updated stack

awsdocs · Jan 20, 2025 · f6aace9 · f6aace9
1 parent 9fc99b0
commit f6aace9
Show file tree

Hide file tree

Showing 26 changed files with 3,977 additions and 6,885 deletions.
diff --git a/.tools/test/stacks/images/typescript/image_stack.ts b/.tools/test/stacks/images/typescript/image_stack.ts
@@ -1,11 +1,14 @@
-// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
 import "source-map-support/register";
-import * as cdk from "aws-cdk-lib";
-import { Stack, StackProps, aws_ecr as ecr, RemovalPolicy } from "aws-cdk-lib";
+import * as cdk from 'aws-cdk-lib';
+import { 
+  Stack, 
+  StackProps, 
+  aws_ecr as ecr, 
+  aws_iam as iam,
+  RemovalPolicy 
+} from "aws-cdk-lib";
 import { type Construct } from "constructs";
-import { readAccountConfig } from "./../../config/types";
+import { readAccountConfig } from "../../config/targets";
 
 class ImageStack extends Stack {
   constructor(scope: Construct, id: string, props?: StackProps) {
@@ -15,11 +18,28 @@ class ImageStack extends Stack {
 
     for (const language of Object.keys(acctConfig)) {
       if (acctConfig[language].status === "enabled") {
-        new ecr.Repository(this, `${language}-examples`, {
+        const repository = new ecr.Repository(this, `${language}-examples`, {
           repositoryName: `${language}`,
           imageScanOnPush: true,
           removalPolicy: RemovalPolicy.RETAIN,
         });
+
+        // Add repository policy to allow access from the specified account
+        repository.addToResourcePolicy(new iam.PolicyStatement({
+          effect: iam.Effect.ALLOW,
+          principals: [
+            new iam.AccountPrincipal(acctConfig[language].account_id)
+          ],
+          actions: [
+            "ecr:GetDownloadUrlForLayer",
+            "ecr:BatchGetImage",
+            "ecr:BatchCheckLayerAvailability",
+            "ecr:PutImage",
+            "ecr:InitiateLayerUpload",
+            "ecr:UploadLayerPart",
+            "ecr:CompleteLayerUpload"
+          ]
+        }));
       }
     }
   }
@@ -32,6 +52,7 @@ new ImageStack(app, "ImageStack", {
     account: process.env.CDK_DEFAULT_ACCOUNT!,
     region: process.env.CDK_DEFAULT_REGION!,
   },
+  terminationProtection: true
 });
 
 app.synth();
diff --git a/.tools/test/stacks/images/typescript/package-lock.json b/.tools/test/stacks/images/typescript/package-lock.json
diff --git a/.tools/test/stacks/nuke-2/typescript/README.md b/.tools/test/stacks/nuke-2/typescript/README.md
diff --git a/.tools/test/stacks/nuke-2/typescript/account_nuker.ts b/.tools/test/stacks/nuke-2/typescript/account_nuker.ts
diff --git a/.tools/test/stacks/nuke-2/typescript/cdk.json b/.tools/test/stacks/nuke-2/typescript/cdk.json