Skip to content
This repository was archived by the owner on Mar 27, 2023. It is now read-only.

Commit 953b50e

Browse files
briancaffeybriancaffey
committed
changing securitygroup for backend service
1 parent 24048c7 commit 953b50e

File tree

3 files changed

+54
-3
lines changed

3 files changed

+54
-3
lines changed

awscdk/awscdk/backend.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
from aws_cdk import (
44
core,
5+
aws_ec2 as ec2,
56
aws_ecs as ecs,
67
aws_ecs_patterns as ecs_patterns,
78
aws_elasticloadbalancingv2 as elbv2,
@@ -16,6 +17,7 @@ def __init__(
1617
load_balancer,
1718
cluster: ecs.ICluster,
1819
environment_variables: core.Construct,
20+
security_group: str,
1921
**kwargs,
2022
) -> None:
2123
super().__init__(
@@ -48,6 +50,9 @@ def __init__(
4850
task_definition=self.backend_task,
4951
assign_public_ip=True,
5052
cluster=cluster,
53+
# security_group=ec2.SecurityGroup.from_security_group_id(
54+
# self, "BackendSecurityGroup", security_group_id=security_group
55+
# ),
5156
)
5257

5358
load_balancer.https_listener.add_targets(

awscdk/awscdk/cdk_app_root.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ def __init__(
9494
load_balancer=self.alb,
9595
cluster=self.ecs.cluster,
9696
environment_variables=self.variables,
97+
security_group=self.vpc.vpc.vpc_default_security_group,
9798
)
9899

99100
# migrate, collectstatic, createsuperuser

awscdk/stack.yml

Lines changed: 48 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -695,6 +695,8 @@ Resources:
695695
- - "{{resolve:secretsmanager:"
696696
- Ref: RdsDBClusterDBSecret28397CCA
697697
- :SecretString:password::}}
698+
- Name: SECRET_KEY
699+
Value: mysecretkey123
698700
Essential: true
699701
Image:
700702
Fn::Join:
@@ -715,7 +717,7 @@ Resources:
715717
- ContainerPort: 8000
716718
Protocol: tcp
717719
Secrets:
718-
- Name: SECRET_KEY
720+
- Name: DJANGO_SECRET_KEY
719721
ValueFrom:
720722
Ref: VariablesDjangoSecretKeyE4FA41EE
721723
Cpu: "256"
@@ -894,6 +896,8 @@ Resources:
894896
- - "{{resolve:secretsmanager:"
895897
- Ref: RdsDBClusterDBSecret28397CCA
896898
- :SecretString:password::}}
899+
- Name: SECRET_KEY
900+
Value: mysecretkey123
897901
Essential: true
898902
Image:
899903
Fn::Join:
@@ -911,7 +915,7 @@ Resources:
911915
awslogs-region: us-east-1
912916
Name: MigrateCommand
913917
Secrets:
914-
- Name: SECRET_KEY
918+
- Name: DJANGO_SECRET_KEY
915919
ValueFrom:
916920
Ref: VariablesDjangoSecretKeyE4FA41EE
917921
Cpu: "256"
@@ -1065,6 +1069,8 @@ Resources:
10651069
- - "{{resolve:secretsmanager:"
10661070
- Ref: RdsDBClusterDBSecret28397CCA
10671071
- :SecretString:password::}}
1072+
- Name: SECRET_KEY
1073+
Value: mysecretkey123
10681074
Essential: true
10691075
Image:
10701076
Fn::Join:
@@ -1082,7 +1088,7 @@ Resources:
10821088
awslogs-region: us-east-1
10831089
Name: CollecstaticCommand
10841090
Secrets:
1085-
- Name: SECRET_KEY
1091+
- Name: DJANGO_SECRET_KEY
10861092
ValueFrom:
10871093
Ref: VariablesDjangoSecretKeyE4FA41EE
10881094
Cpu: "256"
@@ -1170,6 +1176,43 @@ Resources:
11701176
Version: "2012-10-17"
11711177
Metadata:
11721178
aws:cdk:path: dev-mysite-com-stack/BackendTasks/CreateSuperuserTask/TaskRole/Resource
1179+
BackendTasksCreateSuperuserTaskTaskRoleDefaultPolicyF80ECD9D:
1180+
Type: AWS::IAM::Policy
1181+
Properties:
1182+
PolicyDocument:
1183+
Statement:
1184+
- Action:
1185+
- s3:GetObject*
1186+
- s3:GetBucket*
1187+
- s3:List*
1188+
- s3:DeleteObject*
1189+
- s3:PutObject*
1190+
- s3:Abort*
1191+
Effect: Allow
1192+
Resource:
1193+
- Fn::GetAtt:
1194+
- BackendAssetsAssetsBucket62473847
1195+
- Arn
1196+
- Fn::Join:
1197+
- ""
1198+
- - Fn::GetAtt:
1199+
- BackendAssetsAssetsBucket62473847
1200+
- Arn
1201+
- /*
1202+
- Action: secretsmanager:GetSecretValue
1203+
Effect: Allow
1204+
Resource:
1205+
Ref: VariablesDjangoSecretKeyE4FA41EE
1206+
- Action: secretsmanager:GetSecretValue
1207+
Effect: Allow
1208+
Resource:
1209+
Ref: RdsDBClusterDBSecret28397CCA
1210+
Version: "2012-10-17"
1211+
PolicyName: BackendTasksCreateSuperuserTaskTaskRoleDefaultPolicyF80ECD9D
1212+
Roles:
1213+
- Ref: BackendTasksCreateSuperuserTaskTaskRoleD91E1780
1214+
Metadata:
1215+
aws:cdk:path: dev-mysite-com-stack/BackendTasks/CreateSuperuserTask/TaskRole/DefaultPolicy/Resource
11731216
BackendTasksCreateSuperuserTask71A5D516:
11741217
Type: AWS::ECS::TaskDefinition
11751218
Properties:
@@ -1198,6 +1241,8 @@ Resources:
11981241
- - "{{resolve:secretsmanager:"
11991242
- Ref: RdsDBClusterDBSecret28397CCA
12001243
- :SecretString:password::}}
1244+
- Name: SECRET_KEY
1245+
Value: mysecretkey123
12011246
Essential: true
12021247
Image:
12031248
Fn::Join:

0 commit comments

Comments
 (0)