Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(ecs): add security groups from the ASG's connections into the ECS Cluster's connection when using addAsgCapacityProvider #26176

Closed
wants to merge 67 commits into from
Closed

chore(ecs): add security groups from the ASG's connections into the ECS Cluster's connection when using addAsgCapacityProvider #26176

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
ee612a4
Modified packages
homakk Feb 17, 2023
a289cdb
Merge branch 'main' of github.com:homakk/aws-cdk
homakk Feb 23, 2023
ad69473
chore: Configureautoscaling calling autoscaling connections securityg…
homakk Feb 24, 2023
0e87811
Merge branch 'main' of https://github.com/homakk/aws-cdk
homakk Feb 24, 2023
aefd1dc
chore: Configureautoscaling calling autoscaling connections securityg…
homakk Feb 24, 2023
2847d5b
Merge branch 'autoscalingconnections' of https://github.com/homakk/aw…
homakk Feb 24, 2023
f91c86d
revert changes of Feature_flags.md file
homakk Feb 24, 2023
e40cc63
added feature flag and modifed code
homakk Mar 1, 2023
3f18efc
feature flag file
homakk Mar 1, 2023
47de80f
updated feature flag name and version
homakk Mar 7, 2023
6697911
updated feature flag and reverted integ changes
homakk Mar 7, 2023
a910605
Merge branch 'main' into autoscalingconnections
Naumel Mar 8, 2023
b9bae59
updated integ file with snapshots
homakk Mar 8, 2023
2be1d05
Merge branch 'autoscalingconnections' of https://github.com/homakk/aw…
homakk Mar 8, 2023
42074bb
chore(cli-integ): add per-test timeouts (#24504)
rix0rrr Mar 8, 2023
6529e77
chore: remove parentheses in 'sam local start-api' filter (#24508)
RomainMuller Mar 8, 2023
039f9c3
chore: print message if tests run concurrently
RomainMuller Mar 8, 2023
4321ff4
Merge branch 'main' into autoscalingconnections
mergify[bot] Mar 9, 2023
1424564
updated test case making new feature flag to be true
homakk Mar 9, 2023
a4f3e72
merge main into autoscaling
homakk Mar 9, 2023
0366bd4
updates changes
homakk Mar 9, 2023
868b85e
making default to false for feature flag
homakk Mar 9, 2023
19ceea4
removing default and trying for build pass
homakk Mar 9, 2023
ab87b71
upddating testcase
homakk Mar 13, 2023
473c167
setting default to false
homakk Mar 14, 2023
d5132eb
chore: fix ec2 service intex test
bvtujo Mar 16, 2023
357d7ab
test: fix outdated/failing commandAndEntrypoint test
bvtujo Mar 17, 2023
fcf3147
chore: fix typo in integ test
bvtujo Mar 17, 2023
90d1ac0
fix: Correct SamlConsolePrincipal for non-China (#24277)
Naumel Feb 22, 2023
5734dc2
Merge remote-tracking branch 'upstream/main'
homakk Mar 28, 2023
d0af953
Merge remote-tracking branch 'upstream/main'
homakk Mar 30, 2023
8c0a1c5
Merge remote-tracking branch 'upstream/main'
homakk Mar 31, 2023
9e9ccf1
Merge branch 'main' into autoscalingconnections
homakk Apr 3, 2023
21a3b7d
Merge remote-tracking branch 'upstream/main'
homakk Apr 3, 2023
b0bdeb9
Merge remote-tracking branch 'upstream/main'
homakk Apr 4, 2023
edfa290
Merge remote-tracking branch 'upstream/main'
homakk Apr 5, 2023
aa30999
Merged frommain
homakk Apr 5, 2023
add0fe7
to resolve merge conflicts
homakk Apr 5, 2023
5bb06b0
Merge branch 'main' into autoscalingconnections
homakk Apr 5, 2023
6d24118
Merge remote-tracking branch 'upstream/main'
homakk Apr 6, 2023
6026ebf
Merge branch 'main' into autoscalingconnections
homakk Apr 6, 2023
113a350
Merge remote-tracking branch 'upstream/main'
homakk Apr 7, 2023
22cfcbd
Merge branch 'main' into autoscalingconnections
homakk Apr 7, 2023
889dc8c
Merge branch 'main' into autoscalingconnections
homakk Apr 7, 2023
d3d93ad
resolving merge conflicts
homakk Apr 7, 2023
feaaadd
resolve merge conflicts
homakk Apr 7, 2023
92cda6b
Merge remote-tracking branch 'upstream/main'
homakk Apr 10, 2023
cc35804
Merge remote-tracking branch 'upstream/main'
homakk Apr 11, 2023
62a4c52
Merge remote-tracking branch 'upstream/main'
homakk Apr 13, 2023
a28dbdc
Merged from main
homakk Apr 21, 2023
aaddb20
removing unwanted files
homakk Apr 21, 2023
abfff92
Merge remote-tracking branch 'upstream/main'
homakk Apr 21, 2023
5299187
Merged from main
homakk Apr 21, 2023
ae79931
deleted unwanted files as per release
homakk Apr 21, 2023
a3ec061
updated changes
homakk Apr 21, 2023
65b80ad
merge changes into mainline
May 23, 2023
7fadd66
change dependencies
May 24, 2023
20c671b
Merge branch 'main' of https://github.com/KollaAdithya/aws-cdk into a…
May 24, 2023
bc602f7
remove extra line
May 26, 2023
5773281
remove feature flags
May 26, 2023
ebf5c17
Merge branch 'aws:main' into autoscaling/connections
KollaAdithya May 27, 2023
b147caa
Merge branch 'main' into autoscaling/connections
corymhall Jun 5, 2023
b3d4013
Merge branch 'aws:main' into autoscaling/connections
KollaAdithya Jun 13, 2023
0ac1a1a
Merge branch 'main' into autoscaling/connections
mergify[bot] Jun 15, 2023
2c94d12
Merge branch 'aws:main' into autoscaling/connections
KollaAdithya Jun 15, 2023
7bdfbec
Merge branch 'main' into autoscaling/connections
KollaAdithya Jun 15, 2023
15c9ad2
Merge branch 'aws:main' into autoscaling/connections
KollaAdithya Jun 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
updates changes
  • Loading branch information
@homakk
homakk committed Mar 9, 2023
commit 0366bd4a07b8a84b4bff248efa9477bf710bc466
48 changes: 24 additions & 24 deletions packages/@aws-cdk/cx-api/FEATURE_FLAGS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@ Flags come in three types:
| [@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId](#aws-cdkaws-apigatewayauthorizerchangedeploymentlogicalid) | Include authorizer configuration in the calculation of the API deployment logical ID. | 2.66.0 | (fix) |
| [@aws-cdk/aws-ec2:launchTemplateDefaultUserData](#aws-cdkaws-ec2launchtemplatedefaultuserdata) | Define user data for a launch template by default when a machine image is provided. | 2.67.0 | (fix) |
| [@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments](#aws-cdkaws-secretsmanageruseattachedsecretresourcepolicyforsecrettargetattachments) | SecretTargetAttachments uses the ResourcePolicy of the attached Secret. | 2.67.0 | (fix) |
| [@aws-cdk/aws-ecs:addSecurityGroupToAsgCapacityProviders](#aws-cdkaws-ecsaddsecuritygrouptoasgcapacityproviders) | Add security group through "configureAutoScalingGroup" | V2NEXT | (default) |
| [@aws-cdk/aws-redshift:columnId](#aws-cdkaws-redshiftcolumnid) | Whether to use an ID to track Redshift column changes | V2NEXT | (fix) |
| [@aws-cdk/aws-redshift:columnId](#aws-cdkaws-redshiftcolumnid) | Whether to use an ID to track Redshift column changes | 2.68.0 | (fix) |
| [@aws-cdk/aws-ecs-patterns:addSecurityGroupToAsgCapacityProviders](#aws-cdkaws-ecs-patternsaddsecuritygrouptoasgcapacityproviders) | Add security group through "configureAutoScalingGroup" | V2NEXT | (default) |

<!-- END table -->

Expand Down Expand Up @@ -132,7 +132,7 @@ are migrating a v1 CDK project to v2, explicitly set any of these flags which do
| [@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId](#aws-cdkaws-apigatewayusageplankeyorderinsensitiveid) | Allow adding/removing multiple UsagePlanKeys independently | (fix) | 1.98.0 | `false` | `true` |
| [@aws-cdk/aws-lambda:recognizeVersionProps](#aws-cdkaws-lambdarecognizeversionprops) | Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`. | (fix) | 1.106.0 | `false` | `true` |
| [@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2\_2021](#aws-cdkaws-cloudfrontdefaultsecuritypolicytlsv12_2021) | Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default. | (fix) | 1.117.0 | `false` | `true` |
| [@aws-cdk/aws-ecs:addSecurityGroupToAsgCapacityProviders](#aws-cdkaws-ecsaddsecuritygrouptoasgcapacityproviders) | Add security group through "configureAutoScalingGroup" | (default) | | `false` | `true` |
| [@aws-cdk/aws-ecs-patterns:addSecurityGroupToAsgCapacityProviders](#aws-cdkaws-ecs-patternsaddsecuritygrouptoasgcapacityproviders) | Add security group through "configureAutoScalingGroup" | (default) | | `false` | `true` |

<!-- END diff -->

Expand All @@ -148,7 +148,7 @@ Here is an example of a `cdk.json` file that restores v1 behavior for these flag
"@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": false,
"@aws-cdk/aws-lambda:recognizeVersionProps": false,
"@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": false,
"@aws-cdk/aws-ecs:addSecurityGroupToAsgCapacityProviders": false
"@aws-cdk/aws-ecs-patterns:addSecurityGroupToAsgCapacityProviders": false
}
}
```
Expand Down Expand Up @@ -880,26 +880,6 @@ Then you can re-add the permissions and deploy again.
| 2.67.0 | `false` | `true` |


### @aws-cdk/aws-ecs:addSecurityGroupToAsgCapacityProviders

*Add security group through "configureAutoScalingGroup"* (default)

ConfigureAutoScalingGroup currently does not connect the ASG security group to the cluster's security group.
The result of this is that on new deployments, EC2 instances which have been autoscaled can have their security groups
reconfigured and lose connectivity to the ECS cluster. This feature flag enables the correct behavior.

If this flag is not set, cluster.addAsgCapacityProvider() does not correctly configure the autoscaling group's
Security Groups to work with the ECS cluster. If the flag is set, the ASG is correctly configured.


| Since | Default | Recommended |
| ----- | ----- | ----- |
| (not in v1) | | |
| V2NEXT | `true` | `true` |

**Compatibility with old behavior:** You can use `configureAutoScalingGroup()`, to add secuirty group.


### @aws-cdk/aws-redshift:columnId

*Whether to use an ID to track Redshift column changes* (fix)
Expand All @@ -923,4 +903,24 @@ of the `id`s, the `name`s of the columns can be changed without data loss.
| 2.68.0 | `false` | `true` |


### @aws-cdk/aws-ecs-patterns:addSecurityGroupToAsgCapacityProviders

*Add security group through "configureAutoScalingGroup"* (default)

ConfigureAutoScalingGroup currently does not connect the ASG security group to the cluster's security group.
The result of this is that on new deployments, EC2 instances which have been autoscaled can have their security groups
reconfigured and lose connectivity to the ECS cluster. This feature flag enables the correct behavior.

If this flag is not set, cluster.addAsgCapacityProvider() does not correctly configure the autoscaling group's
Security Groups to work with the ECS cluster. If the flag is set, the ASG is correctly configured.


| Since | Default | Recommended |
| ----- | ----- | ----- |
| (not in v1) | | |
| V2NEXT | `true` | `true` |

**Compatibility with old behavior:** You can use `configureAutoScalingGroup()`, to add secuirty group.


<!-- END details -->
2 changes: 1 addition & 1 deletion packages/@aws-cdk/cx-api/lib/features.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ export const SECRETS_MANAGER_PARSE_OWNED_SECRET_NAME = '@aws-cdk/aws-secretsmana
export const KMS_DEFAULT_KEY_POLICIES = '@aws-cdk/aws-kms:defaultKeyPolicies';
export const S3_GRANT_WRITE_WITHOUT_ACL = '@aws-cdk/aws-s3:grantWriteWithoutAcl';
export const ECS_REMOVE_DEFAULT_DESIRED_COUNT = '@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount';
export const ECS_ADD_SECURITY_GROUP_TO_ASG_CAPACITY_PROVIDERS = '@aws-cdk/aws-ecs:addSecurityGroupToAsgCapacityProviders';
export const ECS_ADD_SECURITY_GROUP_TO_ASG_CAPACITY_PROVIDERS = '@aws-cdk/aws-ecs-patterns:addSecurityGroupToAsgCapacityProviders';
export const RDS_LOWERCASE_DB_IDENTIFIER = '@aws-cdk/aws-rds:lowercaseDbIdentifier';
export const APIGATEWAY_USAGEPLANKEY_ORDERINSENSITIVE_ID = '@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId';
export const EFS_DEFAULT_ENCRYPTION_AT_REST = '@aws-cdk/aws-efs:defaultEncryptionAtRest';
Expand Down