in lib/addons/aws-node-termination-handler/index.ts [120:179]
private configureQueueMode(cluster: Cluster, serviceAccount: ServiceAccount, asgCapacity: AutoScalingGroup): any {
const queue = new Queue(cluster.stack, `aws-nth-queue`, {
retentionPeriod: Duration.minutes(5)
});
queue.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
principals: [
new iam.ServicePrincipal('events.amazonaws.com'),
new iam.ServicePrincipal('sqs.amazonaws.com'),
],
actions: ['sqs:SendMessage'],
resources: [queue.queueArn]
}));
// Setup a Termination Lifecycle Hook on an ASG
new LifecycleHook(cluster.stack, `aws-nth-lifecycle-hook`, {
lifecycleTransition: LifecycleTransition.INSTANCE_TERMINATING,
heartbeatTimeout: Duration.minutes(15),
notificationTarget: new QueueHook(queue),
autoScalingGroup: asgCapacity!
});
// Tag the ASG
const tags = [
{
Key: 'aws-node-termination-handler/managed',
Value: 'true'
}
];
tagAsg(cluster.stack, asgCapacity!.autoScalingGroupName, tags);
// Create Amazon EventBridge Rules
this.createEvents(cluster.stack, queue);
// Service Account Policy
serviceAccount.addToPrincipalPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
'autoscaling:CompleteLifecycleAction',
'autoscaling:DescribeAutoScalingInstances',
'autoscaling:DescribeTags'
],
resources: [asgCapacity!.autoScalingGroupArn]
}));
serviceAccount.addToPrincipalPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ['ec2:DescribeInstances'],
resources: ['*']
}));
queue.grantConsumeMessages(serviceAccount);
return {
enableSqsTerminationDraining: true,
queueURL: queue.queueUrl,
serviceAccount: {
create: false,
name: serviceAccount.serviceAccountName,
}
};
}