def create_task_definition()

in cdk/cdk-domainless-mode/cdk/cdk_stack.py [0:0]

• 50 lines of code
• 1 McCabe index (conditional complexity)

    def create_task_definition(self, task_definition_template_name):
        role = iam.Role(self, "CredentialsFetcher-ECSTaskExecutionRolegMSA", role_name="CredentialsFetcher-ECSTaskExecutionRolegMSA",
                            assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"))
        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("SecretsManagerReadWrite"))
        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonS3FullAccess"))
        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AWSDirectoryServiceFullAccess"))
        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMFullAccess"))
        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonECS_FullAccess"))
        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonEC2ContainerRegistryFullAccess"))
        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonElasticContainerRegistryPublicFullAccess"))

         # Create the policy statement
        ssm_messages_policy_statement = iam.PolicyStatement(
            effect=iam.Effect.ALLOW,
            actions=["ssmmessages:CreateControlChannel"],
            resources=["*"]
        )

        # Create the policy statement
        ssm_messages_policy_statement = iam.PolicyStatement(
            effect=iam.Effect.ALLOW,
            actions=["ssmmessages:CreateDataChannel"],
            resources=["*"]
        )
         # Create the policy statement
        ssm_messages_policy_statement = iam.PolicyStatement(
            effect=iam.Effect.ALLOW,
            actions=["ssmmessages:OpenControlChannel"],
            resources=["*"]
        )

        # Create the policy statement
        ssm_messages_policy_statement = iam.PolicyStatement(
            effect=iam.Effect.ALLOW,
            actions=["ssmmessages:OpenDataChannel"],
            resources=["*"]
        )
        role.add_to_principal_policy(ssm_messages_policy_statement)

        # Create task definition
        task_definition = ecs.TaskDefinition(self, task_definition_template_name,
                                            compatibility=ecs.Compatibility.EC2_AND_FARGATE,
                                            cpu="1024",
                                            memory_mib="2048",
                                            task_role=role,
                                            execution_role=role
                                            )

        container_definition = task_definition.add_container(
            "MyContainer",
            image=ecs.ContainerImage.from_registry("nginx:latest"),
            memory_reservation_mib=128,
            start_timeout=duration.seconds(120),
            stop_timeout=duration.seconds(60)
        )
        # Add credspecs using boto

        task_definition.node.add_dependency(role)
        task_definition.node.add_dependency(self.vpc)
        task_definition.node.add_dependency(self.security_group)
        task_definition.node.add_dependency(self.cfn_microsoft_AD)

        return task_definition