Added elasticfilesystem:ClientMount to the fargate-service-with-ecs example (#924)

mrlikl · kaiz-io · Michael Kaiser · web-flow · commit 53060a7daac6 · 2023-10-01T18:47:59.000-05:00
* Added elasticfilesystem:ClientMount to the fargate-service-with-ecs example

* Fix: Add grant

---------

Co-authored-by: Michael Kaiser &lt;mjkaiser@gmail.com&gt;
Co-authored-by: Michael Kaiser &lt;kaiser@kaiz.io&gt;
diff --git a/typescript/ecs/fargate-service-with-efs/README.md b/typescript/ecs/fargate-service-with-efs/README.md
@@ -9,9 +9,8 @@ Is based on this blog post: https://aws.amazon.com/blogs/aws/amazon-ecs-supports
 To build this app, you need to be in this example's root folder. Then run the following:
 
 ```bash
-npm install -g aws-cdk
 npm install
-npm run build
+npx cdk synth
 ```
 
 This will install the necessary CDK, then this example's dependencies, and then build your TypeScript files and your CloudFormation template.
diff --git a/typescript/ecs/fargate-service-with-efs/cdk.json b/typescript/ecs/fargate-service-with-efs/cdk.json
@@ -1,3 +1,3 @@
 {
-  "app": "node index"
+  "app": "npx ts-node --prefer-ts-exts index.ts"
 }
diff --git a/typescript/ecs/fargate-service-with-efs/index.ts b/typescript/ecs/fargate-service-with-efs/index.ts
@@ -3,7 +3,7 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
 import * as ecs_patterns from 'aws-cdk-lib/aws-ecs-patterns';
 import * as efs from 'aws-cdk-lib/aws-efs';
-
+import * as iam from 'aws-cdk-lib/aws-iam';
 
 
 class FargateEfs extends cdk.Stack {
@@ -21,6 +21,18 @@ class FargateEfs extends cdk.Stack {
       throughputMode: efs.ThroughputMode.BURSTING
     });
 
+    fileSystem.addToResourcePolicy(
+      new iam.PolicyStatement({
+        actions: ['elasticfilesystem:ClientMount'],
+        principals: [new iam.AnyPrincipal()],
+        conditions: {
+          Bool: {
+            'elasticfilesystem:AccessedViaMountTarget': 'true'
+          }
+        }
+      })
+    )
+
     const taskDef = new ecs.FargateTaskDefinition(this, "MyTaskDefinition", {
         memoryLimitMiB: 512,
         cpu: 256,
@@ -60,6 +72,7 @@ class FargateEfs extends cdk.Stack {
     albFargateService.targetGroup.setAttribute('deregistration_delay.timeout_seconds', '30');
 
     // Allow access to EFS from Fargate ECS
+    fileSystem.grantRootAccess(albFargateService.taskDefinition.taskRole.grantPrincipal);
     fileSystem.connections.allowDefaultPortFrom(albFargateService.service.connections);
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`{`
`2`		`- "app": "node index"`
	`2`	`+ "app": "npx ts-node --prefer-ts-exts index.ts"`
`3`	`3`	`}`