Merge branch 'master' into image-digest

packages/@aws-cdk/aws-ec2/lib/cfn-init-elements.ts

@@ -327,6 +327,9 @@ export abstract class InitFile extends InitElement {
    * Use a literal string as the file content
    */
   public static fromString(fileName: string, content: string, options: InitFileOptions = {}): InitFile {
+    if (!content) {
+      throw new Error(`InitFile ${fileName}: cannot create empty file. Please supply at least one character of content.`);
+    }
     return new class extends InitFile {
       protected _doBind(bindOptions: InitBindOptions) {
         return {

packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts

@@ -287,6 +287,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly KMS = new InterfaceVpcEndpointAwsService('kms');
   public static readonly CLOUDWATCH_LOGS = new InterfaceVpcEndpointAwsService('logs');
   public static readonly CLOUDWATCH = new InterfaceVpcEndpointAwsService('monitoring');
+  public static readonly RDS = new InterfaceVpcEndpointAwsService('rds');
   public static readonly SAGEMAKER_API = new InterfaceVpcEndpointAwsService('sagemaker.api');
   public static readonly SAGEMAKER_RUNTIME = new InterfaceVpcEndpointAwsService('sagemaker.runtime');
   public static readonly SAGEMAKER_RUNTIME_FIPS = new InterfaceVpcEndpointAwsService('sagemaker.runtime-fips');

packages/@aws-cdk/aws-ec2/package.json

@@ -233,6 +233,7 @@
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.KINESIS_STREAMS",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.KINESIS_FIREHOSE",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.KMS",
+      "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.RDS",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.SAGEMAKER_API",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.SAGEMAKER_NOTEBOOK",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.SAGEMAKER_RUNTIME",

packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts

@@ -206,6 +206,12 @@ describe('InitFile', () => {
     });
   });
 
+  test('empty content string throws error', () => {
+    expect(() => {
+      ec2.InitFile.fromString('/tmp/foo', '');
+    }).toThrow('InitFile /tmp/foo: cannot create empty file. Please supply at least one character of content.');
+  });
+
   test('symlink throws an error if mode is set incorrectly', () => {
     expect(() => {
       ec2.InitFile.symlink('/tmp/foo', '/tmp/bar', {

packages/@aws-cdk/aws-ecs/README.md

@@ -237,10 +237,22 @@ const container = ec2TaskDefinition.addContainer("WebContainer", {
 
 You can specify container properties when you add them to the task definition, or with various methods, e.g.:
 
+To add a port mapping when adding a container to the task definition, specify the `portMappings` option:
+
+```ts
+taskDefinition.addContainer("WebContainer", {
+  image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"),
+  memoryLimitMiB: 1024,
+  portMappings: [{ containerPort: 3000 }]
+});
+```
+
+To add port mappings directly to a container definition, call `addPortMappings()`:
+
 ```ts
 container.addPortMappings({
   containerPort: 3000
-})
+});
 ```
 
 To add data volumes to a task definition, call `addVolume()`:

packages/@aws-cdk/aws-ecs/lib/container-definition.ts

@@ -288,6 +288,12 @@ export interface ContainerDefinitionOptions {
    * @default - No GPUs assigned.
    */
   readonly gpuCount?: number;
+
+  /**
+   * The port mappings to add to the container definition.
+   * @default - No ports are mapped.
+   */
+  readonly portMappings?: PortMapping[];
 }
 
 /**
@@ -433,6 +439,10 @@ export class ContainerDefinition extends CoreConstruct {
     }
 
     props.taskDefinition._linkContainer(this);
+
+    if (props.portMappings) {
+      this.addPortMappings(...props.portMappings);
+    }
   }
 
   /**

packages/@aws-cdk/aws-ecs/lib/ec2/ec2-service.ts

@@ -229,9 +229,9 @@ export class Ec2Service extends BaseService implements IEc2Service {
     this.addPlacementConstraints(...props.placementConstraints || []);
     this.addPlacementStrategies(...props.placementStrategies || []);
 
-    if (!this.taskDefinition.defaultContainer) {
-      throw new Error('A TaskDefinition must have at least one essential container');
-    }
+    this.node.addValidation({
+      validate: () => !this.taskDefinition.defaultContainer ? ['A TaskDefinition must have at least one essential container'] : [],
+    });
   }
 
   /**

packages/@aws-cdk/aws-ecs/lib/fargate/fargate-service.ts

@@ -172,9 +172,9 @@ export class FargateService extends BaseService implements IFargateService {
 
     this.configureAwsVpcNetworkingWithSecurityGroups(props.cluster.vpc, props.assignPublicIp, props.vpcSubnets, securityGroups);
 
-    if (!props.taskDefinition.defaultContainer) {
-      throw new Error('A TaskDefinition must have at least one essential container');
-    }
+    this.node.addValidation({
+      validate: () => !this.taskDefinition.defaultContainer ? ['A TaskDefinition must have at least one essential container'] : [],
+    });
   }
 }
 

packages/@aws-cdk/aws-ecs/test/container-definition.test.ts

@@ -703,6 +703,55 @@ describe('container definition', () => {
 
   });
 
+  test('can add port mappings to the container definition by props', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef');
+
+    // WHEN
+    taskDefinition.addContainer('cont', {
+      image: ecs.ContainerImage.fromRegistry('test'),
+      memoryLimitMiB: 1024,
+      portMappings: [{ containerPort: 80 }],
+    });
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::ECS::TaskDefinition', {
+      ContainerDefinitions: [
+        {
+          PortMappings: [{ ContainerPort: 80 }],
+        },
+      ],
+    });
+  });
+
+  test('can add port mappings using props and addPortMappings and both are included', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef');
+
+    // WHEN
+    const containerDefinition = taskDefinition.addContainer('cont', {
+      image: ecs.ContainerImage.fromRegistry('test'),
+      memoryLimitMiB: 1024,
+      portMappings: [{ containerPort: 80 }],
+    });
+
+    containerDefinition.addPortMappings({ containerPort: 443 });
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::ECS::TaskDefinition', {
+      ContainerDefinitions: [
+        {
+          PortMappings: [
+            { ContainerPort: 80 },
+            { ContainerPort: 443 },
+          ],
+        },
+      ],
+    });
+  });
+
   describe('Environment Files', () => {
     describe('with EC2 task definitions', () => {
       test('can add asset environment file to the container definition', () => {

packages/@aws-cdk/aws-ecs/test/ec2/ec2-service.test.ts

@@ -1,4 +1,4 @@
-import { expect, haveResource } from '@aws-cdk/assert';
+import { expect, haveResource, haveResourceLike } from '@aws-cdk/assert';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as elb from '@aws-cdk/aws-elasticloadbalancing';
 import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2';
@@ -541,14 +541,48 @@ nodeunitShim({
       const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
       const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'Ec2TaskDef');
 
+      // Errors on validation, not on construction.
+      new ecs.Ec2Service(stack, 'Ec2Service', {
+        cluster,
+        taskDefinition,
+      });
+
       // THEN
       test.throws(() => {
-        new ecs.Ec2Service(stack, 'Ec2Service', {
-          cluster,
-          taskDefinition,
-        });
+        expect(stack);
+      }, /one essential container/);
+
+      test.done();
+    },
+
+    'allows adding the default container after creating the service'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'MyVpc', {});
+      const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+      cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new ec2.InstanceType('t2.micro') });
+      const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'Ec2TaskDef');
+
+      new ecs.Ec2Service(stack, 'FargateService', {
+        cluster,
+        taskDefinition,
       });
 
+      // Add the container *after* creating the service
+      taskDefinition.addContainer('main', {
+        image: ecs.ContainerImage.fromRegistry('somecontainer'),
+        memoryReservationMiB: 10,
+      });
+
+      // THEN
+      expect(stack).to(haveResourceLike('AWS::ECS::TaskDefinition', {
+        ContainerDefinitions: [
+          {
+            Name: 'main',
+          },
+        ],
+      }));
+
       test.done();
     },
 

packages/@aws-cdk/aws-ecs/test/fargate/fargate-service.test.ts

@@ -482,14 +482,46 @@ nodeunitShim({
       const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
       const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef');
 
+      // Errors on validation, not on construction.
+      new ecs.FargateService(stack, 'FargateService', {
+        cluster,
+        taskDefinition,
+      });
+
       // THEN
       test.throws(() => {
-        new ecs.FargateService(stack, 'FargateService', {
-          cluster,
-          taskDefinition,
-        });
+        expect(stack);
+      }, /one essential container/);
+
+      test.done();
+    },
+
+    'allows adding the default container after creating the service'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'MyVpc', {});
+      const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+      const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef');
+
+      new ecs.FargateService(stack, 'FargateService', {
+        cluster,
+        taskDefinition,
       });
 
+      // Add the container *after* creating the service
+      taskDefinition.addContainer('main', {
+        image: ecs.ContainerImage.fromRegistry('somecontainer'),
+      });
+
+      // THEN
+      expect(stack).to(haveResourceLike('AWS::ECS::TaskDefinition', {
+        ContainerDefinitions: [
+          {
+            Name: 'main',
+          },
+        ],
+      }));
+
       test.done();
     },
 

packages/@aws-cdk/aws-ecs/test/fargate/integ.lb-awsvpc-nw.ts

@@ -15,13 +15,12 @@ const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', {
   cpu: 512,
 });
 
-const container = taskDefinition.addContainer('web', {
+taskDefinition.addContainer('web', {
   image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
-});
-
-container.addPortMappings({
-  containerPort: 80,
-  protocol: ecs.Protocol.TCP,
+  portMappings: [{
+    containerPort: 80,
+    protocol: ecs.Protocol.TCP,
+  }],
 });
 
 const service = new ecs.FargateService(stack, 'Service', {

packages/@aws-cdk/aws-events-targets/README.md

@@ -27,6 +27,7 @@ Currently supported are:
 * Put a record to a Kinesis stream
 * Log an event into a LogGroup
 * Put a record to a Kinesis Data Firehose stream
+* Put an event on an EventBridge bus
 
 See the README of the `@aws-cdk/aws-events` library for more information on
 EventBridge.

packages/@aws-cdk/aws-events-targets/lib/event-bus.ts

@@ -0,0 +1,45 @@
+import * as events from '@aws-cdk/aws-events';
+import * as iam from '@aws-cdk/aws-iam';
+import { singletonEventRole } from './util';
+
+/**
+ * Configuration properties of an Event Bus event
+ */
+export interface EventBusProps {
+  /**
+   * Role to be used to publish the event
+   *
+   * @default a new role is created.
+   */
+  readonly role?: iam.IRole;
+}
+
+/**
+ * Notify an existing Event Bus of an event
+ */
+export class EventBus implements events.IRuleTarget {
+  private readonly role?: iam.IRole;
+
+  constructor(private readonly eventBus: events.IEventBus, props: EventBusProps = {}) {
+    this.role = props.role;
+  }
+
+  bind(rule: events.IRule, id?: string): events.RuleTargetConfig {
+    if (this.role) {
+      this.role.addToPrincipalPolicy(this.putEventStatement());
+    }
+    const role = this.role ?? singletonEventRole(rule, [this.putEventStatement()]);
+    return {
+      id: id ?? '',
+      arn: this.eventBus.eventBusArn,
+      role,
+    };
+  }
+
+  private putEventStatement() {
+    return new iam.PolicyStatement({
+      actions: ['events:PutEvents'],
+      resources: [this.eventBus.eventBusArn],
+    });
+  }
+}

packages/@aws-cdk/aws-events-targets/lib/index.ts

@@ -7,6 +7,7 @@ export * from './aws-api';
 export * from './lambda';
 export * from './ecs-task-properties';
 export * from './ecs-task';
+export * from './event-bus';
 export * from './state-machine';
 export * from './kinesis-stream';
 export * from './log-group';