in packages/aws-rfdk/lib/deadline/lib/secrets-management.ts [172:221]
private runPythonScript(props: SecretsManagementIdentityRegistrationProps, localScriptFile: string) {
// The command-line arguments to be passed to the script that configures the Deadline identity registration
// settings
const scriptArgs = Lazy.list({
produce: () => {
return ([] as string[]).concat(
[
// Region
'--region',
Stack.of(this).region,
// Admin credentials
'--credentials',
`"${this.adminCredentials.secretArn}"`,
],
// Subnets of the load balancer
(
props.renderQueueSubnets
.subnetIds
.map(subnetID => `--connection-subnet "${subnetID}"`)
),
// Subnets of RFDK Deadline Client constructs
(
Array.from(this.subnetRegistrations.entries())
// Each setting becomes a comma (,) separated string of fields
// <SUBNET_ID>,<ROLE>,<REGISTRATION_STATUS>
.map(subnetRegistrationEntry => {
const [subnetID, registrationSettingEffect] = subnetRegistrationEntry;
return [
subnetID,
registrationSettingEffect.role.toString(),
(registrationSettingEffect.registrationStatus).toString(),
].join(',');
})
// convert into argument key/value pair
.map(joinedSubnetArgValue => `--source-subnet "${joinedSubnetArgValue}"`)
),
);
},
});
// We can't use ScriptAsset.executeOn(...) because we need to run as "ec2-user".
// This is because Repository.configureClientInstance(...) used above will store the credentials
// in a per-user credential store that is only available to "ec2-user".
props.deploymentInstance.userData.addCommands(
`sudo --login -u ec2-user ${localScriptFile} ` + Fn.join(
' ',
scriptArgs,
),
);
}