Skip to content

Commit 53126c9

Browse files
emidiocrucianiemidiocruciani
committed
MDI240 | restored efs volumes permissions in cdk
1 parent ac51f7a commit 53126c9

File tree

3 files changed

+54
-3
lines changed

3 files changed

+54
-3
lines changed

.github/workflows/push.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,6 @@ jobs:
5353
echo "ENVIRONMENT=prod" >> $GITHUB_ENV
5454
echo "SERVICE_CPU=${{ vars.PROD_SERVICE_CPU }}" >> $GITHUB_ENV
5555
echo "SERVICE_MEMORY=${{ vars.PROD_SERVICE_MEMORY }}" >> $GITHUB_ENV
56-
echo "OUTBOX_TABLE_NAME_PARAMETER_NAME=${{ vars.PROD_OUTBOX_TABLE_NAME_PARAMETER_NAME }}" >> $GITHUB_ENV
5756
echo "MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME=${{ vars.PROD_MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV
5857
echo "MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME=${{ vars.PROD_MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME }}" >> $GITHUB_ENV
5958
echo "MC_EML_EFS_ID_PARAMETER_NAME=${{ vars.PROD_MC_EML_EFS_ID_PARAMETER_NAME }}" >> $GITHUB_ENV
@@ -69,7 +68,6 @@ jobs:
6968
echo "ENVIRONMENT=stage" >> $GITHUB_ENV
7069
echo "SERVICE_CPU=${{ vars.STAGE_SERVICE_CPU }}" >> $GITHUB_ENV
7170
echo "SERVICE_MEMORY=${{ vars.STAGE_SERVICE_MEMORY }}" >> $GITHUB_ENV
72-
echo "OUTBOX_TABLE_NAME_PARAMETER_NAME=${{ vars.STAGE_OUTBOX_TABLE_NAME_PARAMETER_NAME }}" >> $GITHUB_ENV
7371
echo "MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME=${{ vars.STAGE_MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV
7472
echo "MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME=${{ vars.STAGE_MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME }}" >> $GITHUB_ENV
7573
echo "MC_EML_EFS_ID_PARAMETER_NAME=${{ vars.STAGE_MC_EML_EFS_ID_PARAMETER_NAME }}" >> $GITHUB_ENV
@@ -87,7 +85,6 @@ jobs:
8785
ENVIRONMENT: ${{ env.ENVIRONMENT }}
8886
SERVICE_CPU: ${{ env.SERVICE_CPU }}
8987
SERVICE_MEMORY: ${{ env.SERVICE_MEMORY }}
90-
OUTBOX_TABLE_NAME_PARAMETER_NAME: ${{ env.OUTBOX_TABLE_NAME_PARAMETER_NAME }}
9188
MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME: ${{ env.MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME }}
9289
MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME: ${{ env.MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME }}
9390
MC_EML_EFS_ID_PARAMETER_NAME: ${{ env.MC_EML_EFS_ID_PARAMETER_NAME }}

cdk/get_env_variables.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,14 @@
55
'ACCOUNT_ID',
66
'SERVICE_NAME',
77
'MD_REST_EFS_FOLDER_NAME',
8+
'MC_EMAIL_EFS_FOLDER_NAME',
89
'SERVICE_CPU',
910
'SERVICE_MEMORY',
1011
'SERVICE_CONTAINER_PORT',
1112
'SERVICE_HOST_PORT',
13+
'MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME',
14+
'MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME',
15+
'MC_EML_EFS_ID_PARAMETER_NAME',
1216
'REPOSITORY_NAME_PARAMETER_NAME',
1317
'MD_REST_EFS_ID_PARAMETER_NAME',
1418
'MD_REST_ACCESS_POINT_ID_PARAMETER_NAME',

cdk/task_definition_stack.py

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
from multidialogo_cdk_shared.environment_secrets_resolver import EnvironmentSecretsResolver
1414

1515
MD_REST_VOLUME_NAME = 'rest-volume'
16+
MC_VOLUME_NAME = 'mc-volume'
1617

1718
MULTICARRIER_EMAIL_ID = 'multicarrier-email'
1819

@@ -38,11 +39,15 @@ def __init__(
3839
service_name = env_parameters['SERVICE_NAME']
3940
selected_environment = env_parameters['SELECTED_ENVIRONMENT']
4041
md_rest_efs_folder_name = env_parameters['MD_REST_EFS_FOLDER_NAME']
42+
mc_email_efs_folder_name = env_parameters['MC_EMAIL_EFS_FOLDER_NAME']
4143
service_cpu = env_parameters['SERVICE_CPU']
4244
service_memory = env_parameters['SERVICE_MEMORY']
4345
service_container_port = env_parameters['SERVICE_CONTAINER_PORT']
4446
service_host_port = env_parameters['SERVICE_HOST_PORT']
4547

48+
mc_eml_efs_access_point_arn_parameter_name = env_parameters['MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME']
49+
mc_email_efs_access_point_id_parameter_name = env_parameters['MC_EMAIL_EFS_ACCESS_POINT_ID_PARAMETER_NAME']
50+
mc_email_efs_id_parameter_name = env_parameters['MC_EMAIL_EFS_ID_PARAMETER_NAME']
4651
repository_name_parameter_name = env_parameters['REPOSITORY_NAME_PARAMETER_NAME']
4752
md_rest_efs_id_parameter_name = env_parameters['MD_REST_EFS_ID_PARAMETER_NAME']
4853
md_rest_access_point_arn_parameter_name = env_parameters['MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME']
@@ -91,6 +96,34 @@ def __init__(
9196
)
9297
)
9398

99+
mc_eml_access_point_arn = ssm.StringParameter.value_from_lookup(
100+
scope=self,
101+
parameter_name=mc_eml_efs_access_point_arn_parameter_name,
102+
)
103+
104+
mc_eml_access_point_id = ssm.StringParameter.value_from_lookup(
105+
scope=self,
106+
parameter_name=mc_eml_efs_access_point_id_parameter_name,
107+
)
108+
109+
mc_email_efs_id = ssm.StringParameter.value_from_lookup(
110+
scope=self,
111+
parameter_name=mc_eml_efs_id_parameter_name,
112+
)
113+
114+
task_definition.add_to_execution_role_policy(
115+
statement=iam.PolicyStatement(
116+
actions=[
117+
'elasticfilesystem:ClientMount',
118+
'elasticfilesystem:ClientWrite',
119+
'elasticfilesystem:ClientRootAccess'
120+
],
121+
resources=[
122+
mc_eml_access_point_arn
123+
]
124+
)
125+
)
126+
94127
md_rest_efs_id = ssm.StringParameter.value_from_lookup(
95128
scope=self,
96129
parameter_name=md_rest_efs_id_parameter_name,
@@ -178,11 +211,28 @@ def __init__(
178211
)
179212
)
180213

214+
task_definition.add_volume(
215+
name=MC_VOLUME_NAME,
216+
efs_volume_configuration=ecs.EfsVolumeConfiguration(
217+
file_system_id=mc_email_efs_id,
218+
transit_encryption='ENABLED',
219+
authorization_config=ecs.AuthorizationConfig(
220+
access_point_id=mc_eml_access_point_id,
221+
iam='ENABLED'
222+
)
223+
)
224+
)
225+
181226
container.add_mount_points(
182227
ecs.MountPoint(
183228
container_path=md_rest_efs_folder_name,
184229
source_volume=MD_REST_VOLUME_NAME,
185230
read_only=True
231+
),
232+
ecs.MountPoint(
233+
container_path=mc_email_efs_folder_name,
234+
source_volume=MC_VOLUME_NAME,
235+
read_only=False
186236
)
187237
)
188238

0 commit comments

Comments
 (0)