Added a new example for the usage of CDK pipelines for container builds using source code and multi-region deployments (#1051)

* Added elasticfilesystem:ClientMount to the fargate-service-with-ecs example

* Fix: Add grant

* added cdk pipeline example

* Fix: there is no test so remove package.json script command

* Add skip testing

---------

Co-authored-by: Michael Kaiser <[email protected]>
Co-authored-by: Michael Kaiser <[email protected]>

Author: 3 people

scripts/build-typescript.sh

@@ -15,7 +15,7 @@ echo "=============================="
 cd $scriptdir/../$(dirname $projFile)
 if [ -f DO_NOT_AUTOTEST ]; then
   echo "found DO_NOT_AUTOTEST, skip it."
-  return
+  exit 0
 fi
 # Check if yarn.lock exists
 if [ -f "yarn.lock" ]; then

typescript/cdkpipeline-ecs/.gitignore

@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

typescript/cdkpipeline-ecs/DO_NOT_AUTOTEST

@@ -0,0 +1,27 @@
+# CDK Pipeline for multi-region ECS deployments
+
+## Architecture 
+
+![Architecture](./assets/cdk-pipeline-ecs.jpg)
+
+## Overview
+
+[CDK Pipelines](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.pipelines-readme.html) is an opinionated construct library. It is purpose-built to deploy one or more copies of your CDK applications using CloudFormation with a minimal amount of effort on your part.
+
+In this example, CDK pipelines is used to deploy an [ApplicationLoadBalancedFargateService](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedFargateService.html), along with build of the application container image. The source code containes the source of the pipeline along with the application and related DOCKERFILE. 
+
+This example highlights the amount of code required build a fully functional pipeline to get started with rather than the ECS Fargate service, hence the application is a "hello world".
+
+## Pre-requisistes 
+
+Create a [Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections.html) to GitHub in your AWS account and provide the arn to the prop `connectionArn` in the pipeline. This connection would be used to pull the source code. Alternatively you can also use code commit. A full list of sources are available [here](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.pipelines.CodePipelineSource.html).
+
+Replace the connection arn, repo name and branch in the [pipelines.ts](./lib/pipeline-stack.ts) file
+
+## Useful CDK commands
+* `npm run build`   compile typescript to js
+* `npm run watch`   watch for changes and compile
+* `npm run test`    perform the jest unit tests
+* `npx cdk deploy`  deploy this stack to your default AWS account/region
+* `npx cdk diff`    compare deployed stack with current state
+* `npx cdk synth`   emits the synthesized CloudFormation template

typescript/cdkpipeline-ecs/README.md

@@ -0,0 +1,20 @@
+# Use a Python image as the base image
+FROM python:3
+
+# Set the working directory inside the container
+WORKDIR /
+
+# Copy the requirements.txt file to the container
+COPY requirements.txt .
+
+# Install the required packages
+RUN pip3 install --no-cache-dir -r requirements.txt
+
+# Copy the rest of the application code to the container
+COPY . .
+
+# Specify the command to run when the container is started
+CMD [ "python3", "./app.py" ]
+
+#Expose app port
+EXPOSE 80

typescript/cdkpipeline-ecs/app/Dockerfile

@@ -0,0 +1,18 @@
+from flask import Flask, request
+import json
+
+app = Flask(__name__)
+
+
+@app.route("/", methods=["GET"])
+def default_get():
+    return json.dumps({"message": "Hello from ECS container"})
+
+
+@app.route("/health", methods=["GET"])
+def health_check():
+    return json.dumps({"message": "Health Check pass"})
+
+
+if __name__ == "__main__":
+    app.run(host='0.0.0.0', port=80)

typescript/cdkpipeline-ecs/app/app.py

@@ -0,0 +1 @@
+flask

typescript/cdkpipeline-ecs/app/requirements.txt

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { PipelineStack } from '../lib/pipeline-stack';
+
+const app = new cdk.App();
+new PipelineStack(app, 'CdkpipeStack', {
+  // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+  // env: { account: '123456789012', region: 'us-east-1' },
+});

typescript/cdkpipeline-ecs/assets/cdk-pipeline-ecs.jpg

@@ -0,0 +1,71 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/cdkpipe.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true
+  }
+}