slipdexic · slipdexic · Aug 20, 2019 · Aug 19, 2019 · Aug 19, 2019 · Aug 19, 2019
diff --git a/packages/@aws-cdk/aws-ecr/lib/repository.ts b/packages/@aws-cdk/aws-ecr/lib/repository.ts
@@ -179,7 +179,7 @@ export abstract class RepositoryBase extends Resource implements IRepository {
       grantee,
       actions,
       resourceArns: [this.repositoryArn],
-      resourceSelfArns: ['*'],
+      resourceSelfArns: [],
       resource: this,
     });
   }

diff --git a/packages/@aws-cdk/aws-ecr/test/test.repository.ts b/packages/@aws-cdk/aws-ecr/test/test.repository.ts
@@ -377,7 +377,6 @@ export = {
             ],
             "Effect": "Allow",
             "Principal": "*",
-            "Resource": "*",
           }
         ],
         "Version": "2012-10-17"

diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/base/load-balanced-service-base.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/base/load-balanced-service-base.ts
@@ -18,49 +18,56 @@ export enum LoadBalancerType {
  */
 export interface LoadBalancedServiceBaseProps {
   /**
-   * The cluster where your service will be deployed
-   * You can only specify either vpc or cluster. Alternatively, you can leave both blank
+   * The name of the cluster that hosts the service.
    *
-   * @default - create a new cluster; if you do not specify a cluster nor a vpc, a new VPC will be created for you as well
+   * You can only specify either vpc or cluster. Alternatively, you can leave both blank.
+   * @default - create a new cluster; if you do not specify a cluster nor a vpc, a new VPC will be created for you as well.
    */
   readonly cluster?: ICluster;
 
   /**
-   * VPC that the cluster instances or tasks are running in
-   * You can only specify either vpc or cluster. Alternatively, you can leave both blank
+   * The VPC where the ECS instances will be running or the ENIs will be deployed.
    *
-   * @default - use vpc of cluster or create a new one
+   * You can only specify either vpc or cluster. Alternatively, you can leave both blank.
+   * @default - uses the vpc defined in the cluster or creates a new one.
    */
   readonly vpc?: IVpc;
 
   /**
-   * The image to start.
+   * The image used to start a container.
    */
   readonly image: ContainerImage;
 
   /**
-   * The container port of the application load balancer attached to your Fargate service. Corresponds to container port mapping.
+   * The port number on the container that is bound to the user-specified or automatically assigned host port.
+   *
+   * If you are using containers in a task with the awsvpc or host network mode, exposed ports should be specified using containerPort.
+   * If you are using containers in a task with the bridge network mode and you specify a container port and not a host port,
+   * your container automatically receives a host port in the ephemeral port range.
+   *
+   * For more information, see hostPort.
+   * Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
    *
    * @default 80
    */
   readonly containerPort?: number;
 
   /**
-   * Determines whether the Application Load Balancer will be internet-facing
+   * Determines whether the Load Balancer will be internet-facing.
    *
    * @default true
    */
   readonly publicLoadBalancer?: boolean;
 
   /**
-   * Number of desired copies of running tasks
+   * The desired number of instantiations of the task definition to keep running on the service.
    *
    * @default 1
    */
   readonly desiredCount?: number;
 
   /**
-   * Whether to create an application load balancer or a network load balancer
+   * The type of the load balancer to be used.
    *
    * @default application
    */
@@ -75,28 +82,28 @@ export interface LoadBalancedServiceBaseProps {
   readonly certificate?: ICertificate;
 
   /**
-   * Environment variables to pass to the container
+   * The environment variables to pass to the container.
    *
    * @default - No environment variables.
    */
   readonly environment?: { [key: string]: string };
 
   /**
-   * Secret environment variables to pass to the container
+   * The secret environment variables to pass to the container
    *
    * @default - No secret environment variables.
    */
   readonly secrets?: { [key: string]: Secret };
 
   /**
-   * Whether to create an AWS log driver
+   * Flag to indicate whether to enable logging.
    *
    * @default true
    */
   readonly enableLogging?: boolean;
 
   /**
-   * Determines whether your Fargate Service will be assigned a public IP address.
+   * Determines whether the Service will be assigned a public IP address.
    *
    * @default false
    */
@@ -124,23 +131,23 @@ export interface LoadBalancedServiceBaseProps {
   readonly executionRole?: IRole;
 
   /**
-   * Override for the Fargate Task Definition task role
+   * The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf.
    *
-   * @default - No value
+   * @default - A task role is automatically created for you.
    */
   readonly taskRole?: IRole;
 
   /**
-   * Override value for the container name
+   * The container name value to be specified in the task definition.
    *
-   * @default - No value
+   * @default - none
    */
   readonly containerName?: string;
 
   /**
-   * Override value for the service name
+   * The name of the service.
    *
-   * @default CloudFormation-generated name
+   * @default - CloudFormation-generated name.
    */
   readonly serviceName?: string;
 
@@ -166,7 +173,9 @@ export interface LoadBalancedServiceBaseProps {
  */
 export abstract class LoadBalancedServiceBase extends cdk.Construct {
   public readonly assignPublicIp: boolean;
-
+  /**
+   * The desired number of instantiations of the task definition to keep running on the service.
+   */
   public readonly desiredCount: number;
 
   public readonly loadBalancerType: LoadBalancerType;
@@ -176,7 +185,9 @@ export abstract class LoadBalancedServiceBase extends cdk.Construct {
   public readonly listener: ApplicationListener | NetworkListener;
 
   public readonly targetGroup: ApplicationTargetGroup | NetworkTargetGroup;
-
+  /**
+   * The cluster that hosts the service.
+   */
   public readonly cluster: ICluster;
 
   public readonly logDriver?: LogDriver;

diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/base/queue-processing-service-base.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/base/queue-processing-service-base.ts
@@ -9,27 +9,23 @@ import { CfnOutput, Construct, Stack } from '@aws-cdk/core';
  */
 export interface QueueProcessingServiceBaseProps {
   /**
-   * The cluster where your service will be deployed
-   * You can only specify either vpc or cluster. Alternatively, you can leave both blank
+   * The name of the cluster that hosts the service.
    *
-   * @default - create a new cluster; if you do not specify a cluster nor a vpc, a new VPC will be created for you as well
+   * You can only specify either vpc or cluster. Alternatively, you can leave both blank.
+   * @default - create a new cluster; if you do not specify a cluster nor a vpc, a new VPC will be created for you as well.
    */
   readonly cluster?: ICluster;
 
   /**
-   * VPC that the cluster instances or tasks are running in
-   * You can only specify either vpc or cluster. Alternatively, you can leave both blank
+   * The VPC where the ECS instances will be running or the ENIs will be deployed.
    *
-   * @default - use vpc of cluster or create a new one
+   * You can only specify either vpc or cluster. Alternatively, you can leave both blank.
+   * @default - uses the vpc defined in the cluster or creates a new one.
    */
   readonly vpc?: IVpc;
 
   /**
    * The image used to start a container.
-   *
-   * This string is passed directly to the Docker daemon.
-   * Images in the Docker Hub registry are available by default.
-   * Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
    */
   readonly image: ContainerImage;
 
@@ -50,7 +46,7 @@ export interface QueueProcessingServiceBaseProps {
   readonly desiredTaskCount?: number;
 
   /**
-   * Flag to indicate whether to enable logging
+   * Flag to indicate whether to enable logging.
    *
    * @default true
    */
@@ -67,7 +63,7 @@ export interface QueueProcessingServiceBaseProps {
   readonly environment?: { [key: string]: string };
 
   /**
-   * Secret environment variables to pass to the container
+   * The secret environment variables to pass to the container.
    *
    * @default - No secret environment variables.
    */
@@ -131,22 +127,22 @@ export abstract class QueueProcessingServiceBase extends Construct {
   public readonly environment: { [key: string]: string };
 
   /**
-   * Secret environment variables
+   * The secret environment variables.
    */
   public readonly secrets?: { [key: string]: Secret };
 
   /**
-   * The minimum number of tasks to run
+   * The minimum number of tasks to run.
    */
   public readonly desiredCount: number;
 
   /**
-   * The maximum number of instances for autoscaling to scale up to
+   * The maximum number of instances for autoscaling to scale up to.
    */
   public readonly maxCapacity: number;
 
   /**
-   * The scaling interval for autoscaling based off an SQS Queue size
+   * The scaling interval for autoscaling based off an SQS Queue size.
    */
   public readonly scalingSteps: ScalingInterval[];
   /**

diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/base/scheduled-task-base.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/base/scheduled-task-base.ts
@@ -1,24 +1,32 @@
 import { Schedule } from "@aws-cdk/aws-applicationautoscaling";
-import { AwsLogDriver, ContainerImage, ICluster, LogDriver, Secret, TaskDefinition } from "@aws-cdk/aws-ecs";
+import { IVpc } from '@aws-cdk/aws-ec2';
+import { AwsLogDriver, Cluster, ContainerImage, ICluster, LogDriver, Secret, TaskDefinition } from "@aws-cdk/aws-ecs";
 import { Rule } from "@aws-cdk/aws-events";
 import { EcsTask } from "@aws-cdk/aws-events-targets";
-import { Construct } from "@aws-cdk/core";
+import { Construct, Stack } from "@aws-cdk/core";
 
 /**
  * The properties for the base ScheduledEc2Task or ScheduledFargateTask task.
  */
 export interface ScheduledTaskBaseProps {
   /**
    * The name of the cluster that hosts the service.
+   *
+   * You can only specify either vpc or cluster. Alternatively, you can leave both blank.
+   * @default - create a new cluster; if you do not specify a cluster nor a vpc, a new VPC will be created for you as well.
    */
-  readonly cluster: ICluster;
+  readonly cluster?: ICluster;
 
   /**
-   * The image used to start a container.
+   * The VPC where the ECS instances will be running or the ENIs will be deployed.
    *
-   * This string is passed directly to the Docker daemon.
-   * Images in the Docker Hub registry are available by default.
-   * Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
+   * You can only specify either vpc or cluster. Alternatively, you can leave both blank.
+   * @default - uses the vpc defined in the cluster or creates a new one.
+   */
+  readonly vpc?: IVpc;
+
+  /**
+   * The image used to start a container.
    */
   readonly image: ContainerImage;
 
@@ -55,7 +63,7 @@ export interface ScheduledTaskBaseProps {
   readonly environment?: { [key: string]: string };
 
   /**
-   * Secret environment variables to pass to the container
+   * The secret environment variables to pass to the container
    *
    * @default - No secret environment variables.
    */
@@ -93,7 +101,7 @@ export abstract class ScheduledTaskBase extends Construct {
   constructor(scope: Construct, id: string, props: ScheduledTaskBaseProps) {
     super(scope, id);
 
-    this.cluster = props.cluster;
+    this.cluster = props.cluster || this.getDefaultCluster(this, props.vpc);
     this.desiredTaskCount = props.desiredTaskCount || 1;
 
     // An EventRule that describes the event trigger (in this case a scheduled run)
@@ -124,6 +132,13 @@ export abstract class ScheduledTaskBase extends Construct {
     return eventRuleTarget;
   }
 
+  protected getDefaultCluster(scope: Construct, vpc?: IVpc): Cluster {
+    // magic string to avoid collision with user-defined constructs
+    const DEFAULT_CLUSTER_ID = `EcsDefaultClusterMnL3mNNYN${vpc ? vpc.node.id : ''}`;
+    const stack = Stack.of(scope);
+    return stack.node.tryFindChild(DEFAULT_CLUSTER_ID) as Cluster || new Cluster(stack, DEFAULT_CLUSTER_ID, { vpc });
+  }
+
   /**
    * Create an AWS Log Driver with the provided streamPrefix
    *

diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/load-balanced-ecs-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/load-balanced-ecs-service.ts
@@ -10,10 +10,15 @@ export interface LoadBalancedEc2ServiceProps extends LoadBalancedServiceBaseProp
   /**
    * The number of cpu units used by the task.
    * Valid values, which determines your range of valid values for the memory parameter:
+   *
    * 256 (.25 vCPU) - Available memory values: 0.5GB, 1GB, 2GB
+   *
    * 512 (.5 vCPU) - Available memory values: 1GB, 2GB, 3GB, 4GB
+   *
    * 1024 (1 vCPU) - Available memory values: 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB
+   *
    * 2048 (2 vCPU) - Available memory values: Between 4GB and 16GB in 1GB increments
+   *
    * 4096 (4 vCPU) - Available memory values: Between 8GB and 30GB in 1GB increments
    *
    * This default is set in the underlying FargateTaskDefinition construct.
@@ -49,7 +54,7 @@ export interface LoadBalancedEc2ServiceProps extends LoadBalancedServiceBaseProp
 }
 
 /**
- * A single task running on an ECS cluster fronted by a load balancer
+ * An EC2 service running on an ECS cluster fronted by a load balancer.
  */
 export class LoadBalancedEc2Service extends LoadBalancedServiceBase {
 

diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts
@@ -7,9 +7,22 @@ import { QueueProcessingServiceBase, QueueProcessingServiceBaseProps } from '../
  */
 export interface QueueProcessingEc2ServiceProps extends QueueProcessingServiceBaseProps {
   /**
-   * The minimum number of CPU units to reserve for the container.
+   * The number of cpu units used by the task.
+   * Valid values, which determines your range of valid values for the memory parameter:
    *
-   * @default - No minimum CPU units reserved.
+   * 256 (.25 vCPU) - Available memory values: 0.5GB, 1GB, 2GB
+   *
+   * 512 (.5 vCPU) - Available memory values: 1GB, 2GB, 3GB, 4GB
+   *
+   * 1024 (1 vCPU) - Available memory values: 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB
+   *
+   * 2048 (2 vCPU) - Available memory values: Between 4GB and 16GB in 1GB increments
+   *
+   * 4096 (4 vCPU) - Available memory values: Between 8GB and 30GB in 1GB increments
+   *
+   * This default is set in the underlying FargateTaskDefinition construct.
+   *
+   * @default none
    */
   readonly cpu?: number;
 
@@ -41,7 +54,7 @@ export interface QueueProcessingEc2ServiceProps extends QueueProcessingServiceBa
 }
 
 /**
- * Class to create a queue processing Ec2 service
+ * Class to create a queue processing EC2 service.
  */
 export class QueueProcessingEc2Service extends QueueProcessingServiceBase {
 

diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/scheduled-ecs-task.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/scheduled-ecs-task.ts
@@ -41,7 +41,7 @@ export interface ScheduledEc2TaskProps extends ScheduledTaskBaseProps {
 }
 
 /**
- * A scheduled Ec2 task that will be initiated off of cloudwatch events.
+ * A scheduled EC2 task that will be initiated off of cloudwatch events.
  */
 export class ScheduledEc2Task extends ScheduledTaskBase {
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     /**
-     * A scheduled Ec2 task that will be initiated off of cloudwatch events.
+     * A scheduled EC2 task that will be initiated off of cloudwatch events.
      */
     export class ScheduledEc2Task extends ScheduledTaskBase {
@@ Expand Down @@