Aws-cdk: [ecs-patterns] Can't add existing security group

Created on 29 Jun 2020  路  3Comments  路  Source: aws/aws-cdk

I have an existing security group in my account that I want to add to the fargate task. I tried couple methods from github issues on the project, none worked.

Reproduction Steps

  const autoCreatedSg =
    fargate.queuProcessingFargate.fargate.service.connections.securityGroups[0];

  const node = fargate.queuProcessingFargate.fargate.service.node;
  const cfnService: CfnService = node.findChild("Service") as CfnService;

  cfnService.addOverride(
    "Properties.NetworkConfiguration.AwsvpcConfiguration.SecurityGroups",
    existingSGs
  );

Error Log

/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:103
        throw new Error('Trying to resolve() a Construct at ' + pathName);
        ^

Error: Trying to resolve() a Construct at /Resources/WMDsDataPlaneFargateStandardALPHAStackQueuProcessingFargateundefinedWootServicesWMDsDataPlaneQueueProcessingFargateServiceE6ECA1BC/Properties/NetworkConfiguration/AwsvpcConfiguration/SecurityGroups/0/node
    at resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:103:15)
    at Object.resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:28:33)
    at resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:111:43)
    at Object.resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:28:33)
    at /local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:85:51
    at Array.map (<anonymous>)
    at resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:85:14)
    at Object.resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:28:33)
    at resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:111:43)
    at Object.resolve (/local/foo/bar/src/baz/node_modules/@aws-cdk/core/lib/private/resolve.js:28:33)

Environment

  • CLI Version : 1.23.0
  • *Framework Version: *
  • Node.js Version: v10.20.1 -->
  • OS : Red Hat Enterprise Linux Server release 5.3 (Tikanga)
  • Language (Version): TypeScript (3.8.3)-->

Other

https://github.com/aws/aws-cdk/issues/2540

This is :bug: Bug Report

@aws-cdaws-ecs-patterns bug needs-reproduction
Source
picture netmailgopi
👍1

Most helpful comment

Yes, it was the first thing I tried, it was also mentioned in couple other issues iirc. It did not work.

picture netmailgopi on 14 Jul 2020
👍4

All 3 comments

I'm interested in submitting a PR. From the looks of it, it seems like I could

  1. Add a securityGroup property to https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-ecs-patterns/lib/base/queue-processing-service-base.ts

  2. Pass it in this call to create FargateService https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts#L88

  3. FargateService handles SecurityGroup parameter naturally at this point https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-ecs/lib/fargate/fargate-service.ts#L158

netmailgopi picture netmailgopi on 1 Jul 2020

Hey @netmailgopi just curious if you've tried using addSecurityGroup method on the connections object of FargateService after its creation. This would obviously attach a second security group to the service in addition to the one that is created within the pattern construct.

MrArnoldPalmer picture MrArnoldPalmer on 13 Jul 2020

Yes, it was the first thing I tried, it was also mentioned in couple other issues iirc. It did not work.

netmailgopi picture netmailgopi on 14 Jul 2020
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

eladb picture eladb  路  3Comments
kawamoto picture kawamoto  路  3Comments
vgribok picture vgribok  路  3Comments
artyom-melnikov picture artyom-melnikov  路  3Comments
mirazmamun picture mirazmamun  路  3Comments