From 0a59d9900ce007092d77f6d6f5b164a55eaf3aa2 Mon Sep 17 00:00:00 2001 From: Andrew Williamson Date: Mon, 25 Nov 2024 12:16:55 -0700 Subject: [PATCH 1/2] feat(aws-ecs-patterns): Add a feature flag to override default behavior of creating public load balancers If this flag is not set, the default behavior for `ApplicationLoadBalancedFargateService` and `NetworkLoadBalancedFargateService` is to create a public load balancer (not changed). If this flag is set to false, the behavior is that the load balancer will be private by default. This is a feature flag as to keep compatibility with the old behavior. Relevant issue: https://github.com/aws/aws-cdk/issues/32274 --- .../aws-cdk-lib/aws-ecs-patterns/README.md | 4 ++ .../application-load-balanced-service-base.ts | 8 ++- .../network-load-balanced-service-base.ts | 7 +- .../aws-ecs-patterns/test/ec2/l3s.test.ts | 71 +++++++++++++++++++ .../load-balanced-fargate-service-v2.test.ts | 28 ++++++++ .../load-balanced-fargate-service.test.ts | 23 ++++++ packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 19 ++++- packages/aws-cdk-lib/cx-api/lib/features.ts | 17 +++++ 8 files changed, 171 insertions(+), 6 deletions(-) diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/README.md b/packages/aws-cdk-lib/aws-ecs-patterns/README.md index 1ea629d90fe8c..22e0acecebb1d 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/README.md +++ b/packages/aws-cdk-lib/aws-ecs-patterns/README.md @@ -66,6 +66,10 @@ Fargate services will use the `LATEST` platform version by default, but you can Fargate services use the default VPC Security Group unless one or more are provided using the `securityGroups` property in the constructor. +Fargate services will be created with a public load balancer by default. If you wish to override this behavior, +you can set the `publicLoadBalancer` property to `false` +or change the `@aws-cdk/aws-ecs-patterns:fargateServiceBaseHasPublicLBDefault` feature flag to false. + By setting `redirectHTTP` to true, CDK will automatically create a listener on port 80 that redirects HTTP traffic to the HTTPS port. If you specify the option `recordType` you can decide if you want the construct to use CNAME or Route53-Aliases as record sets. diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts index 7225753d7eec0..26d6e4211c0a2 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts @@ -15,7 +15,8 @@ import { IRole } from '../../../aws-iam'; import { ARecord, IHostedZone, RecordTarget, CnameRecord } from '../../../aws-route53'; import { LoadBalancerTarget } from '../../../aws-route53-targets'; import * as cdk from '../../../core'; -import { Duration } from '../../../core'; +import { Duration, FeatureFlags } from '../../../core'; +import * as cxapi from '../../../cx-api'; /** * Describes the type of DNS record the service should create @@ -474,7 +475,8 @@ export abstract class ApplicationLoadBalancedServiceBase extends Construct { this.desiredCount = props.desiredCount || 1; this.internalDesiredCount = props.desiredCount; - const internetFacing = props.publicLoadBalancer ?? true; + const internetFacing = props.publicLoadBalancer ?? + FeatureFlags.of(this).isEnabled(cxapi.ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT); if (props.idleTimeout) { const idleTimeout = props.idleTimeout.toSeconds(); @@ -486,7 +488,7 @@ export abstract class ApplicationLoadBalancedServiceBase extends Construct { const lbProps: ApplicationLoadBalancerProps = { vpc: this.cluster.vpc, loadBalancerName: props.loadBalancerName, - internetFacing, + internetFacing: internetFacing, idleTimeout: props.idleTimeout, ipAddressType: props.ipAddressType, }; diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/network-load-balanced-service-base.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/network-load-balanced-service-base.ts index 9edbf5011b2f1..f42369f94569d 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/network-load-balanced-service-base.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/network-load-balanced-service-base.ts @@ -9,6 +9,8 @@ import { IRole } from '../../../aws-iam'; import { ARecord, CnameRecord, IHostedZone, RecordTarget } from '../../../aws-route53'; import { LoadBalancerTarget } from '../../../aws-route53-targets'; import * as cdk from '../../../core'; +import { FeatureFlags } from '../../../core'; +import * as cxapi from '../../../cx-api/index'; /** * Describes the type of DNS record the service should create @@ -368,11 +370,12 @@ export abstract class NetworkLoadBalancedServiceBase extends Construct { this.desiredCount = props.desiredCount || 1; this.internalDesiredCount = props.desiredCount; - const internetFacing = props.publicLoadBalancer ?? true; + const internetFacing = props.publicLoadBalancer ?? + FeatureFlags.of(this).isEnabled(cxapi.ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT); const lbProps: NetworkLoadBalancerProps = { vpc: this.cluster.vpc, - internetFacing, + internetFacing: internetFacing, ipAddressType: props.ipAddressType, }; diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts index 6e5885fd45ab0..cb79c4b5800f4 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts @@ -9,6 +9,7 @@ import { ApplicationLoadBalancer, ApplicationProtocol, ApplicationProtocolVersio import { PublicHostedZone } from '../../../aws-route53'; import * as cloudmap from '../../../aws-servicediscovery'; import * as cdk from '../../../core'; +import * as cxapi from '../../../cx-api'; import * as ecsPatterns from '../../lib'; describe('ApplicationLoadBalancedEc2Service', () => { @@ -81,6 +82,76 @@ describe('ApplicationLoadBalancedEc2Service', () => { }); }); + test('ECS loadbalanced construct with feature flag private lb override', () => { + // GIVEN + const stack = new cdk.Stack(); + stack.node.setContext(cxapi.ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, false); + const vpc = new ec2.Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + cluster.addAsgCapacityProvider(new AsgCapacityProvider(stack, 'DefaultAutoScalingGroupProvider', { + autoScalingGroup: new AutoScalingGroup(stack, 'DefaultAutoScalingGroup', { + vpc, + instanceType: new ec2.InstanceType('t2.micro'), + machineImage: MachineImage.latestAmazonLinux(), + }), + })); + + // WHEN + new ecsPatterns.ApplicationLoadBalancedEc2Service(stack, 'Service', { + cluster, + memoryLimitMiB: 1024, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('test'), + environment: { + TEST_ENVIRONMENT_VARIABLE1: 'test environment variable 1 value', + TEST_ENVIRONMENT_VARIABLE2: 'test environment variable 2 value', + }, + dockerLabels: { label1: 'labelValue1', label2: 'labelValue2' }, + entryPoint: ['echo', 'ecs-is-awesome'], + command: ['/bin/bash'], + }, + desiredCount: 2, + ipAddressType: IpAddressType.DUAL_STACK, + }); + + // THEN - stack contains a load balancer and a service + Template.fromStack(stack).resourceCountIs('AWS::ElasticLoadBalancingV2::LoadBalancer', 1); + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: 'internal', + Type: 'application', + IpAddressType: 'dualstack', + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', { + DesiredCount: 2, + LaunchType: 'EC2', + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { + ContainerDefinitions: [ + Match.objectLike({ + Environment: [ + { + Name: 'TEST_ENVIRONMENT_VARIABLE1', + Value: 'test environment variable 1 value', + }, + { + Name: 'TEST_ENVIRONMENT_VARIABLE2', + Value: 'test environment variable 2 value', + }, + ], + Memory: 1024, + DockerLabels: { + label1: 'labelValue1', + label2: 'labelValue2', + }, + EntryPoint: ['echo', 'ecs-is-awesome'], + Command: ['/bin/bash'], + }), + ], + }); + }); + test('multiple capacity provider strategies are set', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts index 5e761e2c30a44..7188ebcfce703 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts @@ -7,6 +7,7 @@ import { ApplicationProtocol, IpAddressType, SslPolicy } from '../../../aws-elas import { CompositePrincipal, Role, ServicePrincipal } from '../../../aws-iam'; import { PublicHostedZone } from '../../../aws-route53'; import { Duration, Stack } from '../../../core'; +import * as cxapi from '../../../cx-api'; import { ApplicationLoadBalancedFargateService, ApplicationMultipleTargetGroupsFargateService, NetworkLoadBalancedFargateService, NetworkMultipleTargetGroupsFargateService } from '../../lib'; const enableExecuteCommandPermissions = { @@ -139,6 +140,33 @@ describe('Application Load Balancer', () => { IpAddressType: 'dualstack', }); }); + + test('dualstack application load balancer with feature flag override for private lb', () => { + // GIVEN + const stack = new Stack(); + stack.node.setContext(cxapi.ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, false); + + const vpc = new Vpc(stack, 'VPC', { + ipProtocol: IpProtocol.DUAL_STACK, + }); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + + // WHEN + new ApplicationLoadBalancedFargateService(stack, 'Service', { + cluster, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('test'), + }, + ipAddressType: IpAddressType.DUAL_STACK, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: 'internal', + Type: 'application', + IpAddressType: 'dualstack', + }); + }); }); describe('ApplicationMultipleTargetGroupsFargateService', () => { diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts index 9d81dbe53ea04..066be45fe8fe1 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts @@ -10,6 +10,7 @@ import * as iam from '../../../aws-iam'; import * as route53 from '../../../aws-route53'; import * as cloudmap from '../../../aws-servicediscovery'; import * as cdk from '../../../core'; +import * as cxapi from '../../../cx-api'; import * as ecsPatterns from '../../lib'; describe('ApplicationLoadBalancedFargateService', () => { @@ -1457,6 +1458,28 @@ describe('NetworkLoadBalancedFargateService', () => { }); }); + test('setting loadBalancerType to Network with feature flag override creates an NLB private', () => { + // GIVEN + const stack = new cdk.Stack(); + stack.node.setContext(cxapi.ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, false); + const vpc = new ec2.Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + + // WHEN + new ecsPatterns.NetworkLoadBalancedFargateService(stack, 'Service', { + cluster, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('/aws/aws-example-app'), + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Type: 'network', + Scheme: 'internal', + }); + }); + test('setting loadBalancerType to Network and publicLoadBalancer to false creates an NLB Private', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index ff008f4ea1225..25b1dfa973b77 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -81,6 +81,7 @@ Flags come in three types: | [@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics](#aws-cdkcorecfnincluderejectcomplexresourceupdatecreatepolicyintrinsics) | When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values. | 2.161.0 | (fix) | | [@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy](#aws-cdkaws-stepfunctions-tasksfixrunecstaskpolicy) | When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN. | 2.163.0 | (fix) | | [@aws-cdk/aws-dynamodb:resourcePolicyPerReplica](#aws-cdkaws-dynamodbresourcepolicyperreplica) | When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas | 2.164.0 | (fix) | +| [@aws-cdk/aws-ecs-patterns:fargateServiceBaseHasPublicLBDefault](#aws-ecs-patterns-fargateServiceBaseHasPublicLBDefault) | When enabled LBs created for Fargate Service will be public by default | 2.172.0 | (fix) | @@ -150,7 +151,8 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true, "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true, "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true, - "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true, + "@aws-cdk/aws-ecs-patterns:fargateServiceBaseHasPublicLBDefault": false } } ``` @@ -1528,5 +1530,20 @@ This is a feature flag as the old behavior was technically incorrect but users m | (not in v1) | | | | 2.164.0 | `false` | `true` | +### @aws-cdk/aws-ecs-patterns:fargateServiceBaseHasPublicLBDefault + +*When enabled LBs created for Fargate Service will be public by default* (fix) + +If this flag is not set, the default behavior for `ApplicationLoadBalancedFargateService` and `NetworkLoadBalancedFargateService` is to create a public load balancer. + +If this flag is set to false, the behavior is that the load balancer will be private by default. + +This is a feature flag as to keep compatibility with the old behavior. + + +| Since | Default | Recommended | +|-------------| ----- | ----- | +| (not in v1) | | | +| 2.172.0 | `true` | `false` | diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index 9bc3d0d5a8977..e91e910f97578 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -115,6 +115,7 @@ export const USE_CORRECT_VALUE_FOR_INSTANCE_RESOURCE_ID_PROPERTY = '@aws-cdk/aws export const CFN_INCLUDE_REJECT_COMPLEX_RESOURCE_UPDATE_CREATE_POLICY_INTRINSICS = '@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics'; export const LAMBDA_NODEJS_SDK_V3_EXCLUDE_SMITHY_PACKAGES = '@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages'; export const STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY = '@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy'; +export const ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT = '@aws-cdk/ecs-patterns:fargateServiceBaseHasPublicLBDefault'; export const FLAGS: Record = { ////////////////////////////////////////////////////////////////////// @@ -1250,6 +1251,22 @@ export const FLAGS: Record = { introducedIn: { v2: '2.163.0' }, recommendedValue: true, }, + + ////////////////////////////////////////////////////////////////////// + [ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT]: { + type: FlagType.BugFix, + summary: 'When enabled, the load balancers created will be public by default', + detailsMd: ` + By default, the load balancers created by ECS Patterns Fargate Service Base construct are public. + This is not ideal for cases where you need everything to be private. + + When this feature flag is enabled (default True for compatability), the load balancers will be public by default. + However, if you want to make them private by default, you can set this property to false. + `, + introducedIn: { v2: '2.172.0' }, + defaults: { v2: true }, + recommendedValue: false, + }, }; const CURRENT_MV = 'v2'; From 7b7862ac73b8c87058de0328fbd6af9e26422eb1 Mon Sep 17 00:00:00 2001 From: Andrew Williamson Date: Mon, 25 Nov 2024 15:25:19 -0700 Subject: [PATCH 2/2] Update the existing integration tests, they all pass with these changes --- ...teg.alb-ecs-service-command-entry-point.ts | 2 ++ ...g.application-load-balanced-ecs-service.ts | 3 +++ ...integ.network-load-balanced-ecs-service.ts | 2 ++ ...g.tls-network-load-balanced-ecs-service.ts | 3 +++ ...alb-fargate-service-command-entry-point.ts | 2 ++ ...nteg.alb-fargate-service-custom-storage.ts | 3 +++ .../integ.alb-fargate-service-health-check.ts | 3 +++ .../integ.alb-fargate-service-https.ts | 3 +++ .../integ.alb-fargate-service-idle-timeout.ts | 3 +++ .../fargate/integ.alb-fargate-service-ipv6.ts | 3 +++ .../test/fargate/integ.asset-image.ts | 3 +++ ...t-breaker-load-balanced-fargate-service.ts | 3 +++ ...o-deployment-controller-fargate-service.ts | 3 +++ ...reaker-queue-processing-fargate-service.ts | 3 +++ .../test/fargate/integ.executionrole.ts | 2 ++ ...plication-load-balanced-fargate-service.ts | 3 +++ ...e-network-load-balanced-fargate-service.ts | 3 +++ .../test/fargate/integ.l3-autocreate.ts | 6 ++++- .../integ.l3-capacity-provider-strategies.ts | 2 ++ .../test/fargate/integ.l3-vpconly.ts | 2 ++ .../aws-ecs-patterns/test/fargate/integ.l3.ts | 2 ++ ...e-network-load-balanced-fargate-service.ts | 3 +++ .../test/fargate/integ.nlb-ipv6.ts | 2 ++ .../test/fargate/integ.nlb-sg.ts | 2 ++ ...sing-fargate-service-custom-cpu-scaling.ts | 3 +++ ...processing-fargate-service-health-check.ts | 3 +++ ...eue-processing-fargate-service-isolated.ts | 3 +++ ...ocessing-fargate-service-no-cpu-scaling.ts | 3 +++ ...e-service-task-definition-with-cooldown.ts | 3 +++ ...cessing-fargate-service-task-definition.ts | 3 +++ .../integ.queue-processing-fargate-service.ts | 3 +++ ...plication-load-balanced-fargate-service.ts | 2 ++ .../fargate/integ.scheduled-fargate-task.ts | 2 ++ .../test/fargate/integ.special-listener.ts | 3 +++ ...s-network-load-balanced-fargate-service.ts | 3 +++ packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 26 +++++++++++-------- 36 files changed, 111 insertions(+), 12 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts index 2983ad23728fc..74a94a34f929c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.alb-ecs-service-command-entry-point.ts @@ -4,6 +4,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App({ postCliContext: { @@ -11,6 +12,7 @@ const app = new cdk.App({ }, }); const stack = new cdk.Stack(app, 'aws-ecs-integ-alb-ec2-cmd-entrypoint'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); // Create VPC and ECS Cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.application-load-balanced-ecs-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.application-load-balanced-ecs-service.ts index b765af9dd41df..8ed280d03be90 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.application-load-balanced-ecs-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.application-load-balanced-ecs-service.ts @@ -5,9 +5,12 @@ import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns'; import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-integ-alb'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); const securityGroup = new SecurityGroup(stack, 'SecurityGroup', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.network-load-balanced-ecs-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.network-load-balanced-ecs-service.ts index 8c3bdeff260c7..c3c8721311d75 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.network-load-balanced-ecs-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.network-load-balanced-ecs-service.ts @@ -5,9 +5,11 @@ import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { NetworkLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns'; import { IpAddressType } from 'aws-cdk-lib/aws-elasticloadbalancingv2'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-integ-nlb'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); const securityGroup = new SecurityGroup(stack, 'SecurityGroup', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.tls-network-load-balanced-ecs-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.tls-network-load-balanced-ecs-service.ts index 893295167780d..8624b019f0db0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.tls-network-load-balanced-ecs-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.tls-network-load-balanced-ecs-service.ts @@ -4,6 +4,7 @@ import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { NetworkLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns'; import { Certificate } from 'aws-cdk-lib/aws-certificatemanager'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; /** * In order to test this you need prepare a certificate. @@ -13,6 +14,8 @@ if (!certArn) throw new Error('For this test you must provide your own Certifica const app = new App(); const stack = new Stack(app, 'tls-network-load-balanced-ecs-service'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2 }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts index 72eba5604fb9f..fc05ecef5808f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-command-entry-point.ts @@ -3,12 +3,14 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack( app, 'aws-ecs-integ-lb-fargate-cmd-entrypoint-test', ); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); // Create VPC and cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-custom-storage.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-custom-storage.ts index b857fe8ba88df..aebe183e585c9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-custom-storage.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-custom-storage.ts @@ -3,6 +3,7 @@ import { App, Stack, Duration } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; import { ContainerImage } from 'aws-cdk-lib/aws-ecs'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -10,6 +11,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-patterns-alb-with-custom-storage'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false }); new ApplicationLoadBalancedFargateService(stack, 'ALBServiceWithCustomStorage', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-health-check.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-health-check.ts index 9d48f977bc341..3e93ef06cd92c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-health-check.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-health-check.ts @@ -3,6 +3,7 @@ import { App, Stack, Duration } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; import { ContainerImage } from 'aws-cdk-lib/aws-ecs'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -10,6 +11,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-patterns-alb-health-check'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false }); new ApplicationLoadBalancedFargateService(stack, 'HealthCheckALBService', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts index b707476962b53..6d157d3e67c03 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts @@ -5,6 +5,7 @@ import * as route53 from 'aws-cdk-lib/aws-route53'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -12,6 +13,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-integ-alb-fg-https'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-idle-timeout.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-idle-timeout.ts index c187807447ba4..99d962220f05e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-idle-timeout.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-idle-timeout.ts @@ -4,6 +4,7 @@ import { App, Duration, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -11,6 +12,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-integ-alb-fg-idletimeout'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-ipv6.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-ipv6.ts index eb40679d00672..e6171467ebfb4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-ipv6.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-ipv6.ts @@ -4,9 +4,12 @@ import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; import { App, Duration, Stack } from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-integ-alb-fg-ipv6'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, ipProtocol: ec2.IpProtocol.DUAL_STACK, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.asset-image.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.asset-image.ts index 0e2e24d72509e..8b7b552295f6b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.asset-image.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.asset-image.ts @@ -4,9 +4,12 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-fargate-image'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-load-balanced-fargate-service.ts index a3e14490697a9..ca7c024460de8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-load-balanced-fargate-service.ts @@ -4,9 +4,12 @@ import { App, Stack } from 'aws-cdk-lib'; import * as cxapi from 'aws-cdk-lib/cx-api'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { [cxapi.ECS_DISABLE_EXPLICIT_DEPLOYMENT_CONTROLLER_FOR_CIRCUIT_BREAKER]: false } }); const stack = new Stack(app, 'aws-ecs-integ-circuit-breaker'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-no-deployment-controller-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-no-deployment-controller-fargate-service.ts index 5d0df982d80cd..8c1b679275f4c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-no-deployment-controller-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-no-deployment-controller-fargate-service.ts @@ -3,9 +3,12 @@ import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-integ-circuit-breaker-no-dc'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.ts index abd445767ab17..d009e570215f5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.ts @@ -5,9 +5,12 @@ import { App, Stack } from 'aws-cdk-lib'; import * as cxapi from 'aws-cdk-lib/cx-api'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { [cxapi.ECS_DISABLE_EXPLICIT_DEPLOYMENT_CONTROLLER_FOR_CIRCUIT_BREAKER]: false } }); const stack = new Stack(app, 'aws-ecs-patterns-queue'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false, maxAzs: 2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.executionrole.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.executionrole.ts index fd4137f4ea319..2a614da8a1f45 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.executionrole.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.executionrole.ts @@ -4,9 +4,11 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-fargate-execrole'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-application-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-application-load-balanced-fargate-service.ts index c411bbc8b4ee9..c9b81a3377939 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-application-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-application-load-balanced-fargate-service.ts @@ -5,9 +5,12 @@ import { App, Duration, Stack } from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { ApplicationMultipleTargetGroupsFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-integ-fargate-multi-alb-health'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts index 4bab83097bcb1..e0af06d185202 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts @@ -3,9 +3,12 @@ import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { NetworkMultipleTargetGroupsFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-integ-multi-nlb-healthchecks'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts index 7161414dde24d..1d126b4177a17 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-autocreate.ts @@ -2,10 +2,14 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; -import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; +import { + EC2_RESTRICT_DEFAULT_SECURITY_GROUP, + ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, +} from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-l3-autocreate'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); stack.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false); // No VPC or Cluster specified diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-capacity-provider-strategies.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-capacity-provider-strategies.ts index 47c9411d7bc5a..f12e8c3a709a2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-capacity-provider-strategies.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-capacity-provider-strategies.ts @@ -3,9 +3,11 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-lb-fargate'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); // Create VPC and cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts index c66dabece01ca..4621496f10494 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3-vpconly.ts @@ -3,9 +3,11 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-l3-vpconly'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); // Create VPC only const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3.ts index 2100e8ed1d315..e4cf38b22465b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.l3.ts @@ -3,9 +3,11 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-lb-fargate'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); // Create VPC and cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.multiple-network-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.multiple-network-load-balanced-fargate-service.ts index 8e79c8bc9c2b9..f9a9087458371 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.multiple-network-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.multiple-network-load-balanced-fargate-service.ts @@ -3,9 +3,12 @@ import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { NetworkMultipleTargetGroupsFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-integ-fargate-multi-nlb-health'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-ipv6.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-ipv6.ts index 09dccc9da2a0a..44d2291877031 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-ipv6.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-ipv6.ts @@ -4,9 +4,11 @@ import * as cdk from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'NlbIpv6Stack'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-sg.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-sg.ts index 5b5f3a4d38534..12fb15bebce6b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-sg.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.nlb-sg.ts @@ -3,6 +3,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App({ postCliContext: { @@ -10,6 +11,7 @@ const app = new cdk.App({ }, }); const stack = new cdk.Stack(app, 'aws-ecs-integ-lb-fargate'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); // Create VPC and cluster const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.ts index 68540cb26dbe3..a192ab930995a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.ts @@ -4,6 +4,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -11,6 +12,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-patterns-queue-custom-cpu-scaling'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false }); new QueueProcessingFargateService(stack, 'aws-ecs-patterns-queue-custom-cpu-scaling', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.ts index 97744699767cf..964a08d9e9991 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.ts @@ -4,6 +4,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { App, Stack, Duration } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -11,6 +12,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-patterns-queue-health-check'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false }); new QueueProcessingFargateService(stack, 'HealthCheckQueueService', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts index 0b51fe3f9325d..7b8b105bf8126 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts @@ -4,9 +4,12 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-patterns-queue-isolated'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false, maxAzs: 2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.ts index 93c2e20880c88..087574cadcedf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.ts @@ -4,6 +4,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -11,6 +12,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-patterns-queue-no-cpu-scaling'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false }); new QueueProcessingFargateService(stack, 'aws-ecs-patterns-queue-no-cpu-scaling', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.ts index 3ae539693a297..3fe43e044dd90 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.ts @@ -4,6 +4,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { App, Duration, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -11,6 +12,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-patterns-queu-no-cooldown'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false, maxAzs: 2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts index f27e36a13c35b..b8aa0c012d043 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts @@ -4,6 +4,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { @@ -11,6 +12,8 @@ const app = new App({ }, }); const stack = new Stack(app, 'aws-ecs-patterns-queue'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false, maxAzs: 2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.ts index ce1d87b9b68f1..540f5f20eee8a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.ts @@ -4,9 +4,12 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new App(); const stack = new Stack(app, 'aws-ecs-patterns-queue'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'VPC', { restrictDefaultSecurityGroup: false, maxAzs: 2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts index e152f61d55d16..5421a5cb68fe5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts @@ -6,9 +6,11 @@ import * as cdk from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { ScheduledFargateTask } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-runtime-integ'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 1, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts index af8c11eb8b593..31fbd7c9c5d09 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.ts @@ -5,12 +5,14 @@ import * as events from 'aws-cdk-lib/aws-events'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ScheduledFargateTask } from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); class EventStack extends cdk.Stack { constructor(scope: cdk.App, id: string) { super(scope, id); + this.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 1, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(this, 'FargateCluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.special-listener.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.special-listener.ts index 0955f7afbf535..df9e22ad0d686 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.special-listener.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.special-listener.ts @@ -3,9 +3,12 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-integ-fargate-special-listener'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.tls-network-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.tls-network-load-balanced-fargate-service.ts index aa12903f2bfba..31e477060b7c8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.tls-network-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.tls-network-load-balanced-fargate-service.ts @@ -4,6 +4,7 @@ import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { NetworkLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; import { Certificate } from 'aws-cdk-lib/aws-certificatemanager'; +import { ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT } from 'aws-cdk-lib/cx-api'; /** * In order to test this you need prepare a certificate. @@ -13,6 +14,8 @@ if (!certArn) throw new Error('For this test you must provide your own Certifica const app = new App(); const stack = new Stack(app, 'tls-network-load-balanced-fargate-service'); +stack.node.setContext(ECS_PATTERNS_FARGATE_SERVICE_BASE_HAS_PUBLIC_LB_BY_DEFAULT, true); + const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2 }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 25b1dfa973b77..f339384e4bd2c 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -81,7 +81,7 @@ Flags come in three types: | [@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics](#aws-cdkcorecfnincluderejectcomplexresourceupdatecreatepolicyintrinsics) | When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values. | 2.161.0 | (fix) | | [@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy](#aws-cdkaws-stepfunctions-tasksfixrunecstaskpolicy) | When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN. | 2.163.0 | (fix) | | [@aws-cdk/aws-dynamodb:resourcePolicyPerReplica](#aws-cdkaws-dynamodbresourcepolicyperreplica) | When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas | 2.164.0 | (fix) | -| [@aws-cdk/aws-ecs-patterns:fargateServiceBaseHasPublicLBDefault](#aws-ecs-patterns-fargateServiceBaseHasPublicLBDefault) | When enabled LBs created for Fargate Service will be public by default | 2.172.0 | (fix) | +| [@aws-cdk/ecs-patterns:fargateServiceBaseHasPublicLBDefault](#aws-cdkecs-patternsfargateservicebasehaspubliclbdefault) | When enabled, the load balancers created will be public by default | 2.172.0 | (fix) | @@ -152,7 +152,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true, "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true, "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true, - "@aws-cdk/aws-ecs-patterns:fargateServiceBaseHasPublicLBDefault": false + "@aws-cdk/ecs-patterns:fargateServiceBaseHasPublicLBDefault": false } } ``` @@ -197,6 +197,7 @@ are migrating a v1 CDK project to v2, explicitly set any of these flags which do | [@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2\_2021](#aws-cdkaws-cloudfrontdefaultsecuritypolicytlsv12_2021) | Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default. | (fix) | 1.117.0 | `false` | `true` | | [@aws-cdk/pipelines:reduceAssetRoleTrustScope](#aws-cdkpipelinesreduceassetroletrustscope) | Remove the root account principal from PipelineAssetsFileRole trust policy | (default) | | `false` | `true` | | [@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask](#aws-cdkaws-stepfunctions-tasksusenews3uriparametersforbedrockinvokemodeltask) | When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model. | (fix) | | `false` | `true` | +| [@aws-cdk/ecs-patterns:fargateServiceBaseHasPublicLBDefault](#aws-cdkecs-patternsfargateservicebasehaspubliclbdefault) | When enabled, the load balancers created will be public by default | (fix) | | `false` | `true` | @@ -213,7 +214,8 @@ Here is an example of a `cdk.json` file that restores v1 behavior for these flag "@aws-cdk/aws-lambda:recognizeVersionProps": false, "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": false, "@aws-cdk/pipelines:reduceAssetRoleTrustScope": false, - "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": false + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": false, + "@aws-cdk/ecs-patterns:fargateServiceBaseHasPublicLBDefault": false } } ``` @@ -1530,20 +1532,22 @@ This is a feature flag as the old behavior was technically incorrect but users m | (not in v1) | | | | 2.164.0 | `false` | `true` | -### @aws-cdk/aws-ecs-patterns:fargateServiceBaseHasPublicLBDefault -*When enabled LBs created for Fargate Service will be public by default* (fix) +### @aws-cdk/ecs-patterns:fargateServiceBaseHasPublicLBDefault -If this flag is not set, the default behavior for `ApplicationLoadBalancedFargateService` and `NetworkLoadBalancedFargateService` is to create a public load balancer. +*When enabled, the load balancers created will be public by default* (fix) -If this flag is set to false, the behavior is that the load balancer will be private by default. +By default, the load balancers created by ECS Patterns Fargate Service Base construct are public. +This is not ideal for cases where you need everything to be private. -This is a feature flag as to keep compatibility with the old behavior. +When this feature flag is enabled (default True for compatability), the load balancers will be public by default. +However, if you want to make them private by default, you can set this property to false. -| Since | Default | Recommended | -|-------------| ----- | ----- | +| Since | Default | Recommended | +| ----- | ----- | ----- | | (not in v1) | | | -| 2.172.0 | `true` | `false` | +| 2.172.0 | `true` | `false` | +