aws-ecs: canContainersAccessInstanceRole option is ignored #20293
Description
Describe the bug
If you set canContainersAccessInstanceRole: true on an AsgCapacityProvider that setting is ignored if you don't also specify it when calling addAsgCapacityProvider.
const ingestCapacityProvider = (this.capacityProvider =
new ecs.AsgCapacityProvider(this, "IngestCapacityProvider", {
autoScalingGroup,
enableManagedScaling: true,
enableManagedTerminationProtection: true,
// needed so containers can find instance private ip
canContainersAccessInstanceRole: true, // this is ignored?
}));
ingestCluster.addAsgCapacityProvider(ingestCapacityProvider, {
// needed so containers can find instance private ip
canContainersAccessInstanceRole: true, // this is applied?
});Expected Behavior
When I set canContainersAccessInstanceRole: true on an AsgCapacityProvider I expect the resulting LaunchTemplate/instances to be allowed to access EC2 metadata service.
Current Behavior
When I set canContainersAccessInstanceRole: true on an AsgCapacityProvider the setting is ignored and the resulting LaunchTemplate/instances block ECS/docker from accessing the EC2 metadata service.
Reproduction Steps
const ingestCapacityProvider = (this.capacityProvider =
new ecs.AsgCapacityProvider(this, "IngestCapacityProvider", {
autoScalingGroup,
enableManagedScaling: true,
enableManagedTerminationProtection: true,
// needed so containers can find instance private ip
canContainersAccessInstanceRole: true, // this is ignored?
}));
ingestCluster.addAsgCapacityProvider(ingestCapacityProvider, {
// needed so containers can find instance private ip
canContainersAccessInstanceRole: true, // this is applied?
});Possible Solution
Remove the option from AsgCapacityProvider since it is ignored anyways.
Additional Information/Context
No response
CDK CLI Version
2.23.0 (build 50444aa)
Framework Version
No response
Node.js Version
v16.13.0
OS
macos/linux
Language
Typescript
Language Version
No response
Other information
No response