feat(ecs-patterns): Add support for taskSubnets and securityGroups on…

… QueueProcessingFagateService (#12604) Fixes #12603 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Feb 17, 2021 · 996e69d · 996e69d
1 parent 5be09b9
commit 996e69d
Show file tree

Hide file tree

Showing 9 changed files with 2,235 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-ecs-patterns/README.md b/packages/@aws-cdk/aws-ecs-patterns/README.md
@@ -394,6 +394,7 @@ const loadBalancedFargateService = new ApplicationLoadBalancedFargateService(sta
 });
 ```
 
+
 ### Set deployment configuration on QueueProcessingService
 
 ```ts
@@ -412,6 +413,18 @@ const queueProcessingFargateService = new QueueProcessingFargateService(stack, '
 });
 ```
 
+### Set taskSubnets and securityGroups on QueueProcessingFargateService
+
+```ts
+const queueProcessingFargateService = new QueueProcessingFargateService(stack, 'Service', {
+  vpc,
+  memoryLimitMiB: 512,
+  image: ecs.ContainerImage.fromRegistry('test'),
+  securityGroups: [securityGroup],
+  taskSubnets: { subnetType: ec2.SubnetType.ISOLATED },
+});
+```
+
 ### Select specific vpc subnets for ApplicationLoadBalancedFargateService
 
 ```ts

diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts
@@ -1,3 +1,4 @@
+import * as ec2 from '@aws-cdk/aws-ec2';
 import { FargatePlatformVersion, FargateService, FargateTaskDefinition } from '@aws-cdk/aws-ecs';
 import { Construct } from 'constructs';
 import { QueueProcessingServiceBase, QueueProcessingServiceBaseProps } from '../base/queue-processing-service-base';
@@ -66,6 +67,20 @@ export interface QueueProcessingFargateServiceProps extends QueueProcessingServi
    * @default - QueueProcessingContainer
    */
   readonly containerName?: string;
+
+  /**
+   * The subnets to associate with the service.
+   *
+   * @default - Public subnets if `assignPublicIp` is set, otherwise the first available one of Private, Isolated, Public, in that order.
+   */
+  readonly taskSubnets?: ec2.SubnetSelection;
+
+  /**
+   * The security groups to associate with the service. If you do not specify a security group, the default security group for the VPC is used.
+   *
+   * @default - A new security group is created.
+   */
+  readonly securityGroups?: ec2.ISecurityGroup[];
 }
 
 /**
@@ -117,6 +132,8 @@ export class QueueProcessingFargateService extends QueueProcessingServiceBase {
       enableECSManagedTags: props.enableECSManagedTags,
       platformVersion: props.platformVersion,
       deploymentController: props.deploymentController,
+      securityGroups: props.securityGroups,
+      vpcSubnets: props.taskSubnets,
     });
     this.configureAutoscalingForService(this.service);
     this.grantPermissionsToService(this.service);