From 8ad4dbd7aa10c2070f23076de2446944edba74c9 Mon Sep 17 00:00:00 2001 From: Tim Cutts Date: Wed, 3 Aug 2022 23:48:41 +0100 Subject: [PATCH 1/7] feat(aws-batch): make ComputeEnvironment connectable --- .../aws-batch/lib/compute-environment.ts | 39 +- packages/@aws-cdk/aws-batch/package.json | 2 + ...aultTestDeployAssert0F887B55.template.json | 1 + .../batch-stack.template.json | 1981 ++++++++++++++ .../batch-with-efs.integ.snapshot/cdk.out | 1 + .../batch-with-efs.integ.snapshot/integ.json | 11 + .../manifest.json | 397 +++ .../batch-with-efs.integ.snapshot/tree.json | 2366 +++++++++++++++++ .../aws-batch/test/integ.batch-with-efs.ts | 200 ++ 9 files changed, 4991 insertions(+), 7 deletions(-) create mode 100644 packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/BatchWithEFSTestDefaultTestDeployAssert0F887B55.template.json create mode 100644 packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json create mode 100644 packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts diff --git a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts index 7038923c0eae9..4a3324b83f5d0 100644 --- a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts +++ b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts @@ -323,7 +323,7 @@ export interface IComputeEnvironment extends IResource { * * Defines a batch compute environment to run batch jobs on. */ -export class ComputeEnvironment extends Resource implements IComputeEnvironment { +export class ComputeEnvironment extends Resource implements IComputeEnvironment, ec2.IConnectable { /** * Fetches an existing batch compute environment by its amazon resource name. * @@ -357,6 +357,13 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment */ public readonly computeEnvironmentName: string; + /** + * Connections for this compute environment. + * + * @attribute + */ + public readonly connections: ec2.Connections; + constructor(scope: Construct, id: string, props: ComputeEnvironmentProps = { enabled: true, managed: true }) { super(scope, id, { physicalName: props.computeEnvironmentName, @@ -370,8 +377,11 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment const spotFleetRole = this.getSpotFleetRole(props); let computeResources: CfnComputeEnvironment.ComputeResourcesProperty | undefined; + this.connections = this.buildConnections(props.computeResources?.vpc, props.computeResources?.securityGroups); + // Only allow compute resources to be set when using MANAGED type if (props.computeResources && this.isManaged(props)) { + computeResources = { bidPercentage: props.computeResources.bidPercentage, desiredvCpus: props.computeResources.desiredvCpus, @@ -380,7 +390,7 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment launchTemplate: props.computeResources.launchTemplate, maxvCpus: props.computeResources.maxvCpus || 256, placementGroup: props.computeResources.placementGroup, - securityGroupIds: this.buildSecurityGroupIds(props.computeResources.vpc, props.computeResources.securityGroups), + securityGroupIds: this.getSecurityGroupIds(), spotIamFleetRole: spotFleetRole?.roleArn, subnets: props.computeResources.vpc.selectSubnets(props.computeResources.vpcSubnets).subnetIds, tags: props.computeResources.computeResourcesTags, @@ -576,14 +586,29 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment return instanceTypes.map((type: ec2.InstanceType) => type.toString()); } - private buildSecurityGroupIds(vpc: ec2.IVpc, securityGroups?: ec2.ISecurityGroup[]): string[] | undefined { + private buildConnections(vpc?: ec2.IVpc, securityGroups?:ec2.ISecurityGroup[]): ec2.Connections { + + if (vpc === undefined) { + return new ec2.Connections({}); + } + if (securityGroups === undefined) { - return [ - new ec2.SecurityGroup(this, 'Resource-Security-Group', { vpc }).securityGroupId, - ]; + return new ec2.Connections({ + securityGroups: [ + new ec2.SecurityGroup(this, 'Resource-Security-Group', { vpc }), + ], + }); + } + + return new ec2.Connections({ securityGroups }); + }; + + private getSecurityGroupIds(): string[] | undefined { + if (this.connections === undefined) { + return undefined; } - return securityGroups.map((group: ec2.ISecurityGroup) => group.securityGroupId); + return this.connections.securityGroups.map((group: ec2.ISecurityGroup) => group.securityGroupId); } /** diff --git a/packages/@aws-cdk/aws-batch/package.json b/packages/@aws-cdk/aws-batch/package.json index 40bf13643c57c..2ca9c3ded5de6 100644 --- a/packages/@aws-cdk/aws-batch/package.json +++ b/packages/@aws-cdk/aws-batch/package.json @@ -93,6 +93,7 @@ "@aws-cdk/aws-ec2": "0.0.0", "@aws-cdk/aws-ecr": "0.0.0", "@aws-cdk/aws-ecs": "0.0.0", + "@aws-cdk/aws-efs": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-secretsmanager": "0.0.0", "@aws-cdk/aws-ssm": "0.0.0", @@ -104,6 +105,7 @@ "@aws-cdk/aws-ec2": "0.0.0", "@aws-cdk/aws-ecr": "0.0.0", "@aws-cdk/aws-ecs": "0.0.0", + "@aws-cdk/aws-efs": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-secretsmanager": "0.0.0", "@aws-cdk/aws-ssm": "0.0.0", diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/BatchWithEFSTestDefaultTestDeployAssert0F887B55.template.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/BatchWithEFSTestDefaultTestDeployAssert0F887B55.template.json new file mode 100644 index 0000000000000..9e26dfeeb6e64 --- /dev/null +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/BatchWithEFSTestDefaultTestDeployAssert0F887B55.template.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json new file mode 100644 index 0000000000000..2e09357eeae72 --- /dev/null +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json @@ -0,0 +1,1981 @@ +{ + "Resources": { + "vpcA2121C38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc" + } + ] + } + }, + "vpcPublicSubnet1Subnet2E65531E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1RouteTable48A2DF9B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1RouteTableAssociation5D3F4579": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "vpcPublicSubnet1DefaultRoute10708846": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet1EIPDA49DCBE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1NATGateway9C16659E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet2Subnet009B674F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2RouteTableEB40D4CB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2RouteTableAssociation21F81B59": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "vpcPublicSubnet2DefaultRouteA1EC0F60": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet2EIP9B3743B1": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2NATGateway9B8AE11A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPrivateSubnet1Subnet934893E8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "batch-stack/vpc/PrivateSubnet1" + } + ] + } + }, + "vpcPrivateSubnet1RouteTableB41A48CC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PrivateSubnet1" + } + ] + } + }, + "vpcPrivateSubnet1RouteTableAssociation67945127": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + } + } + }, + "vpcPrivateSubnet2Subnet7031C2BA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "batch-stack/vpc/PrivateSubnet2" + } + ] + } + }, + "vpcPrivateSubnet2RouteTable7280F23E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc/PrivateSubnet2" + } + ] + } + }, + "vpcPrivateSubnet2RouteTableAssociation007E94D3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "vpcPrivateSubnet2DefaultRouteB0E07F99": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" + } + } + }, + "vpcIGWE57CBDCA": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/vpc" + } + ] + } + }, + "vpcVPCGW7984C166": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "InternetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + } + }, + "EFSF3301CFD": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "batch-stack/EFS" + } + ], + "PerformanceMode": "generalPurpose" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "EFSEfsSecurityGroup56F189CE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/EFS/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "batch-stack/EFS" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "EFSEfsSecurityGroupfrombatchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D1298652049B175033E": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from batchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D129865:2049", + "FromPort": 2049, + "GroupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84", + "GroupId" + ] + }, + "ToPort": 2049 + } + }, + "EFSEfsSecurityGroupfrombatchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD2049CEAD960B": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from batchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD:2049", + "FromPort": 2049, + "GroupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchspotcomputeenvResourceSecurityGroup07B09BF9", + "GroupId" + ] + }, + "ToPort": 2049 + } + }, + "EFSEfsSecurityGroupfrombatchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424204916919BCC": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from batchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424:2049", + "FromPort": 2049, + "GroupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2ResourceSecurityGroupBEA8DDD5", + "GroupId" + ] + }, + "ToPort": 2049 + } + }, + "EFSEfsSecurityGroupfrombatchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C2049F5D69397": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from batchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C:2049", + "FromPort": 2049, + "GroupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchfargatecomputeenvResourceSecurityGroupE2963776", + "GroupId" + ] + }, + "ToPort": 2049 + } + }, + "EFSEfsSecurityGroupfrombatchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C12049304E0F7C": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from batchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C1:2049", + "FromPort": 2049, + "GroupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchfargatespotcomputeenvResourceSecurityGroup923D2390", + "GroupId" + ] + }, + "ToPort": 2049 + } + }, + "EFSEfsMountTarget1674E914B": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "EFSF3301CFD" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "EFSEfsMountTarget2A889DFBF": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "EFSF3301CFD" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "EFSAccessPointA847C4A5": { + "Type": "AWS::EFS::AccessPoint", + "Properties": { + "FileSystemId": { + "Ref": "EFSF3301CFD" + }, + "PosixUser": { + "Gid": "1000", + "Uid": "1000" + }, + "RootDirectory": { + "CreationInfo": { + "OwnerGid": "1000", + "OwnerUid": "1000", + "Permissions": "750" + } + } + } + }, + "DefaultJobRole72A01394": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "DefaultJobRoleDefaultPolicyDA586FA5": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "elasticfilesystem:ClientRead", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EFSF3301CFD", + "Arn" + ] + } + }, + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "batchjobrepo4C508C51", + "Arn" + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "DefaultJobRoleDefaultPolicyDA586FA5", + "Roles": [ + { + "Ref": "DefaultJobRole72A01394" + } + ] + } + }, + "ec2launchtemplate": { + "Type": "AWS::EC2::LaunchTemplate", + "Properties": { + "LaunchTemplateData": { + "BlockDeviceMappings": [ + { + "DeviceName": "/dev/xvdcz", + "Ebs": { + "Encrypted": true, + "VolumeSize": 100, + "VolumeType": "gp2" + } + } + ] + }, + "LaunchTemplateName": "EC2LaunchTemplate" + } + }, + "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/batch-demand-compute-env-launch-template/Resource-Security-Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplateEcsInstanceRole24D4E799": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplateInstanceProfile2DEC3A97": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "batchdemandcomputeenvlaunchtemplateEcsInstanceRole24D4E799" + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplateResourceServiceInstanceRole76AD99CC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplateF8A5B233": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "Type": "MANAGED", + "ComputeResources": { + "AllocationStrategy": "BEST_FIT", + "InstanceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateInstanceProfile2DEC3A97", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "LaunchTemplate": { + "LaunchTemplateName": "EC2LaunchTemplate" + }, + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Tags": { + "compute-env-tag": "123XYZ" + }, + "Type": "EC2" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateResourceServiceInstanceRole76AD99CC", + "Arn" + ] + }, + "State": "ENABLED" + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchspotcomputeenvResourceSecurityGroup07B09BF9": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/batch-spot-compute-env/Resource-Security-Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchspotcomputeenvEcsInstanceRoleE976826B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchspotcomputeenvInstanceProfileFA613AC2": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "batchspotcomputeenvEcsInstanceRoleE976826B" + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchspotcomputeenvResourceServiceInstanceRole8B0DF5A7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchspotcomputeenv2CE4DFD9": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "Type": "MANAGED", + "ComputeResources": { + "AllocationStrategy": "SPOT_CAPACITY_OPTIMIZED", + "BidPercentage": 80, + "InstanceRole": { + "Fn::GetAtt": [ + "batchspotcomputeenvInstanceProfileFA613AC2", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "batchspotcomputeenvResourceSecurityGroup07B09BF9", + "GroupId" + ] + } + ], + "SpotIamFleetRole": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet" + ] + ] + }, + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Type": "SPOT" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "batchspotcomputeenvResourceServiceInstanceRole8B0DF5A7", + "Arn" + ] + }, + "State": "ENABLED" + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplate2ResourceSecurityGroupBEA8DDD5": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/batch-demand-compute-env-launch-template-2/Resource-Security-Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplate2EcsInstanceRoleEE146754": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplate2InstanceProfileC5A36CBC": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "batchdemandcomputeenvlaunchtemplate2EcsInstanceRoleEE146754" + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplate2ResourceServiceInstanceRole41CADAC1": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplate2E12D5CBC": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "Type": "MANAGED", + "ComputeResources": { + "AllocationStrategy": "BEST_FIT", + "InstanceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2InstanceProfileC5A36CBC", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "LaunchTemplate": { + "LaunchTemplateId": { + "Ref": "ec2launchtemplate" + } + }, + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2ResourceSecurityGroupBEA8DDD5", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Tags": { + "compute-env-tag": "123XYZ" + }, + "Type": "EC2" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2ResourceServiceInstanceRole41CADAC1", + "Arn" + ] + }, + "State": "ENABLED" + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchjobqueueE3C528F2": { + "Type": "AWS::Batch::JobQueue", + "Properties": { + "ComputeEnvironmentOrder": [ + { + "ComputeEnvironment": { + "Ref": "batchdemandcomputeenvlaunchtemplateF8A5B233" + }, + "Order": 2 + }, + { + "ComputeEnvironment": { + "Ref": "batchspotcomputeenv2CE4DFD9" + }, + "Order": 3 + }, + { + "ComputeEnvironment": { + "Ref": "batchdemandcomputeenvlaunchtemplate2E12D5CBC" + }, + "Order": 4 + } + ], + "Priority": 1, + "State": "ENABLED" + } + }, + "batchfargatecomputeenvResourceSecurityGroupE2963776": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/batch-fargate-compute-env/Resource-Security-Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchfargatecomputeenvResourceServiceInstanceRole94D7AA5F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchfargatecomputeenvE9C3FCA4": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "Type": "MANAGED", + "ComputeResources": { + "MaxvCpus": 256, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "batchfargatecomputeenvResourceSecurityGroupE2963776", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Type": "FARGATE" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "batchfargatecomputeenvResourceServiceInstanceRole94D7AA5F", + "Arn" + ] + }, + "State": "ENABLED" + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchfargatespotcomputeenvResourceSecurityGroup923D2390": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/batch-fargate-spot-compute-env/Resource-Security-Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchfargatespotcomputeenvResourceServiceInstanceRole6462BFB0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchfargatespotcomputeenv374749B0": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "Type": "MANAGED", + "ComputeResources": { + "MaxvCpus": 256, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "batchfargatespotcomputeenvResourceSecurityGroup923D2390", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Type": "FARGATE_SPOT" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "batchfargatespotcomputeenvResourceServiceInstanceRole6462BFB0", + "Arn" + ] + }, + "State": "ENABLED" + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchjobfargatequeue5A12983E": { + "Type": "AWS::Batch::JobQueue", + "Properties": { + "ComputeEnvironmentOrder": [ + { + "ComputeEnvironment": { + "Ref": "batchfargatecomputeenvE9C3FCA4" + }, + "Order": 1 + }, + { + "ComputeEnvironment": { + "Ref": "batchfargatespotcomputeenv374749B0" + }, + "Order": 2 + } + ], + "Priority": 1, + "State": "ENABLED" + } + }, + "batchjobrepo4C508C51": { + "Type": "AWS::ECR::Repository", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "batchjobdeffromecrE0E30DAD": { + "Type": "AWS::Batch::JobDefinition", + "Properties": { + "Type": "container", + "ContainerProperties": { + "Environment": [ + { + "Name": "AWS_REGION", + "Value": { + "Ref": "AWS::Region" + } + }, + { + "Name": "AWS_ACCOUNT", + "Value": { + "Ref": "AWS::AccountId" + } + } + ], + "Image": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "batchjobrepo4C508C51", + "Arn" + ] + } + ] + } + ] + }, + ".dkr.ecr.", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "batchjobrepo4C508C51", + "Arn" + ] + } + ] + } + ] + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "batchjobrepo4C508C51" + }, + ":latest" + ] + ] + }, + "JobRoleArn": { + "Fn::GetAtt": [ + "DefaultJobRole72A01394", + "Arn" + ] + }, + "MountPoints": [ + { + "ContainerPath": "/mnt", + "ReadOnly": true, + "SourceVolume": "batchstackEFS25FF7B1E" + } + ], + "Privileged": false, + "ReadonlyRootFilesystem": false, + "ResourceRequirements": [ + { + "Type": "VCPU", + "Value": "1" + }, + { + "Type": "MEMORY", + "Value": "4" + } + ], + "Volumes": [ + { + "EfsVolumeConfiguration": { + "AuthorizationConfig": { + "AccessPointId": { + "Ref": "EFSAccessPointA847C4A5" + }, + "Iam": "ENABLED" + }, + "FileSystemId": { + "Ref": "EFSF3301CFD" + }, + "TransitEncryption": "ENABLED" + }, + "Name": "batchstackEFS25FF7B1E" + } + ] + }, + "PlatformCapabilities": [ + "EC2" + ], + "RetryStrategy": { + "Attempts": 1 + }, + "Timeout": {} + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..588d7b269d34f --- /dev/null +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/integ.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/integ.json new file mode 100644 index 0000000000000..5bab175e49e2b --- /dev/null +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/integ.json @@ -0,0 +1,11 @@ +{ + "version": "20.0.0", + "testCases": { + "BatchWithEFSTest/DefaultTest": { + "stacks": [ + "batch-stack" + ], + "assertionStack": "BatchWithEFSTestDefaultTestDeployAssert0F887B55" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..4863fc4d025f4 --- /dev/null +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json @@ -0,0 +1,397 @@ +{ + "version": "20.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "batch-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "batch-stack.template.json", + "validateOnSynth": false + }, + "metadata": { + "/batch-stack/vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcA2121C38" + } + ], + "/batch-stack/vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1Subnet2E65531E" + } + ], + "/batch-stack/vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1RouteTable48A2DF9B" + } + ], + "/batch-stack/vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1RouteTableAssociation5D3F4579" + } + ], + "/batch-stack/vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1DefaultRoute10708846" + } + ], + "/batch-stack/vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1EIPDA49DCBE" + } + ], + "/batch-stack/vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet1NATGateway9C16659E" + } + ], + "/batch-stack/vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2Subnet009B674F" + } + ], + "/batch-stack/vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2RouteTableEB40D4CB" + } + ], + "/batch-stack/vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2RouteTableAssociation21F81B59" + } + ], + "/batch-stack/vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2DefaultRouteA1EC0F60" + } + ], + "/batch-stack/vpc/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2EIP9B3743B1" + } + ], + "/batch-stack/vpc/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPublicSubnet2NATGateway9B8AE11A" + } + ], + "/batch-stack/vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1Subnet934893E8" + } + ], + "/batch-stack/vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1RouteTableB41A48CC" + } + ], + "/batch-stack/vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1RouteTableAssociation67945127" + } + ], + "/batch-stack/vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet1DefaultRoute1AA8E2E5" + } + ], + "/batch-stack/vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "/batch-stack/vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2RouteTable7280F23E" + } + ], + "/batch-stack/vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2RouteTableAssociation007E94D3" + } + ], + "/batch-stack/vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcPrivateSubnet2DefaultRouteB0E07F99" + } + ], + "/batch-stack/vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcIGWE57CBDCA" + } + ], + "/batch-stack/vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcVPCGW7984C166" + } + ], + "/batch-stack/EFS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSF3301CFD" + } + ], + "/batch-stack/EFS/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsSecurityGroup56F189CE" + } + ], + "/batch-stack/EFS/EfsSecurityGroup/from batchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D129865:2049": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsSecurityGroupfrombatchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D1298652049B175033E" + } + ], + "/batch-stack/EFS/EfsSecurityGroup/from batchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD:2049": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsSecurityGroupfrombatchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD2049CEAD960B" + } + ], + "/batch-stack/EFS/EfsSecurityGroup/from batchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424:2049": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsSecurityGroupfrombatchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424204916919BCC" + } + ], + "/batch-stack/EFS/EfsSecurityGroup/from batchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C:2049": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsSecurityGroupfrombatchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C2049F5D69397" + } + ], + "/batch-stack/EFS/EfsSecurityGroup/from batchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C1:2049": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsSecurityGroupfrombatchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C12049304E0F7C" + } + ], + "/batch-stack/EFS/EfsMountTarget1": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsMountTarget1674E914B" + } + ], + "/batch-stack/EFS/EfsMountTarget2": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSEfsMountTarget2A889DFBF" + } + ], + "/batch-stack/EFSAccessPoint/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EFSAccessPointA847C4A5" + } + ], + "/batch-stack/DefaultJobRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DefaultJobRole72A01394" + } + ], + "/batch-stack/DefaultJobRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DefaultJobRoleDefaultPolicyDA586FA5" + } + ], + "/batch-stack/ec2-launch-template": [ + { + "type": "aws:cdk:logicalId", + "data": "ec2launchtemplate" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template/Resource-Security-Group/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template/Ecs-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplateEcsInstanceRole24D4E799" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template/Instance-Profile": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplateInstanceProfile2DEC3A97" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template/Resource-Service-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplateResourceServiceInstanceRole76AD99CC" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplateF8A5B233" + } + ], + "/batch-stack/batch-spot-compute-env/Resource-Security-Group/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchspotcomputeenvResourceSecurityGroup07B09BF9" + } + ], + "/batch-stack/batch-spot-compute-env/Ecs-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchspotcomputeenvEcsInstanceRoleE976826B" + } + ], + "/batch-stack/batch-spot-compute-env/Instance-Profile": [ + { + "type": "aws:cdk:logicalId", + "data": "batchspotcomputeenvInstanceProfileFA613AC2" + } + ], + "/batch-stack/batch-spot-compute-env/Resource-Service-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchspotcomputeenvResourceServiceInstanceRole8B0DF5A7" + } + ], + "/batch-stack/batch-spot-compute-env/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchspotcomputeenv2CE4DFD9" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template-2/Resource-Security-Group/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplate2ResourceSecurityGroupBEA8DDD5" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template-2/Ecs-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplate2EcsInstanceRoleEE146754" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template-2/Instance-Profile": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplate2InstanceProfileC5A36CBC" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template-2/Resource-Service-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplate2ResourceServiceInstanceRole41CADAC1" + } + ], + "/batch-stack/batch-demand-compute-env-launch-template-2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchdemandcomputeenvlaunchtemplate2E12D5CBC" + } + ], + "/batch-stack/batch-job-queue/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchjobqueueE3C528F2" + } + ], + "/batch-stack/batch-fargate-compute-env/Resource-Security-Group/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchfargatecomputeenvResourceSecurityGroupE2963776" + } + ], + "/batch-stack/batch-fargate-compute-env/Resource-Service-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchfargatecomputeenvResourceServiceInstanceRole94D7AA5F" + } + ], + "/batch-stack/batch-fargate-compute-env/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchfargatecomputeenvE9C3FCA4" + } + ], + "/batch-stack/batch-fargate-spot-compute-env/Resource-Security-Group/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchfargatespotcomputeenvResourceSecurityGroup923D2390" + } + ], + "/batch-stack/batch-fargate-spot-compute-env/Resource-Service-Instance-Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchfargatespotcomputeenvResourceServiceInstanceRole6462BFB0" + } + ], + "/batch-stack/batch-fargate-spot-compute-env/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchfargatespotcomputeenv374749B0" + } + ], + "/batch-stack/batch-job-fargate-queue/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchjobfargatequeue5A12983E" + } + ], + "/batch-stack/batch-job-repo/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchjobrepo4C508C51" + } + ], + "/batch-stack/batch-job-def-from-ecr/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchjobdeffromecrE0E30DAD" + } + ] + }, + "displayName": "batch-stack" + }, + "BatchWithEFSTestDefaultTestDeployAssert0F887B55": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "BatchWithEFSTestDefaultTestDeployAssert0F887B55.template.json", + "validateOnSynth": false + }, + "displayName": "BatchWithEFSTest/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json new file mode 100644 index 0000000000000..c6cc9599b1fe5 --- /dev/null +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json @@ -0,0 +1,2366 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.51" + } + }, + "batch-stack": { + "id": "batch-stack", + "path": "batch-stack", + "children": { + "vpc": { + "id": "vpc", + "path": "batch-stack/vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "batch-stack/vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "batch-stack/vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "batch-stack/vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "batch-stack/vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "batch-stack/vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "subnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "batch-stack/vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "batch-stack/vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "batch-stack/vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "allocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] + }, + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "batch-stack/vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "batch-stack/vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "batch-stack/vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "batch-stack/vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "batch-stack/vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "subnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "batch-stack/vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "batch-stack/vpc/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "batch-stack/vpc/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "allocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "batch-stack/vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "batch-stack/vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "batch-stack/vpc/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "batch-stack/vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "batch-stack/vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "batch-stack/vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "subnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "batch-stack/vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "batch-stack/vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "batch-stack/vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "batch-stack/vpc/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "batch-stack/vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "batch-stack/vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "batch-stack/vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "subnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "batch-stack/vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "batch-stack/vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "batch-stack/vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "batch-stack/vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "vpcA2121C38" + }, + "internetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.Vpc", + "version": "0.0.0" + } + }, + "EFS": { + "id": "EFS", + "path": "batch-stack/EFS", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/EFS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemTags": [ + { + "key": "Name", + "value": "batch-stack/EFS" + } + ], + "performanceMode": "generalPurpose" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "batch-stack/EFS/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/EFS/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/EFS/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "batch-stack/EFS" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + }, + "from batchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D129865:2049": { + "id": "from batchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D129865:2049", + "path": "batch-stack/EFS/EfsSecurityGroup/from batchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D129865:2049", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from batchstackbatchdemandcomputeenvlaunchtemplateResourceSecurityGroup0D129865:2049", + "fromPort": 2049, + "groupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84", + "GroupId" + ] + }, + "toPort": 2049 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } + }, + "from batchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD:2049": { + "id": "from batchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD:2049", + "path": "batch-stack/EFS/EfsSecurityGroup/from batchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD:2049", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from batchstackbatchspotcomputeenvResourceSecurityGroup729D2DBD:2049", + "fromPort": 2049, + "groupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchspotcomputeenvResourceSecurityGroup07B09BF9", + "GroupId" + ] + }, + "toPort": 2049 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } + }, + "from batchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424:2049": { + "id": "from batchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424:2049", + "path": "batch-stack/EFS/EfsSecurityGroup/from batchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424:2049", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from batchstackbatchdemandcomputeenvlaunchtemplate2ResourceSecurityGroup3ED06424:2049", + "fromPort": 2049, + "groupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2ResourceSecurityGroupBEA8DDD5", + "GroupId" + ] + }, + "toPort": 2049 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } + }, + "from batchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C:2049": { + "id": "from batchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C:2049", + "path": "batch-stack/EFS/EfsSecurityGroup/from batchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C:2049", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from batchstackbatchfargatecomputeenvResourceSecurityGroup32BE704C:2049", + "fromPort": 2049, + "groupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchfargatecomputeenvResourceSecurityGroupE2963776", + "GroupId" + ] + }, + "toPort": 2049 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } + }, + "from batchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C1:2049": { + "id": "from batchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C1:2049", + "path": "batch-stack/EFS/EfsSecurityGroup/from batchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C1:2049", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from batchstackbatchfargatespotcomputeenvResourceSecurityGroup86E388C1:2049", + "fromPort": 2049, + "groupId": { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "batchfargatespotcomputeenvResourceSecurityGroup923D2390", + "GroupId" + ] + }, + "toPort": 2049 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget1": { + "id": "EfsMountTarget1", + "path": "batch-stack/EFS/EfsMountTarget1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "EFSF3301CFD" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget2": { + "id": "EfsMountTarget2", + "path": "batch-stack/EFS/EfsMountTarget2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "EFSF3301CFD" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "EFSEfsSecurityGroup56F189CE", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-efs.FileSystem", + "version": "0.0.0" + } + }, + "EFSAccessPoint": { + "id": "EFSAccessPoint", + "path": "batch-stack/EFSAccessPoint", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/EFSAccessPoint/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::AccessPoint", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "EFSF3301CFD" + }, + "posixUser": { + "uid": "1000", + "gid": "1000" + }, + "rootDirectory": { + "creationInfo": { + "ownerGid": "1000", + "ownerUid": "1000", + "permissions": "750" + } + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-efs.CfnAccessPoint", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-efs.AccessPoint", + "version": "0.0.0" + } + }, + "DefaultJobRole": { + "id": "DefaultJobRole", + "path": "batch-stack/DefaultJobRole", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/DefaultJobRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "batch-stack/DefaultJobRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/DefaultJobRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "elasticfilesystem:ClientRead", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EFSF3301CFD", + "Arn" + ] + } + }, + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "batchjobrepo4C508C51", + "Arn" + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "DefaultJobRoleDefaultPolicyDA586FA5", + "roles": [ + { + "Ref": "DefaultJobRole72A01394" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "ec2-launch-template": { + "id": "ec2-launch-template", + "path": "batch-stack/ec2-launch-template", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::LaunchTemplate", + "aws:cdk:cloudformation:props": { + "launchTemplateData": { + "blockDeviceMappings": [ + { + "deviceName": "/dev/xvdcz", + "ebs": { + "encrypted": true, + "volumeSize": 100, + "volumeType": "gp2" + } + } + ] + }, + "launchTemplateName": "EC2LaunchTemplate" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnLaunchTemplate", + "version": "0.0.0" + } + }, + "batch-demand-compute-env-launch-template": { + "id": "batch-demand-compute-env-launch-template", + "path": "batch-stack/batch-demand-compute-env-launch-template", + "children": { + "Resource-Security-Group": { + "id": "Resource-Security-Group", + "path": "batch-stack/batch-demand-compute-env-launch-template/Resource-Security-Group", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template/Resource-Security-Group/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/batch-demand-compute-env-launch-template/Resource-Security-Group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Ecs-Instance-Role": { + "id": "Ecs-Instance-Role", + "path": "batch-stack/batch-demand-compute-env-launch-template/Ecs-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template/Ecs-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Instance-Profile": { + "id": "Instance-Profile", + "path": "batch-stack/batch-demand-compute-env-launch-template/Instance-Profile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "batchdemandcomputeenvlaunchtemplateEcsInstanceRole24D4E799" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource-Service-Instance-Role": { + "id": "Resource-Service-Instance-Role", + "path": "batch-stack/batch-demand-compute-env-launch-template/Resource-Service-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template/Resource-Service-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "type": "MANAGED", + "computeResources": { + "launchTemplate": { + "launchTemplateName": "EC2LaunchTemplate" + }, + "maxvCpus": 256, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "tags": { + "compute-env-tag": "123XYZ" + }, + "type": "EC2", + "allocationStrategy": "BEST_FIT", + "instanceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateInstanceProfile2DEC3A97", + "Arn" + ] + }, + "instanceTypes": [ + "optimal" + ], + "minvCpus": 0 + }, + "serviceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplateResourceServiceInstanceRole76AD99CC", + "Arn" + ] + }, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.ComputeEnvironment", + "version": "0.0.0" + } + }, + "batch-spot-compute-env": { + "id": "batch-spot-compute-env", + "path": "batch-stack/batch-spot-compute-env", + "children": { + "Resource-SpotFleet-Role": { + "id": "Resource-SpotFleet-Role", + "path": "batch-stack/batch-spot-compute-env/Resource-SpotFleet-Role", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "Resource-Security-Group": { + "id": "Resource-Security-Group", + "path": "batch-stack/batch-spot-compute-env/Resource-Security-Group", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-spot-compute-env/Resource-Security-Group/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/batch-spot-compute-env/Resource-Security-Group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Ecs-Instance-Role": { + "id": "Ecs-Instance-Role", + "path": "batch-stack/batch-spot-compute-env/Ecs-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-spot-compute-env/Ecs-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Instance-Profile": { + "id": "Instance-Profile", + "path": "batch-stack/batch-spot-compute-env/Instance-Profile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "batchspotcomputeenvEcsInstanceRoleE976826B" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource-Service-Instance-Role": { + "id": "Resource-Service-Instance-Role", + "path": "batch-stack/batch-spot-compute-env/Resource-Service-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-spot-compute-env/Resource-Service-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-spot-compute-env/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "type": "MANAGED", + "computeResources": { + "bidPercentage": 80, + "maxvCpus": 256, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "batchspotcomputeenvResourceSecurityGroup07B09BF9", + "GroupId" + ] + } + ], + "spotIamFleetRole": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet" + ] + ] + }, + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "type": "SPOT", + "allocationStrategy": "SPOT_CAPACITY_OPTIMIZED", + "instanceRole": { + "Fn::GetAtt": [ + "batchspotcomputeenvInstanceProfileFA613AC2", + "Arn" + ] + }, + "instanceTypes": [ + "optimal" + ], + "minvCpus": 0 + }, + "serviceRole": { + "Fn::GetAtt": [ + "batchspotcomputeenvResourceServiceInstanceRole8B0DF5A7", + "Arn" + ] + }, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.ComputeEnvironment", + "version": "0.0.0" + } + }, + "batch-demand-compute-env-launch-template-2": { + "id": "batch-demand-compute-env-launch-template-2", + "path": "batch-stack/batch-demand-compute-env-launch-template-2", + "children": { + "Resource-Security-Group": { + "id": "Resource-Security-Group", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Resource-Security-Group", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Resource-Security-Group/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/batch-demand-compute-env-launch-template-2/Resource-Security-Group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Ecs-Instance-Role": { + "id": "Ecs-Instance-Role", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Ecs-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Ecs-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Instance-Profile": { + "id": "Instance-Profile", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Instance-Profile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "batchdemandcomputeenvlaunchtemplate2EcsInstanceRoleEE146754" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource-Service-Instance-Role": { + "id": "Resource-Service-Instance-Role", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Resource-Service-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Resource-Service-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-demand-compute-env-launch-template-2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "type": "MANAGED", + "computeResources": { + "launchTemplate": { + "launchTemplateId": { + "Ref": "ec2launchtemplate" + } + }, + "maxvCpus": 256, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2ResourceSecurityGroupBEA8DDD5", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "tags": { + "compute-env-tag": "123XYZ" + }, + "type": "EC2", + "allocationStrategy": "BEST_FIT", + "instanceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2InstanceProfileC5A36CBC", + "Arn" + ] + }, + "instanceTypes": [ + "optimal" + ], + "minvCpus": 0 + }, + "serviceRole": { + "Fn::GetAtt": [ + "batchdemandcomputeenvlaunchtemplate2ResourceServiceInstanceRole41CADAC1", + "Arn" + ] + }, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.ComputeEnvironment", + "version": "0.0.0" + } + }, + "batch-job-queue": { + "id": "batch-job-queue", + "path": "batch-stack/batch-job-queue", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-job-queue/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::JobQueue", + "aws:cdk:cloudformation:props": { + "computeEnvironmentOrder": [ + { + "computeEnvironment": { + "Ref": "batchdemandcomputeenvlaunchtemplateF8A5B233" + }, + "order": 2 + }, + { + "computeEnvironment": { + "Ref": "batchspotcomputeenv2CE4DFD9" + }, + "order": 3 + }, + { + "computeEnvironment": { + "Ref": "batchdemandcomputeenvlaunchtemplate2E12D5CBC" + }, + "order": 4 + } + ], + "priority": 1, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnJobQueue", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.JobQueue", + "version": "0.0.0" + } + }, + "batch-fargate-compute-env": { + "id": "batch-fargate-compute-env", + "path": "batch-stack/batch-fargate-compute-env", + "children": { + "Resource-Security-Group": { + "id": "Resource-Security-Group", + "path": "batch-stack/batch-fargate-compute-env/Resource-Security-Group", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-fargate-compute-env/Resource-Security-Group/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/batch-fargate-compute-env/Resource-Security-Group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Resource-Service-Instance-Role": { + "id": "Resource-Service-Instance-Role", + "path": "batch-stack/batch-fargate-compute-env/Resource-Service-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-fargate-compute-env/Resource-Service-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-fargate-compute-env/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "type": "MANAGED", + "computeResources": { + "maxvCpus": 256, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "batchfargatecomputeenvResourceSecurityGroupE2963776", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "type": "FARGATE" + }, + "serviceRole": { + "Fn::GetAtt": [ + "batchfargatecomputeenvResourceServiceInstanceRole94D7AA5F", + "Arn" + ] + }, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.ComputeEnvironment", + "version": "0.0.0" + } + }, + "batch-fargate-spot-compute-env": { + "id": "batch-fargate-spot-compute-env", + "path": "batch-stack/batch-fargate-spot-compute-env", + "children": { + "Resource-Security-Group": { + "id": "Resource-Security-Group", + "path": "batch-stack/batch-fargate-spot-compute-env/Resource-Security-Group", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-fargate-spot-compute-env/Resource-Security-Group/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/batch-fargate-spot-compute-env/Resource-Security-Group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Resource-Service-Instance-Role": { + "id": "Resource-Service-Instance-Role", + "path": "batch-stack/batch-fargate-spot-compute-env/Resource-Service-Instance-Role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-fargate-spot-compute-env/Resource-Service-Instance-Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-fargate-spot-compute-env/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "type": "MANAGED", + "computeResources": { + "maxvCpus": 256, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "batchfargatespotcomputeenvResourceSecurityGroup923D2390", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "type": "FARGATE_SPOT" + }, + "serviceRole": { + "Fn::GetAtt": [ + "batchfargatespotcomputeenvResourceServiceInstanceRole6462BFB0", + "Arn" + ] + }, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.ComputeEnvironment", + "version": "0.0.0" + } + }, + "batch-job-fargate-queue": { + "id": "batch-job-fargate-queue", + "path": "batch-stack/batch-job-fargate-queue", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-job-fargate-queue/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::JobQueue", + "aws:cdk:cloudformation:props": { + "computeEnvironmentOrder": [ + { + "computeEnvironment": { + "Ref": "batchfargatecomputeenvE9C3FCA4" + }, + "order": 1 + }, + { + "computeEnvironment": { + "Ref": "batchfargatespotcomputeenv374749B0" + }, + "order": 2 + } + ], + "priority": 1, + "state": "ENABLED" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnJobQueue", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.JobQueue", + "version": "0.0.0" + } + }, + "batch-job-repo": { + "id": "batch-job-repo", + "path": "batch-stack/batch-job-repo", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-job-repo/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECR::Repository", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecr.CfnRepository", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecr.Repository", + "version": "0.0.0" + } + }, + "batch-job-def-from-ecr": { + "id": "batch-job-def-from-ecr", + "path": "batch-stack/batch-job-def-from-ecr", + "children": { + "Resource-Batch-Job-Container-Definition": { + "id": "Resource-Batch-Job-Container-Definition", + "path": "batch-stack/batch-job-def-from-ecr/Resource-Batch-Job-Container-Definition", + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.ContainerDefinition", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-job-def-from-ecr/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::JobDefinition", + "aws:cdk:cloudformation:props": { + "type": "container", + "containerProperties": { + "environment": [ + { + "name": "AWS_REGION", + "value": { + "Ref": "AWS::Region" + } + }, + { + "name": "AWS_ACCOUNT", + "value": { + "Ref": "AWS::AccountId" + } + } + ], + "image": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "batchjobrepo4C508C51", + "Arn" + ] + } + ] + } + ] + }, + ".dkr.ecr.", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "batchjobrepo4C508C51", + "Arn" + ] + } + ] + } + ] + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "batchjobrepo4C508C51" + }, + ":latest" + ] + ] + }, + "jobRoleArn": { + "Fn::GetAtt": [ + "DefaultJobRole72A01394", + "Arn" + ] + }, + "mountPoints": [ + { + "containerPath": "/mnt", + "sourceVolume": "batchstackEFS25FF7B1E", + "readOnly": true + } + ], + "privileged": false, + "readonlyRootFilesystem": false, + "volumes": [ + { + "name": "batchstackEFS25FF7B1E", + "efsVolumeConfiguration": { + "fileSystemId": { + "Ref": "EFSF3301CFD" + }, + "transitEncryption": "ENABLED", + "authorizationConfig": { + "accessPointId": { + "Ref": "EFSAccessPointA847C4A5" + }, + "iam": "ENABLED" + } + } + } + ], + "resourceRequirements": [ + { + "type": "VCPU", + "value": "1" + }, + { + "type": "MEMORY", + "value": "4" + } + ] + }, + "platformCapabilities": [ + "EC2" + ], + "retryStrategy": { + "attempts": 1 + }, + "timeout": {} + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnJobDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.JobDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "BatchWithEFSTest": { + "id": "BatchWithEFSTest", + "path": "BatchWithEFSTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "BatchWithEFSTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "BatchWithEFSTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.51" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "BatchWithEFSTest/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts b/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts new file mode 100644 index 0000000000000..b6102a6e85c6c --- /dev/null +++ b/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts @@ -0,0 +1,200 @@ +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as ecr from '@aws-cdk/aws-ecr'; +import * as ecs from '@aws-cdk/aws-ecs'; +import * as efs from '@aws-cdk/aws-efs'; +import * as iam from '@aws-cdk/aws-iam'; +// import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; +import * as cdk from '@aws-cdk/core'; +import * as integ from '@aws-cdk/integ-tests'; +import * as batch from '../lib/'; + +export const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'batch-stack'); + +const vpc = new ec2.Vpc(stack, 'vpc'); + +const efsFs = new efs.FileSystem(stack, 'EFS', { + vpc, + performanceMode: efs.PerformanceMode.GENERAL_PURPOSE, + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +const accessPoint = new efs.AccessPoint( + stack, + 'EFSAccessPoint', + { + fileSystem: efsFs, + createAcl: { + ownerUid: '1000', + ownerGid: '1000', + permissions: '750', + }, + posixUser: { + uid: '1000', + gid: '1000', + }, + }, +); + +let volumes: ecs.Volume[] = [{ + name: cdk.Names.uniqueId(efsFs), + efsVolumeConfiguration: { + fileSystemId: efsFs.fileSystemId, + transitEncryption: 'ENABLED', + authorizationConfig: { + accessPointId: accessPoint.accessPointId, + iam: 'ENABLED', + }, + }, +}]; + +let mountPoints: ecs.MountPoint[] = [{ + containerPath: '/mnt', + sourceVolume: volumes[0].name, + readOnly: true, +}]; + +const jobRole = new iam.Role(stack, 'DefaultJobRole', { + assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'), +}); + +efsFs.grant(jobRole, 'elasticfilesystem:ClientRead'); + +const launchTemplate = new ec2.CfnLaunchTemplate(stack, 'ec2-launch-template', { + launchTemplateName: 'EC2LaunchTemplate', + launchTemplateData: { + blockDeviceMappings: [ + { + deviceName: '/dev/xvdcz', + ebs: { + encrypted: true, + volumeSize: 100, + volumeType: 'gp2', + }, + }, + ], + }, +}); + +const computeEnvironments = [ + { + computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-demand-compute-env-launch-template', { + managed: true, + computeResources: { + type: batch.ComputeResourceType.ON_DEMAND, + vpc, + launchTemplate: { + launchTemplateName: launchTemplate.launchTemplateName as string, + }, + computeResourcesTags: { + 'compute-env-tag': '123XYZ', + }, + }, + }), + order: 2, + }, + { + computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-spot-compute-env', { + managed: true, + computeResources: { + type: batch.ComputeResourceType.SPOT, + vpc, + bidPercentage: 80, + }, + }), + order: 3, + }, + { + computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-demand-compute-env-launch-template-2', { + managed: true, + computeResources: { + type: batch.ComputeResourceType.ON_DEMAND, + vpc, + launchTemplate: { + launchTemplateId: launchTemplate.ref as string, + }, + computeResourcesTags: { + 'compute-env-tag': '123XYZ', + }, + }, + }), + order: 4, + }, +]; + +// Allow Comppute Environments to access the filesystem +computeEnvironments.forEach((ce) => { + efsFs.connections.allowDefaultPortFrom(ce.computeEnvironment); +}); + +new batch.JobQueue(stack, 'batch-job-queue', { computeEnvironments }); + +const fargateEnvironments = [ + { + computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-fargate-compute-env', { + managed: true, + computeResources: { + type: batch.ComputeResourceType.FARGATE, + vpc, + }, + }), + order: 1, + }, + { + computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-fargate-spot-compute-env', { + managed: true, + computeResources: { + type: batch.ComputeResourceType.FARGATE_SPOT, + vpc, + }, + }), + order: 2, + }, +]; + +fargateEnvironments.forEach((ce) => { + efsFs.connections.allowDefaultPortFrom(ce.computeEnvironment); +}); + +// Split out into two job queues because each queue +// supports a max of 3 compute environments +new batch.JobQueue(stack, 'batch-job-fargate-queue', { + computeEnvironments: fargateEnvironments, +}); + +const repo = new ecr.Repository(stack, 'batch-job-repo'); + +new batch.JobDefinition(stack, 'batch-job-def-from-ecr', { + container: { + jobRole, + image: new ecs.EcrImage(repo, 'latest'), + mountPoints, + volumes, + }, +}); + +/* +const secret = new secretsmanager.Secret(stack, 'batch-secret'); +const executionRole = new iam.Role(stack, 'execution-role', { + assumedBy: new iam.ServicePrincipal('batch.amazonaws.com'), +}); + +new batch.JobDefinition(stack, 'batch-job-def-fargate', { + platformCapabilities: [batch.PlatformCapabilities.FARGATE], + container: { + image: ecs.ContainerImage.fromRegistry('docker/whalesay'), + executionRole, + jobRole, + secrets: { + SECRET: ecs.Secret.fromSecretsManager(secret), + }, + mountPoints, + volumes, + }, +}); +*/ + +new integ.IntegTest(app, 'BatchWithEFSTest', { + testCases: [stack], +}); From de70e41e5877b7bdd5c5cf8e3614f1d339d8e910 Mon Sep 17 00:00:00 2001 From: Tim Cutts Date: Thu, 4 Aug 2022 07:57:37 +0100 Subject: [PATCH 2/7] Restore fargate integration tests --- .../batch-stack.template.json | 140 +++++++++++ .../manifest.json | 24 ++ .../batch-with-efs.integ.snapshot/tree.json | 218 ++++++++++++++++++ .../aws-batch/test/integ.batch-with-efs.ts | 11 +- 4 files changed, 388 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json index 2e09357eeae72..51e692acede35 100644 --- a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/batch-stack.template.json @@ -1976,6 +1976,146 @@ }, "Timeout": {} } + }, + "batchsecret7CD5E4C6": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "GenerateSecretString": {} + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "executionroleD9A39BE6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "executionroleDefaultPolicy497F11A3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "executionroleDefaultPolicy497F11A3", + "Roles": [ + { + "Ref": "executionroleD9A39BE6" + } + ] + } + }, + "batchjobdeffargate7FE30059": { + "Type": "AWS::Batch::JobDefinition", + "Properties": { + "Type": "container", + "ContainerProperties": { + "Environment": [ + { + "Name": "AWS_REGION", + "Value": { + "Ref": "AWS::Region" + } + }, + { + "Name": "AWS_ACCOUNT", + "Value": { + "Ref": "AWS::AccountId" + } + } + ], + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "executionroleD9A39BE6", + "Arn" + ] + }, + "FargatePlatformConfiguration": { + "PlatformVersion": "1.4.0" + }, + "Image": "docker/whalesay", + "JobRoleArn": { + "Fn::GetAtt": [ + "DefaultJobRole72A01394", + "Arn" + ] + }, + "MountPoints": [ + { + "ContainerPath": "/mnt", + "ReadOnly": true, + "SourceVolume": "batchstackEFS25FF7B1E" + } + ], + "Privileged": false, + "ReadonlyRootFilesystem": false, + "ResourceRequirements": [ + { + "Type": "VCPU", + "Value": "0.25" + }, + { + "Type": "MEMORY", + "Value": "512" + } + ], + "Secrets": [ + { + "Name": "SECRET", + "ValueFrom": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], + "Volumes": [ + { + "EfsVolumeConfiguration": { + "AuthorizationConfig": { + "AccessPointId": { + "Ref": "EFSAccessPointA847C4A5" + }, + "Iam": "ENABLED" + }, + "FileSystemId": { + "Ref": "EFSF3301CFD" + }, + "TransitEncryption": "ENABLED" + }, + "Name": "batchstackEFS25FF7B1E" + } + ] + }, + "PlatformCapabilities": [ + "FARGATE" + ], + "RetryStrategy": { + "Attempts": 1 + }, + "Timeout": {} + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json index 4863fc4d025f4..a4680b9517f9c 100644 --- a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/manifest.json @@ -380,6 +380,30 @@ "type": "aws:cdk:logicalId", "data": "batchjobdeffromecrE0E30DAD" } + ], + "/batch-stack/batch-secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchsecret7CD5E4C6" + } + ], + "/batch-stack/execution-role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "executionroleD9A39BE6" + } + ], + "/batch-stack/execution-role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "executionroleDefaultPolicy497F11A3" + } + ], + "/batch-stack/batch-job-def-fargate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchjobdeffargate7FE30059" + } ] }, "displayName": "batch-stack" diff --git a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json index c6cc9599b1fe5..2073887c16510 100644 --- a/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-batch/test/batch-with-efs.integ.snapshot/tree.json @@ -2314,6 +2314,224 @@ "fqn": "@aws-cdk/aws-batch.JobDefinition", "version": "0.0.0" } + }, + "batch-secret": { + "id": "batch-secret", + "path": "batch-stack/batch-secret", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "generateSecretString": {} + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnSecret", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.Secret", + "version": "0.0.0" + } + }, + "execution-role": { + "id": "execution-role", + "path": "batch-stack/execution-role", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/execution-role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "batch-stack/execution-role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/execution-role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "executionroleDefaultPolicy497F11A3", + "roles": [ + { + "Ref": "executionroleD9A39BE6" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "batch-job-def-fargate": { + "id": "batch-job-def-fargate", + "path": "batch-stack/batch-job-def-fargate", + "children": { + "Resource-Batch-Job-Container-Definition": { + "id": "Resource-Batch-Job-Container-Definition", + "path": "batch-stack/batch-job-def-fargate/Resource-Batch-Job-Container-Definition", + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.ContainerDefinition", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-job-def-fargate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::JobDefinition", + "aws:cdk:cloudformation:props": { + "type": "container", + "containerProperties": { + "environment": [ + { + "name": "AWS_REGION", + "value": { + "Ref": "AWS::Region" + } + }, + { + "name": "AWS_ACCOUNT", + "value": { + "Ref": "AWS::AccountId" + } + } + ], + "secrets": [ + { + "name": "SECRET", + "valueFrom": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], + "image": "docker/whalesay", + "jobRoleArn": { + "Fn::GetAtt": [ + "DefaultJobRole72A01394", + "Arn" + ] + }, + "executionRoleArn": { + "Fn::GetAtt": [ + "executionroleD9A39BE6", + "Arn" + ] + }, + "mountPoints": [ + { + "containerPath": "/mnt", + "sourceVolume": "batchstackEFS25FF7B1E", + "readOnly": true + } + ], + "privileged": false, + "readonlyRootFilesystem": false, + "volumes": [ + { + "name": "batchstackEFS25FF7B1E", + "efsVolumeConfiguration": { + "fileSystemId": { + "Ref": "EFSF3301CFD" + }, + "transitEncryption": "ENABLED", + "authorizationConfig": { + "accessPointId": { + "Ref": "EFSAccessPointA847C4A5" + }, + "iam": "ENABLED" + } + } + } + ], + "fargatePlatformConfiguration": { + "platformVersion": "1.4.0" + }, + "resourceRequirements": [ + { + "type": "VCPU", + "value": "0.25" + }, + { + "type": "MEMORY", + "value": "512" + } + ] + }, + "platformCapabilities": [ + "FARGATE" + ], + "retryStrategy": { + "attempts": 1 + }, + "timeout": {} + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.CfnJobDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-batch.JobDefinition", + "version": "0.0.0" + } } }, "constructInfo": { diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts b/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts index b6102a6e85c6c..738ba9297ab55 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts +++ b/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts @@ -3,7 +3,7 @@ import * as ecr from '@aws-cdk/aws-ecr'; import * as ecs from '@aws-cdk/aws-ecs'; import * as efs from '@aws-cdk/aws-efs'; import * as iam from '@aws-cdk/aws-iam'; -// import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; +import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; import * as cdk from '@aws-cdk/core'; import * as integ from '@aws-cdk/integ-tests'; import * as batch from '../lib/'; @@ -37,7 +37,7 @@ const accessPoint = new efs.AccessPoint( }, ); -let volumes: ecs.Volume[] = [{ +const volumes: ecs.Volume[] = [{ name: cdk.Names.uniqueId(efsFs), efsVolumeConfiguration: { fileSystemId: efsFs.fileSystemId, @@ -49,7 +49,7 @@ let volumes: ecs.Volume[] = [{ }, }]; -let mountPoints: ecs.MountPoint[] = [{ +const mountPoints: ecs.MountPoint[] = [{ containerPath: '/mnt', sourceVolume: volumes[0].name, readOnly: true, @@ -174,7 +174,6 @@ new batch.JobDefinition(stack, 'batch-job-def-from-ecr', { }, }); -/* const secret = new secretsmanager.Secret(stack, 'batch-secret'); const executionRole = new iam.Role(stack, 'execution-role', { assumedBy: new iam.ServicePrincipal('batch.amazonaws.com'), @@ -184,6 +183,9 @@ new batch.JobDefinition(stack, 'batch-job-def-fargate', { platformCapabilities: [batch.PlatformCapabilities.FARGATE], container: { image: ecs.ContainerImage.fromRegistry('docker/whalesay'), + // Have to specify 1.4 here rather than LATEST - stack fails to deploy with + // 'LATEST' which is a bug somewhere in CloudFormation/Fargate + platformVersion: ecs.FargatePlatformVersion.VERSION1_4, executionRole, jobRole, secrets: { @@ -193,7 +195,6 @@ new batch.JobDefinition(stack, 'batch-job-def-fargate', { volumes, }, }); -*/ new integ.IntegTest(app, 'BatchWithEFSTest', { testCases: [stack], From 8fb31c4e5feca56b17465adcc539a5cb0eb54bc6 Mon Sep 17 00:00:00 2001 From: Tim Cutts Date: Thu, 4 Aug 2022 09:42:00 +0100 Subject: [PATCH 3/7] doc: ComputeEnvironments are now connectable --- packages/@aws-cdk/aws-batch/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index 02252a8cc6625..d727bc7416235 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -74,6 +74,20 @@ const spotEnvironment = new batch.ComputeEnvironment(this, 'MySpotEnvironment', }); ``` +### Compute Environments and Security Groups + +Compute Environments now implement the IConnectable interface, which means you can use +connections on other CDK resources to manipulate the security groups and allow access. + +For example: + +```ts +declare const fs: efs.Filesystem; +declare const ce: batch.ComputeEnvironment; + +fs.connections.allowDefaultPortFrom(ce); +``` + ### Fargate Compute Environment It is possible to have AWS Batch submit jobs to be run on Fargate compute resources. Below is an example of how this can be done: From c79b89da0226efbeefac6a9d02e9b491d15b99d6 Mon Sep 17 00:00:00 2001 From: Tim Cutts Date: Thu, 4 Aug 2022 12:28:20 +0100 Subject: [PATCH 4/7] doc: Added efs namespace to connectable example --- packages/@aws-cdk/aws-batch/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index d727bc7416235..d50169b6c7a21 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -79,10 +79,12 @@ const spotEnvironment = new batch.ComputeEnvironment(this, 'MySpotEnvironment', Compute Environments now implement the IConnectable interface, which means you can use connections on other CDK resources to manipulate the security groups and allow access. -For example: +For example, allowing Compute Environments to access an EFS filesystem: ```ts -declare const fs: efs.Filesystem; +import * as efs from '@aws-cdk/aws-efs'; + +declare const fs: efs.FileSystem; declare const ce: batch.ComputeEnvironment; fs.connections.allowDefaultPortFrom(ce); From 2274990016965e94e9758f8ee945db80a72efd15 Mon Sep 17 00:00:00 2001 From: Tim Cutts Date: Thu, 4 Aug 2022 20:47:43 +0100 Subject: [PATCH 5/7] Update packages/@aws-cdk/aws-batch/README.md Co-authored-by: Momo Kornher --- packages/@aws-cdk/aws-batch/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index d50169b6c7a21..0d2636f981473 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -76,7 +76,7 @@ const spotEnvironment = new batch.ComputeEnvironment(this, 'MySpotEnvironment', ### Compute Environments and Security Groups -Compute Environments now implement the IConnectable interface, which means you can use +Compute Environments implement the `IConnectable` interface, which means you can use connections on other CDK resources to manipulate the security groups and allow access. For example, allowing Compute Environments to access an EFS filesystem: From 4e1d9eb4828f351ecb9cf96f6a61966b398799d9 Mon Sep 17 00:00:00 2001 From: Tim Cutts Date: Thu, 4 Aug 2022 22:00:35 +0100 Subject: [PATCH 6/7] Added unit test for connectable ComputeEnvironment --- .../test/compute-environment.test.ts | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts b/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts index 82c4ca821e7d1..d31a0f60e9a82 100644 --- a/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts +++ b/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts @@ -583,5 +583,61 @@ describe('Batch Compute Environment', () => { }); }); }); + + describe('connectable functions', () => { + test('ec2 ingress rule', () => { + const computeEnvironment = new batch.ComputeEnvironment(stack, 'test-compute-env', { + managed: true, + computeResources: { + vpc, + }, + }); + + const sg1 = new ec2.SecurityGroup(stack, 'SomeSecurityGroup', { vpc, allowAllOutbound: false }); + const somethingConnectable = new SomethingConnectable(new ec2.Connections({ securityGroups: [sg1] })); + + somethingConnectable.connections.allowFrom(computeEnvironment, ec2.Port.tcp(12345), 'connect to me'); + + Template.fromStack(stack).hasResourceProperties + ('AWS::EC2::SecurityGroupIngress', { + GroupId: { 'Fn::GetAtt': ['SomeSecurityGroupEF219AD6', 'GroupId'] }, + IpProtocol: 'tcp', + Description: 'connect to me', + SourceSecurityGroupId: { 'Fn::GetAtt': ['testcomputeenvResourceSecurityGroup7615BA87', 'GroupId'] }, + FromPort: 12345, + ToPort: 12345, + }); + }); + + test('fargate ingress rule', () => { + const computeEnvironment = new batch.ComputeEnvironment(stack, 'test-fargate-env', { + managed: true, + computeResources: { + vpc, + type: batch.ComputeResourceType.FARGATE, + }, + }); + + const sg1 = new ec2.SecurityGroup(stack, 'SomeSecurityGroup', { vpc, allowAllOutbound: false }); + const somethingConnectable = new SomethingConnectable(new ec2.Connections({ securityGroups: [sg1] })); + + somethingConnectable.connections.allowFrom(computeEnvironment, ec2.Port.tcp(12345), 'connect to me'); + + Template.fromStack(stack).hasResourceProperties + ('AWS::EC2::SecurityGroupIngress', { + GroupId: { 'Fn::GetAtt': ['SomeSecurityGroupEF219AD6', 'GroupId'] }, + IpProtocol: 'tcp', + Description: 'connect to me', + SourceSecurityGroupId: { 'Fn::GetAtt': ['testfargateenvResourceSecurityGroup66A2FC03', 'GroupId'] }, + FromPort: 12345, + ToPort: 12345, + }); + }); + }); }); }); + +class SomethingConnectable implements ec2.IConnectable { + constructor(public readonly connections: ec2.Connections) { + } +} From 74e6d49e49d15d7ca735ab8167b393cc51e4923b Mon Sep 17 00:00:00 2001 From: Tim Cutts Date: Thu, 4 Aug 2022 22:01:37 +0100 Subject: [PATCH 7/7] Changes suggested in feedback for PR #21458 --- packages/@aws-cdk/aws-batch/README.md | 8 ++++---- packages/@aws-cdk/aws-batch/lib/compute-environment.ts | 2 -- packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts | 2 ++ 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index 0d2636f981473..8c06ad6e7b623 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -79,15 +79,15 @@ const spotEnvironment = new batch.ComputeEnvironment(this, 'MySpotEnvironment', Compute Environments implement the `IConnectable` interface, which means you can use connections on other CDK resources to manipulate the security groups and allow access. -For example, allowing Compute Environments to access an EFS filesystem: +For example, allowing a Compute Environment to access an EFS filesystem: ```ts import * as efs from '@aws-cdk/aws-efs'; -declare const fs: efs.FileSystem; -declare const ce: batch.ComputeEnvironment; +declare const fileSystem: efs.FileSystem; +declare const computeEnvironment: batch.ComputeEnvironment; -fs.connections.allowDefaultPortFrom(ce); +fileSystem.connections.allowDefaultPortFrom(computeEnvironment); ``` ### Fargate Compute Environment diff --git a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts index 4a3324b83f5d0..5e3b954bef541 100644 --- a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts +++ b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts @@ -359,8 +359,6 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment, /** * Connections for this compute environment. - * - * @attribute */ public readonly connections: ec2.Connections; diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts b/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts index 738ba9297ab55..58c1a6a37d0a5 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts +++ b/packages/@aws-cdk/aws-batch/test/integ.batch-with-efs.ts @@ -199,3 +199,5 @@ new batch.JobDefinition(stack, 'batch-job-def-fargate', { new integ.IntegTest(app, 'BatchWithEFSTest', { testCases: [stack], }); + +app.synth(); \ No newline at end of file