Merge pull request #107 from henrykie/multi-volume-image

feat(construct)!: support for multiple EBS volume configurations in a single pipeline.

Author: cmagee

API.md

@@ -64,7 +64,20 @@ new ImagePipeline(this, "MyImagePipeline", {
     infraConfigName: 'MyInfrastructureConfiguration',
     imageRecipe: 'MyImageRecipe',
     pipelineName: 'MyImagePipeline',
-    parentImage: 'ami-0e1d30f2c40c4c701'
+    parentImage: 'ami-0e1d30f2c40c4c701',
+    ebsVolumeConfigurations: [
+        {
+            deviceName: '/dev/xvda',
+            ebs: {
+                encrypted: true,
+                iops: 200,
+                kmsKeyId: 'alias/app1/key',
+                volumeSize: 20,
+                volumeType: 'gp3',
+                throughput: 1000,
+            },
+        },
+    ],
 })
 // ...
 ```
@@ -223,6 +236,7 @@ image_pipeline = ImagePipeline(
 # ...
 ```
 
+
 ### Component Documents
 
 ---

README.md

@@ -25,6 +25,16 @@ export interface ComponentProps {
    */
   readonly version: string;
 }
+export interface VolumeProps {
+  /**
+   * Name of the volume
+   */
+  readonly deviceName: string;
+  /**
+   * EBS Block Store Parameters
+   */
+  readonly ebs: imagebuilder.CfnImageRecipe.EbsInstanceBlockDeviceSpecificationProperty;
+}
 
 export interface ImagePipelineProps {
   /**
@@ -78,8 +88,8 @@ export interface ImagePipelineProps {
    */
   readonly platform?: string;
   /**
-  * Email used to receive Image Builder Pipeline Notifications via SNS
-  */
+   * Email used to receive Image Builder Pipeline Notifications via SNS
+   */
   readonly email?: string;
   /**
    * List of security group IDs for the Infrastructure Configuration
@@ -90,13 +100,9 @@ export interface ImagePipelineProps {
    */
   readonly subnetId?: string;
   /**
-   * Configuration for the AMI's EBS volume
-   */
-  readonly ebsVolumeConfiguration?: imagebuilder.CfnImageRecipe.EbsInstanceBlockDeviceSpecificationProperty;
-  /**
-   * Name of the AMI's EBS volume
+   * Configuration for the AMI's EBS volumes
    */
-  readonly ebsVolumeName?: string;
+  readonly ebsVolumeConfigurations?: VolumeProps[];
   /**
    * Set to true if you want to enable continuous vulnerability scans through AWS Inpector
    */
@@ -217,13 +223,10 @@ export class ImagePipeline extends Construct {
         },
       };
     };
-    if (props.ebsVolumeConfiguration && props.ebsVolumeName) {
+    if (props.ebsVolumeConfigurations) {
       imageRecipeProps = {
         ...imageRecipeProps,
-        blockDeviceMappings: [{
-          deviceName: props.ebsVolumeName,
-          ebs: props.ebsVolumeConfiguration,
-        }],
+        blockDeviceMappings: props.ebsVolumeConfigurations,
       };
     }
     imageRecipe = new imagebuilder.CfnImageRecipe(this, 'ImageRecipe', imageRecipeProps);
@@ -274,7 +277,7 @@ export class ImagePipeline extends Construct {
             LaunchPermissionConfiguration: {
               UserIds: props.distributionAccountIDs,
             },
-            KmsKeyId: props.ebsVolumeConfiguration?.kmsKeyId ?? 'aws/ebs', //use default AWS-managed key if one isn't given
+            KmsKeyId: props.ebsVolumeConfigurations ? props.ebsVolumeConfigurations[0].ebs.kmsKeyId : 'aws/ebs', //use default AWS-managed key if one isn't given
           },
         };
         distributionsList.push(distributionConfig);

src/index.ts

@@ -66,15 +66,19 @@ const propsWithVolumeConfig: ImagePipelineProps = {
   kmsKeyAlias: 'alias/app1/key',
   securityGroups: ['sg-12345678'],
   subnetId: 'subnet-12345678',
-  ebsVolumeName: '/dev/xvda',
-  ebsVolumeConfiguration: {
-    encrypted: true,
-    iops: 200,
-    kmsKeyId: 'alias/app1/key',
-    volumeSize: 20,
-    volumeType: 'gp3',
-    throughput: 1000,
-  },
+  ebsVolumeConfigurations: [
+    {
+      deviceName: '/dev/xvda',
+      ebs: {
+        encrypted: true,
+        iops: 200,
+        kmsKeyId: 'alias/app1/key',
+        volumeSize: 20,
+        volumeType: 'gp3',
+        throughput: 1000,
+      },
+    },
+  ],
   enableCrossAccountDistribution: true,
   distributionAccountIDs: ['111222333444'],
   distributionRegions: ['us-east-1'],