fix(aws-ecs-pattern): allow ScheduledTaskBase to run on a public subnet#6624
Conversation
|
@SoManyHs @pkandasamy91 Here's the PR I promised to address #6312. This is my first aws-cdk PR, so I'm sorry if I've done anything wrong. I'm a bit unclear about the PR Linter error which suggests I need to make a change to a README. Presumably in this case this would be the README in the aws-ecs-pattern package...? Although it's not obvious to me what I would change in there...? |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
PettitWesley
left a comment
There was a problem hiding this comment.
@floehopper some changes
Blocking:
- The linter is failing. Please either add this change to the ECS patterns readme or change it from "feat" to "fix", which will remove the requirement for a readme update.
- Please rebase
- Please see my comment on the unit test
Non-Blocking:
- I think a unit test is sufficient for this change; however, you could also update the existing integ test to include this parameter.
Thank you for contributing this change to the CDK :)
packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.scheduled-fargate-task.ts
Show resolved
Hide resolved
AFAIK, the change should be made here: |
Allow instances of ScheduledFargateTask and ScheduledEc2Task to run in a
*public* subnet via a configuration option.
The default remains that such instances are restricted to run on private
subnets, but it is now possible to allow them to run on public subnets
if the user is willing to sacrifice the extra security that a private
subnet provides in favour of a simpler/cheaper system that does not
require a NAT gateway or a NAT instance.
The new unit test schedules a Fargate task to run on a container in a
VPC with no private subnet. Before the changes to ScheduledTaskBase in
this commit, this test caused the following error:
Error: There are no 'Private' subnet groups in this VPC. Available types: Public
fixes aws#6312
53132a8 to
f8fdc4f
Compare
Pull request has been modified.
|
Thanks for the feedback. Sorry for the delay in responding. Please see my responses inline below:
I considered adding a new example to the ECS patterns README, but it seemed weird to add an example for such a specific case when other more common cases are not documented. So I've changed the commit note and PR description from "feat" -> "fix" as you suggested. However, the linter still seems to be complaining. I wonder whether this is because I force-pushed to the remote branch...?
Done and force-pushed.
I've amended the commit to address your feedback on the unit test by changing the assertion to check that the stack has a AWS::Events::Rule configured to use the public subnet and to have a public IP address. See my response to your specific comment for details.
I did look at updating the existing integration test. However, given that this new optional property is not set by default and, in fact, setting it probably isn't the recommended approach, it didn't seem sensible to muddy the waters by changing the existing test. I did also consider creating a new integration test, but that felt like overkill for such a small change. So on balance, I'm happy that the unit test gives sufficient coverage. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.scheduled-fargate-task.ts
Show resolved
Hide resolved
|
@pkandasamy91 Changing from "feat" to "fix" hasn't appeased the linter. What should we do? |
PettitWesley
left a comment
There was a problem hiding this comment.
@floehopper LGTM.
Unfortunately, I think we can't merge this until the linter passes. I'm not sure how to fix that; I will ask someone on Monday.
👍 |
|
@PettitWesley @pkandasamy91
I've investigated this a bit further and I can confirm that:
So I'm really not sure what's going on! Especially as this other PR which is marked "fix" passes the PR Linter check with no changes to a README. |
|
I'm going to try clicking the "Update branch" button which will merge the latest changes from |
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
@PettitWesley Updating the branch seems to have done the trick with the PR Linter. Any chance of an updated review and a merge? Thanks. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Importantly this includes my fix [1] to allow scheduled tasks to be run on a public subnet. I plan to use this fix in a subsequent commit to simplify the code. [1]: aws/aws-cdk#6624
We can make use of the fix [1] to allow scheduled tasks to run on a public subnet to avoid having to subclass ScheduledFargateTask and override the addTaskDefinitionToEventTarget method, thus simplifying the code considerably. [1]: aws/aws-cdk#6624
Allow instances of ScheduledFargateTask and ScheduledEc2Task to run in a public subnet via a configuration option.
The default remains that such instances are restricted to run on private subnets, but it is now possible to allow them to run on public subnets if the user is willing to sacrifice the extra security that a private subnet provides in favour of a simpler/cheaper system that does not require a NAT gateway or a NAT instance.
The new unit test schedules a Fargate task to run on a container in a VPC with no private subnet. Before the changes to ScheduledTaskBase in this commit, this test caused the following error:
fixes #6312
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license