Merge pull request #64 from Komalis/feat/add-security-group-arg

feat: add security group as argument

Author: Komalis

easyecs/cloudformation/template/__init__.py

@@ -41,7 +41,12 @@ def create_template(
     ecs_cluster = create_ecs_cluster(stack, service_name, vpc)
     log_group = create_log_group(stack, service_name)
     sg = create_security_group(
-        stack, service_name, vpc, ecs_manifest, lb_security_group
+        stack,
+        service_name,
+        vpc,
+        ecs_manifest,
+        lb_security_group,
+        ecs_manifest.security_group_id,
     )
     task_definition = create_task_definition(
         stack,
@@ -300,11 +305,25 @@ def create_log_group(stack, service_name):
     return LogGroup(stack, log_group_name)
 
 
-def create_security_group(stack, service_name, vpc, ecs_manifest, lb_security_group):
+def create_security_group(
+    stack,
+    service_name,
+    vpc,
+    ecs_manifest,
+    lb_security_group,
+    security_group_id: str = None,
+):
     from aws_cdk.aws_ec2 import ISecurityGroup, SecurityGroup, Port
 
     sg_name = f"{service_name}-sg"
-    sg: ISecurityGroup = SecurityGroup(stack, sg_name, vpc=vpc, allow_all_outbound=True)
+    if security_group_id:
+        sg = SecurityGroup.from_security_group_id(
+            stack, sg_name, security_group_id=security_group_id, mutable=False
+        )
+    else:
+        sg: ISecurityGroup = SecurityGroup(
+            stack, sg_name, vpc=vpc, allow_all_outbound=True
+        )
     if ecs_manifest.load_balancer:
         sg.add_ingress_rule(
             peer=lb_security_group,

easyecs/cloudformation/template/task_definition.py

@@ -183,7 +183,6 @@ def extract_secrets(stack, secret_definitions, container_name):
                 raise ValueError(f"Invalid ARN format: {secret_definition.valueFrom}")
             secret_complete_arn = arn_fields[0].groupdict()["secret_complete_arn"]
             field = arn_fields[0].groupdict()["field"]
-            print(secret_definition.valueFrom)
             secret_name = secret_definition.name
             secret = Secret.from_secret_complete_arn(
                 stack, f"{secret_name}_{container_name}", secret_complete_arn

easyecs/model/ecs.py

@@ -112,7 +112,7 @@ class EcsFileContainerModel(BaseModel):
     volumes: List[str] = []
     healthcheck: Optional[EcsFileContainerHealthCheckModel] = None
     depends_on: Optional[Dict[str, Dict[str, str]]] = None
-    ports: Optional[List[str]] = None
+    ports: Optional[List[str]] = []
 
     @field_validator("volumes")
     def validate_volumes(cls, volumes):
@@ -212,3 +212,4 @@ class EcsFileModel(BaseModel):
     execution_role: EcsFileRoleModel
     task_definition: EcsTaskDefinitionModel
     load_balancer: Optional[EcsLoadBalancerModel] = None
+    security_group_id: Optional[str] = None

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "easyecs"
-version = "0.19.0"
+version = "0.20.0"
 description = ""
 authors = ["BONVARLET Benjamin <benjaminbonvarlet96@gmail.com>"]
 readme = "README.md"