From 197b518796363a355bd0bd8e03c2b0068ba0e5d8 Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Tue, 13 Sep 2022 20:17:57 -0700 Subject: [PATCH 01/12] feat(codedeploy): CodeDeploy deployment group construct for ECS --- packages/@aws-cdk/aws-codedeploy/README.md | 234 +- .../lib/ecs/deployment-group.ts | 300 ++- packages/@aws-cdk/aws-codedeploy/package.json | 2 + ...efaultTestDeployAssert60AABFA0.assets.json | 19 + ...aultTestDeployAssert60AABFA0.template.json | 36 + .../aws-cdk-codedeploy-ecs-dg.assets.json | 19 + .../aws-cdk-codedeploy-ecs-dg.template.json | 1392 ++++++++++++ .../deployment-group.integ.snapshot/cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 387 ++++ .../deployment-group.integ.snapshot/tree.json | 1954 +++++++++++++++++ .../test/ecs/deployment-group.test.ts | 869 ++++++++ .../test/ecs/integ.deployment-group.ts | 165 ++ .../lib/alb/application-listener.ts | 12 +- .../lib/nlb/network-listener.ts | 11 +- .../lib/shared/base-listener.ts | 15 +- 16 files changed, 5398 insertions(+), 30 deletions(-) create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets.json create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.template.json create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts diff --git a/packages/@aws-cdk/aws-codedeploy/README.md b/packages/@aws-cdk/aws-codedeploy/README.md index ec5449698294a..837a59e798809 100644 --- a/packages/@aws-cdk/aws-codedeploy/README.md +++ b/packages/@aws-cdk/aws-codedeploy/README.md @@ -11,6 +11,24 @@ +## Table of Contents + +- [Introduction](#introduction) +- Deploying to Amazon EC2 and on-premise instances + - [EC2/on-premise Applications](#ec2on-premise-applications) + - [EC2/on-premise Deployment Groups](#ec2on-premise-deployment-groups) + - [EC2/on-premise Deployment Configurations](#ec2on-premise-deployment-configurations) +- Deploying to AWS Lambda functions + - [Lambda Applications](#lambda-applications) + - [Lambda Deployment Groups](#lambda-deployment-groups) + - [Lambda Deployment Configurations](#lambda-deployment-configurations) +- Deploying to Amazon ECS services + - [ECS Applications](#ecs-applications) + - [ECS Deployment Groups](#ecs-deployment-groups) + - [ECS Deployment Configurations](#ecs-deployment-configurations) + +## Introduction + AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services. @@ -226,7 +244,7 @@ In order to deploy a new version of this function: 2. Re-deploy the stack (this will trigger a deployment). 3. Monitor the CodeDeploy deployment as traffic shifts between the versions. -### Rollbacks and Alarms +### Lambda Deployment Rollbacks and Alarms CodeDeploy will roll back if the deployment fails. You can optionally trigger a rollback when one or more alarms are in a failed state: @@ -281,7 +299,7 @@ const deploymentGroup = new codedeploy.LambdaDeploymentGroup(this, 'BlueGreenDep deploymentGroup.addPostHook(endToEndValidation); ``` -### Import an existing Deployment Group +### Import an existing Lambda Deployment Group To import an already existing Deployment Group: @@ -373,6 +391,218 @@ const application = codedeploy.EcsApplication.fromEcsApplicationName( ); ``` +## ECS Deployment Groups + +CodeDeploy can be used to deploy to load-balanced ECS services. +CodeDeploy performs ECS blue-green deployments by managing ECS task sets and load balancer +target groups. During a blue-green deployment, one task set and target group runs the +original version of your ECS task definition ('blue') and another task set and target group +runs the new version of your ECS task definition ('green'). + +CodeDeploy orchestrates traffic shifting during ECS blue-green deployments by using +a load balancer listener to balance incoming traffic between the 'blue' and 'green' task sets/target groups +running two different versions of your ECS task definition. +Before deployment, the load balancer listener sends 100% of requests to the 'blue' target group. +When you publish a new version of the task definition and start a CodeDeploy deployment, +CodeDeploy can send a small percentage of traffic to the new 'green' task set behind the 'green' target group, +monitor, and validate before shifting 100% of traffic to the new version. + +To create a new CodeDeploy Deployment Group that deploys to a ECS service: + +```ts +declare const myApplication: codedeploy.EcsApplication; +declare const service: ecs.FargateService; +declare const blueTargetGroup = elbv2.ITargetGroup; +declare const greenTargetGroup = elbv2.ITargetGroup; +declare const listener = elbv2.IApplicationListener; + +new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup, + greenTargetGroup, + listener, + }, + deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES, +}); +``` + +In order to deploy a new task definition version of the ECS service, +deploy the changes directly through CodeDeploy using the CodeDeploy APIs or console. +When the `CODE_DEPLOY` deployment controller is used, the ECS service cannot be +deployed with a new task definition version through CloudFormation. + +For more information on the behavior of CodeDeploy blue-green deployments for ECS, see +[What happens during an Amazon ECS deployment](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-steps-ecs.html#deployment-steps-what-happens) +in the CodeDeploy user guide. + +### ECS Deployment Rollbacks and Alarms + +CodeDeploy will automatically roll back if a deployment fails. +You can optionally trigger an automatic rollback when one or more alarms are in a failed state during a deployment, or if the deployment stops. + +In this example, CodeDeploy will monitor and roll back on alarms set for the +number of unhealthy ECS tasks in each of the blue and green target groups, +as well as alarms set for the number HTTP 5xx responses seen in each of the blue +and green target groups. + +```ts +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; + +// Alarm on the number of unhealthy ECS tasks in each target group +const blueUnhealthyHosts = new cloudwatch.Alarm(stack, 'BlueUnhealthyHosts', { + alarmName: stack.stackName + '-Unhealthy-Hosts-Blue', + metric: blueTargetGroup.metricUnhealthyHostCount(), + threshold: 1, + evaluationPeriods: 2, +}); + +const greenUnhealthyHosts = new cloudwatch.Alarm(stack, 'GreenUnhealthyHosts', { + alarmName: stack.stackName + '-Unhealthy-Hosts-Green', + metric: greenTargetGroup.metricUnhealthyHostCount(), + threshold: 1, + evaluationPeriods: 2, +}); + +// Alarm on the number of HTTP 5xx responses returned by each target group +const blueApiFailure = new cloudwatch.Alarm(stack, 'Blue5xx', { + alarmName: stack.stackName + '-Http-5xx-Blue', + metric: blueTargetGroup.metricHttpCodeTarget( + elbv2.HttpCodeTarget.TARGET_5XX_COUNT, + { period: cdk.Duration.minutes(1) }, + ), + threshold: 1, + evaluationPeriods: 1, +}); + +const greenApiFailure = new cloudwatch.Alarm(stack, 'Green5xx', { + alarmName: stack.stackName + '-Http-5xx-Green', + metric: greenTargetGroup.metricHttpCodeTarget( + elbv2.HttpCodeTarget.TARGET_5XX_COUNT, + { period: cdk.Duration.minutes(1) }, + ), + threshold: 1, + evaluationPeriods: 1, +}); + +new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { + // CodeDeploy will monitor these alarms during a deployment and automatically roll back + alarms: [blueUnhealthyHosts, greenUnhealthyHosts, blueApiFailure, greenApiFailure], + autoRollback: { + // CodeDeploy will automatically roll back if a deployment is stopped + stoppedDeployment: true, + }, + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup, + greenTargetGroup, + listener, + }, + deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES, +}); +``` + +### Deployment validation and manual deployment approval + +CodeDeploy blue-green deployments provide an opportunity to validate the new task definition version running on +the 'green' ECS task set prior to shifting any production traffic to the new version. A second 'test' listener +serving traffic on a different port be added to the load balancer. For example, the test listener can serve +test traffic on port 9001 while the main listener serves production traffic on port 443. +During a blue-green deployment, CodeDeploy can then shift 100% of test traffic over to the 'green' +task set/target group prior to shifting any production traffic during the deployment. + +```ts +declare const myApplication: codedeploy.EcsApplication; +declare const service: ecs.FargateService; +declare const blueTargetGroup = elbv2.ITargetGroup; +declare const greenTargetGroup = elbv2.ITargetGroup; +declare const listener = elbv2.IApplicationListener; +declare const testListener = elbv2.IApplicationListener; + +new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup, + greenTargetGroup, + listener, + testListener, + }, + deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES, +``` + +Automated validation steps can run during the CodeDeploy deployment after shifting test traffic and before +shifting production traffic. CodeDeploy supports registering Lambda functions as lifecycle hooks for +an ECS deployment. These Lambda functions can run automated validation steps against the test traffic +port, for example in response to the `AfterAllowTestTraffic` lifecycle hook. For more information about +how to specify the Lambda functions to run for each CodeDeploy lifecycle hook in an ECS deployment, see the +[AppSpec 'hooks' for an Amazon ECS deployment](https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html#appspec-hooks-ecs) +section in the CodeDeploy user guide. + +After provisioning the 'green' ECS task set and re-routing test traffic during a blue-green deployment, +CodeDeploy can wait for approval before continuing the deployment and re-routing production traffic. +During this approval wait time, you can complete additional validation steps prior to exposing the new +'green' task set to production traffic, such as manual testing through the test listener port or +running automated integration test suites. + +To approve the deployment, validation steps use the CodeDeploy +[ContinueDeployment API(https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_ContinueDeployment.html). +If the ContinueDeployment API is not called within the approval wait time period, CodeDeploy will stop the +deployment and can automatically roll back the deployment. + +```ts +new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { + // The deployment will wait for approval for up to 8 hours before stopping the deployment + deploymentApprovalWaitTime: Duration.hours(8), + autoRollback: { + // CodeDeploy will automatically roll back if the 8-hour approval period times out and the deployment stops + stoppedDeployment: true, + }, + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup, + greenTargetGroup, + listener, + testListener, + }, + deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES, +}); +``` + +### Deployment bake time + +You can specify how long CodeDeploy waits before it terminates the original 'blue' ECS task set when a blue-green deployment +is complete in order to let the deployment "bake" a while. During this bake time, CodeDeploy will continue to monitor any +CloudWatch alarms specified for the deployment group and will automatically roll back if those alarms go into a failed state. + +```ts +new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup, + greenTargetGroup, + listener, + // CodeDeploy will wait for 30 minutes after completing the blue-green deployment before it terminates the blue tasks + terminationWaitTime: Duration.minutes(30), + }, + // CodeDeploy will continue to monitor these alarms during the 30-minute bake time and will automatically + // roll back if they go into a failed state at any point during the deployment. + alarms: [blueUnhealthyHosts, greenUnhealthyHosts, blueApiFailure, greenApiFailure], + deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES, +}); +``` + +### Import an existing ECS Deployment Group + +To import an already existing Deployment Group: + +```ts +declare const application: codedeploy.EcsApplication; +const deploymentGroup = codedeploy.EcsDeploymentGroup.fromEcsDeploymentGroupAttributes(this, 'ExistingCodeDeployDeploymentGroup', { + application, + deploymentGroupName: 'MyExistingDeploymentGroup', +}); +``` + ## ECS Deployment Configurations CodeDeploy for ECS comes with predefined configurations for traffic shifting. diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts index 4a432631375e5..bcfee828f3587 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts @@ -1,7 +1,13 @@ +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; +import * as ecs from '@aws-cdk/aws-ecs'; +import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2'; +import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; -import { arnForDeploymentGroup } from '../utils'; -import { IEcsApplication } from './application'; +import { CfnDeploymentGroup } from '../codedeploy.generated'; +import { AutoRollbackConfig } from '../rollback-config'; +import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration, validateName } from '../utils'; +import { IEcsApplication, EcsApplication } from './application'; import { EcsDeploymentConfig, IEcsDeploymentConfig } from './deployment-config'; /** @@ -32,14 +38,164 @@ export interface IEcsDeploymentGroup extends cdk.IResource { } /** - * Note: This class currently stands as a namespaced container for importing an ECS - * Deployment Group defined outside the CDK app until CloudFormation supports provisioning - * ECS Deployment Groups. Until then it is closed (private constructor) and does not - * extend {@link Construct}. + * Specify how the deployment behaves and how traffic is routed to the ECS service during a blue-green ECS deployment. * + * @see https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-steps-ecs.html#deployment-steps-what-happens + * @see https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html#appspec-hooks-ecs + */ +export interface EcsBlueGreenDeploymentConfig { + /** + * The target group that will be associated with the 'blue' ECS task set during a blue-green deployment. + */ + readonly blueTargetGroup: elbv2.ITargetGroup; + + /** + * The target group that will be associated with the 'green' ECS task set during a blue-green deployment. + */ + readonly greenTargetGroup: elbv2.ITargetGroup; + + /** + * The load balancer listener used to serve production traffic and to shift production traffic from the + * 'blue' ECS task set to the 'green' ECS task set during a blue-green deployment. + */ + readonly listener: elbv2.IListener; + + /** + * The load balancer listener used to route test traffic to the 'green' ECS task set during a blue-green deployment. + * + * During a blue-green deployment, validation can occur after test traffic has been re-routed and before production + * traffic has been re-routed to the 'green' ECS task set. You can specify one or more Lambda funtions in the + * deployment's AppSpec file that run during the AfterAllowTestTraffic hook. The functions can run validation tests. + * If a validation test fails, a deployment rollback is triggered. If the validation tests succeed, the next hook in + * the deployment lifecycle, BeforeAllowTraffic, is triggered. + * + * If a test listener is not specified, the deployment will proceed to routing the production listener to the 'green' ECS task set + * and will skip the AfterAllowTestTraffic hook. + * + * @default No test listener will be added + */ + readonly testListener?: elbv2.IListener; + + /** + * Specify how long CodeDeploy waits for approval to continue a blue-green deployment before it stops the deployment. + * + * After provisioning the 'green' ECS task set and re-routing test traffic, CodeDeploy can wait for approval before + * continuing the deployment and re-routing production traffic. During this wait time, validation such as manual + * testing or running integration tests can occur using the test traffic port, prior to exposing the new 'green' task + * set to production traffic. To approve the deployment, validation steps use the CodeDeploy + * [ContinueDeployment API(https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_ContinueDeployment.html). + * If the ContinueDeployment API is not called within the wait time period, CodeDeploy will stop the deployment. + * + * By default, CodeDeploy will not wait for deployment approval. After re-routing test traffic to the 'green' ECS task set + * and running any 'AfterAllowTestTraffic' and 'BeforeAllowTraffic' lifecycle hooks, the deployment will immediately + * re-route production traffic to the 'green' ECS task set. + * + * @default 0 + */ + readonly deploymentApprovalWaitTime?: cdk.Duration; + + /** + * Specify how long CodeDeploy waits before it terminates the original 'blue' ECS task set when a blue-green deployment is complete. + * + * During this wait time, CodeDeploy will continue to monitor any CloudWatch alarms specified for the deployment group, + * and the deployment group can be configured to automatically roll back if those alarms fire. Once CodeDeploy begins to + * terminate the 'blue' ECS task set, the deployment can no longer be rolled back, manually or automatically. + * + * By default, the deployment will immediately terminate the 'blue' ECS task set after production traffic is successfully + * routed to the 'green' ECS task set. + * + * @default 0 + */ + readonly terminationWaitTime?: cdk.Duration; +} + +/** + * Construction properties for {@link EcsDeploymentGroup}. + */ +export interface EcsDeploymentGroupProps { + /** + * The reference to the CodeDeploy ECS Application that this Deployment Group belongs to. + * + * @default One will be created for you. + */ + readonly application?: IEcsApplication; + + /** + * The physical, human-readable name of the CodeDeploy Deployment Group. + * + * @default An auto-generated name will be used. + */ + readonly deploymentGroupName?: string; + + /** + * The Deployment Configuration this Deployment Group uses. + * + * @default EcsDeploymentConfig.ALL_AT_ONCE + */ + readonly deploymentConfig?: IEcsDeploymentConfig; + + /** + * The CloudWatch alarms associated with this Deployment Group. + * CodeDeploy will stop (and optionally roll back) + * a deployment if during it any of the alarms trigger. + * + * Alarms can also be added after the Deployment Group is created using the {@link #addAlarm} method. + * + * @default [] + * @see https://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-create-alarms.html + */ + readonly alarms?: cloudwatch.IAlarm[]; + + /** + * The service Role of this Deployment Group. + * + * @default - A new Role will be created. + */ + readonly role?: iam.IRole; + + /** + * The ECS services to deploy. + * + * If you provide an {@link ecs.BaseService} such as {@link ecs.FargateService}, + * the ECS service's deployment controller property will be automatically updated to + * `CODE_DEPLOY`. If you provide an imported ECS service, you are responsible for + * configuring the service's deployment controller property to be `CODE_DEPLOY`. + * + * For non-imported services, the ECS service's task definition property will also + * be updated to remove thetask definition revision ID. This change prevents CloudFormation from + * attempting to re-deploy the service when a new revision of the task definition is + * created by the stack. In order to deploy a new task definition revision to the ECS + * service after stack creation, deploy the change directly through CodeDeploy using + * the CodeDeploy APIs or console. When the `CODE_DEPLOY` deployment controller is used, + * the ECS service cannot be deployed with a new task definition revision through CloudFormation. + */ + readonly services: ecs.IBaseService[]; + + /** + * The configuration options for blue-green ECS deployments + */ + readonly blueGreenDeploymentConfig: EcsBlueGreenDeploymentConfig; + + /** + * Whether to continue a deployment even if fetching the alarm status from CloudWatch failed. + * + * @default false + */ + readonly ignorePollAlarmsFailure?: boolean; + + /** + * The auto-rollback configuration for this Deployment Group. + * + * @default - default AutoRollbackConfig. + */ + readonly autoRollback?: AutoRollbackConfig; +} + +/** + * A CodeDeploy deployment group that orchestrates ECS blue-green deployments. * @resource AWS::CodeDeploy::DeploymentGroup */ -export class EcsDeploymentGroup { +export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGroup { /** * Import an ECS Deployment Group defined outside the CDK app. * @@ -55,8 +211,134 @@ export class EcsDeploymentGroup { return new ImportedEcsDeploymentGroup(scope, id, attrs); } - private constructor() { - // nothing to do until CFN supports ECS deployment groups + public readonly application: IEcsApplication; + public readonly deploymentGroupName: string; + public readonly deploymentGroupArn: string; + public readonly deploymentConfig: IEcsDeploymentConfig; + /** + * The service Role of this Deployment Group. + */ + public readonly role: iam.IRole; + + private readonly alarms: cloudwatch.IAlarm[]; + + constructor(scope: Construct, id: string, props: EcsDeploymentGroupProps) { + super(scope, id, { + physicalName: props.deploymentGroupName, + }); + + this.application = props.application || new EcsApplication(this, 'Application'); + this.alarms = props.alarms || []; + + this.role = props.role || new iam.Role(this, 'ServiceRole', { + assumedBy: new iam.ServicePrincipal('codedeploy.amazonaws.com'), + }); + + this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCodeDeployRoleForECS')); + this.deploymentConfig = props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE; + + for (const service of props.services) { + if (service instanceof ecs.BaseService) { + // Ensure the service's deployment controller is CodeDeploy + const cfnService = service.node.defaultChild as ecs.CfnService; + cfnService.deploymentController = { type: ecs.DeploymentControllerType.CODE_DEPLOY }; + + // Strip the revision ID from the service's task definition property to + // prevent new task def revisions in the stack from triggering updates + // to the stack's ECS service resource + cfnService.taskDefinition = service.taskDefinition.family; + service.node.addDependency(service.taskDefinition); + } + } + + const resource = new CfnDeploymentGroup(this, 'Resource', { + applicationName: this.application.applicationName, + serviceRoleArn: this.role.roleArn, + deploymentGroupName: this.physicalName, + deploymentConfigName: this.deploymentConfig.deploymentConfigName, + deploymentStyle: { + deploymentType: 'BLUE_GREEN', + deploymentOption: 'WITH_TRAFFIC_CONTROL', + }, + ecsServices: props.services.map(s => { + return { + clusterName: s.cluster.clusterName, + serviceName: s.serviceName, + }; + }), + blueGreenDeploymentConfiguration: cdk.Lazy.any({ + produce: () => this.renderBlueGreenDeploymentConfiguration(props.blueGreenDeploymentConfig), + }), + loadBalancerInfo: cdk.Lazy.any({ produce: () => this.renderLoadBalancerInfo(props.blueGreenDeploymentConfig) }), + alarmConfiguration: cdk.Lazy.any({ produce: () => renderAlarmConfiguration(this.alarms, props.ignorePollAlarmsFailure) }), + autoRollbackConfiguration: cdk.Lazy.any({ produce: () => renderAutoRollbackConfiguration(this.alarms, props.autoRollback) }), + }); + + this.deploymentGroupName = this.getResourceNameAttribute(resource.ref); + this.deploymentGroupArn = this.getResourceArnAttribute(arnForDeploymentGroup(this.application.applicationName, resource.ref), { + service: 'codedeploy', + resource: 'deploymentgroup', + resourceName: `${this.application.applicationName}/${this.physicalName}`, + arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, + }); + + // If the deployment config is a construct, add a dependency to ensure the deployment config + // is created before the deployment group is. + if (this.deploymentConfig instanceof Construct) { + this.node.addDependency(this.deploymentConfig); + } + + this.node.addValidation({ validate: () => validateName('Deployment group', this.physicalName) }); + } + + /** + * Associates an additional alarm with this Deployment Group. + * + * @param alarm the alarm to associate with this Deployment Group + */ + public addAlarm(alarm: cloudwatch.IAlarm): void { + this.alarms.push(alarm); + } + + private renderBlueGreenDeploymentConfiguration(options: EcsBlueGreenDeploymentConfig): + CfnDeploymentGroup.BlueGreenDeploymentConfigurationProperty { + return { + deploymentReadyOption: { + actionOnTimeout: options.deploymentApprovalWaitTime ? 'STOP_DEPLOYMENT' : 'CONTINUE_DEPLOYMENT', + waitTimeInMinutes: options.deploymentApprovalWaitTime?.toMinutes() ?? 0, + }, + terminateBlueInstancesOnDeploymentSuccess: { + action: 'TERMINATE', + terminationWaitTimeInMinutes: options.terminationWaitTime?.toMinutes() ?? 0, + }, + }; + } + + private renderLoadBalancerInfo(options: EcsBlueGreenDeploymentConfig): CfnDeploymentGroup.LoadBalancerInfoProperty { + return { + targetGroupPairInfoList: [ + { + targetGroups: [ + { + name: options.blueTargetGroup.targetGroupName, + }, + { + name: options.greenTargetGroup.targetGroupName, + }, + ], + prodTrafficRoute: { + listenerArns: [ + options.listener.listenerArn, + ], + }, + testTrafficRoute: options.testListener ? { + listenerArns: [ + options.testListener.listenerArn, + ], + } : undefined, + }, + ], + }; } } diff --git a/packages/@aws-cdk/aws-codedeploy/package.json b/packages/@aws-cdk/aws-codedeploy/package.json index 4cb2301eb5303..ad4f31f642035 100644 --- a/packages/@aws-cdk/aws-codedeploy/package.json +++ b/packages/@aws-cdk/aws-codedeploy/package.json @@ -96,6 +96,7 @@ "@aws-cdk/aws-autoscaling": "0.0.0", "@aws-cdk/aws-cloudwatch": "0.0.0", "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/aws-ecs": "0.0.0", "@aws-cdk/aws-elasticloadbalancing": "0.0.0", "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", @@ -110,6 +111,7 @@ "@aws-cdk/aws-autoscaling": "0.0.0", "@aws-cdk/aws-cloudwatch": "0.0.0", "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/aws-ecs": "0.0.0", "@aws-cdk/aws-elasticloadbalancing": "0.0.0", "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets.json new file mode 100644 index 0000000000000..0f418df24db57 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.template.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json new file mode 100644 index 0000000000000..986c748373554 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "cb953019881f048318168478ff610f1d0c79d74d9e309487bb4c8b7df50e2d0c": { + "source": { + "path": "aws-cdk-codedeploy-ecs-dg.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "cb953019881f048318168478ff610f1d0c79d74d9e309487bb4c8b7df50e2d0c.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json new file mode 100644 index 0000000000000..8f040f4787658 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json @@ -0,0 +1,1392 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1RouteTableAssociation0B0896DC" + ] + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2RouteTableAssociation5A808732" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-codedeploy-ecs-dg/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "EcsCluster97242B84": { + "Type": "AWS::ECS::Cluster" + }, + "TaskDefTaskRole1EDB4A67": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDef54694570": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Essential": true, + "Image": "public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest", + "Name": "Container", + "PortMappings": [ + { + "ContainerPort": 80, + "Protocol": "tcp" + } + ] + } + ], + "Cpu": "256", + "Family": "awscdkcodedeployecsdgTaskDef25A5A14D", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "FargateServiceAC2B3B85": { + "Type": "AWS::ECS::Service", + "Properties": { + "Cluster": { + "Ref": "EcsCluster97242B84" + }, + "DeploymentConfiguration": { + "MaximumPercent": 200, + "MinimumHealthyPercent": 50 + }, + "DeploymentController": { + "Type": "CODE_DEPLOY" + }, + "EnableECSManagedTags": false, + "HealthCheckGracePeriodSeconds": 60, + "LaunchType": "FARGATE", + "LoadBalancers": [ + { + "ContainerName": "Container", + "ContainerPort": 80, + "TargetGroupArn": { + "Ref": "ServiceLBProdListenerBlueTGGroupB47699CD" + } + } + ], + "NetworkConfiguration": { + "AwsvpcConfiguration": { + "AssignPublicIp": "DISABLED", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ] + } + }, + "TaskDefinition": "awscdkcodedeployecsdgTaskDef25A5A14D" + }, + "DependsOn": [ + "GreenTG71A27F2F", + "ServiceLBProdListenerBlueTGGroupB47699CD", + "ServiceLBProdListener0E7627EE", + "ServiceLBTestListener3EA49939", + "TaskDef54694570", + "TaskDefTaskRole1EDB4A67", + "TaskDef2C6A35A16", + "TaskDef2TaskRole5A51C717" + ] + }, + "FargateServiceSecurityGroup0A0E79CB": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-codedeploy-ecs-dg/FargateService/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + }, + "DependsOn": [ + "GreenTG71A27F2F", + "ServiceLBTestListener3EA49939", + "TaskDef54694570", + "TaskDefTaskRole1EDB4A67", + "TaskDef2C6A35A16", + "TaskDef2TaskRole5A51C717" + ] + }, + "FargateServiceSecurityGroupfromawscdkcodedeployecsdgServiceLBSecurityGroupEC967688803C3B1119": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "Load balancer to target", + "FromPort": 80, + "GroupId": { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ServiceLBSecurityGroup2EA7EDA1", + "GroupId" + ] + }, + "ToPort": 80 + }, + "DependsOn": [ + "GreenTG71A27F2F", + "ServiceLBTestListener3EA49939", + "TaskDef54694570", + "TaskDefTaskRole1EDB4A67", + "TaskDef2C6A35A16", + "TaskDef2TaskRole5A51C717" + ] + }, + "TaskDef2TaskRole5A51C717": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDef2C6A35A16": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Essential": true, + "Image": "public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest", + "Name": "Container", + "PortMappings": [ + { + "ContainerPort": 80, + "Protocol": "tcp" + } + ] + } + ], + "Cpu": "256", + "Family": "awscdkcodedeployecsdgTaskDef22B5CE8FC", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "TaskDef2TaskRole5A51C717", + "Arn" + ] + } + } + }, + "ServiceLBBDAD0B9B": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internal", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "ServiceLBSecurityGroup2EA7EDA1", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "Type": "application" + } + }, + "ServiceLBSecurityGroup2EA7EDA1": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatically created Security Group for ELB awscdkcodedeployecsdgServiceLB2A9D4A45", + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow from anyone on port 80", + "FromPort": 80, + "IpProtocol": "tcp", + "ToPort": 80 + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow from anyone on port 9002", + "FromPort": 9002, + "IpProtocol": "tcp", + "ToPort": 9002 + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "ServiceLBSecurityGrouptoawscdkcodedeployecsdgFargateServiceSecurityGroup64C2B62E8071D2502F": { + "Type": "AWS::EC2::SecurityGroupEgress", + "Properties": { + "GroupId": { + "Fn::GetAtt": [ + "ServiceLBSecurityGroup2EA7EDA1", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "Description": "Load balancer to target", + "DestinationSecurityGroupId": { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + }, + "FromPort": 80, + "ToPort": 80 + } + }, + "ServiceLBProdListener0E7627EE": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "DefaultActions": [ + { + "TargetGroupArn": { + "Ref": "ServiceLBProdListenerBlueTGGroupB47699CD" + }, + "Type": "forward" + } + ], + "LoadBalancerArn": { + "Ref": "ServiceLBBDAD0B9B" + }, + "Port": 80, + "Protocol": "HTTP" + }, + "DependsOn": [ + "GreenTG71A27F2F" + ] + }, + "ServiceLBProdListenerBlueTGGroupB47699CD": { + "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "Properties": { + "HealthCheckIntervalSeconds": 5, + "HealthCheckTimeoutSeconds": 4, + "HealthyThresholdCount": 2, + "Matcher": { + "HttpCode": "200" + }, + "Port": 80, + "Protocol": "HTTP", + "TargetGroupAttributes": [ + { + "Key": "deregistration_delay.timeout_seconds", + "Value": "30" + }, + { + "Key": "stickiness.enabled", + "Value": "false" + } + ], + "TargetType": "ip", + "UnhealthyThresholdCount": 3, + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + }, + "DependsOn": [ + "GreenTG71A27F2F" + ] + }, + "ServiceLBTestListener3EA49939": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "DefaultActions": [ + { + "TargetGroupArn": { + "Ref": "GreenTG71A27F2F" + }, + "Type": "forward" + } + ], + "LoadBalancerArn": { + "Ref": "ServiceLBBDAD0B9B" + }, + "Port": 9002, + "Protocol": "HTTP" + }, + "DependsOn": [ + "ServiceLBProdListenerBlueTGGroupB47699CD" + ] + }, + "GreenTG71A27F2F": { + "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "Properties": { + "HealthCheckIntervalSeconds": 5, + "HealthCheckTimeoutSeconds": 4, + "HealthyThresholdCount": 2, + "Matcher": { + "HttpCode": "200" + }, + "Port": 80, + "Protocol": "HTTP", + "TargetGroupAttributes": [ + { + "Key": "deregistration_delay.timeout_seconds", + "Value": "30" + }, + { + "Key": "stickiness.enabled", + "Value": "false" + } + ], + "TargetType": "ip", + "UnhealthyThresholdCount": 3, + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "BlueUnhealthyHosts48919A97": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "EvaluationPeriods": 2, + "AlarmName": "aws-cdk-codedeploy-ecs-dg-Unhealthy-Hosts-Blue", + "Dimensions": [ + { + "Name": "LoadBalancer", + "Value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + } + ] + ] + } + }, + { + "Name": "TargetGroup", + "Value": { + "Fn::GetAtt": [ + "ServiceLBProdListenerBlueTGGroupB47699CD", + "TargetGroupFullName" + ] + } + } + ], + "MetricName": "UnHealthyHostCount", + "Namespace": "AWS/ApplicationELB", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Blue5xx7E9798A6": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "EvaluationPeriods": 1, + "AlarmName": "aws-cdk-codedeploy-ecs-dg-Http-500-Blue", + "Dimensions": [ + { + "Name": "LoadBalancer", + "Value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + } + ] + ] + } + }, + { + "Name": "TargetGroup", + "Value": { + "Fn::GetAtt": [ + "ServiceLBProdListenerBlueTGGroupB47699CD", + "TargetGroupFullName" + ] + } + } + ], + "MetricName": "HTTPCode_Target_5XX_Count", + "Namespace": "AWS/ApplicationELB", + "Period": 60, + "Statistic": "Sum", + "Threshold": 1 + } + }, + "GreenUnhealthyHosts8D9D09C1": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "EvaluationPeriods": 2, + "AlarmName": "aws-cdk-codedeploy-ecs-dg-Unhealthy-Hosts-Green", + "Dimensions": [ + { + "Name": "LoadBalancer", + "Value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + } + ] + ] + } + }, + { + "Name": "TargetGroup", + "Value": { + "Fn::GetAtt": [ + "GreenTG71A27F2F", + "TargetGroupFullName" + ] + } + } + ], + "MetricName": "UnHealthyHostCount", + "Namespace": "AWS/ApplicationELB", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Green5xx1A511A06": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "EvaluationPeriods": 1, + "AlarmName": "aws-cdk-codedeploy-ecs-dg-Http-500-Green", + "Dimensions": [ + { + "Name": "LoadBalancer", + "Value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + } + ] + ] + } + }, + { + "Name": "TargetGroup", + "Value": { + "Fn::GetAtt": [ + "GreenTG71A27F2F", + "TargetGroupFullName" + ] + } + } + ], + "MetricName": "HTTPCode_Target_5XX_Count", + "Namespace": "AWS/ApplicationELB", + "Period": 60, + "Statistic": "Sum", + "Threshold": 1 + } + }, + "CanaryConfig039778DD": { + "Type": "AWS::CodeDeploy::DeploymentConfig", + "Properties": { + "ComputePlatform": "ECS", + "TrafficRoutingConfig": { + "TimeBasedCanary": { + "CanaryInterval": 1, + "CanaryPercentage": 20 + }, + "Type": "TimeBasedCanary" + } + } + }, + "BlueGreenDGApplication3649479D": { + "Type": "AWS::CodeDeploy::Application", + "Properties": { + "ComputePlatform": "ECS" + }, + "DependsOn": [ + "CanaryConfig039778DD" + ] + }, + "BlueGreenDGServiceRole33E3BCAC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" + }, + "codedeploy" + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AWSCodeDeployRoleForECS" + ] + ] + } + ] + }, + "DependsOn": [ + "CanaryConfig039778DD" + ] + }, + "BlueGreenDG373AB9B0": { + "Type": "AWS::CodeDeploy::DeploymentGroup", + "Properties": { + "ApplicationName": { + "Ref": "BlueGreenDGApplication3649479D" + }, + "ServiceRoleArn": { + "Fn::GetAtt": [ + "BlueGreenDGServiceRole33E3BCAC", + "Arn" + ] + }, + "AlarmConfiguration": { + "Alarms": [ + { + "Name": { + "Ref": "BlueUnhealthyHosts48919A97" + } + }, + { + "Name": { + "Ref": "Blue5xx7E9798A6" + } + }, + { + "Name": { + "Ref": "GreenUnhealthyHosts8D9D09C1" + } + }, + { + "Name": { + "Ref": "Green5xx1A511A06" + } + } + ], + "Enabled": true + }, + "AutoRollbackConfiguration": { + "Enabled": true, + "Events": [ + "DEPLOYMENT_FAILURE", + "DEPLOYMENT_STOP_ON_REQUEST", + "DEPLOYMENT_STOP_ON_ALARM" + ] + }, + "BlueGreenDeploymentConfiguration": { + "DeploymentReadyOption": { + "ActionOnTimeout": "CONTINUE_DEPLOYMENT", + "WaitTimeInMinutes": 0 + }, + "TerminateBlueInstancesOnDeploymentSuccess": { + "Action": "TERMINATE", + "TerminationWaitTimeInMinutes": 1 + } + }, + "DeploymentConfigName": { + "Ref": "CanaryConfig039778DD" + }, + "DeploymentStyle": { + "DeploymentOption": "WITH_TRAFFIC_CONTROL", + "DeploymentType": "BLUE_GREEN" + }, + "ECSServices": [ + { + "ClusterName": { + "Ref": "EcsCluster97242B84" + }, + "ServiceName": { + "Fn::GetAtt": [ + "FargateServiceAC2B3B85", + "Name" + ] + } + } + ], + "LoadBalancerInfo": { + "TargetGroupPairInfoList": [ + { + "ProdTrafficRoute": { + "ListenerArns": [ + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + }, + "TargetGroups": [ + { + "Name": { + "Fn::GetAtt": [ + "ServiceLBProdListenerBlueTGGroupB47699CD", + "TargetGroupName" + ] + } + }, + { + "Name": { + "Fn::GetAtt": [ + "GreenTG71A27F2F", + "TargetGroupName" + ] + } + } + ], + "TestTrafficRoute": { + "ListenerArns": [ + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + } + ] + } + }, + "DependsOn": [ + "CanaryConfig039778DD" + ] + } + }, + "Mappings": { + "ServiceprincipalMap": { + "af-south-1": { + "codedeploy": "codedeploy.af-south-1.amazonaws.com" + }, + "ap-east-1": { + "codedeploy": "codedeploy.ap-east-1.amazonaws.com" + }, + "ap-northeast-1": { + "codedeploy": "codedeploy.ap-northeast-1.amazonaws.com" + }, + "ap-northeast-2": { + "codedeploy": "codedeploy.ap-northeast-2.amazonaws.com" + }, + "ap-northeast-3": { + "codedeploy": "codedeploy.ap-northeast-3.amazonaws.com" + }, + "ap-south-1": { + "codedeploy": "codedeploy.ap-south-1.amazonaws.com" + }, + "ap-southeast-1": { + "codedeploy": "codedeploy.ap-southeast-1.amazonaws.com" + }, + "ap-southeast-2": { + "codedeploy": "codedeploy.ap-southeast-2.amazonaws.com" + }, + "ap-southeast-3": { + "codedeploy": "codedeploy.ap-southeast-3.amazonaws.com" + }, + "ca-central-1": { + "codedeploy": "codedeploy.ca-central-1.amazonaws.com" + }, + "cn-north-1": { + "codedeploy": "codedeploy.cn-north-1.amazonaws.com.cn" + }, + "cn-northwest-1": { + "codedeploy": "codedeploy.cn-northwest-1.amazonaws.com.cn" + }, + "eu-central-1": { + "codedeploy": "codedeploy.eu-central-1.amazonaws.com" + }, + "eu-north-1": { + "codedeploy": "codedeploy.eu-north-1.amazonaws.com" + }, + "eu-south-1": { + "codedeploy": "codedeploy.eu-south-1.amazonaws.com" + }, + "eu-south-2": { + "codedeploy": "codedeploy.eu-south-2.amazonaws.com" + }, + "eu-west-1": { + "codedeploy": "codedeploy.eu-west-1.amazonaws.com" + }, + "eu-west-2": { + "codedeploy": "codedeploy.eu-west-2.amazonaws.com" + }, + "eu-west-3": { + "codedeploy": "codedeploy.eu-west-3.amazonaws.com" + }, + "me-south-1": { + "codedeploy": "codedeploy.me-south-1.amazonaws.com" + }, + "sa-east-1": { + "codedeploy": "codedeploy.sa-east-1.amazonaws.com" + }, + "us-east-1": { + "codedeploy": "codedeploy.us-east-1.amazonaws.com" + }, + "us-east-2": { + "codedeploy": "codedeploy.us-east-2.amazonaws.com" + }, + "us-gov-east-1": { + "codedeploy": "codedeploy.us-gov-east-1.amazonaws.com" + }, + "us-gov-west-1": { + "codedeploy": "codedeploy.us-gov-west-1.amazonaws.com" + }, + "us-iso-east-1": { + "codedeploy": "codedeploy.amazonaws.com" + }, + "us-iso-west-1": { + "codedeploy": "codedeploy.amazonaws.com" + }, + "us-isob-east-1": { + "codedeploy": "codedeploy.amazonaws.com" + }, + "us-west-1": { + "codedeploy": "codedeploy.us-west-1.amazonaws.com" + }, + "us-west-2": { + "codedeploy": "codedeploy.us-west-2.amazonaws.com" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..8ecc185e9dbee --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/integ.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/integ.json new file mode 100644 index 0000000000000..96bd46ecd60d1 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "21.0.0", + "testCases": { + "EcsDeploymentGroupTest/DefaultTest": { + "stacks": [ + "aws-cdk-codedeploy-ecs-dg" + ], + "assertionStack": "EcsDeploymentGroupTest/DefaultTest/DeployAssert", + "assertionStackName": "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..12b33921e09d8 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json @@ -0,0 +1,387 @@ +{ + "version": "21.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-codedeploy-ecs-dg.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-codedeploy-ecs-dg.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-codedeploy-ecs-dg": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-codedeploy-ecs-dg.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cb953019881f048318168478ff610f1d0c79d74d9e309487bb4c8b7df50e2d0c.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-codedeploy-ecs-dg.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-codedeploy-ecs-dg.assets" + ], + "metadata": { + "/aws-cdk-codedeploy-ecs-dg/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2EIP4947BC00" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2NATGateway3C070193" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/aws-cdk-codedeploy-ecs-dg/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/aws-cdk-codedeploy-ecs-dg/EcsCluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EcsCluster97242B84" + } + ], + "/aws-cdk-codedeploy-ecs-dg/TaskDef/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRole1EDB4A67" + } + ], + "/aws-cdk-codedeploy-ecs-dg/TaskDef/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDef54694570" + } + ], + "/aws-cdk-codedeploy-ecs-dg/FargateService/Service": [ + { + "type": "aws:cdk:logicalId", + "data": "FargateServiceAC2B3B85" + } + ], + "/aws-cdk-codedeploy-ecs-dg/FargateService/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "FargateServiceSecurityGroup0A0E79CB" + } + ], + "/aws-cdk-codedeploy-ecs-dg/FargateService/SecurityGroup/from awscdkcodedeployecsdgServiceLBSecurityGroupEC967688:80": [ + { + "type": "aws:cdk:logicalId", + "data": "FargateServiceSecurityGroupfromawscdkcodedeployecsdgServiceLBSecurityGroupEC967688803C3B1119" + } + ], + "/aws-cdk-codedeploy-ecs-dg/TaskDef2/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDef2TaskRole5A51C717" + } + ], + "/aws-cdk-codedeploy-ecs-dg/TaskDef2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDef2C6A35A16" + } + ], + "/aws-cdk-codedeploy-ecs-dg/ServiceLB/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceLBBDAD0B9B" + } + ], + "/aws-cdk-codedeploy-ecs-dg/ServiceLB/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceLBSecurityGroup2EA7EDA1" + } + ], + "/aws-cdk-codedeploy-ecs-dg/ServiceLB/SecurityGroup/to awscdkcodedeployecsdgFargateServiceSecurityGroup64C2B62E:80": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceLBSecurityGrouptoawscdkcodedeployecsdgFargateServiceSecurityGroup64C2B62E8071D2502F" + } + ], + "/aws-cdk-codedeploy-ecs-dg/ServiceLB/ProdListener/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceLBProdListener0E7627EE" + } + ], + "/aws-cdk-codedeploy-ecs-dg/ServiceLB/ProdListener/BlueTGGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceLBProdListenerBlueTGGroupB47699CD" + } + ], + "/aws-cdk-codedeploy-ecs-dg/ServiceLB/TestListener/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceLBTestListener3EA49939" + } + ], + "/aws-cdk-codedeploy-ecs-dg/GreenTG/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GreenTG71A27F2F" + } + ], + "/aws-cdk-codedeploy-ecs-dg/BlueUnhealthyHosts/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BlueUnhealthyHosts48919A97" + } + ], + "/aws-cdk-codedeploy-ecs-dg/Blue5xx/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Blue5xx7E9798A6" + } + ], + "/aws-cdk-codedeploy-ecs-dg/GreenUnhealthyHosts/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GreenUnhealthyHosts8D9D09C1" + } + ], + "/aws-cdk-codedeploy-ecs-dg/Green5xx/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Green5xx1A511A06" + } + ], + "/aws-cdk-codedeploy-ecs-dg/CanaryConfig/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CanaryConfig039778DD" + } + ], + "/aws-cdk-codedeploy-ecs-dg/BlueGreenDG/Application/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BlueGreenDGApplication3649479D" + } + ], + "/aws-cdk-codedeploy-ecs-dg/BlueGreenDG/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BlueGreenDGServiceRole33E3BCAC" + } + ], + "/aws-cdk-codedeploy-ecs-dg/BlueGreenDG/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BlueGreenDG373AB9B0" + } + ], + "/aws-cdk-codedeploy-ecs-dg/Service-principalMap": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceprincipalMap" + } + ], + "/aws-cdk-codedeploy-ecs-dg/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-codedeploy-ecs-dg/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-codedeploy-ecs-dg" + }, + "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "EcsDeploymentGroupTestDefaultTestDeployAssert60AABFA0.assets" + ], + "metadata": { + "/EcsDeploymentGroupTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/EcsDeploymentGroupTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "EcsDeploymentGroupTest/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json new file mode 100644 index 0000000000000..f0aad8c03bcb1 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json @@ -0,0 +1,1954 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.95" + } + }, + "aws-cdk-codedeploy-ecs-dg": { + "id": "aws-cdk-codedeploy-ecs-dg", + "path": "aws-cdk-codedeploy-ecs-dg", + "children": { + "VPC": { + "id": "VPC", + "path": "aws-cdk-codedeploy-ecs-dg/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-cdk-codedeploy-ecs-dg/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-cdk-codedeploy-ecs-dg/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.Vpc", + "version": "0.0.0" + } + }, + "EcsCluster": { + "id": "EcsCluster", + "path": "aws-cdk-codedeploy-ecs-dg/EcsCluster", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/EcsCluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.CfnCluster", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.Cluster", + "version": "0.0.0" + } + }, + "TaskDef": { + "id": "TaskDef", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "essential": true, + "image": "public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest", + "name": "Container", + "portMappings": [ + { + "containerPort": 80, + "protocol": "tcp" + } + ] + } + ], + "cpu": "256", + "family": "awscdkcodedeployecsdgTaskDef25A5A14D", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "Container": { + "id": "Container", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef/Container", + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.ContainerDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.FargateTaskDefinition", + "version": "0.0.0" + } + }, + "FargateService": { + "id": "FargateService", + "path": "aws-cdk-codedeploy-ecs-dg/FargateService", + "children": { + "Service": { + "id": "Service", + "path": "aws-cdk-codedeploy-ecs-dg/FargateService/Service", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Service", + "aws:cdk:cloudformation:props": { + "cluster": { + "Ref": "EcsCluster97242B84" + }, + "deploymentConfiguration": { + "maximumPercent": 200, + "minimumHealthyPercent": 50 + }, + "deploymentController": { + "type": "CODE_DEPLOY" + }, + "enableEcsManagedTags": false, + "healthCheckGracePeriodSeconds": 60, + "launchType": "FARGATE", + "loadBalancers": [ + { + "targetGroupArn": { + "Ref": "ServiceLBProdListenerBlueTGGroupB47699CD" + }, + "containerName": "Container", + "containerPort": 80 + } + ], + "networkConfiguration": { + "awsvpcConfiguration": { + "assignPublicIp": "DISABLED", + "subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "securityGroups": [ + { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + } + ] + } + }, + "taskDefinition": "awscdkcodedeployecsdgTaskDef25A5A14D" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.CfnService", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-cdk-codedeploy-ecs-dg/FargateService/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/FargateService/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-cdk-codedeploy-ecs-dg/FargateService/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + }, + "from awscdkcodedeployecsdgServiceLBSecurityGroupEC967688:80": { + "id": "from awscdkcodedeployecsdgServiceLBSecurityGroupEC967688:80", + "path": "aws-cdk-codedeploy-ecs-dg/FargateService/SecurityGroup/from awscdkcodedeployecsdgServiceLBSecurityGroupEC967688:80", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "Load balancer to target", + "fromPort": 80, + "groupId": { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "ServiceLBSecurityGroup2EA7EDA1", + "GroupId" + ] + }, + "toPort": 80 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroupIngress", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.FargateService", + "version": "0.0.0" + } + }, + "TaskDef2": { + "id": "TaskDef2", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef2", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef2/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef2/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "essential": true, + "image": "public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest", + "name": "Container", + "portMappings": [ + { + "containerPort": 80, + "protocol": "tcp" + } + ] + } + ], + "cpu": "256", + "family": "awscdkcodedeployecsdgTaskDef22B5CE8FC", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "TaskDef2TaskRole5A51C717", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "Container": { + "id": "Container", + "path": "aws-cdk-codedeploy-ecs-dg/TaskDef2/Container", + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.ContainerDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecs.FargateTaskDefinition", + "version": "0.0.0" + } + }, + "ServiceLB": { + "id": "ServiceLB", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "aws:cdk:cloudformation:props": { + "loadBalancerAttributes": [ + { + "key": "deletion_protection.enabled", + "value": "false" + } + ], + "scheme": "internal", + "securityGroups": [ + { + "Fn::GetAtt": [ + "ServiceLBSecurityGroup2EA7EDA1", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "type": "application" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnLoadBalancer", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatically created Security Group for ELB awscdkcodedeployecsdgServiceLB2A9D4A45", + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 80, + "toPort": 80, + "description": "Allow from anyone on port 80" + }, + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 9002, + "toPort": 9002, + "description": "Allow from anyone on port 9002" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + }, + "to awscdkcodedeployecsdgFargateServiceSecurityGroup64C2B62E:80": { + "id": "to awscdkcodedeployecsdgFargateServiceSecurityGroup64C2B62E:80", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/SecurityGroup/to awscdkcodedeployecsdgFargateServiceSecurityGroup64C2B62E:80", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupEgress", + "aws:cdk:cloudformation:props": { + "groupId": { + "Fn::GetAtt": [ + "ServiceLBSecurityGroup2EA7EDA1", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "description": "Load balancer to target", + "destinationSecurityGroupId": { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + }, + "fromPort": 80, + "toPort": 80 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroupEgress", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "ProdListener": { + "id": "ProdListener", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/ProdListener", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/ProdListener/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::Listener", + "aws:cdk:cloudformation:props": { + "defaultActions": [ + { + "type": "forward", + "targetGroupArn": { + "Ref": "ServiceLBProdListenerBlueTGGroupB47699CD" + } + } + ], + "loadBalancerArn": { + "Ref": "ServiceLBBDAD0B9B" + }, + "port": 80, + "protocol": "HTTP" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnListener", + "version": "0.0.0" + } + }, + "BlueTGGroup": { + "id": "BlueTGGroup", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/ProdListener/BlueTGGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/ProdListener/BlueTGGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "aws:cdk:cloudformation:props": { + "healthCheckIntervalSeconds": 5, + "healthCheckTimeoutSeconds": 4, + "healthyThresholdCount": 2, + "matcher": { + "httpCode": "200" + }, + "port": 80, + "protocol": "HTTP", + "targetGroupAttributes": [ + { + "key": "deregistration_delay.timeout_seconds", + "value": "30" + }, + { + "key": "stickiness.enabled", + "value": "false" + } + ], + "targetType": "ip", + "unhealthyThresholdCount": 3, + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnTargetGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.ApplicationTargetGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.ApplicationListener", + "version": "0.0.0" + } + }, + "TestListener": { + "id": "TestListener", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/TestListener", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/ServiceLB/TestListener/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::Listener", + "aws:cdk:cloudformation:props": { + "defaultActions": [ + { + "type": "forward", + "targetGroupArn": { + "Ref": "GreenTG71A27F2F" + } + } + ], + "loadBalancerArn": { + "Ref": "ServiceLBBDAD0B9B" + }, + "port": 9002, + "protocol": "HTTP" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnListener", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.ApplicationListener", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.ApplicationLoadBalancer", + "version": "0.0.0" + } + }, + "GreenTG": { + "id": "GreenTG", + "path": "aws-cdk-codedeploy-ecs-dg/GreenTG", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/GreenTG/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "aws:cdk:cloudformation:props": { + "healthCheckIntervalSeconds": 5, + "healthCheckTimeoutSeconds": 4, + "healthyThresholdCount": 2, + "matcher": { + "httpCode": "200" + }, + "port": 80, + "protocol": "HTTP", + "targetGroupAttributes": [ + { + "key": "deregistration_delay.timeout_seconds", + "value": "30" + }, + { + "key": "stickiness.enabled", + "value": "false" + } + ], + "targetType": "ip", + "unhealthyThresholdCount": 3, + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnTargetGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-elasticloadbalancingv2.ApplicationTargetGroup", + "version": "0.0.0" + } + }, + "BlueUnhealthyHosts": { + "id": "BlueUnhealthyHosts", + "path": "aws-cdk-codedeploy-ecs-dg/BlueUnhealthyHosts", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/BlueUnhealthyHosts/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "evaluationPeriods": 2, + "alarmName": "aws-cdk-codedeploy-ecs-dg-Unhealthy-Hosts-Blue", + "dimensions": [ + { + "name": "LoadBalancer", + "value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + } + ] + ] + } + }, + { + "name": "TargetGroup", + "value": { + "Fn::GetAtt": [ + "ServiceLBProdListenerBlueTGGroupB47699CD", + "TargetGroupFullName" + ] + } + } + ], + "metricName": "UnHealthyHostCount", + "namespace": "AWS/ApplicationELB", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Blue5xx": { + "id": "Blue5xx", + "path": "aws-cdk-codedeploy-ecs-dg/Blue5xx", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/Blue5xx/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "evaluationPeriods": 1, + "alarmName": "aws-cdk-codedeploy-ecs-dg-Http-500-Blue", + "dimensions": [ + { + "name": "LoadBalancer", + "value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + } + ] + } + ] + ] + } + }, + { + "name": "TargetGroup", + "value": { + "Fn::GetAtt": [ + "ServiceLBProdListenerBlueTGGroupB47699CD", + "TargetGroupFullName" + ] + } + } + ], + "metricName": "HTTPCode_Target_5XX_Count", + "namespace": "AWS/ApplicationELB", + "period": 60, + "statistic": "Sum", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "GreenUnhealthyHosts": { + "id": "GreenUnhealthyHosts", + "path": "aws-cdk-codedeploy-ecs-dg/GreenUnhealthyHosts", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/GreenUnhealthyHosts/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "evaluationPeriods": 2, + "alarmName": "aws-cdk-codedeploy-ecs-dg-Unhealthy-Hosts-Green", + "dimensions": [ + { + "name": "LoadBalancer", + "value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + } + ] + ] + } + }, + { + "name": "TargetGroup", + "value": { + "Fn::GetAtt": [ + "GreenTG71A27F2F", + "TargetGroupFullName" + ] + } + } + ], + "metricName": "UnHealthyHostCount", + "namespace": "AWS/ApplicationELB", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Green5xx": { + "id": "Green5xx", + "path": "aws-cdk-codedeploy-ecs-dg/Green5xx", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/Green5xx/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "evaluationPeriods": 1, + "alarmName": "aws-cdk-codedeploy-ecs-dg-Http-500-Green", + "dimensions": [ + { + "name": "LoadBalancer", + "value": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + "/", + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + ] + } + ] + ] + } + }, + { + "name": "TargetGroup", + "value": { + "Fn::GetAtt": [ + "GreenTG71A27F2F", + "TargetGroupFullName" + ] + } + } + ], + "metricName": "HTTPCode_Target_5XX_Count", + "namespace": "AWS/ApplicationELB", + "period": 60, + "statistic": "Sum", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "CanaryConfig": { + "id": "CanaryConfig", + "path": "aws-cdk-codedeploy-ecs-dg/CanaryConfig", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/CanaryConfig/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeDeploy::DeploymentConfig", + "aws:cdk:cloudformation:props": { + "computePlatform": "ECS", + "trafficRoutingConfig": { + "type": "TimeBasedCanary", + "timeBasedCanary": { + "canaryInterval": 1, + "canaryPercentage": 20 + } + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codedeploy.CfnDeploymentConfig", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codedeploy.EcsDeploymentConfig", + "version": "0.0.0" + } + }, + "BlueGreenDG": { + "id": "BlueGreenDG", + "path": "aws-cdk-codedeploy-ecs-dg/BlueGreenDG", + "children": { + "Application": { + "id": "Application", + "path": "aws-cdk-codedeploy-ecs-dg/BlueGreenDG/Application", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/BlueGreenDG/Application/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeDeploy::Application", + "aws:cdk:cloudformation:props": { + "computePlatform": "ECS" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codedeploy.CfnApplication", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codedeploy.EcsApplication", + "version": "0.0.0" + } + }, + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-cdk-codedeploy-ecs-dg/BlueGreenDG/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/BlueGreenDG/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" + }, + "codedeploy" + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AWSCodeDeployRoleForECS" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-codedeploy-ecs-dg/BlueGreenDG/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeDeploy::DeploymentGroup", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "BlueGreenDGApplication3649479D" + }, + "serviceRoleArn": { + "Fn::GetAtt": [ + "BlueGreenDGServiceRole33E3BCAC", + "Arn" + ] + }, + "alarmConfiguration": { + "alarms": [ + { + "name": { + "Ref": "BlueUnhealthyHosts48919A97" + } + }, + { + "name": { + "Ref": "Blue5xx7E9798A6" + } + }, + { + "name": { + "Ref": "GreenUnhealthyHosts8D9D09C1" + } + }, + { + "name": { + "Ref": "Green5xx1A511A06" + } + } + ], + "enabled": true + }, + "autoRollbackConfiguration": { + "enabled": true, + "events": [ + "DEPLOYMENT_FAILURE", + "DEPLOYMENT_STOP_ON_REQUEST", + "DEPLOYMENT_STOP_ON_ALARM" + ] + }, + "blueGreenDeploymentConfiguration": { + "deploymentReadyOption": { + "actionOnTimeout": "CONTINUE_DEPLOYMENT", + "waitTimeInMinutes": 0 + }, + "terminateBlueInstancesOnDeploymentSuccess": { + "action": "TERMINATE", + "terminationWaitTimeInMinutes": 1 + } + }, + "deploymentConfigName": { + "Ref": "CanaryConfig039778DD" + }, + "deploymentStyle": { + "deploymentType": "BLUE_GREEN", + "deploymentOption": "WITH_TRAFFIC_CONTROL" + }, + "ecsServices": [ + { + "clusterName": { + "Ref": "EcsCluster97242B84" + }, + "serviceName": { + "Fn::GetAtt": [ + "FargateServiceAC2B3B85", + "Name" + ] + } + } + ], + "loadBalancerInfo": { + "targetGroupPairInfoList": [ + { + "targetGroups": [ + { + "name": { + "Fn::GetAtt": [ + "ServiceLBProdListenerBlueTGGroupB47699CD", + "TargetGroupName" + ] + } + }, + { + "name": { + "Fn::GetAtt": [ + "GreenTG71A27F2F", + "TargetGroupName" + ] + } + } + ], + "prodTrafficRoute": { + "listenerArns": [ + { + "Ref": "ServiceLBProdListener0E7627EE" + } + ] + }, + "testTrafficRoute": { + "listenerArns": [ + { + "Ref": "ServiceLBTestListener3EA49939" + } + ] + } + } + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codedeploy.CfnDeploymentGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codedeploy.EcsDeploymentGroup", + "version": "0.0.0" + } + }, + "Service-principalMap": { + "id": "Service-principalMap", + "path": "aws-cdk-codedeploy-ecs-dg/Service-principalMap", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnMapping", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "EcsDeploymentGroupTest": { + "id": "EcsDeploymentGroupTest", + "path": "EcsDeploymentGroupTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "EcsDeploymentGroupTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "EcsDeploymentGroupTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.95" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "EcsDeploymentGroupTest/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts index 70750e3406e44..6047e95b09f04 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts @@ -1,6 +1,39 @@ +import { Template } from '@aws-cdk/assertions'; +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as ecs from '@aws-cdk/aws-ecs'; +import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2'; +import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; +import { Duration } from '@aws-cdk/core'; import * as codedeploy from '../../lib'; +const mockCluster = 'my-cluster'; +const mockService = 'my-service'; +const mockRegion = 'my-region'; +const mockAccount = 'my-account'; + +function mockEcsService(stack: cdk.Stack): ecs.IBaseService { + const serviceArn = `arn:aws:ecs:${mockRegion}:${mockAccount}:service/${mockCluster}/${mockService}`; + return ecs.BaseService.fromServiceArnWithCluster(stack, 'Service', serviceArn); +} + +function mockTargetGroup(stack: cdk.Stack, id: string): elbv2.ITargetGroup { + const targetGroupArn = `arn:aws:elasticloadbalancing:${mockRegion}:${mockAccount}:targetgroup/${id}/f7a80aba5edd5980`; + return elbv2.ApplicationTargetGroup.fromTargetGroupAttributes(stack, id, { + targetGroupArn, + }); +} + +function mockListener(stack: cdk.Stack, id: string): elbv2.IListener { + const listenerArn = `arn:aws:elasticloadbalancing:${mockRegion}:${mockAccount}:listener/app/myloadbalancer/lb-12345/${id}`; + const securityGroup = ec2.SecurityGroup.fromSecurityGroupId(stack, 'MySecurityGroup' + id, 'sg-12345678'); + return elbv2.ApplicationListener.fromApplicationListenerAttributes(stack, 'Listener' + id, { + listenerArn, + securityGroup, + }); +} + describe('CodeDeploy ECS DeploymentGroup', () => { describe('imported with fromEcsDeploymentGroupAttributes', () => { test('defaults the Deployment Config to AllAtOnce', () => { @@ -15,4 +48,840 @@ describe('CodeDeploy ECS DeploymentGroup', () => { expect(importedGroup.deploymentConfig).toEqual(codedeploy.EcsDeploymentConfig.ALL_AT_ONCE); }); }); + + test('can be created with default configuration', () => { + const stack = new cdk.Stack(); + + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResource('AWS::CodeDeploy::DeploymentGroup', { + Type: 'AWS::CodeDeploy::DeploymentGroup', + Properties: { + ApplicationName: { + Ref: 'MyDGApplication57B1E402', + }, + ServiceRoleArn: { + 'Fn::GetAtt': [ + 'MyDGServiceRole5E94FD88', + 'Arn', + ], + }, + AutoRollbackConfiguration: { + Enabled: true, + Events: [ + 'DEPLOYMENT_FAILURE', + ], + }, + BlueGreenDeploymentConfiguration: { + DeploymentReadyOption: { + ActionOnTimeout: 'CONTINUE_DEPLOYMENT', + WaitTimeInMinutes: 0, + }, + TerminateBlueInstancesOnDeploymentSuccess: { + Action: 'TERMINATE', + TerminationWaitTimeInMinutes: 0, + }, + }, + DeploymentConfigName: 'CodeDeployDefault.ECSAllAtOnce', + DeploymentStyle: { + DeploymentOption: 'WITH_TRAFFIC_CONTROL', + DeploymentType: 'BLUE_GREEN', + }, + ECSServices: [ + { + ClusterName: 'my-cluster', + ServiceName: 'my-service', + }, + ], + LoadBalancerInfo: { + TargetGroupPairInfoList: [ + { + ProdTrafficRoute: { + ListenerArns: [ + 'arn:aws:elasticloadbalancing:my-region:my-account:listener/app/myloadbalancer/lb-12345/prod', + ], + }, + TargetGroups: [ + { + Name: 'blue', + }, + { + Name: 'green', + }, + ], + }, + ], + }, + }, + }); + + Template.fromStack(stack).hasResource('AWS::CodeDeploy::Application', { + Type: 'AWS::CodeDeploy::Application', + Properties: { + ComputePlatform: 'ECS', + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [{ + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: { + 'Fn::FindInMap': [ + 'ServiceprincipalMap', + { + Ref: 'AWS::Region', + }, + 'codedeploy', + ], + }, + }, + }], + Version: '2012-10-17', + }, + ManagedPolicyArns: [ + { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::aws:policy/AWSCodeDeployRoleForECS', + ], + ], + }, + ], + }); + }); + + test('ECS service properties are updated', () => { + const stack = new cdk.Stack(); + + const vpc = new ec2.Vpc(stack, 'MyVpc'); + const cluster = new ecs.Cluster(stack, 'MyCluster', { + vpc, + }); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'MyTaskDef', { + cpu: 256, + memoryLimitMiB: 512, + family: 'myfamily', + }); + taskDefinition.addContainer('MyContainer', { + image: ecs.ContainerImage.fromRegistry('nginx'), + portMappings: [{ + containerPort: 80, + }], + }); + const service = new ecs.FargateService(stack, 'MyService', { + cluster, + taskDefinition, + }); + + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + ECSServices: [ + { + ClusterName: stack.resolve(cluster.clusterName), + ServiceName: stack.resolve(service.serviceName), + }, + ], + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', { + DeploymentController: { + Type: 'CODE_DEPLOY', + }, + TaskDefinition: 'myfamily', + }); + }); + + test('ECS service properties are updated when the task definition family name is auto-generated', () => { + const stack = new cdk.Stack(); + + const vpc = new ec2.Vpc(stack, 'MyVpc'); + const cluster = new ecs.Cluster(stack, 'MyCluster', { + vpc, + }); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'MyTaskDef', { + cpu: 256, + memoryLimitMiB: 512, + }); + taskDefinition.addContainer('MyContainer', { + image: ecs.ContainerImage.fromRegistry('nginx'), + portMappings: [{ + containerPort: 80, + }], + }); + const service = new ecs.FargateService(stack, 'MyService', { + cluster, + taskDefinition, + }); + + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + ECSServices: [ + { + ClusterName: stack.resolve(cluster.clusterName), + ServiceName: stack.resolve(service.serviceName), + }, + ], + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', { + DeploymentController: { + Type: 'CODE_DEPLOY', + }, + TaskDefinition: 'MyTaskDef', + }); + }); + + test('can be created with explicit name', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + deploymentGroupName: 'test', + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + DeploymentGroupName: 'test', + }); + }); + + test('can be created with explicit application', () => { + const stack = new cdk.Stack(); + const application = codedeploy.EcsApplication.fromEcsApplicationName(stack, 'A', 'myapp'); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + application, + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + ApplicationName: 'myapp', + }); + }); + + test('can be created with explicit deployment config', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_15MINUTES, + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + DeploymentConfigName: 'CodeDeployDefault.ECSCanary10Percent15Minutes', + }); + }); + + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + deploymentGroupName: 'a'.repeat(101), + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + expect(() => app.synth()).toThrow(`Deployment group name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + deploymentGroupName: 'my name', + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + expect(() => app.synth()).toThrow('Deployment group name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); + + test('can be created with explicit role', () => { + const stack = new cdk.Stack(); + const serviceRole = new iam.Role(stack, 'MyRole', { + assumedBy: new iam.ServicePrincipal('not-codedeploy.test'), + }); + + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + role: serviceRole, + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [{ + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'not-codedeploy.test', + }, + }], + Version: '2012-10-17', + }, + ManagedPolicyArns: [ + { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::aws:policy/AWSCodeDeployRoleForECS', + ], + ], + }, + ], + }); + }); + + test('can rollback on alarm', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + alarms: [ + new cloudwatch.Alarm(stack, 'BlueTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'blue/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + }), + new cloudwatch.Alarm(stack, 'GreenTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'green/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + }), + ], + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + AlarmConfiguration: { + Alarms: [ + { + Name: { + Ref: 'BlueTGUnHealthyHostsE5A415E0', + }, + }, + { + Name: { + Ref: 'GreenTGUnHealthyHosts49873ED5', + }, + }, + ], + Enabled: true, + }, + AutoRollbackConfiguration: { + Enabled: true, + Events: [ + 'DEPLOYMENT_FAILURE', + 'DEPLOYMENT_STOP_ON_ALARM', + ], + }, + }); + }); + + test('can add alarms after construction', () => { + const stack = new cdk.Stack(); + const dg = new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + alarms: [ + new cloudwatch.Alarm(stack, 'BlueTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'blue/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + }), + ], + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + dg.addAlarm(new cloudwatch.Alarm(stack, 'GreenTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'green/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + })); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + AlarmConfiguration: { + Alarms: [ + { + Name: { + Ref: 'BlueTGUnHealthyHostsE5A415E0', + }, + }, + { + Name: { + Ref: 'GreenTGUnHealthyHosts49873ED5', + }, + }, + ], + Enabled: true, + }, + AutoRollbackConfiguration: { + Enabled: true, + Events: [ + 'DEPLOYMENT_FAILURE', + 'DEPLOYMENT_STOP_ON_ALARM', + ], + }, + }); + }); + + test('fail if alarm rollbacks are enabled, but no alarms provided', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + autoRollback: { + deploymentInAlarm: true, + }, + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + expect(() => app.synth()).toThrow('The auto-rollback setting \'deploymentInAlarm\' does not have any effect unless you associate at least one CloudWatch alarm with the Deployment Group.'); + }); + + test('can disable rollback when alarm polling fails', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + ignorePollAlarmsFailure: true, + alarms: [ + new cloudwatch.Alarm(stack, 'BlueTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'blue/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + }), + new cloudwatch.Alarm(stack, 'GreenTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'green/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + }), + ], + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + AlarmConfiguration: { + Alarms: [ + { + Name: { + Ref: 'BlueTGUnHealthyHostsE5A415E0', + }, + }, + { + Name: { + Ref: 'GreenTGUnHealthyHosts49873ED5', + }, + }, + ], + Enabled: true, + }, + AutoRollbackConfiguration: { + Enabled: true, + Events: [ + 'DEPLOYMENT_FAILURE', + 'DEPLOYMENT_STOP_ON_ALARM', + ], + }, + }); + }); + + test('can disable rollback when deployment fails', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + autoRollback: { + failedDeployment: false, + }, + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResource('AWS::CodeDeploy::DeploymentGroup', { + Type: 'AWS::CodeDeploy::DeploymentGroup', + Properties: { + ApplicationName: { + Ref: 'MyDGApplication57B1E402', + }, + ServiceRoleArn: { + 'Fn::GetAtt': [ + 'MyDGServiceRole5E94FD88', + 'Arn', + ], + }, + BlueGreenDeploymentConfiguration: { + DeploymentReadyOption: { + ActionOnTimeout: 'CONTINUE_DEPLOYMENT', + WaitTimeInMinutes: 0, + }, + TerminateBlueInstancesOnDeploymentSuccess: { + Action: 'TERMINATE', + TerminationWaitTimeInMinutes: 0, + }, + }, + DeploymentConfigName: 'CodeDeployDefault.ECSAllAtOnce', + DeploymentStyle: { + DeploymentOption: 'WITH_TRAFFIC_CONTROL', + DeploymentType: 'BLUE_GREEN', + }, + ECSServices: [ + { + ClusterName: 'my-cluster', + ServiceName: 'my-service', + }, + ], + LoadBalancerInfo: { + TargetGroupPairInfoList: [ + { + ProdTrafficRoute: { + ListenerArns: [ + 'arn:aws:elasticloadbalancing:my-region:my-account:listener/app/myloadbalancer/lb-12345/prod', + ], + }, + TargetGroups: [ + { + Name: 'blue', + }, + { + Name: 'green', + }, + ], + }, + ], + }, + }, + }); + }); + + test('can enable rollback when deployment stops', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + autoRollback: { + stoppedDeployment: true, + }, + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + AutoRollbackConfiguration: { + Enabled: true, + Events: [ + 'DEPLOYMENT_FAILURE', + 'DEPLOYMENT_STOP_ON_REQUEST', + ], + }, + }); + }); + + test('can disable rollback when alarm in failure state', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + autoRollback: { + deploymentInAlarm: false, + }, + alarms: [ + new cloudwatch.Alarm(stack, 'BlueTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'blue/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + }), + new cloudwatch.Alarm(stack, 'GreenTGUnHealthyHosts', { + metric: new cloudwatch.Metric({ + namespace: 'AWS/ApplicationELB', + metricName: 'UnHealthyHostCount', + dimensionsMap: { + TargetGroup: 'green/f7a80aba5edd5980', + LoadBalancer: 'app/myloadbalancer/lb-12345', + }, + }), + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + threshold: 1, + evaluationPeriods: 1, + }), + ], + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + AlarmConfiguration: { + Alarms: [ + { + Name: { + Ref: 'BlueTGUnHealthyHostsE5A415E0', + }, + }, + { + Name: { + Ref: 'GreenTGUnHealthyHosts49873ED5', + }, + }, + ], + Enabled: true, + }, + AutoRollbackConfiguration: { + Enabled: true, + Events: [ + 'DEPLOYMENT_FAILURE', + ], + }, + }); + }); + + test('can specify a test traffic route', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + testListener: mockListener(stack, 'test'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + LoadBalancerInfo: { + TargetGroupPairInfoList: [ + { + ProdTrafficRoute: { + ListenerArns: [ + 'arn:aws:elasticloadbalancing:my-region:my-account:listener/app/myloadbalancer/lb-12345/prod', + ], + }, + TestTrafficRoute: { + ListenerArns: [ + 'arn:aws:elasticloadbalancing:my-region:my-account:listener/app/myloadbalancer/lb-12345/test', + ], + }, + TargetGroups: [ + { + Name: 'blue', + }, + { + Name: 'green', + }, + ], + }, + ], + }, + }); + }); + + test('can require manual deployment approval', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + deploymentApprovalWaitTime: Duration.hours(8), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + BlueGreenDeploymentConfiguration: { + DeploymentReadyOption: { + ActionOnTimeout: 'STOP_DEPLOYMENT', + WaitTimeInMinutes: 480, + }, + TerminateBlueInstancesOnDeploymentSuccess: { + Action: 'TERMINATE', + TerminationWaitTimeInMinutes: 0, + }, + }, + }); + }); + + test('can add deployment bake time', () => { + const stack = new cdk.Stack(); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + terminationWaitTime: Duration.hours(1), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { + BlueGreenDeploymentConfiguration: { + DeploymentReadyOption: { + ActionOnTimeout: 'CONTINUE_DEPLOYMENT', + WaitTimeInMinutes: 0, + }, + TerminateBlueInstancesOnDeploymentSuccess: { + Action: 'TERMINATE', + TerminationWaitTimeInMinutes: 60, + }, + }, + }); + }); + + test('uses the correct Service Principal in the us-isob-east-1 region', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'CodeDeployLambdaStack', { + env: { region: 'us-isob-east-1' }, + }); + new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + services: [mockEcsService(stack)], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'codedeploy.amazonaws.com', + }, + }, + ], + Version: '2012-10-17', + }, + }); + }); }); diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts new file mode 100644 index 0000000000000..666fbb59ff6d5 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts @@ -0,0 +1,165 @@ +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as ecs from '@aws-cdk/aws-ecs'; +import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2'; +import * as cdk from '@aws-cdk/core'; +import * as integ from '@aws-cdk/integ-tests'; +import * as codedeploy from '../../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-ecs-dg'); + +// Network infrastructure +const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 2 }); + +// ECS service +const cluster = new ecs.Cluster(stack, 'EcsCluster', { + vpc, +}); +const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef'); +taskDefinition.addContainer('Container', { + image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'), + portMappings: [{ containerPort: 80 }], +}); +const service = new ecs.FargateService(stack, 'FargateService', { + cluster, + taskDefinition, +}); + +// A second task definition for testing a CodeDeploy deployment of the ECS service to a new task definition +const taskDefinition2 = new ecs.FargateTaskDefinition(stack, 'TaskDef2'); +taskDefinition2.addContainer('Container', { + image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'), + portMappings: [{ containerPort: 80 }], +}); +service.node.addDependency(taskDefinition2); + +// Load balancer +const loadBalancer = new elbv2.ApplicationLoadBalancer(stack, 'ServiceLB', { + vpc, + internetFacing: false, +}); + +// Listeners +const prodListener = loadBalancer.addListener('ProdListener', { + port: 80, // port for production traffic + protocol: elbv2.ApplicationProtocol.HTTP, +}); +const testListener = loadBalancer.addListener('TestListener', { + port: 9002, // port for testing + protocol: elbv2.ApplicationProtocol.HTTP, +}); + +// Target groups +const blueTG = prodListener.addTargets('BlueTG', { + port: 80, + protocol: elbv2.ApplicationProtocol.HTTP, + targets: [ + service.loadBalancerTarget({ + containerName: 'Container', + containerPort: 80, + }), + ], + deregistrationDelay: cdk.Duration.seconds(30), + healthCheck: { + interval: cdk.Duration.seconds(5), + healthyHttpCodes: '200', + healthyThresholdCount: 2, + unhealthyThresholdCount: 3, + timeout: cdk.Duration.seconds(4), + }, +}); + +const greenTG = new elbv2.ApplicationTargetGroup(stack, 'GreenTG', { + vpc, + port: 80, + protocol: elbv2.ApplicationProtocol.HTTP, + targetType: elbv2.TargetType.IP, + deregistrationDelay: cdk.Duration.seconds(30), + healthCheck: { + interval: cdk.Duration.seconds(5), + healthyHttpCodes: '200', + healthyThresholdCount: 2, + unhealthyThresholdCount: 3, + timeout: cdk.Duration.seconds(4), + }, +}); + +testListener.addTargetGroups('GreenTGTest', { + targetGroups: [greenTG], +}); + +prodListener.node.addDependency(greenTG); +testListener.node.addDependency(blueTG); +service.node.addDependency(testListener); +service.node.addDependency(greenTG); + +// Alarms: monitor 500s and unhealthy hosts on target groups +const blueUnhealthyHosts = new cloudwatch.Alarm(stack, 'BlueUnhealthyHosts', { + alarmName: stack.stackName + '-Unhealthy-Hosts-Blue', + metric: blueTG.metricUnhealthyHostCount(), + threshold: 1, + evaluationPeriods: 2, +}); + +const blueApiFailure = new cloudwatch.Alarm(stack, 'Blue5xx', { + alarmName: stack.stackName + '-Http-500-Blue', + metric: blueTG.metricHttpCodeTarget( + elbv2.HttpCodeTarget.TARGET_5XX_COUNT, + { period: cdk.Duration.minutes(1) }, + ), + threshold: 1, + evaluationPeriods: 1, +}); + +const greenUnhealthyHosts = new cloudwatch.Alarm(stack, 'GreenUnhealthyHosts', { + alarmName: stack.stackName + '-Unhealthy-Hosts-Green', + metric: greenTG.metricUnhealthyHostCount(), + threshold: 1, + evaluationPeriods: 2, +}); + +const greenApiFailure = new cloudwatch.Alarm(stack, 'Green5xx', { + alarmName: stack.stackName + '-Http-500-Green', + metric: greenTG.metricHttpCodeTarget( + elbv2.HttpCodeTarget.TARGET_5XX_COUNT, + { period: cdk.Duration.minutes(1) }, + ), + threshold: 1, + evaluationPeriods: 1, +}); + +// Deployment group +const deploymentConfig = new codedeploy.EcsDeploymentConfig(stack, 'CanaryConfig', { + trafficRouting: codedeploy.TrafficRouting.timeBasedCanary({ + interval: cdk.Duration.minutes(1), + percentage: 20, + }), +}); + +new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { + alarms: [ + blueUnhealthyHosts, + blueApiFailure, + greenUnhealthyHosts, + greenApiFailure, + ], + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup: blueTG, + greenTargetGroup: greenTG, + listener: prodListener, + testListener, + terminationWaitTime: cdk.Duration.minutes(1), + }, + deploymentConfig, + autoRollback: { + stoppedDeployment: true, + }, +}); + +new integ.IntegTest(app, 'EcsDeploymentGroupTest', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index 8242e28ec64ab..d2102e5e703fc 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -1,9 +1,9 @@ import * as ec2 from '@aws-cdk/aws-ec2'; import * as cxschema from '@aws-cdk/cloud-assembly-schema'; -import { Duration, IResource, Lazy, Resource, Token } from '@aws-cdk/core'; +import { Duration, Lazy, Resource, Token } from '@aws-cdk/core'; import * as cxapi from '@aws-cdk/cx-api'; import { Construct } from 'constructs'; -import { BaseListener, BaseListenerLookupOptions } from '../shared/base-listener'; +import { BaseListener, BaseListenerLookupOptions, IListener } from '../shared/base-listener'; import { HealthCheck } from '../shared/base-target-group'; import { ApplicationProtocol, ApplicationProtocolVersion, TargetGroupLoadBalancingAlgorithmType, IpAddressType, SslPolicy } from '../shared/enums'; import { IListenerCertificate, ListenerCertificate } from '../shared/listener-certificate'; @@ -485,13 +485,7 @@ export class ApplicationListener extends BaseListener implements IApplicationLis /** * Properties to reference an existing listener */ -export interface IApplicationListener extends IResource, ec2.IConnectable { - /** - * ARN of the listener - * @attribute - */ - readonly listenerArn: string; - +export interface IApplicationListener extends IListener, ec2.IConnectable { /** * Add one or more certificates to this listener. * @deprecated use `addCertificates()` diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts index df043d06282b7..64f5050573e45 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts @@ -1,7 +1,7 @@ import * as cxschema from '@aws-cdk/cloud-assembly-schema'; -import { Duration, IResource, Resource, Lazy } from '@aws-cdk/core'; +import { Duration, Resource, Lazy } from '@aws-cdk/core'; import { Construct } from 'constructs'; -import { BaseListener, BaseListenerLookupOptions } from '../shared/base-listener'; +import { BaseListener, BaseListenerLookupOptions, IListener } from '../shared/base-listener'; import { HealthCheck } from '../shared/base-target-group'; import { AlpnPolicy, Protocol, SslPolicy } from '../shared/enums'; import { IListenerCertificate } from '../shared/listener-certificate'; @@ -311,12 +311,7 @@ export class NetworkListener extends BaseListener implements INetworkListener { /** * Properties to reference an existing listener */ -export interface INetworkListener extends IResource { - /** - * ARN of the listener - * @attribute - */ - readonly listenerArn: string; +export interface INetworkListener extends IListener { } /** diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-listener.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-listener.ts index da4174c157820..b9ec37208e53b 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-listener.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-listener.ts @@ -1,5 +1,5 @@ import * as cxschema from '@aws-cdk/cloud-assembly-schema'; -import { Annotations, ContextProvider, Lazy, Resource, Token } from '@aws-cdk/core'; +import { Annotations, ContextProvider, IResource, Lazy, Resource, Token } from '@aws-cdk/core'; import * as cxapi from '@aws-cdk/cx-api'; import { Construct } from 'constructs'; import { CfnListener } from '../elasticloadbalancingv2.generated'; @@ -56,10 +56,21 @@ export interface ListenerQueryContextProviderOptions { readonly listenerProtocol?: cxschema.LoadBalancerListenerProtocol; } +/** + * Base interface for listeners + */ +export interface IListener extends IResource { + /** + * ARN of the listener + * @attribute + */ + readonly listenerArn: string; +} + /** * Base class for listeners */ -export abstract class BaseListener extends Resource { +export abstract class BaseListener extends Resource implements IListener { /** * Queries the load balancer listener context provider for load balancer * listener info. From b7ddeb69a3c298849de5056fcdb33d44e1c71f6e Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Thu, 29 Sep 2022 14:20:16 -0700 Subject: [PATCH 02/12] Add manual integ test instructions --- .../aws-codedeploy/test/ecs/appspec.json | 30 ++++++++ .../test/ecs/integ.deployment-group.ts | 73 ++++++++++++++++++- 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json new file mode 100644 index 0000000000000..f02be768d6c23 --- /dev/null +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json @@ -0,0 +1,30 @@ +{ + "version": 0.0, + "Resources": [ + { + "TargetService": { + "Type": "AWS::ECS::Service", + "Properties": { + "TaskDefinition": "arn:aws:ecs:us-west-2:131296546870:task-definition/awscdkcodedeployecsdgTaskDef22B5CE8FC:1", + "LoadBalancerInfo": { + "ContainerName": "Container", + "ContainerPort": 80 + }, + "PlatformVersion": "LATEST", + "NetworkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-08d31f7f022ec65d3", + "subnet-04e8f37191b1c403f", + ], + "securityGroups": [ + "sg-03dd2e4fd5c871577" + ], + "assignPublicIp": "DISABLED" + } + } + } + } + } + ] +} diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts index 666fbb59ff6d5..c52ff97828d9d 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts @@ -6,6 +6,69 @@ import * as cdk from '@aws-cdk/core'; import * as integ from '@aws-cdk/integ-tests'; import * as codedeploy from '../../lib'; +/** + * Follow these instructions to manually test running a CodeDeploy deployment with the resources provisioned in this stack: + * + * 1. Deploy the stack: +``` +$ cdk deploy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg +``` + * + * 2. Create a file called `appspec.json` with the following contents, replacing the placeholders with output values from the deployed stack: +``` +{ + "version": 0.0, + "Resources": [ + { + "TargetService": { + "Type": "AWS::ECS::Service", + "Properties": { + "TaskDefinition": "", + "LoadBalancerInfo": { + "ContainerName": "Container", + "ContainerPort": 80 + }, + "PlatformVersion": "LATEST", + "NetworkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "", + "", + ], + "securityGroups": [ + "" + ], + "assignPublicIp": "DISABLED" + } + } + } + } + } + ] +} +``` + * + * 3. Start the deployment: +``` +$ appspec=$(jq -R -s '.' < appspec.json | sed 's/\\n//g') +$ aws deploy create-deployment \ + --application-name \ + --deployment-group-name \ + --description "AWS CDK integ test" \ + --revision revisionType=AppSpecContent,appSpecContent={content="$appspec"} +``` + * + * 4. Wait for the deployment to complete successfully, providing the deployment ID from the previous step: +``` +$ aws deploy wait deployment-successful --deployment-id +``` + * + * 5. Destroy the stack: +``` +$ cdk destroy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg +``` + */ + const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-ecs-dg'); @@ -137,7 +200,7 @@ const deploymentConfig = new codedeploy.EcsDeploymentConfig(stack, 'CanaryConfig }), }); -new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { +const dg = new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { alarms: [ blueUnhealthyHosts, blueApiFailure, @@ -158,6 +221,14 @@ new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { }, }); +// Outputs to use for manual testing +new cdk.CfnOutput(stack, 'NewTaskDefinition', { value: taskDefinition2.taskDefinitionArn }); +new cdk.CfnOutput(stack, 'Subnet1Id', { value: vpc.privateSubnets[0].subnetId }); +new cdk.CfnOutput(stack, 'Subnet2Id', { value: vpc.privateSubnets[1].subnetId }); +new cdk.CfnOutput(stack, 'SecurityGroupId', { value: service.connections.securityGroups[0].securityGroupId }); +new cdk.CfnOutput(stack, 'CodeDeployApplicationName', { value: dg.application.applicationName }); +new cdk.CfnOutput(stack, 'CodeDeployDeploymentGroupName', { value: dg.deploymentGroupName }); + new integ.IntegTest(app, 'EcsDeploymentGroupTest', { testCases: [stack], }); From e2b3302949ce1079c4153b411911735afed0a289 Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Thu, 29 Sep 2022 14:34:26 -0700 Subject: [PATCH 03/12] Update packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts Co-authored-by: Cory Hall <43035978+corymhall@users.noreply.github.com> --- packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts index bcfee828f3587..936fa68610126 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts @@ -284,7 +284,7 @@ export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGr // If the deployment config is a construct, add a dependency to ensure the deployment config // is created before the deployment group is. - if (this.deploymentConfig instanceof Construct) { + if (Construct.isConstruct(this.deploymentConfig)) { this.node.addDependency(this.deploymentConfig); } From 2f26f6caf0e388ace4c21c2a3cdbd43de8929783 Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Thu, 29 Sep 2022 15:23:20 -0700 Subject: [PATCH 04/12] Update integ test snapshot --- .../aws-cdk-codedeploy-ecs-dg.assets.json | 4 +- .../aws-cdk-codedeploy-ecs-dg.template.json | 35 ++++++++++++++ .../manifest.json | 38 ++++++++++++++- .../deployment-group.integ.snapshot/tree.json | 48 +++++++++++++++++++ 4 files changed, 122 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json index 986c748373554..264618b304aa6 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.assets.json @@ -1,7 +1,7 @@ { "version": "21.0.0", "files": { - "cb953019881f048318168478ff610f1d0c79d74d9e309487bb4c8b7df50e2d0c": { + "b345fcd928aa6573be6176063244174d3eba0846591860ef06360cba511c70f4": { "source": { "path": "aws-cdk-codedeploy-ecs-dg.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "cb953019881f048318168478ff610f1d0c79d74d9e309487bb4c8b7df50e2d0c.json", + "objectKey": "b345fcd928aa6573be6176063244174d3eba0846591860ef06360cba511c70f4.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json index 8f040f4787658..6aff352181e18 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json @@ -1261,6 +1261,41 @@ ] } }, + "Outputs": { + "NewTaskDefinition": { + "Value": { + "Ref": "TaskDef2C6A35A16" + } + }, + "Subnet1Id": { + "Value": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + }, + "Subnet2Id": { + "Value": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + }, + "SecurityGroupId": { + "Value": { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + } + }, + "CodeDeployApplicationName": { + "Value": { + "Ref": "BlueGreenDGApplication3649479D" + } + }, + "CodeDeployDeploymentGroupName": { + "Value": { + "Ref": "BlueGreenDG373AB9B0" + } + } + }, "Mappings": { "ServiceprincipalMap": { "af-south-1": { diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json index 12b33921e09d8..41094d47e9452 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cb953019881f048318168478ff610f1d0c79d74d9e309487bb4c8b7df50e2d0c.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b345fcd928aa6573be6176063244174d3eba0846591860ef06360cba511c70f4.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -315,6 +315,42 @@ "data": "BlueGreenDG373AB9B0" } ], + "/aws-cdk-codedeploy-ecs-dg/NewTaskDefinition": [ + { + "type": "aws:cdk:logicalId", + "data": "NewTaskDefinition" + } + ], + "/aws-cdk-codedeploy-ecs-dg/Subnet1Id": [ + { + "type": "aws:cdk:logicalId", + "data": "Subnet1Id" + } + ], + "/aws-cdk-codedeploy-ecs-dg/Subnet2Id": [ + { + "type": "aws:cdk:logicalId", + "data": "Subnet2Id" + } + ], + "/aws-cdk-codedeploy-ecs-dg/SecurityGroupId": [ + { + "type": "aws:cdk:logicalId", + "data": "SecurityGroupId" + } + ], + "/aws-cdk-codedeploy-ecs-dg/CodeDeployApplicationName": [ + { + "type": "aws:cdk:logicalId", + "data": "CodeDeployApplicationName" + } + ], + "/aws-cdk-codedeploy-ecs-dg/CodeDeployDeploymentGroupName": [ + { + "type": "aws:cdk:logicalId", + "data": "CodeDeployDeploymentGroupName" + } + ], "/aws-cdk-codedeploy-ecs-dg/Service-principalMap": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json index f0aad8c03bcb1..ee435489dbcf4 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/tree.json @@ -1895,6 +1895,54 @@ "version": "0.0.0" } }, + "NewTaskDefinition": { + "id": "NewTaskDefinition", + "path": "aws-cdk-codedeploy-ecs-dg/NewTaskDefinition", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "Subnet1Id": { + "id": "Subnet1Id", + "path": "aws-cdk-codedeploy-ecs-dg/Subnet1Id", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "Subnet2Id": { + "id": "Subnet2Id", + "path": "aws-cdk-codedeploy-ecs-dg/Subnet2Id", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "SecurityGroupId": { + "id": "SecurityGroupId", + "path": "aws-cdk-codedeploy-ecs-dg/SecurityGroupId", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "CodeDeployApplicationName": { + "id": "CodeDeployApplicationName", + "path": "aws-cdk-codedeploy-ecs-dg/CodeDeployApplicationName", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "CodeDeployDeploymentGroupName": { + "id": "CodeDeployDeploymentGroupName", + "path": "aws-cdk-codedeploy-ecs-dg/CodeDeployDeploymentGroupName", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, "Service-principalMap": { "id": "Service-principalMap", "path": "aws-cdk-codedeploy-ecs-dg/Service-principalMap", From 6344972a263f9639acb6956936b7e7ea3eab39c2 Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Thu, 29 Sep 2022 19:56:35 -0700 Subject: [PATCH 05/12] Add note about CfnCodeDeployBlueGreenHook option --- packages/@aws-cdk/aws-codedeploy/README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-codedeploy/README.md b/packages/@aws-cdk/aws-codedeploy/README.md index 837a59e798809..184e90481237a 100644 --- a/packages/@aws-cdk/aws-codedeploy/README.md +++ b/packages/@aws-cdk/aws-codedeploy/README.md @@ -427,7 +427,7 @@ new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { }); ``` -In order to deploy a new task definition version of the ECS service, +In order to deploy a new task definition version to the ECS service, deploy the changes directly through CodeDeploy using the CodeDeploy APIs or console. When the `CODE_DEPLOY` deployment controller is used, the ECS service cannot be deployed with a new task definition version through CloudFormation. @@ -436,6 +436,13 @@ For more information on the behavior of CodeDeploy blue-green deployments for EC [What happens during an Amazon ECS deployment](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-steps-ecs.html#deployment-steps-what-happens) in the CodeDeploy user guide. +Note: If you wish to deploy updates to your ECS service through CDK and CloudFormation instead of directly through CodeDeploy, +using the [`CfnCodeDeployBlueGreenHook`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.CfnCodeDeployBlueGreenHook.html) +construct is the recommended approach instead of using the `EcsDeploymentGroup` construct. For a comparison +of ECS blue-green deployments through CodeDeploy (using `EcsDeploymentGroup`) and through CloudFormation (using `CfnCodeDeployBlueGreenHook`), +see [Create an Amazon ECS blue/green deployment through AWS CloudFormation](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-create-ecs-cfn.html#differences-ecs-bg-cfn) +in the CloudFormation user guide. + ### ECS Deployment Rollbacks and Alarms CodeDeploy will automatically roll back if a deployment fails. From d8d9e57746ddb708816c5906dc8c5014e85d970d Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Fri, 30 Sep 2022 08:24:13 -0700 Subject: [PATCH 06/12] Remove instanceof --- .../@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts index 936fa68610126..c2eebc178eee3 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts @@ -1,5 +1,6 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import * as ecs from '@aws-cdk/aws-ecs'; +import { BaseService } from '@aws-cdk/aws-ecs'; import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2'; import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; @@ -238,7 +239,7 @@ export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGr this.deploymentConfig = props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE; for (const service of props.services) { - if (service instanceof ecs.BaseService) { + if (cdk.Resource.isOwnedResource(service)) { // Ensure the service's deployment controller is CodeDeploy const cfnService = service.node.defaultChild as ecs.CfnService; cfnService.deploymentController = { type: ecs.DeploymentControllerType.CODE_DEPLOY }; @@ -246,8 +247,9 @@ export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGr // Strip the revision ID from the service's task definition property to // prevent new task def revisions in the stack from triggering updates // to the stack's ECS service resource - cfnService.taskDefinition = service.taskDefinition.family; - service.node.addDependency(service.taskDefinition); + const taskDef = (service as BaseService).taskDefinition; + cfnService.taskDefinition = taskDef.family; + service.node.addDependency(taskDef); } } From 47439a5d36edab671253a170d2d9f1bbc93fadc9 Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Thu, 6 Oct 2022 09:49:22 -0400 Subject: [PATCH 07/12] Update packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts Co-authored-by: Casey Lee --- packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts index c2eebc178eee3..4a1643adaf89f 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts @@ -163,7 +163,7 @@ export interface EcsDeploymentGroupProps { * configuring the service's deployment controller property to be `CODE_DEPLOY`. * * For non-imported services, the ECS service's task definition property will also - * be updated to remove thetask definition revision ID. This change prevents CloudFormation from + * be updated to remove the task definition revision ID. This change prevents CloudFormation from * attempting to re-deploy the service when a new revision of the task definition is * created by the stack. In order to deploy a new task definition revision to the ECS * service after stack creation, deploy the change directly through CodeDeploy using From 912b24469f65cf7717ab7fb6a5b822e4a2d1200b Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Tue, 11 Oct 2022 20:56:22 -0700 Subject: [PATCH 08/12] Remove logic that modifies ECS service inside the CodeDeploy construct, fix samples in README --- packages/@aws-cdk/aws-codedeploy/README.md | 28 ++++-- .../lib/ecs/deployment-group.ts | 31 +----- .../aws-cdk-codedeploy-ecs-dg.template.json | 12 +-- .../test/ecs/deployment-group.test.ts | 97 ------------------- .../test/ecs/integ.deployment-group.ts | 3 + 5 files changed, 27 insertions(+), 144 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/README.md b/packages/@aws-cdk/aws-codedeploy/README.md index 184e90481237a..e28582fb001c0 100644 --- a/packages/@aws-cdk/aws-codedeploy/README.md +++ b/packages/@aws-cdk/aws-codedeploy/README.md @@ -407,14 +407,23 @@ When you publish a new version of the task definition and start a CodeDeploy dep CodeDeploy can send a small percentage of traffic to the new 'green' task set behind the 'green' target group, monitor, and validate before shifting 100% of traffic to the new version. -To create a new CodeDeploy Deployment Group that deploys to a ECS service: +To create a new CodeDeploy Deployment Group that deploys to an ECS service: ```ts declare const myApplication: codedeploy.EcsApplication; -declare const service: ecs.FargateService; -declare const blueTargetGroup = elbv2.ITargetGroup; -declare const greenTargetGroup = elbv2.ITargetGroup; -declare const listener = elbv2.IApplicationListener; +declare const cluster: ecs.Cluster; +declare const taskDefinition: ecs.FargateTaskDefinition; +declare const blueTargetGroup: elbv2.ITargetGroup; +declare const greenTargetGroup: elbv2.ITargetGroup; +declare const listener: elbv2.IApplicationListener; + +const service = new ecs.FargateService(this, 'Service', { + cluster, + taskDefinition, + deploymentController: { + type: ecs.DeploymentControllerType.CODE_DEPLOY, + }, +}); new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { services: [service], @@ -521,10 +530,10 @@ task set/target group prior to shifting any production traffic during the deploy ```ts declare const myApplication: codedeploy.EcsApplication; declare const service: ecs.FargateService; -declare const blueTargetGroup = elbv2.ITargetGroup; -declare const greenTargetGroup = elbv2.ITargetGroup; -declare const listener = elbv2.IApplicationListener; -declare const testListener = elbv2.IApplicationListener; +declare const blueTargetGroup: elbv2.ITargetGroup; +declare const greenTargetGroup: elbv2.ITargetGroup; +declare const listener: elbv2.IApplicationListener; +declare const testListener: elbv2.IApplicationListener; new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { services: [service], @@ -535,6 +544,7 @@ new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { testListener, }, deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES, +}); ``` Automated validation steps can run during the CodeDeploy deployment after shifting test traffic and before diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts index 4a1643adaf89f..37b856b20c309 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts @@ -1,6 +1,5 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import * as ecs from '@aws-cdk/aws-ecs'; -import { BaseService } from '@aws-cdk/aws-ecs'; import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2'; import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; @@ -155,20 +154,7 @@ export interface EcsDeploymentGroupProps { readonly role?: iam.IRole; /** - * The ECS services to deploy. - * - * If you provide an {@link ecs.BaseService} such as {@link ecs.FargateService}, - * the ECS service's deployment controller property will be automatically updated to - * `CODE_DEPLOY`. If you provide an imported ECS service, you are responsible for - * configuring the service's deployment controller property to be `CODE_DEPLOY`. - * - * For non-imported services, the ECS service's task definition property will also - * be updated to remove the task definition revision ID. This change prevents CloudFormation from - * attempting to re-deploy the service when a new revision of the task definition is - * created by the stack. In order to deploy a new task definition revision to the ECS - * service after stack creation, deploy the change directly through CodeDeploy using - * the CodeDeploy APIs or console. When the `CODE_DEPLOY` deployment controller is used, - * the ECS service cannot be deployed with a new task definition revision through CloudFormation. + * The ECS services to deploy with this Deployment Group. */ readonly services: ecs.IBaseService[]; @@ -238,21 +224,6 @@ export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGr this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCodeDeployRoleForECS')); this.deploymentConfig = props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE; - for (const service of props.services) { - if (cdk.Resource.isOwnedResource(service)) { - // Ensure the service's deployment controller is CodeDeploy - const cfnService = service.node.defaultChild as ecs.CfnService; - cfnService.deploymentController = { type: ecs.DeploymentControllerType.CODE_DEPLOY }; - - // Strip the revision ID from the service's task definition property to - // prevent new task def revisions in the stack from triggering updates - // to the stack's ECS service resource - const taskDef = (service as BaseService).taskDefinition; - cfnService.taskDefinition = taskDef.family; - service.node.addDependency(taskDef); - } - } - const resource = new CfnDeploymentGroup(this, 'Resource', { applicationName: this.application.applicationName, serviceRoleArn: this.role.roleArn, diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json index 6aff352181e18..34baac67eec95 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json @@ -488,15 +488,15 @@ ] } }, - "TaskDefinition": "awscdkcodedeployecsdgTaskDef25A5A14D" + "TaskDefinition": { + "Ref": "TaskDef54694570" + } }, "DependsOn": [ "GreenTG71A27F2F", "ServiceLBProdListenerBlueTGGroupB47699CD", "ServiceLBProdListener0E7627EE", "ServiceLBTestListener3EA49939", - "TaskDef54694570", - "TaskDefTaskRole1EDB4A67", "TaskDef2C6A35A16", "TaskDef2TaskRole5A51C717" ] @@ -519,8 +519,6 @@ "DependsOn": [ "GreenTG71A27F2F", "ServiceLBTestListener3EA49939", - "TaskDef54694570", - "TaskDefTaskRole1EDB4A67", "TaskDef2C6A35A16", "TaskDef2TaskRole5A51C717" ] @@ -548,8 +546,6 @@ "DependsOn": [ "GreenTG71A27F2F", "ServiceLBTestListener3EA49939", - "TaskDef54694570", - "TaskDefTaskRole1EDB4A67", "TaskDef2C6A35A16", "TaskDef2TaskRole5A51C717" ] @@ -1424,4 +1420,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts index 6047e95b09f04..1dae4f621f74a 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts @@ -163,103 +163,6 @@ describe('CodeDeploy ECS DeploymentGroup', () => { }); }); - test('ECS service properties are updated', () => { - const stack = new cdk.Stack(); - - const vpc = new ec2.Vpc(stack, 'MyVpc'); - const cluster = new ecs.Cluster(stack, 'MyCluster', { - vpc, - }); - const taskDefinition = new ecs.FargateTaskDefinition(stack, 'MyTaskDef', { - cpu: 256, - memoryLimitMiB: 512, - family: 'myfamily', - }); - taskDefinition.addContainer('MyContainer', { - image: ecs.ContainerImage.fromRegistry('nginx'), - portMappings: [{ - containerPort: 80, - }], - }); - const service = new ecs.FargateService(stack, 'MyService', { - cluster, - taskDefinition, - }); - - new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { - services: [service], - blueGreenDeploymentConfig: { - blueTargetGroup: mockTargetGroup(stack, 'blue'), - greenTargetGroup: mockTargetGroup(stack, 'green'), - listener: mockListener(stack, 'prod'), - }, - }); - - Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { - ECSServices: [ - { - ClusterName: stack.resolve(cluster.clusterName), - ServiceName: stack.resolve(service.serviceName), - }, - ], - }); - - Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', { - DeploymentController: { - Type: 'CODE_DEPLOY', - }, - TaskDefinition: 'myfamily', - }); - }); - - test('ECS service properties are updated when the task definition family name is auto-generated', () => { - const stack = new cdk.Stack(); - - const vpc = new ec2.Vpc(stack, 'MyVpc'); - const cluster = new ecs.Cluster(stack, 'MyCluster', { - vpc, - }); - const taskDefinition = new ecs.FargateTaskDefinition(stack, 'MyTaskDef', { - cpu: 256, - memoryLimitMiB: 512, - }); - taskDefinition.addContainer('MyContainer', { - image: ecs.ContainerImage.fromRegistry('nginx'), - portMappings: [{ - containerPort: 80, - }], - }); - const service = new ecs.FargateService(stack, 'MyService', { - cluster, - taskDefinition, - }); - - new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { - services: [service], - blueGreenDeploymentConfig: { - blueTargetGroup: mockTargetGroup(stack, 'blue'), - greenTargetGroup: mockTargetGroup(stack, 'green'), - listener: mockListener(stack, 'prod'), - }, - }); - - Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', { - ECSServices: [ - { - ClusterName: stack.resolve(cluster.clusterName), - ServiceName: stack.resolve(service.serviceName), - }, - ], - }); - - Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', { - DeploymentController: { - Type: 'CODE_DEPLOY', - }, - TaskDefinition: 'MyTaskDef', - }); - }); - test('can be created with explicit name', () => { const stack = new cdk.Stack(); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts index c52ff97828d9d..e5499a39bf2b6 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts @@ -87,6 +87,9 @@ taskDefinition.addContainer('Container', { const service = new ecs.FargateService(stack, 'FargateService', { cluster, taskDefinition, + deploymentController: { + type: ecs.DeploymentControllerType.CODE_DEPLOY, + }, }); // A second task definition for testing a CodeDeploy deployment of the ECS service to a new task definition From 798722f57f9938ce25790a7d5c8f4f495f079d3a Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Thu, 20 Oct 2022 13:23:05 -0700 Subject: [PATCH 09/12] chore: Remove appspec file --- .../aws-codedeploy/test/ecs/appspec.json | 30 ------------------- 1 file changed, 30 deletions(-) delete mode 100644 packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json deleted file mode 100644 index f02be768d6c23..0000000000000 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/appspec.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "version": 0.0, - "Resources": [ - { - "TargetService": { - "Type": "AWS::ECS::Service", - "Properties": { - "TaskDefinition": "arn:aws:ecs:us-west-2:131296546870:task-definition/awscdkcodedeployecsdgTaskDef22B5CE8FC:1", - "LoadBalancerInfo": { - "ContainerName": "Container", - "ContainerPort": 80 - }, - "PlatformVersion": "LATEST", - "NetworkConfiguration": { - "awsvpcConfiguration": { - "subnets": [ - "subnet-08d31f7f022ec65d3", - "subnet-04e8f37191b1c403f", - ], - "securityGroups": [ - "sg-03dd2e4fd5c871577" - ], - "assignPublicIp": "DISABLED" - } - } - } - } - } - ] -} From 21665c3d6ca99a4a156882c6afe9ca1c22177cea Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Fri, 21 Oct 2022 11:44:05 -0700 Subject: [PATCH 10/12] fix: validate ECS service in deployment group construct --- .../lib/ecs/deployment-group.ts | 18 ++++++ .../aws-cdk-codedeploy-ecs-dg.template.json | 10 ++- .../test/ecs/deployment-group.test.ts | 61 +++++++++++++++++++ .../@aws-cdk/aws-ecs/lib/base/base-service.ts | 8 +++ .../aws-ecs/test/ec2/ec2-service.test.ts | 40 +++++++++++- .../test/fargate/fargate-service.test.ts | 42 ++++++++++++- 6 files changed, 171 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts index 37b856b20c309..c771947065d8f 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts @@ -224,6 +224,24 @@ export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGr this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCodeDeployRoleForECS')); this.deploymentConfig = props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE; + for (const service of props.services) { + if (cdk.Resource.isOwnedResource(service)) { + const cfnSvc = (service as ecs.BaseService).node.defaultChild as ecs.CfnService; + if (cfnSvc.deploymentController === undefined || + (cfnSvc.deploymentController! as ecs.CfnService.DeploymentControllerProperty).type !== ecs.DeploymentControllerType.CODE_DEPLOY) { + throw new Error( + 'The ECS service associated with the deployment group must use the CODE_DEPLOY deployment controller type', + ); + } + + if (cfnSvc.taskDefinition !== (service as ecs.BaseService).taskDefinition.family) { + throw new Error( + 'The ECS service associated with the deployment group must specify the task definition using the task definition family name only. Otherwise, the task definition cannot be updated in the stack', + ); + } + } + } + const resource = new CfnDeploymentGroup(this, 'Resource', { applicationName: this.application.applicationName, serviceRoleArn: this.role.roleArn, diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json index 34baac67eec95..9e21c911a2d42 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.integ.snapshot/aws-cdk-codedeploy-ecs-dg.template.json @@ -488,15 +488,15 @@ ] } }, - "TaskDefinition": { - "Ref": "TaskDef54694570" - } + "TaskDefinition": "awscdkcodedeployecsdgTaskDef25A5A14D" }, "DependsOn": [ "GreenTG71A27F2F", "ServiceLBProdListenerBlueTGGroupB47699CD", "ServiceLBProdListener0E7627EE", "ServiceLBTestListener3EA49939", + "TaskDef54694570", + "TaskDefTaskRole1EDB4A67", "TaskDef2C6A35A16", "TaskDef2TaskRole5A51C717" ] @@ -519,6 +519,8 @@ "DependsOn": [ "GreenTG71A27F2F", "ServiceLBTestListener3EA49939", + "TaskDef54694570", + "TaskDefTaskRole1EDB4A67", "TaskDef2C6A35A16", "TaskDef2TaskRole5A51C717" ] @@ -546,6 +548,8 @@ "DependsOn": [ "GreenTG71A27F2F", "ServiceLBTestListener3EA49939", + "TaskDef54694570", + "TaskDefTaskRole1EDB4A67", "TaskDef2C6A35A16", "TaskDef2TaskRole5A51C717" ] diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts index 1dae4f621f74a..d1f9bf23866bc 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts @@ -247,6 +247,67 @@ describe('CodeDeploy ECS DeploymentGroup', () => { expect(() => app.synth()).toThrow('Deployment group name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); }); + test('fail when ECS service does not use CODE_DEPLOY deployment controller', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + }); + + const service = new ecs.FargateService(stack, 'FargateService', { + cluster, + taskDefinition, + deploymentController: { + type: ecs.DeploymentControllerType.ECS, + }, + }); + + expect(() => new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + deploymentGroupName: 'a'.repeat(101), + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + })).toThrow('The ECS service associated with the deployment group must use the CODE_DEPLOY deployment controller type'); + }); + + test('fail when ECS service uses CODE_DEPLOY deployment controller, but did not strip the revision ID from the task definition', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + }); + + const service = new ecs.FargateService(stack, 'FargateService', { + cluster, + taskDefinition, + deploymentController: { + type: ecs.DeploymentControllerType.CODE_DEPLOY, + }, + }); + (service.node.defaultChild as ecs.CfnService).taskDefinition = 'arn:aws:ecs:us-west-2:123456789012:task-definition/hello_world:8'; + + expect(() => new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { + deploymentGroupName: 'a'.repeat(101), + services: [service], + blueGreenDeploymentConfig: { + blueTargetGroup: mockTargetGroup(stack, 'blue'), + greenTargetGroup: mockTargetGroup(stack, 'green'), + listener: mockListener(stack, 'prod'), + }, + })).toThrow('The ECS service associated with the deployment group must specify the task definition using the task definition family name only. Otherwise, the task definition cannot be updated in the stack'); + }); + test('can be created with explicit role', () => { const stack = new cdk.Stack(); const serviceRole = new iam.Role(stack, 'MyRole', { diff --git a/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts b/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts index df4a9fd4d372e..896e8a1d9cee5 100644 --- a/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts +++ b/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts @@ -466,6 +466,14 @@ export abstract class BaseService extends Resource Annotations.of(this).addWarning('taskDefinition and launchType are blanked out when using external deployment controller.'); } + if (props.deploymentController?.type === DeploymentControllerType.CODE_DEPLOY) { + // Strip the revision ID from the service's task definition property to + // prevent new task def revisions in the stack from triggering updates + // to the stack's ECS service resource + this.resource.taskDefinition = taskDefinition.family; + this.node.addDependency(taskDefinition); + } + this.serviceArn = this.getResourceArnAttribute(this.resource.ref, { service: 'ecs', resource: 'service', diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/ec2-service.test.ts b/packages/@aws-cdk/aws-ecs/test/ec2/ec2-service.test.ts index 7523fc936227e..a8f715c294e2b 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/ec2-service.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/ec2/ec2-service.test.ts @@ -845,7 +845,7 @@ describe('ec2 service', () => { maxHealthyPercent: 150, minHealthyPercent: 55, deploymentController: { - type: ecs.DeploymentControllerType.CODE_DEPLOY, + type: ecs.DeploymentControllerType.ECS, }, securityGroups: [new ec2.SecurityGroup(stack, 'SecurityGroup1', { allowAllOutbound: true, @@ -873,7 +873,7 @@ describe('ec2 service', () => { MinimumHealthyPercent: 55, }, DeploymentController: { - Type: ecs.DeploymentControllerType.CODE_DEPLOY, + Type: ecs.DeploymentControllerType.ECS, }, DesiredCount: 2, LaunchType: LaunchType.EC2, @@ -1093,6 +1093,42 @@ describe('ec2 service', () => { }); + test('sets task definition to family when CODE_DEPLOY deployment controller is specified', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + addDefaultCapacityProvider(cluster, stack, vpc); + const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'Ec2TaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryLimitMiB: 512, + }); + + new ecs.Ec2Service(stack, 'Ec2Service', { + cluster, + taskDefinition, + deploymentController: { + type: ecs.DeploymentControllerType.CODE_DEPLOY, + }, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::ECS::Service', { + Properties: { + TaskDefinition: 'Ec2TaskDef', + DeploymentController: { + Type: 'CODE_DEPLOY', + }, + }, + DependsOn: [ + 'Ec2TaskDef0226F28C', + 'Ec2TaskDefTaskRole400FA349', + ], + }); + }); + testDeprecated('throws when both securityGroup and securityGroups are supplied', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/fargate-service.test.ts b/packages/@aws-cdk/aws-ecs/test/fargate/fargate-service.test.ts index 1bc1bea59ef92..2172169f3219c 100644 --- a/packages/@aws-cdk/aws-ecs/test/fargate/fargate-service.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/fargate/fargate-service.test.ts @@ -744,15 +744,51 @@ describe('fargate service', () => { new ecs.FargateService(stack, 'FargateService', { cluster, taskDefinition, - minHealthyPercent: 0, + assignPublicIp: true, }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', { - DeploymentConfiguration: { - MinimumHealthyPercent: 0, + NetworkConfiguration: { + AwsvpcConfiguration: { + AssignPublicIp: 'ENABLED', + }, + }, + }); + }); + + test('sets task definition to family when CODE_DEPLOY deployment controller is specified', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + }); + + new ecs.FargateService(stack, 'FargateService', { + cluster, + taskDefinition, + deploymentController: { + type: ecs.DeploymentControllerType.CODE_DEPLOY, }, }); + + // THEN + Template.fromStack(stack).hasResource('AWS::ECS::Service', { + Properties: { + TaskDefinition: 'FargateTaskDef', + DeploymentController: { + Type: 'CODE_DEPLOY', + }, + }, + DependsOn: [ + 'FargateTaskDefC6FB60B4', + 'FargateTaskDefTaskRole0B257552', + ], + }); }); testDeprecated('throws when securityGroup and securityGroups are supplied', () => { From 72da05afc49c596c191ee1c1b415010481c7fe44 Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Fri, 28 Oct 2022 08:29:44 -0700 Subject: [PATCH 11/12] fix: services -> service --- .../lib/ecs/deployment-group.ts | 42 +++++++++---------- .../test/ecs/deployment-group.test.ts | 40 +++++++++--------- .../test/ecs/integ.deployment-group.ts | 2 +- 3 files changed, 40 insertions(+), 44 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts index c771947065d8f..762f6210e51c3 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts @@ -154,9 +154,9 @@ export interface EcsDeploymentGroupProps { readonly role?: iam.IRole; /** - * The ECS services to deploy with this Deployment Group. + * The ECS service to deploy with this Deployment Group. */ - readonly services: ecs.IBaseService[]; + readonly service: ecs.IBaseService; /** * The configuration options for blue-green ECS deployments @@ -224,21 +224,19 @@ export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGr this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCodeDeployRoleForECS')); this.deploymentConfig = props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE; - for (const service of props.services) { - if (cdk.Resource.isOwnedResource(service)) { - const cfnSvc = (service as ecs.BaseService).node.defaultChild as ecs.CfnService; - if (cfnSvc.deploymentController === undefined || - (cfnSvc.deploymentController! as ecs.CfnService.DeploymentControllerProperty).type !== ecs.DeploymentControllerType.CODE_DEPLOY) { - throw new Error( - 'The ECS service associated with the deployment group must use the CODE_DEPLOY deployment controller type', - ); - } - - if (cfnSvc.taskDefinition !== (service as ecs.BaseService).taskDefinition.family) { - throw new Error( - 'The ECS service associated with the deployment group must specify the task definition using the task definition family name only. Otherwise, the task definition cannot be updated in the stack', - ); - } + if (cdk.Resource.isOwnedResource(props.service)) { + const cfnSvc = (props.service as ecs.BaseService).node.defaultChild as ecs.CfnService; + if (cfnSvc.deploymentController === undefined || + (cfnSvc.deploymentController! as ecs.CfnService.DeploymentControllerProperty).type !== ecs.DeploymentControllerType.CODE_DEPLOY) { + throw new Error( + 'The ECS service associated with the deployment group must use the CODE_DEPLOY deployment controller type', + ); + } + + if (cfnSvc.taskDefinition !== (props.service as ecs.BaseService).taskDefinition.family) { + throw new Error( + 'The ECS service associated with the deployment group must specify the task definition using the task definition family name only. Otherwise, the task definition cannot be updated in the stack', + ); } } @@ -251,12 +249,10 @@ export class EcsDeploymentGroup extends cdk.Resource implements IEcsDeploymentGr deploymentType: 'BLUE_GREEN', deploymentOption: 'WITH_TRAFFIC_CONTROL', }, - ecsServices: props.services.map(s => { - return { - clusterName: s.cluster.clusterName, - serviceName: s.serviceName, - }; - }), + ecsServices: [{ + clusterName: props.service.cluster.clusterName, + serviceName: props.service.serviceName, + }], blueGreenDeploymentConfiguration: cdk.Lazy.any({ produce: () => this.renderBlueGreenDeploymentConfiguration(props.blueGreenDeploymentConfig), }), diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts index d1f9bf23866bc..62f2b4402c009 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/deployment-group.test.ts @@ -53,7 +53,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { const stack = new cdk.Stack(); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -167,7 +167,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { const stack = new cdk.Stack(); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { deploymentGroupName: 'test', - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -185,7 +185,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { const application = codedeploy.EcsApplication.fromEcsApplicationName(stack, 'A', 'myapp'); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { application, - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -202,7 +202,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { const stack = new cdk.Stack(); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { deploymentConfig: codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_15MINUTES, - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -220,7 +220,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { const stack = new cdk.Stack(app); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { deploymentGroupName: 'a'.repeat(101), - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -236,7 +236,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { const stack = new cdk.Stack(app); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { deploymentGroupName: 'my name', - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -268,7 +268,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { expect(() => new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { deploymentGroupName: 'a'.repeat(101), - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -299,7 +299,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { expect(() => new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { deploymentGroupName: 'a'.repeat(101), - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -316,7 +316,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { role: serviceRole, - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -381,7 +381,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { evaluationPeriods: 1, }), ], - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -433,7 +433,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { evaluationPeriods: 1, }), ], - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -488,7 +488,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { autoRollback: { deploymentInAlarm: true, }, - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -531,7 +531,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { evaluationPeriods: 1, }), ], - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -571,7 +571,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { autoRollback: { failedDeployment: false, }, - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -641,7 +641,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { autoRollback: { stoppedDeployment: true, }, - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -694,7 +694,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { evaluationPeriods: 1, }), ], - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -730,7 +730,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { test('can specify a test traffic route', () => { const stack = new cdk.Stack(); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -770,7 +770,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { test('can require manual deployment approval', () => { const stack = new cdk.Stack(); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -796,7 +796,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { test('can add deployment bake time', () => { const stack = new cdk.Stack(); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), @@ -825,7 +825,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { env: { region: 'us-isob-east-1' }, }); new codedeploy.EcsDeploymentGroup(stack, 'MyDG', { - services: [mockEcsService(stack)], + service: mockEcsService(stack), blueGreenDeploymentConfig: { blueTargetGroup: mockTargetGroup(stack, 'blue'), greenTargetGroup: mockTargetGroup(stack, 'green'), diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts index e5499a39bf2b6..96bc428c7e283 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/integ.deployment-group.ts @@ -210,7 +210,7 @@ const dg = new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { greenUnhealthyHosts, greenApiFailure, ], - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup: blueTG, greenTargetGroup: greenTG, From 4e4b2a2e7153be902e01c0c50f868ff2770b81dd Mon Sep 17 00:00:00 2001 From: Clare Liguori Date: Fri, 28 Oct 2022 09:05:49 -0700 Subject: [PATCH 12/12] fix: services -> service in readme --- packages/@aws-cdk/aws-codedeploy/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/README.md b/packages/@aws-cdk/aws-codedeploy/README.md index e28582fb001c0..fda0f72ee5c69 100644 --- a/packages/@aws-cdk/aws-codedeploy/README.md +++ b/packages/@aws-cdk/aws-codedeploy/README.md @@ -116,7 +116,7 @@ To import an already existing Deployment Group: ```ts declare const application: codedeploy.ServerApplication; const deploymentGroup = codedeploy.ServerDeploymentGroup.fromServerDeploymentGroupAttributes( - this, + this, 'ExistingCodeDeployDeploymentGroup', { application, deploymentGroupName: 'MyExistingDeploymentGroup', @@ -426,7 +426,7 @@ const service = new ecs.FargateService(this, 'Service', { }); new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup, greenTargetGroup, @@ -508,7 +508,7 @@ new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { // CodeDeploy will automatically roll back if a deployment is stopped stoppedDeployment: true, }, - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup, greenTargetGroup, @@ -536,7 +536,7 @@ declare const listener: elbv2.IApplicationListener; declare const testListener: elbv2.IApplicationListener; new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup, greenTargetGroup, @@ -574,7 +574,7 @@ new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { // CodeDeploy will automatically roll back if the 8-hour approval period times out and the deployment stops stoppedDeployment: true, }, - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup, greenTargetGroup, @@ -593,7 +593,7 @@ CloudWatch alarms specified for the deployment group and will automatically roll ```ts new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', { - services: [service], + service, blueGreenDeploymentConfig: { blueTargetGroup, greenTargetGroup,