Add a test that confirms the new Security Group code works

awslabs · Dec 30, 2021 · 85a2a8c · 85a2a8c
1 parent 132ad9e
commit 85a2a8c
Show file tree

Hide file tree

Showing 8 changed files with 45 additions and 5 deletions.
diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-fargate/README.md b/source/patterns/@aws-solutions-constructs/aws-alb-fargate/README.md
@@ -72,7 +72,7 @@ _Parameters_
 | existingVpc? | [ec2.IVpc](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html) | An existing VPC in which to deploy the construct. Providing both this and vpcProps is an error. If the client provides an existing load balancer and/or existing Private Hosted Zone, those constructs must exist in this VPC. |
 | logAlbAccessLogs? | boolean| Whether to turn on Access Logs for the Application Load Balancer. Uses an S3 bucket with associated storage costs.Enabling Access Logging is a best practice. default - true |
 | albLoggingBucketProps? | [s3.BucketProps](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html) | Optional properties to customize the bucket used to store the ALB Access Logs. Supplying this and setting logAccessLogs to false is an error. @default - none |
-| clusterProps | [ecs.ClusterProps]() | Optional properties to create a new ECS cluster |
+| clusterProps | [ecs.ClusterProps]() | Optional properties to create a new ECS cluster. To provide an existing cluster, use the cluster attribute of fargateServiceProps. |
 | ecrRepositoryArn | string]() | The arn of an ECR Repository containing the image to use to generate the containers. Either this or the image property of containerDefinitionProps must be provided. format: arn:aws:ecr:*region*:*account number*:repository/*Repository Name* |
 | ecrImageVersion | string]() | The version of the image to use from the repository. Defaults to 'Latest' |
 | containerDefinitionProps | [ecs.ContainerDefinitionProps | any]() | Optional props to define the container created for the Fargate Service (defaults found in fargate-defaults.ts) |
@@ -110,4 +110,4 @@ Out of the box implementation of the Construct without any override will set the
 ![Architecture Diagram](architecture.png)
 
 ***
-&copy; Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+&copy; Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-fargate/architecture.png b/source/patterns/@aws-solutions-constructs/aws-alb-fargate/architecture.png
diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-fargate/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-alb-fargate/lib/index.ts
@@ -1,5 +1,5 @@
 /**
- *  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
  *  with the License. A copy of the License is located at

diff --git a/...s-solutions-constructs/aws-alb-fargate/test/integ.all-existing-private-http.expected.json b/...s-solutions-constructs/aws-alb-fargate/test/integ.all-existing-private-http.expected.json
@@ -931,6 +931,7 @@
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
         "GroupDescription": "all-existing-private-http/test-sg",
+        "GroupName": "defaultSecurityGroup",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",

diff --git a/...ns/@aws-solutions-constructs/aws-alb-fargate/test/integ.all-new-public-http.expected.json b/...ns/@aws-solutions-constructs/aws-alb-fargate/test/integ.all-new-public-http.expected.json
@@ -1201,6 +1201,7 @@
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
         "GroupDescription": "all-new-public-http/test-construct-sg",
+        "GroupName": "defaultSecurityGroup",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",

diff --git a/...ns/@aws-solutions-constructs/aws-alb-fargate/test/integ.all-new-two-targets.expected.json b/...ns/@aws-solutions-constructs/aws-alb-fargate/test/integ.all-new-two-targets.expected.json
@@ -1228,6 +1228,7 @@
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
         "GroupDescription": "all-new-two-targets/test-construct-sg",
+        "GroupName": "defaultSecurityGroup",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",

diff --git a/source/patterns/@aws-solutions-constructs/core/lib/fargate-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/fargate-helper.ts
@@ -1,5 +1,5 @@
 /**
- *  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
  *  with the License. A copy of the License is located at
@@ -97,6 +97,7 @@ export function CreateFargateService(
       allowAllOutbound: true,
       disableInlineRules: false,
       vpc: constructVpc,
+      securityGroupName: 'defaultSecurityGroup'
     });
     defaultFargateServiceProps = overrideProps(defaults.DefaultFargateServiceProps(), { securityGroups: [ serviceSecurityGroup ]});
     defaults.addCfnSuppressRules(serviceSecurityGroup, [

diff --git a/source/patterns/@aws-solutions-constructs/core/test/fargate-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/fargate-helper.test.ts
@@ -1,5 +1,5 @@
 /**
- *  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
  *  with the License. A copy of the License is located at
@@ -14,6 +14,7 @@
 import * as defaults from "..";
 import { Stack } from '@aws-cdk/core';
 import { CreateFargateService } from "..";
+import * as ec2 from "@aws-cdk/aws-ec2";
 import * as ecs from "@aws-cdk/aws-ecs";
 import * as ecr from "@aws-cdk/aws-ecr";
 import '@aws-cdk/assert/jest';
@@ -83,6 +84,9 @@ test('Test with all defaults', () => {
       }
     ],
   });
+  expect(stack).toHaveResourceLike("AWS::EC2::SecurityGroup", {
+    GroupName: 'defaultSecurityGroup'
+  });
 
   expect(stack).toCountResources("AWS::EC2::VPCEndpoint", 3);
   expect(stack).toHaveResource("AWS::EC2::VPCEndpoint", {
@@ -264,6 +268,38 @@ test('Test with custom Fargate Service props', () => {
   });
 });
 
+test('Test with custom security group', () => {
+  const stack = new Stack();
+  const groupName = 'customerSg';
+
+  const testVpc = CreateIsolatedTestVpc(stack);
+
+  const customSg = new ec2.SecurityGroup(stack, 'custom-sg', {
+    disableInlineRules: true,
+    allowAllOutbound: false,
+    vpc: testVpc,
+    securityGroupName: groupName
+  });
+
+  CreateFargateService(stack,
+    'test',
+    testVpc,
+    undefined,
+    'arn:aws:ecr:us-east-1:123456789012:repository/fake-repo',
+    undefined,
+    undefined,
+    undefined,
+    { securityGroups: [ customSg ]  }
+  );
+
+  expect(stack).toHaveResource("AWS::EC2::SecurityGroup", {
+    GroupName: groupName,
+  });
+  expect(stack).not.toHaveResource("AWS::EC2::SecurityGroup", {
+    GroupName: 'defaultSecurityGroup',
+  });
+});
+
 test('Test no image repo or image is an error', () => {
   const stack = new Stack();