-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ecs-service-extensions] Expose security groups as part of the service build interface #11585
Comments
Interesting! So if I understand correctly you want to be able to modify this property: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ecs.Ec2Service.html#securitygroups So this needs to be part of the I think we can add this fairly easily, I just want to make sure I cover the use case thoroughly to make sure there are no other gaps |
Thats correct. We have a few resources that are provisioned outside of CDK and have ingress allowed from certain security groups. The idea here is to add these "allowed" security groups on the fargate service so that the service can access them. |
@nathanpeck whats the guidance on modifying service attributes in general? This issue talks about security groups but we also have a use case where we may want to update the platform version for a fargate service. It almost seems like the ServiceBuild data structure should be extended to include Ec2ServiceProps | FargeteServiceProps. |
Agree with @npb17 . It seems like extensions is going to keep falling behind new features being added to Ec2Service or FargateService. For example, circuitBreaker property was just added and there's no way to use that feature with extensions currently. I think we should look to modify the extensions behavior to use the native props that are exposed by those services as a unified type as @npb17 suggested or similar. What are you thoughts @nathanpeck ? |
Transferred to the new home for ecs-service-extensions. |
|
Allow modifying a fargate service's security groups using extensions
Use Case
We have a use case where in we want additional security groups to be added to a fargate service. These security groups are pre created and are used to restrict access to certain resources. The idea is to create an extension which modifies the service prop by adding these additional security groups.
Proposed Solution
The service build interface needs to be modified to account for security groups. Since this is only applicable to a fargate service, it becomes a little tricky. I think we could create a FargateServiceBuild that extends ServiceBuild. (similarly create Ec2ServiceBuild) and then modify extension interfaces where service build is referenced to use FargateServiceBuild | Ec2ServiceBuild
Other
N/A
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: