Skip to content

(aws-ecs): Give Cluster a method that provides task ARNs #26232

Closed
#28381
Closed
(aws-ecs): Give Cluster a method that provides task ARNs#26232
#28381
Labels
@aws-cdk/aws-ecsRelated to Amazon Elastic Containereffort/smallSmall work item – less than a day of effortfeature-requestA feature should be added or improved.p2
@SamStephens

Description

@SamStephens
SamStephens
opened on Jul 5, 2023

Describe the feature

ARNs for tasks in a Cluster are in the form arn:{partition}:ecs:{region}:{accountId}:task/{clusterName}/{taskId}. It would be useful to have a method that can form these ARNs for you.

The aws-s3 Bucket class provides prior art for this with its arnForObjects method.

I guess this method would be called arnForTasks.

Use Case

In order to grant my task role permissions to the task protection API. My workaround is

        cluster_task_arn = Stack.of(self).format_arn(
            service='ecs',
            resource='task',
            resource_name=f'{fargate_cluster.cluster_name}/*'
        )
        fargate_task_definition.add_to_task_role_policy(
            aws_iam.PolicyStatement(
                actions=["ecs:UpdateTaskProtection"],
                resources=[cluster_task_arn],
            )
        )

With this method, the call would be

        fargate_task_definition.add_to_task_role_policy(
            aws_iam.PolicyStatement(
                actions=["ecs:UpdateTaskProtection"],
                resources=[fargate_cluster.arn_for_tasks('*')],
            )
        )

Proposed Solution

I'm not sure what best practice for forming ARNs within the CDK is, but using formatArn as I do in my example above would work.

Other Information

See also my request for a grantTaskProtection method

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.85.0

Environment details (OS name and version, etc.)

Ubuntu (Windows Subsystem for Linux)

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-ecsRelated to Amazon Elastic Containereffort/smallSmall work item – less than a day of effortfeature-requestA feature should be added or improved.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions