
33+
* @default - a name generated by CloudFormation
34+
*/
35+
readonly vpcConnectorName?: string;
36+
}
37+
38+
/**
39+
* Attributes for the App Runner VPC Connector
40+
*/
41+
export interface VpcConnectorAttributes {
42+
/**
43+
* The name of the VPC connector.
44+
*/
45+
readonly vpcConnectorName: string;
46+
47+
/**
48+
* The ARN of the VPC connector.
49+
*/
50+
readonly vpcConnectorArn: string;
51+
52+
/**
53+
* The revision of the VPC connector.
54+
*/
55+
readonly vpcConnectorRevision: number;
56+
57+
/**
58+
* The security groups associated with the VPC connector.
59+
*/
60+
readonly securityGroups: ec2.ISecurityGroup[];
61+
}
62+
63+
/**
64+
* Represents the App Runner VPC Connector.
65+
*/
66+
export interface IVpcConnector extends cdk.IResource, ec2.IConnectable {
67+
/**
68+
* The Name of the VPC connector.
69+
* @attribute
70+
*/
71+
readonly vpcConnectorName: string;
72+
73+
/**
74+
* The ARN of the VPC connector.
75+
* @attribute
76+
*/
77+
readonly vpcConnectorArn: string;
78+
79+
/**
80+
* The revision of the VPC connector.
81+
* @attribute
82+
*/
83+
readonly vpcConnectorRevision: number;
84+
}
85+
86+
/**
87+
* The App Runner VPC Connector
88+
*
89+
* @resource AWS::AppRunner::VpcConnector
90+
*/
91+
export class VpcConnector extends cdk.Resource implements IVpcConnector {
92+
/**
93+
* Import from VPC connector attributes.
94+
*/
95+
public static fromVpcConnectorAttributes(scope: Construct, id: string, attrs: VpcConnectorAttributes): IVpcConnector {
96+
const vpcConnectorArn = attrs.vpcConnectorArn;
97+
const vpcConnectorName = attrs.vpcConnectorName;
98+
const vpcConnectorRevision = attrs.vpcConnectorRevision;
99+
const securityGroups = attrs.securityGroups;
100+
101+
class Import extends cdk.Resource {
102+
public readonly vpcConnectorArn = vpcConnectorArn
103+
public readonly vpcConnectorName = vpcConnectorName
104+
public readonly vpcConnectorRevision = vpcConnectorRevision
105+
public readonly connections = new Connections({ securityGroups });
106+
}
107+
108+
return new Import(scope, id);
109+
}
110+
111+
/**
112+
* The ARN of the VPC connector.
113+
* @attribute
114+
*/
115+
readonly vpcConnectorArn: string;
116+
117+
/**
118+
* The revision of the VPC connector.
119+
* @attribute
120+
*/
121+
readonly vpcConnectorRevision: number;
122+
123+
/**
124+
* The name of the VPC connector.
125+
* @attribute
126+
*/
127+
readonly vpcConnectorName: string;
128+
129+
/**
130+
* Allows specifying security group connections for the VPC connector.
131+
*/
132+
public readonly connections: Connections
133+
134+
public constructor(scope: Construct, id: string, props: VpcConnectorProps) {
135+
super(scope, id, {
136+
physicalName: props.vpcConnectorName,
137+
});
138+
139+
const securityGroups = props.securityGroups?.length ?
140+
props.securityGroups
141+
: [new ec2.SecurityGroup(this, 'SecurityGroup', { vpc: props.vpc })];
142+
143+
const resource = new CfnVpcConnector(this, 'Resource', {
144+
subnets: props.vpc.selectSubnets(props.vpcSubnets).subnetIds,
145+
securityGroups: cdk.Lazy.list({ produce: () => this.connections.securityGroups.map(sg => sg.securityGroupId) }),
146+
vpcConnectorName: this.physicalName,
147+
});
148+
149+
this.vpcConnectorArn = resource.attrVpcConnectorArn;
150+
this.vpcConnectorRevision = resource.attrVpcConnectorRevision;
151+
this.vpcConnectorName = resource.ref;
152+
this.connections = new Connections({ securityGroups });
153+
}
154+
}

packages/@aws-cdk/aws-apprunner/package.json

+3
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@
8383
},
8484
"license": "Apache-2.0",
8585
"devDependencies": {
86+
"@aws-cdk/aws-ec2": "0.0.0",
8687
"@aws-cdk/assertions": "0.0.0",
8788
"@aws-cdk/cdk-build-tools": "0.0.0",
8889
"@aws-cdk/integ-runner": "0.0.0",
@@ -91,13 +92,15 @@
9192
"@types/jest": "^27.5.0"
9293
},
9394
"dependencies": {
95+
"@aws-cdk/aws-ec2": "0.0.0",
9496
"@aws-cdk/aws-ecr": "0.0.0",
9597
"@aws-cdk/aws-ecr-assets": "0.0.0",
9698
"@aws-cdk/aws-iam": "0.0.0",
9799
"@aws-cdk/core": "0.0.0",
98100
"constructs": "^10.0.0"
99101
},
100102
"peerDependencies": {
103+
"@aws-cdk/aws-ec2": "0.0.0",
101104
"@aws-cdk/aws-ecr": "0.0.0",
102105
"@aws-cdk/aws-ecr-assets": "0.0.0",
103106
"@aws-cdk/aws-iam": "0.0.0",

packages/@aws-cdk/aws-apprunner/test/integ.service-vpc-connector.ts

+51
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
import * as ec2 from '@aws-cdk/aws-ec2';
2+
import * as cdk from '@aws-cdk/core';
3+
import { Service, Source, VpcConnector } from '../lib';
4+
5+
6+
const app = new cdk.App();
7+
8+
const stack = new cdk.Stack(app, 'integ-apprunner');
9+
10+
// Scenario 6: Create the service from ECR public with a VPC Connector
11+
const vpc = new ec2.Vpc(stack, 'Vpc', {
12+
cidr: '10.0.0.0/16',
13+
});
14+
15+
const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc });
16+
17+
const vpcConnector = new VpcConnector(stack, 'VpcConnector', {
18+
vpc,
19+
vpcSubnets: vpc.selectSubnets({ subnetType: ec2.SubnetType.PUBLIC }),
20+
securityGroups: [securityGroup],
21+
vpcConnectorName: 'MyVpcConnector',
22+
});
23+
24+
const service6 = new Service(stack, 'Service6', {
25+
source: Source.fromEcrPublic({
26+
imageConfiguration: {
27+
port: 8000,
28+
},
29+
imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
30+
}),
31+
vpcConnector,
32+
});
33+
new cdk.CfnOutput(stack, 'URL6', { value: `https://${service6.serviceUrl}` });
34+
35+
// Scenario 7: Create the service from ECR public and associate it with an existing VPC Connector
36+
37+
const service7 = new Service(stack, 'Service7', {
38+
source: Source.fromEcrPublic({
39+
imageConfiguration: {
40+
port: 8000,
41+
},
42+
imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
43+
}),
44+
vpcConnector: VpcConnector.fromVpcConnectorAttributes(stack, 'ImportedVpcConnector', {
45+
vpcConnectorArn: vpcConnector.vpcConnectorArn,
46+
vpcConnectorName: vpcConnector.vpcConnectorName,
47+
vpcConnectorRevision: vpcConnector.vpcConnectorRevision,
48+
securityGroups: [securityGroup],
49+
}),
50+
});
51+
new cdk.CfnOutput(stack, 'URL7', { value: `https://${service7.serviceUrl}` });

0 commit comments

Comments
 (0)