constructor()

in source/infrastructure/lib/ecs.ts [36:133]

• 86 lines of code
• 1 McCabe index (conditional complexity)

    constructor(scope: Construct, id: string, props: FargateECSTestRunnerContructProps) {
        super(scope, id);

        const dltEcr = new Repository(this, 'DLTECR', {
            imageScanOnPush: true
        });
        dltEcr.applyRemovalPolicy(RemovalPolicy.RETAIN);

        const dltEcsCluster = new CfnCluster(this, 'DLTEcsCluster', {
            clusterName: Aws.STACK_NAME,
            clusterSettings: [{ 'name': 'containerInsights', 'value': 'enabled' }],
            tags: [
                {
                    'key': 'SolutionId',
                    'value': props.solutionId
                },
                {
                    'key': 'CloudFormation Stack',
                    'value': Aws.STACK_NAME
                }
            ]

        });

        this.dltEcsClusterName = dltEcsCluster.ref;

        this.dltTaskExecutionRole = new Role(this, 'DLTTaskExecutionRole', {
            assumedBy: new ServicePrincipal('ecs-tasks.amazonaws.com'),
            managedPolicies: [ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonECSTaskExecutionRolePolicy')]
        });

        this.dltCloudWatchLogGroup = new LogGroup(this, 'DLTCloudWatchLogsGroup', {
            retention: RetentionDays.ONE_YEAR
        });
        const dltLogsGroupResource = this.dltCloudWatchLogGroup.node.defaultChild as CfnResource;
        dltLogsGroupResource.addMetadata('cfn_nag', {
            rules_to_suppress: [{
                id: 'W84',
                reason: 'KMS encryption unnecessary for log group'
            }]
        });

        const dltTaskDefinition = new CfnTaskDefinition(this, 'DLTTaskDefinition', {
            cpu: '2048',
            memory: '4096',
            networkMode: 'awsvpc',
            executionRoleArn: this.dltTaskExecutionRole.roleArn,
            requiresCompatibilities: ['FARGATE'],
            taskRoleArn: this.dltTaskExecutionRole.roleArn,
            containerDefinitions: [
                {
                    essential: true,
                    name: `${Aws.STACK_NAME}-load-tester`,
                    image: 'PUBLIC_ECR_REGISTRY/distributed-load-testing-on-aws-load-tester:PUBLIC_ECR_TAG',
                    memory: 4096,
                    logConfiguration: {
                        logDriver: 'awslogs',
                        options: {
                            'awslogs-group': this.dltCloudWatchLogGroup.logGroupName,
                            'awslogs-stream-prefix': 'load-testing',
                            'awslogs-region': `${Aws.REGION}`
                        }
                    }
                }
            ],
        });

        this.dltTaskDefinitionArn = dltTaskDefinition.ref;

        const dltEcsSecurityGroup = new CfnSecurityGroup(this, 'DLTEcsSecurityGroup', {
            vpcId: props.DLTfargateVpcId,
            groupDescription: 'DLTS Tasks Security Group'
        });
        dltEcsSecurityGroup.addMetadata('cfn_nag', {
            rules_to_suppress: [{
                id: 'W40',
                reason: 'IpProtocol set to -1 (any) as ports are not known prior to running tests'
            }]
        });

        this.dltSecurityGroupId = dltEcsSecurityGroup.ref;

        new CfnSecurityGroupEgress(this, 'DLTSecGroupEgress', {
            cidrIp: props.securityGroupEgress,
            description: 'Allow tasks to call out to external resources',
            groupId: dltEcsSecurityGroup.ref,
            ipProtocol: '-1'
        });

        new CfnSecurityGroupIngress(this, 'DLTSecGroupIngress', {
            description: 'Allow tasks to communicate',
            fromPort: 50000,
            groupId: dltEcsSecurityGroup.ref,
            ipProtocol: 'tcp',
            sourceSecurityGroupId: dltEcsSecurityGroup.ref,
            toPort: 50000
        });
    }