Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support multiple GuInstanceRoles in a stack #332

Merged
merged 3 commits into from
Mar 24, 2021
Merged

feat: support multiple GuInstanceRoles in a stack #332

merged 3 commits into from
Mar 24, 2021

Conversation

akash1810
Copy link
Member

@akash1810 akash1810 commented Mar 18, 2021
edited
Loading

What does this change?

A GuInstanceRole provides the basic permissions needed by EC2, it grants access to:

  • SSM
  • Describing tags
  • Writing to kinesis for log shipping

#326 started the work to support the declaration of multiple apps in a stack, where an app is a collection of ASG, LB etc. However, when actually attempting to use the updated constructs in reality, the synth step failed due to multiple constructs using the same ID.

This change follows #341 and #337 and converts GuSSMRunCommandPolicy and GuDescribeEC2Policy to singletons. This means these policies will only get created once regardless of how many roles use them - there will be one policy with multiple roles attached to it. This helps keep the stack DRY and also reduces the chance of reaching the max file size limits of cloudformation.

The commits have been crafted to be standalone, reviewing them one by one might make the overall review easier.

Requires #341.

BREAKING CHANGE:

  • GuSSMRunCommandPolicy and GuDescribeEC2Policy can no longer be directly instantiated

Does this change require changes to existing projects or CDK CLI?

Ultimately no, as GuInstanceRole hasn't fundamentally changed.

How to test

See new test!

How can we measure success?

It's even more possible to declare multiple apps within a stack.

Have we considered potential risks?

n/a

@akash1810 akash1810 mentioned this pull request Mar 19, 2021
Merged
@akash1810 akash1810 force-pushed the aa-ssm-singleton branch 2 times, most recently from 9eca124 to d94951f Compare March 19, 2021 08:53
@akash1810 akash1810 mentioned this pull request Mar 19, 2021
Merged
@akash1810 akash1810 changed the base branch from main to aa-dist-bucket-singleton March 19, 2021 20:44
@akash1810 akash1810 force-pushed the aa-ssm-singleton branch 3 times, most recently from 8ddf842 to d638337 Compare March 19, 2021 21:43
@akash1810 akash1810 changed the title feat: make GuSSMRunCommandPolicy a singleton feat: support multiple GuInstanceRoles in a stack Mar 19, 2021
@akash1810 akash1810 marked this pull request as ready for review March 19, 2021 22:10
@akash1810 akash1810 requested a review from a team March 19, 2021 22:10
akash1810
akash1810 commented Mar 19, 2021
View reviewed changes
src/constructs/iam/roles/instance-role.test.ts
@@ -36,4 +36,20 @@ describe("The GuInstanceRole construct", () => {
expect(stack).toCountResources("AWS::IAM::Role", 1);
expect(stack).toCountResources("AWS::IAM::Policy", 5);
});

it("should be possible to create multiple instance roles in a single stack", () => {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the most interesting part of this PR 😅 .

Base automatically changed from aa-dist-bucket-singleton to main March 24, 2021 10:31
akash1810 added a commit that referenced this pull request Mar 24, 2021
@akash1810
feat: make GuDistributionBucketParameter a singleton (#341)
1260ce2 
Following #337 and part of a bigger bit of work in #332, this makes `GuDistributionBucketParameter` a singleton as we only ever want one of them in a stack.

BREAKING CHANGE:
* The removal of the static `parameterName` field means `GuDistributionBucketParameter.parameterName` becomes `GuDistributionBucketParameter.getInstance(stack).id`
@akash1810
feat: make GuSSMRunCommandPolicy a singleton
4479fd3 
GuSSMRunCommandPolicy doesn't need to be declared multiple times in a multi-app stack, make it a singleton to enforce this.
@akash1810
feat: make GuDescribeEC2Policy a singleton
f11b384
@akash1810
test: add test for a stack with multiple GuInstanceRoles
12204d5
philmcmahon
philmcmahon approved these changes Mar 24, 2021
View reviewed changes
Copy link
Contributor

@philmcmahon philmcmahon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sounds like a good change to me 👍🏻

best stack ever

@akash1810 akash1810 merged commit bff9009 into main Mar 24, 2021
@akash1810 akash1810 deleted the aa-ssm-singleton branch March 24, 2021 10:45
@github-actions
Copy link
Contributor

🎉 This PR is included in version 6.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philmcmahon philmcmahon philmcmahon approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@akash1810 @philmcmahon