7814377342
Changelog: * Upgraded CDK version to support EFS usage * Upgraded Fargate PlatformVersion to support EFS mounts * Refacored RDS contruct as per new CDK * Created a new LogGroup for OnDemand DagTasks * Added TAG for stack, to track resources belonging to this setup * Updated sample DAG to utilize EFS. Tasks Odd and Even will publish to EFS and Numbers will read from EFS * Now you can see logs from OnDemand tasks on Airflow UI, once task run finishes
37 lines
1.3 KiB
TypeScript
37 lines
1.3 KiB
TypeScript
import { Construct } from "@aws-cdk/core";
|
|
import { IManagedPolicy, ManagedPolicy, PolicyStatement } from "@aws-cdk/aws-iam";
|
|
|
|
export class PolicyConstruct extends Construct {
|
|
public readonly policyStatements?: PolicyStatement[];
|
|
public readonly managedPolicies?: IManagedPolicy[];
|
|
|
|
constructor(app: Construct, name: string,) {
|
|
super(app, name);
|
|
|
|
// Both managed policies and policy statements will be attached to Task Role of Airflow Instance
|
|
this.managedPolicies = [
|
|
ManagedPolicy.fromAwsManagedPolicyName("AmazonSQSFullAccess"),
|
|
ManagedPolicy.fromAwsManagedPolicyName("AmazonECS_FullAccess"),
|
|
ManagedPolicy.fromAwsManagedPolicyName("AmazonElasticFileSystemClientReadWriteAccess"),
|
|
ManagedPolicy.fromAwsManagedPolicyName("CloudWatchLogsReadOnlyAccess")
|
|
];
|
|
|
|
/*
|
|
You can add custom Policy Statements as well.
|
|
Sample code for SQS and IAM Full Access would like like:
|
|
|
|
this.policyStatements = [
|
|
new PolicyStatement({
|
|
actions: ["sqs:*"],
|
|
effect: Effect.ALLOW,
|
|
resources: ["*"]
|
|
}),
|
|
new PolicyStatement({
|
|
actions: ["iam:*"],
|
|
effect: Effect.ALLOW,
|
|
resources: ["*"]
|
|
})
|
|
]
|
|
*/
|
|
}
|
|
} |