search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.35k stars 3.77k forks source link

aws-ecs: Enable Ephemeral storage encryption in ECS Cluster L2 construct #30721

Open jaecktec opened 4 days ago

jaecktec commented 4 days ago

Describe the feature

Add properties to L2 ecs CLuster construct to support ephemeral storage configuration

Use Case

Right now to enable this feature I need to edit the L1 construct like this: 

const cfnCluster = cluster.node.defaultChild as CfnCluster;
cfnCluster.configuration = {
  ...cfnCluster.configuration,
  managedStorageConfiguration: {
    ...cfnCluster.configuration,
    fargateEphemeralStorageKmsKeyId: key.keyId,
  },
};

and adjusting the key policy according to the developer guide.

Proposed Solution

L2 Construct should support setting the new feature of ephermal storage encryption which adds the keys + updates the key policy

Other Information

Developer Guide: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-create-storage-key.html Ephemeral Storage Encryption: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html

Acknowledgements

CDK version used

2.147.0

Environment details (OS name and version, etc.)

-

ashishdhingra commented 4 days ago

@jaecktec Thanks for submitting feature request and nominating to submit a PR.