Skip to content

Commit

Permalink
Use AccessPoints
Browse files Browse the repository at this point in the history
  • Loading branch information
ingalls committed Oct 20, 2024
1 parent de0d1b0 commit dc68681
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 4 deletions.
38 changes: 34 additions & 4 deletions cloudformation/lib/api.js
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,11 @@ export default {
},
TaskDefinition: {
Type: 'AWS::ECS::TaskDefinition',
DependsOn: ['LDAPMasterSecret'],
DependsOn: [
'LDAPMasterSecret',
'EFSAccessPointLDAP',
'EFSAccessPointSLAPD'
],
Properties: {
Family: cf.stackName,
Cpu: 1024,
Expand All @@ -162,17 +166,35 @@ export default {
ExecutionRoleArn: cf.getAtt('ExecRole', 'Arn'),
TaskRoleArn: cf.getAtt('TaskRole', 'Arn'),
Volumes: [{
Name: cf.stackName,
Name: cf.join([cf.stackName, '-ldap']),
EFSVolumeConfiguration: {
FilesystemId: cf.ref('EFS')
FilesystemId: cf.ref('EFS'),
TransitEncryption: 'ENABLED',
AuthorizationConfig: {
AccessPointId: cf.ref('EFSAccessPointLDAP')
},
RootDirectory: '/'
}
},{
Name: cf.join([cf.stackName, '-slapd']),
EFSVolumeConfiguration: {
FilesystemId: cf.ref('EFS'),
TransitEncryption: 'ENABLED',
AuthorizationConfig: {
AccessPointId: cf.ref('EFSAccessPointSLAPD')
},
RootDirectory: '/'
}
}],
ContainerDefinitions: [{
Name: 'api',
Image: cf.join([cf.accountId, '.dkr.ecr.', cf.region, '.amazonaws.com/coe-ecr-auth:', cf.ref('GitSha')]),
MountPoints: [{
ContainerPath: '/var/lib/ldap',
SourceVolume: cf.stackName
SourceVolume: cf.join([cf.stackName, '-ldap']),
}, {
ContainerPath: '/etc/ldap/slapd.d',
SourceVolume: cf.join([cf.stackName, '-slapd']),
}],
PortMappings: [{
ContainerPort: 389
Expand Down Expand Up @@ -248,6 +270,14 @@ export default {
API: {
Description: 'API ELB',
Value: cf.join(['http://', cf.getAtt('ELB', 'DNSName')])
},
LDAPAdminUsername: {
Description: 'LDAP Admin Username',
Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:username:AWSCURRENT}}')
},
LDAPAdminPassword: {
Description: 'LDAP Admin Password',
Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:password:AWSCURRENT}}')
}
}
};
36 changes: 36 additions & 0 deletions cloudformation/lib/efs.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,42 @@ export default {
}]
}
},
EFSAccessPointLDAP: {
Type: 'AWS::EFS::AccessPoint',
Properties: {
FileSystemId: cf.ref('EFS'),
PosixUser: {
Uid: 0,
Gid: 0
},
RootDirectory: {
CreationInfo: {
OwnerGid: 0,
OwnerUid: 0,
Permissions: '0777'
},
Path: '/ldap'
},
}
},
EFSAccessPointSLAPD: {
Type: 'AWS::EFS::AccessPoint',
Properties: {
FileSystemId: cf.ref('EFS'),
PosixUser: {
Uid: 0,
Gid: 0
},
RootDirectory: {
CreationInfo: {
OwnerGid: 0,
OwnerUid: 0,
Permissions: '0777'
},
Path: '/slapd.d'
},
}
},
EFSMountTargetSubnetPrivateA: {
Type: 'AWS::EFS::MountTarget',
Properties: {
Expand Down

0 comments on commit dc68681

Please sign in to comment.