Merge pull request #191 from rstudio/create-sg-automatically-require-…

…vpc-id Switch to using vpcId and creating the security group directly from within serverless
rstudio · Sep 8, 2023 · 3247926 · 3247926
2 parents b98e515 + 8c0af64
commit 3247926
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 3 deletions.
diff --git a/serverless-resources.yml b/serverless-resources.yml
@@ -1,3 +1,12 @@
+rBuildsSecurityGroup:
+  Type: AWS::EC2::SecurityGroup
+  Properties:
+    GroupDescription: RBuilds jobs - ${self:provider.stage}
+    GroupName: RBuildsJobs-${self:provider.stage}
+    VpcId: ${self:custom.vpcId}
+    Tags: ${self:provider.tagsList}
+
+
 rBuildsBatchIamRole:
   Type: AWS::IAM::Role
   Properties:
@@ -97,13 +106,15 @@ rBuildsBatchComputeEnvironment:
     ServiceRole:
       "Fn::GetAtt": [ rBuildsBatchIamRole, Arn ]
     ComputeResources:
+      AllocationStrategy: BEST_FIT_PROGRESSIVE
       LaunchTemplate:
         LaunchTemplateId:
           Ref: rBuildsEcsLaunchTemplate
         Version: '$Latest'
       SpotIamFleetRole:
         "Fn::GetAtt": [ rBuildsSpotFleetIamRole, Arn ]
-      SecurityGroupIds: ${self:custom.securityGroupIds}
+      SecurityGroupIds:
+        - "Fn::GetAtt": [ rBuildsSecurityGroup, GroupId ]
       Subnets: ${self:custom.subnets}
       Type: SPOT
       BidPercentage: 100
@@ -120,7 +131,7 @@ rBuildsBatchComputeEnvironment:
         - c5a.xlarge
         - c5a.2xlarge
       Ec2KeyPair: ${self:custom.ec2KeyPair}
-      Tags: ${self:provider.stackTags}
+      Tags: ${self:provider.tagsMap}
       MinvCpus: 0
       DesiredvCpus: 0
       MaxvCpus: 256

diff --git a/serverless.yml b/serverless.yml
@@ -22,7 +22,17 @@ provider:
   stage: ${opt:stage, self:custom.defaultStage}
   deploymentBucket:
     name: ${self:custom.deploymentBucket}
-  stackTags: ${self:custom.${self:provider.stage}.stackTags}
+  tagsList:
+    - Key: rs:project
+      Value: ${self:custom.${self:provider.stage}.tags.project}
+    - Key: rs:owner
+      Value: ${self:custom.${self:provider.stage}.tags.owner}
+    - Key: rs:environment
+      Value: ${self:custom.${self:provider.stage}.tags.environment}
+  tagsMap:
+    "rs:owner": ${self:custom.${self:provider.stage}.tags.owner}
+    "rs:project": ${self:custom.${self:provider.stage}.tags.project}
+    "rs:environment": ${self:custom.${self:provider.stage}.tags.environment}
   iamRoleStatements:
     -  Effect: Allow
        Action: