rstudio_fargate/rstudio/fargate/rstudio_ec2_stack.py [450:528]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - health_check_grace_period=cdk.Duration.seconds(900), ) rstudio_kms_policy = iam.PolicyStatement( actions=[ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", ], effect=iam.Effect.ALLOW, resources=["*"], ) rstudio_secret_policy = iam.PolicyStatement( actions=[ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", ], effect=iam.Effect.ALLOW, resources=[ f"arn:aws:secretsmanager:{self.region}:{self.account}:secret:*rstudio*" ], ) rstudio_service.task_definition.add_to_task_role_policy(rstudio_kms_policy) rstudio_service.task_definition.add_to_task_role_policy( rstudio_secret_policy ) rstudio_service.task_definition.add_to_execution_role_policy( rstudio_kms_policy ) rstudio_service.task_definition.add_to_execution_role_policy( rstudio_secret_policy ) encryption_key.grant_decrypt( rstudio_service.task_definition.obtain_execution_role() ) # Grant decrypt to task definition rstudio_secret.grant_read( rstudio_service.task_definition.obtain_execution_role() ) rstudio_service.node.add_dependency(rstudio_container) rstudio_service.target_group.configure_health_check( healthy_http_codes="200,301,302" ) cfn_service = rstudio_service.service.node.default_child cfn_service.add_override("Properties.EnableExecuteCommand", True) file_system_rstudio_hourly.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) file_system_rstudio_home.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) file_system_rstudio_instant.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) file_system_rstudio_shiny_share.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) rstudio_load_balancer_arn_list.append( rstudio_service.load_balancer.load_balancer_arn ) secretpass_arn_list.append(rstudio_secret.secret_arn) # Pass variables to other stacks self.rstudio_load_balancer_arn = [] self.secretpass_arn = [] self.rstudio_load_balancer_arn = rstudio_load_balancer_arn_list self.secretpass_arn = secretpass_arn_list - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - rstudio_fargate/rstudio/fargate/rstudio_fargate_stack.py [462:540]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - health_check_grace_period=cdk.Duration.seconds(900), ) rstudio_kms_policy = iam.PolicyStatement( actions=[ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", ], effect=iam.Effect.ALLOW, resources=["*"], ) rstudio_secret_policy = iam.PolicyStatement( actions=[ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", ], effect=iam.Effect.ALLOW, resources=[ f"arn:aws:secretsmanager:{self.region}:{self.account}:secret:*rstudio*" ], ) rstudio_service.task_definition.add_to_task_role_policy(rstudio_kms_policy) rstudio_service.task_definition.add_to_task_role_policy( rstudio_secret_policy ) rstudio_service.task_definition.add_to_execution_role_policy( rstudio_kms_policy ) rstudio_service.task_definition.add_to_execution_role_policy( rstudio_secret_policy ) encryption_key.grant_decrypt( rstudio_service.task_definition.obtain_execution_role() ) # Grant decrypt to task definition rstudio_secret.grant_read( rstudio_service.task_definition.obtain_execution_role() ) rstudio_service.node.add_dependency(rstudio_container) rstudio_service.target_group.configure_health_check( healthy_http_codes="200,301,302" ) cfn_service = rstudio_service.service.node.default_child cfn_service.add_override("Properties.EnableExecuteCommand", True) file_system_rstudio_hourly.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) file_system_rstudio_home.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) file_system_rstudio_instant.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) file_system_rstudio_shiny_share.connections.allow_from( rstudio_service.service, Port.tcp(2049) ) rstudio_load_balancer_arn_list.append( rstudio_service.load_balancer.load_balancer_arn ) secretpass_arn_list.append(rstudio_secret.secret_arn) # Pass variables to other stacks self.rstudio_load_balancer_arn = [] self.secretpass_arn = [] self.rstudio_load_balancer_arn = rstudio_load_balancer_arn_list self.secretpass_arn = secretpass_arn_list - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -