1 | ;
|
2 | var _a, _b;
|
3 | Object.defineProperty(exports, "__esModule", { value: true });
|
4 | exports.PropagatedTagSource = exports.DeploymentControllerType = exports.LaunchType = exports.BaseService = exports.ListenerConfig = void 0;
|
5 | const jsiiDeprecationWarnings = require("../../.warnings.jsii.js");
|
6 | const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
7 | const appscaling = require("@aws-cdk/aws-applicationautoscaling");
|
8 | const cloudwatch = require("@aws-cdk/aws-cloudwatch");
|
9 | const ec2 = require("@aws-cdk/aws-ec2");
|
10 | const elbv2 = require("@aws-cdk/aws-elasticloadbalancingv2");
|
11 | const iam = require("@aws-cdk/aws-iam");
|
12 | const cloudmap = require("@aws-cdk/aws-servicediscovery");
|
13 | const core_1 = require("@aws-cdk/core");
|
14 | const task_definition_1 = require("../base/task-definition");
|
15 | const cluster_1 = require("../cluster");
|
16 | const ecs_generated_1 = require("../ecs.generated");
|
17 | const scalable_task_count_1 = require("./scalable-task-count");
|
18 | /**
|
19 | * Base class for configuring listener when registering targets.
|
20 | */
|
21 | class ListenerConfig {
|
22 | /**
|
23 | * Create a config for adding target group to ALB listener.
|
24 | */
|
25 | static applicationListener(listener, props) {
|
26 | return new ApplicationListenerConfig(listener, props);
|
27 | }
|
28 | /**
|
29 | * Create a config for adding target group to NLB listener.
|
30 | */
|
31 | static networkListener(listener, props) {
|
32 | return new NetworkListenerConfig(listener, props);
|
33 | }
|
34 | }
|
35 | exports.ListenerConfig = ListenerConfig;
|
36 | _a = JSII_RTTI_SYMBOL_1;
|
37 | ListenerConfig[_a] = { fqn: "@aws-cdk/aws-ecs.ListenerConfig", version: "1.156.1" };
|
38 | /**
|
39 | * Class for configuring application load balancer listener when registering targets.
|
40 | */
|
41 | class ApplicationListenerConfig extends ListenerConfig {
|
42 | constructor(listener, props) {
|
43 | super();
|
44 | this.listener = listener;
|
45 | this.props = props;
|
46 | }
|
47 | /**
|
48 | * Create and attach a target group to listener.
|
49 | */
|
50 | addTargets(id, target, service) {
|
51 | var _c;
|
52 | const props = this.props || {};
|
53 | const protocol = props.protocol;
|
54 | const port = (_c = props.port) !== null && _c !== void 0 ? _c : (protocol === elbv2.ApplicationProtocol.HTTPS ? 443 : 80);
|
55 | this.listener.addTargets(id, {
|
56 | ...props,
|
57 | targets: [
|
58 | service.loadBalancerTarget({
|
59 | ...target,
|
60 | }),
|
61 | ],
|
62 | port,
|
63 | });
|
64 | }
|
65 | }
|
66 | /**
|
67 | * Class for configuring network load balancer listener when registering targets.
|
68 | */
|
69 | class NetworkListenerConfig extends ListenerConfig {
|
70 | constructor(listener, props) {
|
71 | super();
|
72 | this.listener = listener;
|
73 | this.props = props;
|
74 | }
|
75 | /**
|
76 | * Create and attach a target group to listener.
|
77 | */
|
78 | addTargets(id, target, service) {
|
79 | var _c, _d;
|
80 | const port = (_d = (_c = this.props) === null || _c === void 0 ? void 0 : _c.port) !== null && _d !== void 0 ? _d : 80;
|
81 | this.listener.addTargets(id, {
|
82 | ...this.props,
|
83 | targets: [
|
84 | service.loadBalancerTarget({
|
85 | ...target,
|
86 | }),
|
87 | ],
|
88 | port,
|
89 | });
|
90 | }
|
91 | }
|
92 | /**
|
93 | * The base class for Ec2Service and FargateService services.
|
94 | */
|
95 | class BaseService extends core_1.Resource {
|
96 | /**
|
97 | * Constructs a new instance of the BaseService class.
|
98 | */
|
99 | constructor(scope, id, props, additionalProps, taskDefinition) {
|
100 | var _c, _d, _e, _f, _g, _h, _j, _k, _l;
|
101 | super(scope, id, {
|
102 | physicalName: props.serviceName,
|
103 | });
|
104 | /**
|
105 | * The security groups which manage the allowed network traffic for the service.
|
106 | */
|
107 | this.connections = new ec2.Connections();
|
108 | /**
|
109 | * A list of Elastic Load Balancing load balancer objects, containing the load balancer name, the container
|
110 | * name (as it appears in a container definition), and the container port to access from the load balancer.
|
111 | */
|
112 | this.loadBalancers = new Array();
|
113 | /**
|
114 | * The details of the service discovery registries to assign to this service.
|
115 | * For more information, see Service Discovery.
|
116 | */
|
117 | this.serviceRegistries = new Array();
|
118 | try {
|
119 | jsiiDeprecationWarnings._aws_cdk_aws_ecs_BaseServiceProps(props);
|
120 | jsiiDeprecationWarnings._aws_cdk_aws_ecs_TaskDefinition(taskDefinition);
|
121 | }
|
122 | catch (error) {
|
123 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
124 | Error.captureStackTrace(error, this.constructor);
|
125 | }
|
126 | throw error;
|
127 | }
|
128 | if (props.propagateTags && props.propagateTaskTagsFrom) {
|
129 | throw new Error('You can only specify either propagateTags or propagateTaskTagsFrom. Alternatively, you can leave both blank');
|
130 | }
|
131 | this.taskDefinition = taskDefinition;
|
132 | // launchType will set to undefined if using external DeploymentController or capacityProviderStrategies
|
133 | const launchType = ((_c = props.deploymentController) === null || _c === void 0 ? void 0 : _c.type) === DeploymentControllerType.EXTERNAL ||
|
134 | props.capacityProviderStrategies !== undefined ?
|
135 | undefined : props.launchType;
|
136 | const propagateTagsFromSource = (_e = (_d = props.propagateTaskTagsFrom) !== null && _d !== void 0 ? _d : props.propagateTags) !== null && _e !== void 0 ? _e : PropagatedTagSource.NONE;
|
137 | this.resource = new ecs_generated_1.CfnService(this, 'Service', {
|
138 | desiredCount: props.desiredCount,
|
139 | serviceName: this.physicalName,
|
140 | loadBalancers: core_1.Lazy.any({ produce: () => this.loadBalancers }, { omitEmptyArray: true }),
|
141 | deploymentConfiguration: {
|
142 | maximumPercent: props.maxHealthyPercent || 200,
|
143 | minimumHealthyPercent: props.minHealthyPercent === undefined ? 50 : props.minHealthyPercent,
|
144 | deploymentCircuitBreaker: props.circuitBreaker ? {
|
145 | enable: true,
|
146 | rollback: (_f = props.circuitBreaker.rollback) !== null && _f !== void 0 ? _f : false,
|
147 | } : undefined,
|
148 | },
|
149 | propagateTags: propagateTagsFromSource === PropagatedTagSource.NONE ? undefined : props.propagateTags,
|
150 | enableEcsManagedTags: (_g = props.enableECSManagedTags) !== null && _g !== void 0 ? _g : false,
|
151 | deploymentController: props.circuitBreaker ? {
|
152 | type: DeploymentControllerType.ECS,
|
153 | } : props.deploymentController,
|
154 | launchType: launchType,
|
155 | enableExecuteCommand: props.enableExecuteCommand,
|
156 | capacityProviderStrategy: props.capacityProviderStrategies,
|
157 | healthCheckGracePeriodSeconds: this.evaluateHealthGracePeriod(props.healthCheckGracePeriod),
|
158 | /* role: never specified, supplanted by Service Linked Role */
|
159 | networkConfiguration: core_1.Lazy.any({ produce: () => this.networkConfiguration }, { omitEmptyArray: true }),
|
160 | serviceRegistries: core_1.Lazy.any({ produce: () => this.serviceRegistries }, { omitEmptyArray: true }),
|
161 | ...additionalProps,
|
162 | });
|
163 | if (((_h = props.deploymentController) === null || _h === void 0 ? void 0 : _h.type) === DeploymentControllerType.EXTERNAL) {
|
164 | core_1.Annotations.of(this).addWarning('taskDefinition and launchType are blanked out when using external deployment controller.');
|
165 | }
|
166 | this.serviceArn = this.getResourceArnAttribute(this.resource.ref, {
|
167 | service: 'ecs',
|
168 | resource: 'service',
|
169 | resourceName: `${props.cluster.clusterName}/${this.physicalName}`,
|
170 | });
|
171 | this.serviceName = this.getResourceNameAttribute(this.resource.attrName);
|
172 | this.cluster = props.cluster;
|
173 | if (props.cloudMapOptions) {
|
174 | this.enableCloudMap(props.cloudMapOptions);
|
175 | }
|
176 | if (props.enableExecuteCommand) {
|
177 | this.enableExecuteCommand();
|
178 | const logging = (_k = (_j = this.cluster.executeCommandConfiguration) === null || _j === void 0 ? void 0 : _j.logging) !== null && _k !== void 0 ? _k : cluster_1.ExecuteCommandLogging.DEFAULT;
|
179 | if ((_l = this.cluster.executeCommandConfiguration) === null || _l === void 0 ? void 0 : _l.kmsKey) {
|
180 | this.enableExecuteCommandEncryption(logging);
|
181 | }
|
182 | if (logging !== cluster_1.ExecuteCommandLogging.NONE) {
|
183 | this.executeCommandLogConfiguration();
|
184 | }
|
185 | }
|
186 | this.node.defaultChild = this.resource;
|
187 | }
|
188 | /**
|
189 | * Import an existing ECS/Fargate Service using the service cluster format.
|
190 | * The format is the "new" format "arn:aws:ecs:region:aws_account_id:service/cluster-name/service-name".
|
191 | * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#ecs-resource-ids
|
192 | */
|
193 | static fromServiceArnWithCluster(scope, id, serviceArn) {
|
194 | const stack = core_1.Stack.of(scope);
|
195 | const arn = stack.splitArn(serviceArn, core_1.ArnFormat.SLASH_RESOURCE_NAME);
|
196 | const resourceName = arn.resourceName;
|
197 | if (!resourceName) {
|
198 | throw new Error('Missing resource Name from service ARN: ${serviceArn}');
|
199 | }
|
200 | const resourceNameParts = resourceName.split('/');
|
201 | if (resourceNameParts.length !== 2) {
|
202 | throw new Error(`resource name ${resourceName} from service ARN: ${serviceArn} is not using the ARN cluster format`);
|
203 | }
|
204 | const clusterName = resourceNameParts[0];
|
205 | const serviceName = resourceNameParts[1];
|
206 | const clusterArn = core_1.Stack.of(scope).formatArn({
|
207 | partition: arn.partition,
|
208 | region: arn.region,
|
209 | account: arn.account,
|
210 | service: 'ecs',
|
211 | resource: 'cluster',
|
212 | resourceName: clusterName,
|
213 | });
|
214 | const cluster = cluster_1.Cluster.fromClusterArn(scope, `${id}Cluster`, clusterArn);
|
215 | class Import extends core_1.Resource {
|
216 | constructor() {
|
217 | super(...arguments);
|
218 | this.serviceArn = serviceArn;
|
219 | this.serviceName = serviceName;
|
220 | this.cluster = cluster;
|
221 | }
|
222 | }
|
223 | return new Import(scope, id, {
|
224 | environmentFromArn: serviceArn,
|
225 | });
|
226 | }
|
227 | /**
|
228 | * The CloudMap service created for this service, if any.
|
229 | */
|
230 | get cloudMapService() {
|
231 | return this.cloudmapService;
|
232 | }
|
233 | executeCommandLogConfiguration() {
|
234 | var _c, _d;
|
235 | const logConfiguration = (_c = this.cluster.executeCommandConfiguration) === null || _c === void 0 ? void 0 : _c.logConfiguration;
|
236 | this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
|
237 | actions: [
|
238 | 'logs:DescribeLogGroups',
|
239 | ],
|
240 | resources: ['*'],
|
241 | }));
|
242 | const logGroupArn = (logConfiguration === null || logConfiguration === void 0 ? void 0 : logConfiguration.cloudWatchLogGroup) ? `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:log-group:${logConfiguration.cloudWatchLogGroup.logGroupName}:*` : '*';
|
243 | this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
|
244 | actions: [
|
245 | 'logs:CreateLogStream',
|
246 | 'logs:DescribeLogStreams',
|
247 | 'logs:PutLogEvents',
|
248 | ],
|
249 | resources: [logGroupArn],
|
250 | }));
|
251 | if ((_d = logConfiguration === null || logConfiguration === void 0 ? void 0 : logConfiguration.s3Bucket) === null || _d === void 0 ? void 0 : _d.bucketName) {
|
252 | this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
|
253 | actions: [
|
254 | 's3:GetBucketLocation',
|
255 | ],
|
256 | resources: ['*'],
|
257 | }));
|
258 | this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
|
259 | actions: [
|
260 | 's3:PutObject',
|
261 | ],
|
262 | resources: [`arn:${this.stack.partition}:s3:::${logConfiguration.s3Bucket.bucketName}/*`],
|
263 | }));
|
264 | if (logConfiguration.s3EncryptionEnabled) {
|
265 | this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
|
266 | actions: [
|
267 | 's3:GetEncryptionConfiguration',
|
268 | ],
|
269 | resources: [`arn:${this.stack.partition}:s3:::${logConfiguration.s3Bucket.bucketName}`],
|
270 | }));
|
271 | }
|
272 | }
|
273 | }
|
274 | enableExecuteCommandEncryption(logging) {
|
275 | var _c, _d, _e, _f, _g, _h, _j, _k;
|
276 | this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
|
277 | actions: [
|
278 | 'kms:Decrypt',
|
279 | 'kms:GenerateDataKey',
|
280 | ],
|
281 | resources: [`${(_d = (_c = this.cluster.executeCommandConfiguration) === null || _c === void 0 ? void 0 : _c.kmsKey) === null || _d === void 0 ? void 0 : _d.keyArn}`],
|
282 | }));
|
283 | (_f = (_e = this.cluster.executeCommandConfiguration) === null || _e === void 0 ? void 0 : _e.kmsKey) === null || _f === void 0 ? void 0 : _f.addToResourcePolicy(new iam.PolicyStatement({
|
284 | actions: [
|
285 | 'kms:*',
|
286 | ],
|
287 | resources: ['*'],
|
288 | principals: [new iam.ArnPrincipal(`arn:${this.stack.partition}:iam::${this.env.account}:root`)],
|
289 | }));
|
290 | if (logging === cluster_1.ExecuteCommandLogging.DEFAULT || ((_h = (_g = this.cluster.executeCommandConfiguration) === null || _g === void 0 ? void 0 : _g.logConfiguration) === null || _h === void 0 ? void 0 : _h.cloudWatchEncryptionEnabled)) {
|
291 | (_k = (_j = this.cluster.executeCommandConfiguration) === null || _j === void 0 ? void 0 : _j.kmsKey) === null || _k === void 0 ? void 0 : _k.addToResourcePolicy(new iam.PolicyStatement({
|
292 | actions: [
|
293 | 'kms:Encrypt*',
|
294 | 'kms:Decrypt*',
|
295 | 'kms:ReEncrypt*',
|
296 | 'kms:GenerateDataKey*',
|
297 | 'kms:Describe*',
|
298 | ],
|
299 | resources: ['*'],
|
300 | principals: [new iam.ServicePrincipal(`logs.${this.env.region}.amazonaws.com`)],
|
301 | conditions: {
|
302 | ArnLike: { 'kms:EncryptionContext:aws:logs:arn': `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:*` },
|
303 | },
|
304 | }));
|
305 | }
|
306 | }
|
307 | /**
|
308 | * This method is called to attach this service to an Application Load Balancer.
|
309 | *
|
310 | * Don't call this function directly. Instead, call `listener.addTargets()`
|
311 | * to add this service to a load balancer.
|
312 | */
|
313 | attachToApplicationTargetGroup(targetGroup) {
|
314 | return this.defaultLoadBalancerTarget.attachToApplicationTargetGroup(targetGroup);
|
315 | }
|
316 | /**
|
317 | * Registers the service as a target of a Classic Load Balancer (CLB).
|
318 | *
|
319 | * Don't call this. Call `loadBalancer.addTarget()` instead.
|
320 | */
|
321 | attachToClassicLB(loadBalancer) {
|
322 | return this.defaultLoadBalancerTarget.attachToClassicLB(loadBalancer);
|
323 | }
|
324 | /**
|
325 | * Return a load balancing target for a specific container and port.
|
326 | *
|
327 | * Use this function to create a load balancer target if you want to load balance to
|
328 | * another container than the first essential container or the first mapped port on
|
329 | * the container.
|
330 | *
|
331 | * Use the return value of this function where you would normally use a load balancer
|
332 | * target, instead of the `Service` object itself.
|
333 | *
|
334 | * @example
|
335 | *
|
336 | * declare const listener: elbv2.ApplicationListener;
|
337 | * declare const service: ecs.BaseService;
|
338 | * listener.addTargets('ECS', {
|
339 | * port: 80,
|
340 | * targets: [service.loadBalancerTarget({
|
341 | * containerName: 'MyContainer',
|
342 | * containerPort: 1234,
|
343 | * })],
|
344 | * });
|
345 | */
|
346 | loadBalancerTarget(options) {
|
347 | try {
|
348 | jsiiDeprecationWarnings._aws_cdk_aws_ecs_LoadBalancerTargetOptions(options);
|
349 | }
|
350 | catch (error) {
|
351 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
352 | Error.captureStackTrace(error, this.loadBalancerTarget);
|
353 | }
|
354 | throw error;
|
355 | }
|
356 | const self = this;
|
357 | const target = this.taskDefinition._validateTarget(options);
|
358 | const connections = self.connections;
|
359 | return {
|
360 | attachToApplicationTargetGroup(targetGroup) {
|
361 | targetGroup.registerConnectable(self, self.taskDefinition._portRangeFromPortMapping(target.portMapping));
|
362 | return self.attachToELBv2(targetGroup, target.containerName, target.portMapping.containerPort);
|
363 | },
|
364 | attachToNetworkTargetGroup(targetGroup) {
|
365 | return self.attachToELBv2(targetGroup, target.containerName, target.portMapping.containerPort);
|
366 | },
|
367 | connections,
|
368 | attachToClassicLB(loadBalancer) {
|
369 | return self.attachToELB(loadBalancer, target.containerName, target.portMapping.containerPort);
|
370 | },
|
371 | };
|
372 | }
|
373 | /**
|
374 | * Use this function to create all load balancer targets to be registered in this service, add them to
|
375 | * target groups, and attach target groups to listeners accordingly.
|
376 | *
|
377 | * Alternatively, you can use `listener.addTargets()` to create targets and add them to target groups.
|
378 | *
|
379 | * @example
|
380 | *
|
381 | * declare const listener: elbv2.ApplicationListener;
|
382 | * declare const service: ecs.BaseService;
|
383 | * service.registerLoadBalancerTargets(
|
384 | * {
|
385 | * containerName: 'web',
|
386 | * containerPort: 80,
|
387 | * newTargetGroupId: 'ECS',
|
388 | * listener: ecs.ListenerConfig.applicationListener(listener, {
|
389 | * protocol: elbv2.ApplicationProtocol.HTTPS
|
390 | * }),
|
391 | * },
|
392 | * )
|
393 | */
|
394 | registerLoadBalancerTargets(...targets) {
|
395 | try {
|
396 | jsiiDeprecationWarnings._aws_cdk_aws_ecs_EcsTarget(targets);
|
397 | }
|
398 | catch (error) {
|
399 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
400 | Error.captureStackTrace(error, this.registerLoadBalancerTargets);
|
401 | }
|
402 | throw error;
|
403 | }
|
404 | for (const target of targets) {
|
405 | target.listener.addTargets(target.newTargetGroupId, {
|
406 | containerName: target.containerName,
|
407 | containerPort: target.containerPort,
|
408 | protocol: target.protocol,
|
409 | }, this);
|
410 | }
|
411 | }
|
412 | /**
|
413 | * This method is called to attach this service to a Network Load Balancer.
|
414 | *
|
415 | * Don't call this function directly. Instead, call `listener.addTargets()`
|
416 | * to add this service to a load balancer.
|
417 | */
|
418 | attachToNetworkTargetGroup(targetGroup) {
|
419 | return this.defaultLoadBalancerTarget.attachToNetworkTargetGroup(targetGroup);
|
420 | }
|
421 | /**
|
422 | * An attribute representing the minimum and maximum task count for an AutoScalingGroup.
|
423 | */
|
424 | autoScaleTaskCount(props) {
|
425 | if (this.scalableTaskCount) {
|
426 | throw new Error('AutoScaling of task count already enabled for this service');
|
427 | }
|
428 | return this.scalableTaskCount = new scalable_task_count_1.ScalableTaskCount(this, 'TaskCount', {
|
429 | serviceNamespace: appscaling.ServiceNamespace.ECS,
|
430 | resourceId: `service/${this.cluster.clusterName}/${this.serviceName}`,
|
431 | dimension: 'ecs:service:DesiredCount',
|
432 | role: this.makeAutoScalingRole(),
|
433 | ...props,
|
434 | });
|
435 | }
|
436 | /**
|
437 | * Enable CloudMap service discovery for the service
|
438 | *
|
439 | * @returns The created CloudMap service
|
440 | */
|
441 | enableCloudMap(options) {
|
442 | var _c;
|
443 | try {
|
444 | jsiiDeprecationWarnings._aws_cdk_aws_ecs_CloudMapOptions(options);
|
445 | }
|
446 | catch (error) {
|
447 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
448 | Error.captureStackTrace(error, this.enableCloudMap);
|
449 | }
|
450 | throw error;
|
451 | }
|
452 | const sdNamespace = (_c = options.cloudMapNamespace) !== null && _c !== void 0 ? _c : this.cluster.defaultCloudMapNamespace;
|
453 | if (sdNamespace === undefined) {
|
454 | throw new Error('Cannot enable service discovery if a Cloudmap Namespace has not been created in the cluster.');
|
455 | }
|
456 | // Determine DNS type based on network mode
|
457 | const networkMode = this.taskDefinition.networkMode;
|
458 | if (networkMode === task_definition_1.NetworkMode.NONE) {
|
459 | throw new Error('Cannot use a service discovery if NetworkMode is None. Use Bridge, Host or AwsVpc instead.');
|
460 | }
|
461 | // Bridge or host network mode requires SRV records
|
462 | let dnsRecordType = options.dnsRecordType;
|
463 | if (networkMode === task_definition_1.NetworkMode.BRIDGE || networkMode === task_definition_1.NetworkMode.HOST) {
|
464 | if (dnsRecordType === undefined) {
|
465 | dnsRecordType = cloudmap.DnsRecordType.SRV;
|
466 | }
|
467 | if (dnsRecordType !== cloudmap.DnsRecordType.SRV) {
|
468 | throw new Error('SRV records must be used when network mode is Bridge or Host.');
|
469 | }
|
470 | }
|
471 | // Default DNS record type for AwsVpc network mode is A Records
|
472 | if (networkMode === task_definition_1.NetworkMode.AWS_VPC) {
|
473 | if (dnsRecordType === undefined) {
|
474 | dnsRecordType = cloudmap.DnsRecordType.A;
|
475 | }
|
476 | }
|
477 | const { containerName, containerPort } = determineContainerNameAndPort({
|
478 | taskDefinition: this.taskDefinition,
|
479 | dnsRecordType: dnsRecordType,
|
480 | container: options.container,
|
481 | containerPort: options.containerPort,
|
482 | });
|
483 | const cloudmapService = new cloudmap.Service(this, 'CloudmapService', {
|
484 | namespace: sdNamespace,
|
485 | name: options.name,
|
486 | dnsRecordType: dnsRecordType,
|
487 | customHealthCheck: { failureThreshold: options.failureThreshold || 1 },
|
488 | dnsTtl: options.dnsTtl,
|
489 | });
|
490 | const serviceArn = cloudmapService.serviceArn;
|
491 | // add Cloudmap service to the ECS Service's serviceRegistry
|
492 | this.addServiceRegistry({
|
493 | arn: serviceArn,
|
494 | containerName,
|
495 | containerPort,
|
496 | });
|
497 | this.cloudmapService = cloudmapService;
|
498 | return cloudmapService;
|
499 | }
|
500 | /**
|
501 | * Associates this service with a CloudMap service
|
502 | */
|
503 | associateCloudMapService(options) {
|
504 | try {
|
505 | jsiiDeprecationWarnings._aws_cdk_aws_ecs_AssociateCloudMapServiceOptions(options);
|
506 | }
|
507 | catch (error) {
|
508 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
509 | Error.captureStackTrace(error, this.associateCloudMapService);
|
510 | }
|
511 | throw error;
|
512 | }
|
513 | const service = options.service;
|
514 | const { containerName, containerPort } = determineContainerNameAndPort({
|
515 | taskDefinition: this.taskDefinition,
|
516 | dnsRecordType: service.dnsRecordType,
|
517 | container: options.container,
|
518 | containerPort: options.containerPort,
|
519 | });
|
520 | // add Cloudmap service to the ECS Service's serviceRegistry
|
521 | this.addServiceRegistry({
|
522 | arn: service.serviceArn,
|
523 | containerName,
|
524 | containerPort,
|
525 | });
|
526 | }
|
527 | /**
|
528 | * This method returns the specified CloudWatch metric name for this service.
|
529 | */
|
530 | metric(metricName, props) {
|
531 | return new cloudwatch.Metric({
|
532 | namespace: 'AWS/ECS',
|
533 | metricName,
|
534 | dimensionsMap: { ClusterName: this.cluster.clusterName, ServiceName: this.serviceName },
|
535 | ...props,
|
536 | }).attachTo(this);
|
537 | }
|
538 | /**
|
539 | * This method returns the CloudWatch metric for this service's memory utilization.
|
540 | *
|
541 | * @default average over 5 minutes
|
542 | */
|
543 | metricMemoryUtilization(props) {
|
544 | return this.metric('MemoryUtilization', props);
|
545 | }
|
546 | /**
|
547 | * This method returns the CloudWatch metric for this service's CPU utilization.
|
548 | *
|
549 | * @default average over 5 minutes
|
550 | */
|
551 | metricCpuUtilization(props) {
|
552 | return this.metric('CPUUtilization', props);
|
553 | }
|
554 | /**
|
555 | * This method is called to create a networkConfiguration.
|
556 | * @deprecated use configureAwsVpcNetworkingWithSecurityGroups instead.
|
557 | */
|
558 | // eslint-disable-next-line max-len
|
559 | configureAwsVpcNetworking(vpc, assignPublicIp, vpcSubnets, securityGroup) {
|
560 | try {
|
561 | jsiiDeprecationWarnings.print("@aws-cdk/aws-ecs.BaseService#configureAwsVpcNetworking", "use configureAwsVpcNetworkingWithSecurityGroups instead.");
|
562 | }
|
563 | catch (error) {
|
564 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
565 | Error.captureStackTrace(error, this.configureAwsVpcNetworking);
|
566 | }
|
567 | throw error;
|
568 | }
|
569 | if (vpcSubnets === undefined) {
|
570 | vpcSubnets = assignPublicIp ? { subnetType: ec2.SubnetType.PUBLIC } : {};
|
571 | }
|
572 | if (securityGroup === undefined) {
|
573 | securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', { vpc });
|
574 | }
|
575 | this.connections.addSecurityGroup(securityGroup);
|
576 | this.networkConfiguration = {
|
577 | awsvpcConfiguration: {
|
578 | assignPublicIp: assignPublicIp ? 'ENABLED' : 'DISABLED',
|
579 | subnets: vpc.selectSubnets(vpcSubnets).subnetIds,
|
580 | securityGroups: core_1.Lazy.list({ produce: () => [securityGroup.securityGroupId] }),
|
581 | },
|
582 | };
|
583 | }
|
584 | /**
|
585 | * This method is called to create a networkConfiguration.
|
586 | */
|
587 | // eslint-disable-next-line max-len
|
588 | configureAwsVpcNetworkingWithSecurityGroups(vpc, assignPublicIp, vpcSubnets, securityGroups) {
|
589 | if (vpcSubnets === undefined) {
|
590 | vpcSubnets = assignPublicIp ? { subnetType: ec2.SubnetType.PUBLIC } : {};
|
591 | }
|
592 | if (securityGroups === undefined || securityGroups.length === 0) {
|
593 | securityGroups = [new ec2.SecurityGroup(this, 'SecurityGroup', { vpc })];
|
594 | }
|
595 | securityGroups.forEach((sg) => { this.connections.addSecurityGroup(sg); }, this);
|
596 | this.networkConfiguration = {
|
597 | awsvpcConfiguration: {
|
598 | assignPublicIp: assignPublicIp ? 'ENABLED' : 'DISABLED',
|
599 | subnets: vpc.selectSubnets(vpcSubnets).subnetIds,
|
600 | securityGroups: securityGroups.map((sg) => sg.securityGroupId),
|
601 | },
|
602 | };
|
603 | }
|
604 | renderServiceRegistry(registry) {
|
605 | return {
|
606 | registryArn: registry.arn,
|
607 | containerName: registry.containerName,
|
608 | containerPort: registry.containerPort,
|
609 | };
|
610 | }
|
611 | /**
|
612 | * Shared logic for attaching to an ELB
|
613 | */
|
614 | attachToELB(loadBalancer, containerName, containerPort) {
|
615 | if (this.taskDefinition.networkMode === task_definition_1.NetworkMode.AWS_VPC) {
|
616 | throw new Error('Cannot use a Classic Load Balancer if NetworkMode is AwsVpc. Use Host or Bridge instead.');
|
617 | }
|
618 | if (this.taskDefinition.networkMode === task_definition_1.NetworkMode.NONE) {
|
619 | throw new Error('Cannot use a Classic Load Balancer if NetworkMode is None. Use Host or Bridge instead.');
|
620 | }
|
621 | this.loadBalancers.push({
|
622 | loadBalancerName: loadBalancer.loadBalancerName,
|
623 | containerName,
|
624 | containerPort,
|
625 | });
|
626 | }
|
627 | /**
|
628 | * Shared logic for attaching to an ELBv2
|
629 | */
|
630 | attachToELBv2(targetGroup, containerName, containerPort) {
|
631 | if (this.taskDefinition.networkMode === task_definition_1.NetworkMode.NONE) {
|
632 | throw new Error('Cannot use a load balancer if NetworkMode is None. Use Bridge, Host or AwsVpc instead.');
|
633 | }
|
634 | this.loadBalancers.push({
|
635 | targetGroupArn: targetGroup.targetGroupArn,
|
636 | containerName,
|
637 | containerPort,
|
638 | });
|
639 | // Service creation can only happen after the load balancer has
|
640 | // been associated with our target group(s), so add ordering dependency.
|
641 | this.resource.node.addDependency(targetGroup.loadBalancerAttached);
|
642 | const targetType = this.taskDefinition.networkMode === task_definition_1.NetworkMode.AWS_VPC ? elbv2.TargetType.IP : elbv2.TargetType.INSTANCE;
|
643 | return { targetType };
|
644 | }
|
645 | get defaultLoadBalancerTarget() {
|
646 | return this.loadBalancerTarget({
|
647 | containerName: this.taskDefinition.defaultContainer.containerName,
|
648 | });
|
649 | }
|
650 | /**
|
651 | * Generate the role that will be used for autoscaling this service
|
652 | */
|
653 | makeAutoScalingRole() {
|
654 | // Use a Service Linked Role.
|
655 | return iam.Role.fromRoleArn(this, 'ScalingRole', core_1.Stack.of(this).formatArn({
|
656 | region: '',
|
657 | service: 'iam',
|
658 | resource: 'role/aws-service-role/ecs.application-autoscaling.amazonaws.com',
|
659 | resourceName: 'AWSServiceRoleForApplicationAutoScaling_ECSService',
|
660 | }));
|
661 | }
|
662 | /**
|
663 | * Associate Service Discovery (Cloud Map) service
|
664 | */
|
665 | addServiceRegistry(registry) {
|
666 | if (this.serviceRegistries.length >= 1) {
|
667 | throw new Error('Cannot associate with the given service discovery registry. ECS supports at most one service registry per service.');
|
668 | }
|
669 | const sr = this.renderServiceRegistry(registry);
|
670 | this.serviceRegistries.push(sr);
|
671 | }
|
672 | /**
|
673 | * Return the default grace period when load balancers are configured and
|
674 | * healthCheckGracePeriod is not already set
|
675 | */
|
676 | evaluateHealthGracePeriod(providedHealthCheckGracePeriod) {
|
677 | return core_1.Lazy.any({
|
678 | produce: () => { var _c; return (_c = providedHealthCheckGracePeriod === null || providedHealthCheckGracePeriod === void 0 ? void 0 : providedHealthCheckGracePeriod.toSeconds()) !== null && _c !== void 0 ? _c : (this.loadBalancers.length > 0 ? 60 : undefined); },
|
679 | });
|
680 | }
|
681 | enableExecuteCommand() {
|
682 | this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({
|
683 | actions: [
|
684 | 'ssmmessages:CreateControlChannel',
|
685 | 'ssmmessages:CreateDataChannel',
|
686 | 'ssmmessages:OpenControlChannel',
|
687 | 'ssmmessages:OpenDataChannel',
|
688 | ],
|
689 | resources: ['*'],
|
690 | }));
|
691 | }
|
692 | }
|
693 | exports.BaseService = BaseService;
|
694 | _b = JSII_RTTI_SYMBOL_1;
|
695 | BaseService[_b] = { fqn: "@aws-cdk/aws-ecs.BaseService", version: "1.156.1" };
|
696 | /**
|
697 | * The launch type of an ECS service
|
698 | */
|
699 | var LaunchType;
|
700 | (function (LaunchType) {
|
701 | /**
|
702 | * The service will be launched using the EC2 launch type
|
703 | */
|
704 | LaunchType["EC2"] = "EC2";
|
705 | /**
|
706 | * The service will be launched using the FARGATE launch type
|
707 | */
|
708 | LaunchType["FARGATE"] = "FARGATE";
|
709 | /**
|
710 | * The service will be launched using the EXTERNAL launch type
|
711 | */
|
712 | LaunchType["EXTERNAL"] = "EXTERNAL";
|
713 | })(LaunchType = exports.LaunchType || (exports.LaunchType = {}));
|
714 | /**
|
715 | * The deployment controller type to use for the service.
|
716 | */
|
717 | var DeploymentControllerType;
|
718 | (function (DeploymentControllerType) {
|
719 | /**
|
720 | * The rolling update (ECS) deployment type involves replacing the current
|
721 | * running version of the container with the latest version.
|
722 | */
|
723 | DeploymentControllerType["ECS"] = "ECS";
|
724 | /**
|
725 | * The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by AWS CodeDeploy
|
726 | */
|
727 | DeploymentControllerType["CODE_DEPLOY"] = "CODE_DEPLOY";
|
728 | /**
|
729 | * The external (EXTERNAL) deployment type enables you to use any third-party deployment controller
|
730 | */
|
731 | DeploymentControllerType["EXTERNAL"] = "EXTERNAL";
|
732 | })(DeploymentControllerType = exports.DeploymentControllerType || (exports.DeploymentControllerType = {}));
|
733 | /**
|
734 | * Propagate tags from either service or task definition
|
735 | */
|
736 | var PropagatedTagSource;
|
737 | (function (PropagatedTagSource) {
|
738 | /**
|
739 | * Propagate tags from service
|
740 | */
|
741 | PropagatedTagSource["SERVICE"] = "SERVICE";
|
742 | /**
|
743 | * Propagate tags from task definition
|
744 | */
|
745 | PropagatedTagSource["TASK_DEFINITION"] = "TASK_DEFINITION";
|
746 | /**
|
747 | * Do not propagate
|
748 | */
|
749 | PropagatedTagSource["NONE"] = "NONE";
|
750 | })(PropagatedTagSource = exports.PropagatedTagSource || (exports.PropagatedTagSource = {}));
|
751 | /**
|
752 | * Determine the name of the container and port to target for the service registry.
|
753 | */
|
754 | function determineContainerNameAndPort(options) {
|
755 | var _c, _d;
|
756 | // If the record type is SRV, then provide the containerName and containerPort to target.
|
757 | // We use the name of the default container and the default port of the default container
|
758 | // unless the user specifies otherwise.
|
759 | if (options.dnsRecordType === cloudmap.DnsRecordType.SRV) {
|
760 | // Ensure the user-provided container is from the right task definition.
|
761 | if (options.container && options.container.taskDefinition != options.taskDefinition) {
|
762 | throw new Error('Cannot add discovery for a container from another task definition');
|
763 | }
|
764 | const container = (_c = options.container) !== null && _c !== void 0 ? _c : options.taskDefinition.defaultContainer;
|
765 | // Ensure that any port given by the user is mapped.
|
766 | if (options.containerPort && !container.portMappings.some(mapping => mapping.containerPort === options.containerPort)) {
|
767 | throw new Error('Cannot add discovery for a container port that has not been mapped');
|
768 | }
|
769 | return {
|
770 | containerName: container.containerName,
|
771 | containerPort: (_d = options.containerPort) !== null && _d !== void 0 ? _d : options.taskDefinition.defaultContainer.containerPort,
|
772 | };
|
773 | }
|
774 | return {};
|
775 | }
|
776 | //# sourceMappingURL=data:application/json;base64,{"version":3,"file":"base-service.js","sourceRoot":"","sources":["base-service.ts"],"names":[],"mappings":";;;;;;AAAA,kEAAkE;AAClE,sDAAsD;AACtD,wCAAwC;AAExC,6DAA6D;AAC7D,wCAAwC;AACxC,0DAA0D;AAC1D,wCAAgH;AAEhH,6DAAiG;AACjG,wCAAgG;AAEhG,oDAA8C;AAC9C,+DAA0D;AAqN1D;;GAEG;AACH,MAAsB,cAAc;IAClC;;OAEG;IACI,MAAM,CAAC,mBAAmB,CAAC,QAAmC,EAAE,KAAwC;QAC7G,OAAO,IAAI,yBAAyB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;KACvD;IAED;;OAEG;IACI,MAAM,CAAC,eAAe,CAAC,QAA+B,EAAE,KAAoC;QACjG,OAAO,IAAI,qBAAqB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;KACnD;;AAbH,wCAmBC;;;AAED;;GAEG;AACH,MAAM,yBAA0B,SAAQ,cAAc;IACpD,YAA6B,QAAmC,EAAmB,KAAwC;QACzH,KAAK,EAAE,CAAC;QADmB,aAAQ,GAAR,QAAQ,CAA2B;QAAmB,UAAK,GAAL,KAAK,CAAmC;KAE1H;IAED;;OAEG;IACI,UAAU,CAAC,EAAU,EAAE,MAAiC,EAAE,OAAoB;;QACnF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;QAChC,MAAM,IAAI,SAAG,KAAK,CAAC,IAAI,mCAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACrF,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,EAAE;YAC3B,GAAI,KAAK;YACT,OAAO,EAAE;gBACP,OAAO,CAAC,kBAAkB,CAAC;oBACzB,GAAG,MAAM;iBACV,CAAC;aACH;YACD,IAAI;SACL,CAAC,CAAC;KACJ;CACF;AAED;;GAEG;AACH,MAAM,qBAAsB,SAAQ,cAAc;IAChD,YAA6B,QAA+B,EAAmB,KAAoC;QACjH,KAAK,EAAE,CAAC;QADmB,aAAQ,GAAR,QAAQ,CAAuB;QAAmB,UAAK,GAAL,KAAK,CAA+B;KAElH;IAED;;OAEG;IACI,UAAU,CAAC,EAAU,EAAE,MAAiC,EAAE,OAAoB;;QACnF,MAAM,IAAI,eAAG,IAAI,CAAC,KAAK,0CAAE,IAAI,mCAAI,EAAE,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,EAAE;YAC3B,GAAI,IAAI,CAAC,KAAK;YACd,OAAO,EAAE;gBACP,OAAO,CAAC,kBAAkB,CAAC;oBACzB,GAAG,MAAM;iBACV,CAAC;aACH;YACD,IAAI;SACL,CAAC,CAAC;KACJ;CACF;AAYD;;GAEG;AACH,MAAsB,WAAY,SAAQ,eAAQ;IAgGhD;;OAEG;IACH,YACE,KAAgB,EAChB,EAAU,EACV,KAAuB,EACvB,eAAoB,EACpB,cAA8B;;QAC9B,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE;YACf,YAAY,EAAE,KAAK,CAAC,WAAW;SAChC,CAAC,CAAC;QAhEL;;WAEG;QACa,gBAAW,GAAoB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QA6BrE;;;WAGG;QACO,kBAAa,GAAG,IAAI,KAAK,EAAmC,CAAC;QAQvE;;;WAGG;QACO,sBAAiB,GAAG,IAAI,KAAK,EAAsC,CAAC;;;;;;;;;;;QAkB5E,IAAI,KAAK,CAAC,aAAa,IAAI,KAAK,CAAC,qBAAqB,EAAE;YACtD,MAAM,IAAI,KAAK,CAAC,6GAA6G,CAAC,CAAC;SAChI;QAED,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QAErC,wGAAwG;QACxG,MAAM,UAAU,GAAG,OAAA,KAAK,CAAC,oBAAoB,0CAAE,IAAI,MAAK,wBAAwB,CAAC,QAAQ;YACvF,KAAK,CAAC,0BAA0B,KAAK,SAAS,CAAC,CAAC;YAChD,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC;QAE/B,MAAM,uBAAuB,eAAG,KAAK,CAAC,qBAAqB,mCAAI,KAAK,CAAC,aAAa,mCAAI,mBAAmB,CAAC,IAAI,CAAC;QAE/G,IAAI,CAAC,QAAQ,GAAG,IAAI,0BAAU,CAAC,IAAI,EAAE,SAAS,EAAE;YAC9C,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,aAAa,EAAE,WAAI,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;YACxF,uBAAuB,EAAE;gBACvB,cAAc,EAAE,KAAK,CAAC,iBAAiB,IAAI,GAAG;gBAC9C,qBAAqB,EAAE,KAAK,CAAC,iBAAiB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB;gBAC3F,wBAAwB,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;oBAC/C,MAAM,EAAE,IAAI;oBACZ,QAAQ,QAAE,KAAK,CAAC,cAAc,CAAC,QAAQ,mCAAI,KAAK;iBACjD,CAAC,CAAC,CAAC,SAAS;aACd;YACD,aAAa,EAAE,uBAAuB,KAAK,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa;YACrG,oBAAoB,QAAE,KAAK,CAAC,oBAAoB,mCAAI,KAAK;YACzD,oBAAoB,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;gBAC3C,IAAI,EAAE,wBAAwB,CAAC,GAAG;aACnC,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB;YAC9B,UAAU,EAAE,UAAU;YACtB,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;YAChD,wBAAwB,EAAE,KAAK,CAAC,0BAA0B;YAC1D,6BAA6B,EAAE,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC,sBAAsB,CAAC;YAC3F,8DAA8D;YAC9D,oBAAoB,EAAE,WAAI,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;YACtG,iBAAiB,EAAE,WAAI,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;YAChG,GAAG,eAAe;SACnB,CAAC,CAAC;QAEH,IAAI,OAAA,KAAK,CAAC,oBAAoB,0CAAE,IAAI,MAAK,wBAAwB,CAAC,QAAQ,EAAE;YAC1E,kBAAW,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,0FAA0F,CAAC,CAAC;SAC7H;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE;YAChE,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE;SAClE,CAAC,CAAC;QACH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzE,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAE7B,IAAI,KAAK,CAAC,eAAe,EAAE;YACzB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;SAC5C;QAED,IAAI,KAAK,CAAC,oBAAoB,EAAE;YAC9B,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAE5B,MAAM,OAAO,eAAG,IAAI,CAAC,OAAO,CAAC,2BAA2B,0CAAE,OAAO,mCAAI,+BAAqB,CAAC,OAAO,CAAC;YAEnG,UAAI,IAAI,CAAC,OAAO,CAAC,2BAA2B,0CAAE,MAAM,EAAE;gBACpD,IAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;aAC9C;YACD,IAAI,OAAO,KAAK,+BAAqB,CAAC,IAAI,EAAE;gBAC1C,IAAI,CAAC,8BAA8B,EAAE,CAAC;aACvC;SACF;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;KACxC;IAjLD;;;;OAIG;IACI,MAAM,CAAC,yBAAyB,CAAC,KAAgB,EAAE,EAAU,EAAE,UAAkB;QACtF,MAAM,KAAK,GAAG,YAAK,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU,EAAE,gBAAS,CAAC,mBAAmB,CAAC,CAAC;QACtE,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;QACtC,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC1E;QACD,MAAM,iBAAiB,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE;YAClC,MAAM,IAAI,KAAK,CAAC,iBAAiB,YAAY,sBAAsB,UAAU,sCAAsC,CAAC,CAAC;SACtH;QACD,MAAM,WAAW,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;QAEzC,MAAM,UAAU,GAAG,YAAK,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC;YAC3C,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,WAAW;SAC1B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,iBAAO,CAAC,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAE1E,MAAM,MAAO,SAAQ,eAAQ;YAA7B;;gBACkB,eAAU,GAAG,UAAU,CAAC;gBACxB,gBAAW,GAAG,WAAW,CAAC;gBAC1B,YAAO,GAAG,OAAO,CAAC;YACpC,CAAC;SAAA;QAED,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,EAAE;YAC3B,kBAAkB,EAAE,UAAU;SAC/B,CAAC,CAAC;KACJ;IA4ID;;OAEG;IACH,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,eAAe,CAAC;KAC7B;IAEO,8BAA8B;;QACpC,MAAM,gBAAgB,SAAG,IAAI,CAAC,OAAO,CAAC,2BAA2B,0CAAE,gBAAgB,CAAC;QACpF,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;YAC9D,OAAO,EAAE;gBACP,wBAAwB;aACzB;YACD,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC,CAAC,CAAC;QAEJ,MAAM,WAAW,GAAG,CAAA,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,kBAAkB,EAAC,CAAC,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,SAAS,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,cAAc,gBAAgB,CAAC,kBAAkB,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAC3M,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;YAC9D,OAAO,EAAE;gBACP,sBAAsB;gBACtB,yBAAyB;gBACzB,mBAAmB;aACpB;YACD,SAAS,EAAE,CAAC,WAAW,CAAC;SACzB,CAAC,CAAC,CAAC;QAEJ,UAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,QAAQ,0CAAE,UAAU,EAAE;YAC1C,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBAC9D,OAAO,EAAE;oBACP,sBAAsB;iBACvB;gBACD,SAAS,EAAE,CAAC,GAAG,CAAC;aACjB,CAAC,CAAC,CAAC;YACJ,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBAC9D,OAAO,EAAE;oBACP,cAAc;iBACf;gBACD,SAAS,EAAE,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,SAAS,gBAAgB,CAAC,QAAQ,CAAC,UAAU,IAAI,CAAC;aAC1F,CAAC,CAAC,CAAC;YACJ,IAAI,gBAAgB,CAAC,mBAAmB,EAAE;gBACxC,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;oBAC9D,OAAO,EAAE;wBACP,+BAA+B;qBAChC;oBACD,SAAS,EAAE,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,SAAS,gBAAgB,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;iBACxF,CAAC,CAAC,CAAC;aACL;SACF;KACF;IAEO,8BAA8B,CAAC,OAA8B;;QACnE,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;YAC9D,OAAO,EAAE;gBACP,aAAa;gBACb,qBAAqB;aACtB;YACD,SAAS,EAAE,CAAC,GAAG,YAAA,IAAI,CAAC,OAAO,CAAC,2BAA2B,0CAAE,MAAM,0CAAE,MAAM,EAAE,CAAC;SAC3E,CAAC,CAAC,CAAC;QAEJ,YAAA,IAAI,CAAC,OAAO,CAAC,2BAA2B,0CAAE,MAAM,0CAAE,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;YAC5F,OAAO,EAAE;gBACP,OAAO;aACR;YACD,SAAS,EAAE,CAAC,GAAG,CAAC;YAChB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,SAAS,IAAI,CAAC,GAAG,CAAC,OAAO,OAAO,CAAC,CAAC;SAChG,CAAC,EAAE;QAEJ,IAAI,OAAO,KAAK,+BAAqB,CAAC,OAAO,iBAAI,IAAI,CAAC,OAAO,CAAC,2BAA2B,0CAAE,gBAAgB,0CAAE,2BAA2B,CAAA,EAAE;YACxI,YAAA,IAAI,CAAC,OAAO,CAAC,2BAA2B,0CAAE,MAAM,0CAAE,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBAC5F,OAAO,EAAE;oBACP,cAAc;oBACd,cAAc;oBACd,gBAAgB;oBAChB,sBAAsB;oBACtB,eAAe;iBAChB;gBACD,SAAS,EAAE,CAAC,GAAG,CAAC;gBAChB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,MAAM,gBAAgB,CAAC,CAAC;gBAC/E,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,oCAAoC,EAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,SAAS,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE;iBAC/H;aACF,CAAC,EAAE;SACL;KACF;IAED;;;;;OAKG;IACI,8BAA8B,CAAC,WAA0C;QAC9E,OAAO,IAAI,CAAC,yBAAyB,CAAC,8BAA8B,CAAC,WAAW,CAAC,CAAC;KACnF;IAED;;;;OAIG;IACI,iBAAiB,CAAC,YAA8B;QACrD,OAAO,IAAI,CAAC,yBAAyB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;KACvE;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACI,kBAAkB,CAAC,OAAkC;;;;;;;;;;QAC1D,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;QACrC,OAAO;YACL,8BAA8B,CAAC,WAAyC;gBACtE,WAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;gBACzG,OAAO,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YACjG,CAAC;YACD,0BAA0B,CAAC,WAAqC;gBAC9D,OAAO,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YACjG,CAAC;YACD,WAAW;YACX,iBAAiB,CAAC,YAA8B;gBAC9C,OAAO,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YAChG,CAAC;SACF,CAAC;KACH;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACI,2BAA2B,CAAC,GAAG,OAAoB;;;;;;;;;;QACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;YAC5B,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,gBAAgB,EAAE;gBAClD,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B,EAAE,IAAI,CAAC,CAAC;SACV;KACF;IAED;;;;;OAKG;IACI,0BAA0B,CAAC,WAAsC;QACtE,OAAO,IAAI,CAAC,yBAAyB,CAAC,0BAA0B,CAAC,WAAW,CAAC,CAAC;KAC/E;IAED;;OAEG;IACI,kBAAkB,CAAC,KAAoC;QAC5D,IAAI,IAAI,CAAC,iBAAiB,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;QAED,OAAO,IAAI,CAAC,iBAAiB,GAAG,IAAI,uCAAiB,CAAC,IAAI,EAAE,WAAW,EAAE;YACvE,gBAAgB,EAAE,UAAU,CAAC,gBAAgB,CAAC,GAAG;YACjD,UAAU,EAAE,WAAW,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,EAAE;YACrE,SAAS,EAAE,0BAA0B;YACrC,IAAI,EAAE,IAAI,CAAC,mBAAmB,EAAE;YAChC,GAAG,KAAK;SACT,CAAC,CAAC;KACJ;IAED;;;;OAIG;IACI,cAAc,CAAC,OAAwB;;;;;;;;;;;QAC5C,MAAM,WAAW,SAAG,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC;QACvF,IAAI,WAAW,KAAK,SAAS,EAAE;YAC7B,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;SACjH;QAED,2CAA2C;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC;QACpD,IAAI,WAAW,KAAK,6BAAW,CAAC,IAAI,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;SAC/G;QAED,mDAAmD;QACnD,IAAI,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAE1C,IAAI,WAAW,KAAK,6BAAW,CAAC,MAAM,IAAI,WAAW,KAAK,6BAAW,CAAC,IAAI,EAAE;YAC1E,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC;aAC5C;YACD,IAAI,aAAa,KAAK,QAAQ,CAAC,aAAa,CAAC,GAAG,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;aAClF;SACF;QAED,+DAA+D;QAC/D,IAAI,WAAW,KAAK,6BAAW,CAAC,OAAO,EAAE;YACvC,IAAI,aAAa,KAAK,SAAS,EAAE;gBAC/B,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;aAC1C;SACF;QAED,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,6BAA6B,CAAC;YACrE,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,aAAa,EAAE,aAAc;YAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACpE,SAAS,EAAE,WAAW;YACtB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,aAAa,EAAE,aAAc;YAC7B,iBAAiB,EAAE,EAAE,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,CAAC,EAAE;YACtE,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,eAAe,CAAC,UAAU,CAAC;QAE9C,4DAA4D;QAC5D,IAAI,CAAC,kBAAkB,CAAC;YACtB,GAAG,EAAE,UAAU;YACf,aAAa;YACb,aAAa;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAEvC,OAAO,eAAe,CAAC;KACxB;IAED;;OAEG;IACI,wBAAwB,CAAC,OAAwC;;;;;;;;;;QACtE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAEhC,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,6BAA6B,CAAC;YACrE,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;QAEH,4DAA4D;QAC5D,IAAI,CAAC,kBAAkB,CAAC;YACtB,GAAG,EAAE,OAAO,CAAC,UAAU;YACvB,aAAa;YACb,aAAa;SACd,CAAC,CAAC;KACJ;IAED;;OAEG;IACI,MAAM,CAAC,UAAkB,EAAE,KAAgC;QAChE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC;YAC3B,SAAS,EAAE,SAAS;YACpB,UAAU;YACV,aAAa,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE;YACvF,GAAG,KAAK;SACT,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;KACnB;IAED;;;;OAIG;IACI,uBAAuB,CAAC,KAAgC;QAC7D,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;KAChD;IAED;;;;OAIG;IACI,oBAAoB,CAAC,KAAgC;QAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;KAC7C;IAED;;;OAGG;IACH,mCAAmC;IACzB,yBAAyB,CAAC,GAAa,EAAE,cAAwB,EAAE,UAAgC,EAAE,aAAkC;;;;;;;;;;QAC/I,IAAI,UAAU,KAAK,SAAS,EAAE;YAC5B,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E;QACD,IAAI,aAAa,KAAK,SAAS,EAAE;YAC/B,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,eAAe,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;SACvE;QACD,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAEjD,IAAI,CAAC,oBAAoB,GAAG;YAC1B,mBAAmB,EAAE;gBACnB,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;gBACvD,OAAO,EAAE,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,SAAS;gBAChD,cAAc,EAAE,WAAI,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,aAAc,CAAC,eAAe,CAAC,EAAE,CAAC;aAC/E;SACF,CAAC;KACH;IAED;;OAEG;IACH,mCAAmC;IACzB,2CAA2C,CAAC,GAAa,EAAE,cAAwB,EAAE,UAAgC,EAAE,cAAqC;QACpK,IAAI,UAAU,KAAK,SAAS,EAAE;YAC5B,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E;QACD,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE;YAC/D,cAAc,GAAG,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,eAAe,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;SAC1E;QAED,cAAc,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAEjF,IAAI,CAAC,oBAAoB,GAAG;YAC1B,mBAAmB,EAAE;gBACnB,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;gBACvD,OAAO,EAAE,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,SAAS;gBAChD,cAAc,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC;aAC/D;SACF,CAAC;KACH;IAEO,qBAAqB,CAAC,QAAyB;QACrD,OAAO;YACL,WAAW,EAAE,QAAQ,CAAC,GAAG;YACzB,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,aAAa,EAAE,QAAQ,CAAC,aAAa;SACtC,CAAC;KACH;IAED;;OAEG;IACK,WAAW,CAAC,YAA8B,EAAE,aAAqB,EAAE,aAAqB;QAC9F,IAAI,IAAI,CAAC,cAAc,CAAC,WAAW,KAAK,6BAAW,CAAC,OAAO,EAAE;YAC3D,MAAM,IAAI,KAAK,CAAC,0FAA0F,CAAC,CAAC;SAC7G;QACD,IAAI,IAAI,CAAC,cAAc,CAAC,WAAW,KAAK,6BAAW,CAAC,IAAI,EAAE;YACxD,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAC;SAC3G;QAED,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;YACtB,gBAAgB,EAAE,YAAY,CAAC,gBAAgB;YAC/C,aAAa;YACb,aAAa;SACd,CAAC,CAAC;KACJ;IAED;;OAEG;IACK,aAAa,CAAC,WAA+B,EAAE,aAAqB,EAAE,aAAqB;QACjG,IAAI,IAAI,CAAC,cAAc,CAAC,WAAW,KAAK,6BAAW,CAAC,IAAI,EAAE;YACxD,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAC;SAC3G;QAED,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;YACtB,cAAc,EAAE,WAAW,CAAC,cAAc;YAC1C,aAAa;YACb,aAAa;SACd,CAAC,CAAC;QAEH,+DAA+D;QAC/D,wEAAwE;QACxE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC;QAEnE,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,KAAK,6BAAW,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;QAC7H,OAAO,EAAE,UAAU,EAAE,CAAC;KACvB;IAED,IAAY,yBAAyB;QACnC,OAAO,IAAI,CAAC,kBAAkB,CAAC;YAC7B,aAAa,EAAE,IAAI,CAAC,cAAc,CAAC,gBAAiB,CAAC,aAAa;SACnE,CAAC,CAAC;KACJ;IAED;;OAEG;IACK,mBAAmB;QACzB,6BAA6B;QAC7B,OAAO,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa,EAAE,YAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;YACxE,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,iEAAiE;YAC3E,YAAY,EAAE,oDAAoD;SACnE,CAAC,CAAC,CAAC;KACL;IAED;;OAEG;IACK,kBAAkB,CAAC,QAAyB;QAClD,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,IAAI,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,oHAAoH,CAAC,CAAC;SACvI;QAED,MAAM,EAAE,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;KACjC;IAED;;;OAGG;IACK,yBAAyB,CAAC,8BAAyC;QACzE,OAAO,WAAI,CAAC,GAAG,CAAC;YACd,OAAO,EAAE,GAAG,EAAE,wBAAC,8BAA8B,aAA9B,8BAA8B,uBAA9B,8BAA8B,CAAE,SAAS,qCAAM,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,GAAA;SAC/G,CAAC,CAAC;KACJ;IAEO,oBAAoB;QAC1B,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;YAC9D,OAAO,EAAE;gBACP,kCAAkC;gBAClC,+BAA+B;gBAC/B,gCAAgC;gBAChC,6BAA6B;aAC9B;YACD,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC,CAAC,CAAC;KACL;;AAroBH,kCAsoBC;;;AAyGD;;GAEG;AACH,IAAY,UAeX;AAfD,WAAY,UAAU;IACpB;;OAEG;IACH,yBAAW,CAAA;IAEX;;OAEG;IACH,iCAAmB,CAAA;IAEnB;;OAEG;IACH,mCAAqB,CAAA;AACvB,CAAC,EAfW,UAAU,GAAV,kBAAU,KAAV,kBAAU,QAerB;AAED;;GAEG;AACH,IAAY,wBAgBX;AAhBD,WAAY,wBAAwB;IAClC;;;OAGG;IACH,uCAAW,CAAA;IAEX;;OAEG;IACH,uDAA2B,CAAA;IAE3B;;OAEG;IACH,iDAAqB,CAAA;AACvB,CAAC,EAhBW,wBAAwB,GAAxB,gCAAwB,KAAxB,gCAAwB,QAgBnC;AAED;;GAEG;AACH,IAAY,mBAeX;AAfD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,0CAAmB,CAAA;IAEnB;;OAEG;IACH,0DAAmC,CAAA;IAEnC;;OAEG;IACH,oCAAa,CAAA;AACf,CAAC,EAfW,mBAAmB,GAAnB,2BAAmB,KAAnB,2BAAmB,QAe9B;AAYD;;GAEG;AACH,SAAS,6BAA6B,CAAC,OAA6C;;IAClF,yFAAyF;IACzF,yFAAyF;IACzF,uCAAuC;IACvC,IAAI,OAAO,CAAC,aAAa,KAAK,QAAQ,CAAC,aAAa,CAAC,GAAG,EAAE;QACxD,wEAAwE;QACxE,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,EAAE;YACnF,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;SACtF;QAED,MAAM,SAAS,SAAG,OAAO,CAAC,SAAS,mCAAI,OAAO,CAAC,cAAc,CAAC,gBAAiB,CAAC;QAEhF,oDAAoD;QACpD,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,aAAa,KAAK,OAAO,CAAC,aAAa,CAAC,EAAE;YACrH,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;SACvF;QAED,OAAO;YACL,aAAa,EAAE,SAAS,CAAC,aAAa;YACtC,aAAa,QAAE,OAAO,CAAC,aAAa,mCAAI,OAAO,CAAC,cAAc,CAAC,gBAAiB,CAAC,aAAa;SAC/F,CAAC;KACH;IAED,OAAO,EAAE,CAAC;AACZ,CAAC","sourcesContent":["import * as appscaling from '@aws-cdk/aws-applicationautoscaling';\nimport * as cloudwatch from '@aws-cdk/aws-cloudwatch';\nimport * as ec2 from '@aws-cdk/aws-ec2';\nimport * as elb from '@aws-cdk/aws-elasticloadbalancing';\nimport * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2';\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cloudmap from '@aws-cdk/aws-servicediscovery';\nimport { Annotations, Duration, IResolvable, IResource, Lazy, Resource, Stack, ArnFormat } from '@aws-cdk/core';\nimport { Construct } from 'constructs';\nimport { LoadBalancerTargetOptions, NetworkMode, TaskDefinition } from '../base/task-definition';\nimport { ICluster, CapacityProviderStrategy, ExecuteCommandLogging, Cluster } from '../cluster';\nimport { ContainerDefinition, Protocol } from '../container-definition';\nimport { CfnService } from '../ecs.generated';\nimport { ScalableTaskCount } from './scalable-task-count';\n\n/**\n * The interface for a service.\n */\nexport interface IService extends IResource {\n  /**\n   * The Amazon Resource Name (ARN) of the service.\n   *\n   * @attribute\n   */\n  readonly serviceArn: string;\n\n  /**\n   * The name of the service.\n   *\n   * @attribute\n   */\n  readonly serviceName: string;\n}\n\n/**\n * The deployment controller to use for the service.\n */\nexport interface DeploymentController {\n  /**\n   * The deployment controller type to use.\n   *\n   * @default DeploymentControllerType.ECS\n   */\n  readonly type?: DeploymentControllerType;\n}\n\n/**\n * The deployment circuit breaker to use for the service\n */\nexport interface DeploymentCircuitBreaker {\n  /**\n   * Whether to enable rollback on deployment failure\n   * @default false\n   */\n  readonly rollback?: boolean;\n\n}\n\nexport interface EcsTarget {\n  /**\n   * The name of the container.\n   */\n  readonly containerName: string;\n\n  /**\n   * The port number of the container. Only applicable when using application/network load balancers.\n   *\n   * @default - Container port of the first added port mapping.\n   */\n  readonly containerPort?: number;\n\n  /**\n   * The protocol used for the port mapping. Only applicable when using application load balancers.\n   *\n   * @default Protocol.TCP\n   */\n  readonly protocol?: Protocol;\n\n  /**\n   * ID for a target group to be created.\n   */\n  readonly newTargetGroupId: string;\n\n  /**\n   * Listener and properties for adding target group to the listener.\n   */\n  readonly listener: ListenerConfig;\n}\n\n/**\n * Interface for ECS load balancer target.\n */\nexport interface IEcsLoadBalancerTarget extends elbv2.IApplicationLoadBalancerTarget, elbv2.INetworkLoadBalancerTarget, elb.ILoadBalancerTarget {\n}\n\n/**\n * The properties for the base Ec2Service or FargateService service.\n */\nexport interface BaseServiceOptions {\n  /**\n   * The name of the cluster that hosts the service.\n   */\n  readonly cluster: ICluster;\n\n  /**\n   * The desired number of instantiations of the task definition to keep running on the service.\n   *\n   * @default - When creating the service, default is 1; when updating the service, default uses\n   * the current task number.\n   */\n  readonly desiredCount?: number;\n\n  /**\n   * The name of the service.\n   *\n   * @default - CloudFormation-generated name.\n   */\n  readonly serviceName?: string;\n\n  /**\n   * The maximum number of tasks, specified as a percentage of the Amazon ECS\n   * service's DesiredCount value, that can run in a service during a\n   * deployment.\n   *\n   * @default - 100 if daemon, otherwise 200\n   */\n  readonly maxHealthyPercent?: number;\n\n  /**\n   * The minimum number of tasks, specified as a percentage of\n   * the Amazon ECS service's DesiredCount value, that must\n   * continue to run and remain healthy during a deployment.\n   *\n   * @default - 0 if daemon, otherwise 50\n   */\n  readonly minHealthyPercent?: number;\n\n  /**\n   * The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy\n   * Elastic Load Balancing target health checks after a task has first started.\n   *\n   * @default - defaults to 60 seconds if at least one load balancer is in-use and it is not already set\n   */\n  readonly healthCheckGracePeriod?: Duration;\n\n  /**\n   * The options for configuring an Amazon ECS service to use service discovery.\n   *\n   * @default - AWS Cloud Map service discovery is not enabled.\n   */\n  readonly cloudMapOptions?: CloudMapOptions;\n\n  /**\n   * Specifies whether to propagate the tags from the task definition or the service to the tasks in the service\n   *\n   * Valid values are: PropagatedTagSource.SERVICE, PropagatedTagSource.TASK_DEFINITION or PropagatedTagSource.NONE\n   *\n   * @default PropagatedTagSource.NONE\n   */\n  readonly propagateTags?: PropagatedTagSource;\n\n  /**\n   * Specifies whether to propagate the tags from the task definition or the service to the tasks in the service.\n   * Tags can only be propagated to the tasks within the service during service creation.\n   *\n   * @deprecated Use `propagateTags` instead.\n   * @default PropagatedTagSource.NONE\n   */\n  readonly propagateTaskTagsFrom?: PropagatedTagSource;\n\n  /**\n   * Specifies whether to enable Amazon ECS managed tags for the tasks within the service. For more information, see\n   * [Tagging Your Amazon ECS Resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html)\n   *\n   * @default false\n   */\n  readonly enableECSManagedTags?: boolean;\n\n  /**\n   * Specifies which deployment controller to use for the service. For more information, see\n   * [Amazon ECS Deployment Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html)\n   *\n   * @default - Rolling update (ECS)\n   */\n  readonly deploymentController?: DeploymentController;\n\n  /**\n   * Whether to enable the deployment circuit breaker. If this property is defined, circuit breaker will be implicitly\n   * enabled.\n   * @default - disabled\n   */\n  readonly circuitBreaker?: DeploymentCircuitBreaker;\n\n  /**\n   * A list of Capacity Provider strategies used to place a service.\n   *\n   * @default - undefined\n   *\n   */\n  readonly capacityProviderStrategies?: CapacityProviderStrategy[];\n\n  /**\n   * Whether to enable the ability to execute into a container\n   *\n   *  @default - undefined\n   */\n  readonly enableExecuteCommand?: boolean;\n}\n\n/**\n * Complete base service properties that are required to be supplied by the implementation\n * of the BaseService class.\n */\nexport interface BaseServiceProps extends BaseServiceOptions {\n  /**\n   * The launch type on which to run your service.\n   *\n   * LaunchType will be omitted if capacity provider strategies are specified on the service.\n   *\n   * @see - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-capacityproviderstrategy\n   *\n   * Valid values are: LaunchType.ECS or LaunchType.FARGATE or LaunchType.EXTERNAL\n   */\n  readonly launchType: LaunchType;\n}\n\n/**\n * Base class for configuring listener when registering targets.\n */\nexport abstract class ListenerConfig {\n  /**\n   * Create a config for adding target group to ALB listener.\n   */\n  public static applicationListener(listener: elbv2.ApplicationListener, props?: elbv2.AddApplicationTargetsProps): ListenerConfig {\n    return new ApplicationListenerConfig(listener, props);\n  }\n\n  /**\n   * Create a config for adding target group to NLB listener.\n   */\n  public static networkListener(listener: elbv2.NetworkListener, props?: elbv2.AddNetworkTargetsProps): ListenerConfig {\n    return new NetworkListenerConfig(listener, props);\n  }\n\n  /**\n   * Create and attach a target group to listener.\n   */\n  public abstract addTargets(id: string, target: LoadBalancerTargetOptions, service: BaseService): void;\n}\n\n/**\n * Class for configuring application load balancer listener when registering targets.\n */\nclass ApplicationListenerConfig extends ListenerConfig {\n  constructor(private readonly listener: elbv2.ApplicationListener, private readonly props?: elbv2.AddApplicationTargetsProps) {\n    super();\n  }\n\n  /**\n   * Create and attach a target group to listener.\n   */\n  public addTargets(id: string, target: LoadBalancerTargetOptions, service: BaseService) {\n    const props = this.props || {};\n    const protocol = props.protocol;\n    const port = props.port ?? (protocol === elbv2.ApplicationProtocol.HTTPS ? 443 : 80);\n    this.listener.addTargets(id, {\n      ... props,\n      targets: [\n        service.loadBalancerTarget({\n          ...target,\n        }),\n      ],\n      port,\n    });\n  }\n}\n\n/**\n * Class for configuring network load balancer listener when registering targets.\n */\nclass NetworkListenerConfig extends ListenerConfig {\n  constructor(private readonly listener: elbv2.NetworkListener, private readonly props?: elbv2.AddNetworkTargetsProps) {\n    super();\n  }\n\n  /**\n   * Create and attach a target group to listener.\n   */\n  public addTargets(id: string, target: LoadBalancerTargetOptions, service: BaseService) {\n    const port = this.props?.port ?? 80;\n    this.listener.addTargets(id, {\n      ... this.props,\n      targets: [\n        service.loadBalancerTarget({\n          ...target,\n        }),\n      ],\n      port,\n    });\n  }\n}\n\n/**\n * The interface for BaseService.\n */\nexport interface IBaseService extends IService {\n  /**\n   * The cluster that hosts the service.\n   */\n  readonly cluster: ICluster;\n}\n\n/**\n * The base class for Ec2Service and FargateService services.\n */\nexport abstract class BaseService extends Resource\n  implements IBaseService, elbv2.IApplicationLoadBalancerTarget, elbv2.INetworkLoadBalancerTarget, elb.ILoadBalancerTarget {\n  /**\n   * Import an existing ECS/Fargate Service using the service cluster format.\n   * The format is the \"new\" format \"arn:aws:ecs:region:aws_account_id:service/cluster-name/service-name\".\n   * @see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#ecs-resource-ids\n   */\n  public static fromServiceArnWithCluster(scope: Construct, id: string, serviceArn: string): IBaseService {\n    const stack = Stack.of(scope);\n    const arn = stack.splitArn(serviceArn, ArnFormat.SLASH_RESOURCE_NAME);\n    const resourceName = arn.resourceName;\n    if (!resourceName) {\n      throw new Error('Missing resource Name from service ARN: ${serviceArn}');\n    }\n    const resourceNameParts = resourceName.split('/');\n    if (resourceNameParts.length !== 2) {\n      throw new Error(`resource name ${resourceName} from service ARN: ${serviceArn} is not using the ARN cluster format`);\n    }\n    const clusterName = resourceNameParts[0];\n    const serviceName = resourceNameParts[1];\n\n    const clusterArn = Stack.of(scope).formatArn({\n      partition: arn.partition,\n      region: arn.region,\n      account: arn.account,\n      service: 'ecs',\n      resource: 'cluster',\n      resourceName: clusterName,\n    });\n\n    const cluster = Cluster.fromClusterArn(scope, `${id}Cluster`, clusterArn);\n\n    class Import extends Resource implements IBaseService {\n      public readonly serviceArn = serviceArn;\n      public readonly serviceName = serviceName;\n      public readonly cluster = cluster;\n    }\n\n    return new Import(scope, id, {\n      environmentFromArn: serviceArn,\n    });\n  }\n\n  /**\n   * The security groups which manage the allowed network traffic for the service.\n   */\n  public readonly connections: ec2.Connections = new ec2.Connections();\n\n  /**\n   * The Amazon Resource Name (ARN) of the service.\n   */\n  public readonly serviceArn: string;\n\n  /**\n   * The name of the service.\n   *\n   * @attribute\n   */\n  public readonly serviceName: string;\n\n  /**\n   * The task definition to use for tasks in the service.\n   */\n  public readonly taskDefinition: TaskDefinition;\n\n  /**\n   * The cluster that hosts the service.\n   */\n  public readonly cluster: ICluster;\n\n  /**\n   * The details of the AWS Cloud Map service.\n   */\n  protected cloudmapService?: cloudmap.Service;\n\n  /**\n   * A list of Elastic Load Balancing load balancer objects, containing the load balancer name, the container\n   * name (as it appears in a container definition), and the container port to access from the load balancer.\n   */\n  protected loadBalancers = new Array<CfnService.LoadBalancerProperty>();\n\n  /**\n   * A list of Elastic Load Balancing load balancer objects, containing the load balancer name, the container\n   * name (as it appears in a container definition), and the container port to access from the load balancer.\n   */\n  protected networkConfiguration?: CfnService.NetworkConfigurationProperty;\n\n  /**\n   * The details of the service discovery registries to assign to this service.\n   * For more information, see Service Discovery.\n   */\n  protected serviceRegistries = new Array<CfnService.ServiceRegistryProperty>();\n\n  private readonly resource: CfnService;\n  private scalableTaskCount?: ScalableTaskCount;\n\n  /**\n   * Constructs a new instance of the BaseService class.\n   */\n  constructor(\n    scope: Construct,\n    id: string,\n    props: BaseServiceProps,\n    additionalProps: any,\n    taskDefinition: TaskDefinition) {\n    super(scope, id, {\n      physicalName: props.serviceName,\n    });\n\n    if (props.propagateTags && props.propagateTaskTagsFrom) {\n      throw new Error('You can only specify either propagateTags or propagateTaskTagsFrom. Alternatively, you can leave both blank');\n    }\n\n    this.taskDefinition = taskDefinition;\n\n    // launchType will set to undefined if using external DeploymentController or capacityProviderStrategies\n    const launchType = props.deploymentController?.type === DeploymentControllerType.EXTERNAL ||\n      props.capacityProviderStrategies !== undefined ?\n      undefined : props.launchType;\n\n    const propagateTagsFromSource = props.propagateTaskTagsFrom ?? props.propagateTags ?? PropagatedTagSource.NONE;\n\n    this.resource = new CfnService(this, 'Service', {\n      desiredCount: props.desiredCount,\n      serviceName: this.physicalName,\n      loadBalancers: Lazy.any({ produce: () => this.loadBalancers }, { omitEmptyArray: true }),\n      deploymentConfiguration: {\n        maximumPercent: props.maxHealthyPercent || 200,\n        minimumHealthyPercent: props.minHealthyPercent === undefined ? 50 : props.minHealthyPercent,\n        deploymentCircuitBreaker: props.circuitBreaker ? {\n          enable: true,\n          rollback: props.circuitBreaker.rollback ?? false,\n        } : undefined,\n      },\n      propagateTags: propagateTagsFromSource === PropagatedTagSource.NONE ? undefined : props.propagateTags,\n      enableEcsManagedTags: props.enableECSManagedTags ?? false,\n      deploymentController: props.circuitBreaker ? {\n        type: DeploymentControllerType.ECS,\n      } : props.deploymentController,\n      launchType: launchType,\n      enableExecuteCommand: props.enableExecuteCommand,\n      capacityProviderStrategy: props.capacityProviderStrategies,\n      healthCheckGracePeriodSeconds: this.evaluateHealthGracePeriod(props.healthCheckGracePeriod),\n      /* role: never specified, supplanted by Service Linked Role */\n      networkConfiguration: Lazy.any({ produce: () => this.networkConfiguration }, { omitEmptyArray: true }),\n      serviceRegistries: Lazy.any({ produce: () => this.serviceRegistries }, { omitEmptyArray: true }),\n      ...additionalProps,\n    });\n\n    if (props.deploymentController?.type === DeploymentControllerType.EXTERNAL) {\n      Annotations.of(this).addWarning('taskDefinition and launchType are blanked out when using external deployment controller.');\n    }\n\n    this.serviceArn = this.getResourceArnAttribute(this.resource.ref, {\n      service: 'ecs',\n      resource: 'service',\n      resourceName: `${props.cluster.clusterName}/${this.physicalName}`,\n    });\n    this.serviceName = this.getResourceNameAttribute(this.resource.attrName);\n\n    this.cluster = props.cluster;\n\n    if (props.cloudMapOptions) {\n      this.enableCloudMap(props.cloudMapOptions);\n    }\n\n    if (props.enableExecuteCommand) {\n      this.enableExecuteCommand();\n\n      const logging = this.cluster.executeCommandConfiguration?.logging ?? ExecuteCommandLogging.DEFAULT;\n\n      if (this.cluster.executeCommandConfiguration?.kmsKey) {\n        this.enableExecuteCommandEncryption(logging);\n      }\n      if (logging !== ExecuteCommandLogging.NONE) {\n        this.executeCommandLogConfiguration();\n      }\n    }\n    this.node.defaultChild = this.resource;\n  }\n\n  /**\n   * The CloudMap service created for this service, if any.\n   */\n  public get cloudMapService(): cloudmap.IService | undefined {\n    return this.cloudmapService;\n  }\n\n  private executeCommandLogConfiguration() {\n    const logConfiguration = this.cluster.executeCommandConfiguration?.logConfiguration;\n    this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({\n      actions: [\n        'logs:DescribeLogGroups',\n      ],\n      resources: ['*'],\n    }));\n\n    const logGroupArn = logConfiguration?.cloudWatchLogGroup ? `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:log-group:${logConfiguration.cloudWatchLogGroup.logGroupName}:*` : '*';\n    this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({\n      actions: [\n        'logs:CreateLogStream',\n        'logs:DescribeLogStreams',\n        'logs:PutLogEvents',\n      ],\n      resources: [logGroupArn],\n    }));\n\n    if (logConfiguration?.s3Bucket?.bucketName) {\n      this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({\n        actions: [\n          's3:GetBucketLocation',\n        ],\n        resources: ['*'],\n      }));\n      this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({\n        actions: [\n          's3:PutObject',\n        ],\n        resources: [`arn:${this.stack.partition}:s3:::${logConfiguration.s3Bucket.bucketName}/*`],\n      }));\n      if (logConfiguration.s3EncryptionEnabled) {\n        this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({\n          actions: [\n            's3:GetEncryptionConfiguration',\n          ],\n          resources: [`arn:${this.stack.partition}:s3:::${logConfiguration.s3Bucket.bucketName}`],\n        }));\n      }\n    }\n  }\n\n  private enableExecuteCommandEncryption(logging: ExecuteCommandLogging) {\n    this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({\n      actions: [\n        'kms:Decrypt',\n        'kms:GenerateDataKey',\n      ],\n      resources: [`${this.cluster.executeCommandConfiguration?.kmsKey?.keyArn}`],\n    }));\n\n    this.cluster.executeCommandConfiguration?.kmsKey?.addToResourcePolicy(new iam.PolicyStatement({\n      actions: [\n        'kms:*',\n      ],\n      resources: ['*'],\n      principals: [new iam.ArnPrincipal(`arn:${this.stack.partition}:iam::${this.env.account}:root`)],\n    }));\n\n    if (logging === ExecuteCommandLogging.DEFAULT || this.cluster.executeCommandConfiguration?.logConfiguration?.cloudWatchEncryptionEnabled) {\n      this.cluster.executeCommandConfiguration?.kmsKey?.addToResourcePolicy(new iam.PolicyStatement({\n        actions: [\n          'kms:Encrypt*',\n          'kms:Decrypt*',\n          'kms:ReEncrypt*',\n          'kms:GenerateDataKey*',\n          'kms:Describe*',\n        ],\n        resources: ['*'],\n        principals: [new iam.ServicePrincipal(`logs.${this.env.region}.amazonaws.com`)],\n        conditions: {\n          ArnLike: { 'kms:EncryptionContext:aws:logs:arn': `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:*` },\n        },\n      }));\n    }\n  }\n\n  /**\n   * This method is called to attach this service to an Application Load Balancer.\n   *\n   * Don't call this function directly. Instead, call `listener.addTargets()`\n   * to add this service to a load balancer.\n   */\n  public attachToApplicationTargetGroup(targetGroup: elbv2.IApplicationTargetGroup): elbv2.LoadBalancerTargetProps {\n    return this.defaultLoadBalancerTarget.attachToApplicationTargetGroup(targetGroup);\n  }\n\n  /**\n   * Registers the service as a target of a Classic Load Balancer (CLB).\n   *\n   * Don't call this. Call `loadBalancer.addTarget()` instead.\n   */\n  public attachToClassicLB(loadBalancer: elb.LoadBalancer): void {\n    return this.defaultLoadBalancerTarget.attachToClassicLB(loadBalancer);\n  }\n\n  /**\n   * Return a load balancing target for a specific container and port.\n   *\n   * Use this function to create a load balancer target if you want to load balance to\n   * another container than the first essential container or the first mapped port on\n   * the container.\n   *\n   * Use the return value of this function where you would normally use a load balancer\n   * target, instead of the `Service` object itself.\n   *\n   * @example\n   *\n   * declare const listener: elbv2.ApplicationListener;\n   * declare const service: ecs.BaseService;\n   * listener.addTargets('ECS', {\n   *   port: 80,\n   *   targets: [service.loadBalancerTarget({\n   *     containerName: 'MyContainer',\n   *     containerPort: 1234,\n   *   })],\n   * });\n   */\n  public loadBalancerTarget(options: LoadBalancerTargetOptions): IEcsLoadBalancerTarget {\n    const self = this;\n    const target = this.taskDefinition._validateTarget(options);\n    const connections = self.connections;\n    return {\n      attachToApplicationTargetGroup(targetGroup: elbv2.ApplicationTargetGroup): elbv2.LoadBalancerTargetProps {\n        targetGroup.registerConnectable(self, self.taskDefinition._portRangeFromPortMapping(target.portMapping));\n        return self.attachToELBv2(targetGroup, target.containerName, target.portMapping.containerPort);\n      },\n      attachToNetworkTargetGroup(targetGroup: elbv2.NetworkTargetGroup): elbv2.LoadBalancerTargetProps {\n        return self.attachToELBv2(targetGroup, target.containerName, target.portMapping.containerPort);\n      },\n      connections,\n      attachToClassicLB(loadBalancer: elb.LoadBalancer): void {\n        return self.attachToELB(loadBalancer, target.containerName, target.portMapping.containerPort);\n      },\n    };\n  }\n\n  /**\n   * Use this function to create all load balancer targets to be registered in this service, add them to\n   * target groups, and attach target groups to listeners accordingly.\n   *\n   * Alternatively, you can use `listener.addTargets()` to create targets and add them to target groups.\n   *\n   * @example\n   *\n   * declare const listener: elbv2.ApplicationListener;\n   * declare const service: ecs.BaseService;\n   * service.registerLoadBalancerTargets(\n   *   {\n   *     containerName: 'web',\n   *     containerPort: 80,\n   *     newTargetGroupId: 'ECS',\n   *     listener: ecs.ListenerConfig.applicationListener(listener, {\n   *       protocol: elbv2.ApplicationProtocol.HTTPS\n   *     }),\n   *   },\n   * )\n   */\n  public registerLoadBalancerTargets(...targets: EcsTarget[]) {\n    for (const target of targets) {\n      target.listener.addTargets(target.newTargetGroupId, {\n        containerName: target.containerName,\n        containerPort: target.containerPort,\n        protocol: target.protocol,\n      }, this);\n    }\n  }\n\n  /**\n   * This method is called to attach this service to a Network Load Balancer.\n   *\n   * Don't call this function directly. Instead, call `listener.addTargets()`\n   * to add this service to a load balancer.\n   */\n  public attachToNetworkTargetGroup(targetGroup: elbv2.INetworkTargetGroup): elbv2.LoadBalancerTargetProps {\n    return this.defaultLoadBalancerTarget.attachToNetworkTargetGroup(targetGroup);\n  }\n\n  /**\n   * An attribute representing the minimum and maximum task count for an AutoScalingGroup.\n   */\n  public autoScaleTaskCount(props: appscaling.EnableScalingProps) {\n    if (this.scalableTaskCount) {\n      throw new Error('AutoScaling of task count already enabled for this service');\n    }\n\n    return this.scalableTaskCount = new ScalableTaskCount(this, 'TaskCount', {\n      serviceNamespace: appscaling.ServiceNamespace.ECS,\n      resourceId: `service/${this.cluster.clusterName}/${this.serviceName}`,\n      dimension: 'ecs:service:DesiredCount',\n      role: this.makeAutoScalingRole(),\n      ...props,\n    });\n  }\n\n  /**\n   * Enable CloudMap service discovery for the service\n   *\n   * @returns The created CloudMap service\n   */\n  public enableCloudMap(options: CloudMapOptions): cloudmap.Service {\n    const sdNamespace = options.cloudMapNamespace ?? this.cluster.defaultCloudMapNamespace;\n    if (sdNamespace === undefined) {\n      throw new Error('Cannot enable service discovery if a Cloudmap Namespace has not been created in the cluster.');\n    }\n\n    // Determine DNS type based on network mode\n    const networkMode = this.taskDefinition.networkMode;\n    if (networkMode === NetworkMode.NONE) {\n      throw new Error('Cannot use a service discovery if NetworkMode is None. Use Bridge, Host or AwsVpc instead.');\n    }\n\n    // Bridge or host network mode requires SRV records\n    let dnsRecordType = options.dnsRecordType;\n\n    if (networkMode === NetworkMode.BRIDGE || networkMode === NetworkMode.HOST) {\n      if (dnsRecordType === undefined) {\n        dnsRecordType = cloudmap.DnsRecordType.SRV;\n      }\n      if (dnsRecordType !== cloudmap.DnsRecordType.SRV) {\n        throw new Error('SRV records must be used when network mode is Bridge or Host.');\n      }\n    }\n\n    // Default DNS record type for AwsVpc network mode is A Records\n    if (networkMode === NetworkMode.AWS_VPC) {\n      if (dnsRecordType === undefined) {\n        dnsRecordType = cloudmap.DnsRecordType.A;\n      }\n    }\n\n    const { containerName, containerPort } = determineContainerNameAndPort({\n      taskDefinition: this.taskDefinition,\n      dnsRecordType: dnsRecordType!,\n      container: options.container,\n      containerPort: options.containerPort,\n    });\n\n    const cloudmapService = new cloudmap.Service(this, 'CloudmapService', {\n      namespace: sdNamespace,\n      name: options.name,\n      dnsRecordType: dnsRecordType!,\n      customHealthCheck: { failureThreshold: options.failureThreshold || 1 },\n      dnsTtl: options.dnsTtl,\n    });\n\n    const serviceArn = cloudmapService.serviceArn;\n\n    // add Cloudmap service to the ECS Service's serviceRegistry\n    this.addServiceRegistry({\n      arn: serviceArn,\n      containerName,\n      containerPort,\n    });\n\n    this.cloudmapService = cloudmapService;\n\n    return cloudmapService;\n  }\n\n  /**\n   * Associates this service with a CloudMap service\n   */\n  public associateCloudMapService(options: AssociateCloudMapServiceOptions): void {\n    const service = options.service;\n\n    const { containerName, containerPort } = determineContainerNameAndPort({\n      taskDefinition: this.taskDefinition,\n      dnsRecordType: service.dnsRecordType,\n      container: options.container,\n      containerPort: options.containerPort,\n    });\n\n    // add Cloudmap service to the ECS Service's serviceRegistry\n    this.addServiceRegistry({\n      arn: service.serviceArn,\n      containerName,\n      containerPort,\n    });\n  }\n\n  /**\n   * This method returns the specified CloudWatch metric name for this service.\n   */\n  public metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return new cloudwatch.Metric({\n      namespace: 'AWS/ECS',\n      metricName,\n      dimensionsMap: { ClusterName: this.cluster.clusterName, ServiceName: this.serviceName },\n      ...props,\n    }).attachTo(this);\n  }\n\n  /**\n   * This method returns the CloudWatch metric for this service's memory utilization.\n   *\n   * @default average over 5 minutes\n   */\n  public metricMemoryUtilization(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.metric('MemoryUtilization', props);\n  }\n\n  /**\n   * This method returns the CloudWatch metric for this service's CPU utilization.\n   *\n   * @default average over 5 minutes\n   */\n  public metricCpuUtilization(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.metric('CPUUtilization', props);\n  }\n\n  /**\n   * This method is called to create a networkConfiguration.\n   * @deprecated use configureAwsVpcNetworkingWithSecurityGroups instead.\n   */\n  // eslint-disable-next-line max-len\n  protected configureAwsVpcNetworking(vpc: ec2.IVpc, assignPublicIp?: boolean, vpcSubnets?: ec2.SubnetSelection, securityGroup?: ec2.ISecurityGroup) {\n    if (vpcSubnets === undefined) {\n      vpcSubnets = assignPublicIp ? { subnetType: ec2.SubnetType.PUBLIC } : {};\n    }\n    if (securityGroup === undefined) {\n      securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', { vpc });\n    }\n    this.connections.addSecurityGroup(securityGroup);\n\n    this.networkConfiguration = {\n      awsvpcConfiguration: {\n        assignPublicIp: assignPublicIp ? 'ENABLED' : 'DISABLED',\n        subnets: vpc.selectSubnets(vpcSubnets).subnetIds,\n        securityGroups: Lazy.list({ produce: () => [securityGroup!.securityGroupId] }),\n      },\n    };\n  }\n\n  /**\n   * This method is called to create a networkConfiguration.\n   */\n  // eslint-disable-next-line max-len\n  protected configureAwsVpcNetworkingWithSecurityGroups(vpc: ec2.IVpc, assignPublicIp?: boolean, vpcSubnets?: ec2.SubnetSelection, securityGroups?: ec2.ISecurityGroup[]) {\n    if (vpcSubnets === undefined) {\n      vpcSubnets = assignPublicIp ? { subnetType: ec2.SubnetType.PUBLIC } : {};\n    }\n    if (securityGroups === undefined || securityGroups.length === 0) {\n      securityGroups = [new ec2.SecurityGroup(this, 'SecurityGroup', { vpc })];\n    }\n\n    securityGroups.forEach((sg) => { this.connections.addSecurityGroup(sg); }, this);\n\n    this.networkConfiguration = {\n      awsvpcConfiguration: {\n        assignPublicIp: assignPublicIp ? 'ENABLED' : 'DISABLED',\n        subnets: vpc.selectSubnets(vpcSubnets).subnetIds,\n        securityGroups: securityGroups.map((sg) => sg.securityGroupId),\n      },\n    };\n  }\n\n  private renderServiceRegistry(registry: ServiceRegistry): CfnService.ServiceRegistryProperty {\n    return {\n      registryArn: registry.arn,\n      containerName: registry.containerName,\n      containerPort: registry.containerPort,\n    };\n  }\n\n  /**\n   * Shared logic for attaching to an ELB\n   */\n  private attachToELB(loadBalancer: elb.LoadBalancer, containerName: string, containerPort: number): void {\n    if (this.taskDefinition.networkMode === NetworkMode.AWS_VPC) {\n      throw new Error('Cannot use a Classic Load Balancer if NetworkMode is AwsVpc. Use Host or Bridge instead.');\n    }\n    if (this.taskDefinition.networkMode === NetworkMode.NONE) {\n      throw new Error('Cannot use a Classic Load Balancer if NetworkMode is None. Use Host or Bridge instead.');\n    }\n\n    this.loadBalancers.push({\n      loadBalancerName: loadBalancer.loadBalancerName,\n      containerName,\n      containerPort,\n    });\n  }\n\n  /**\n   * Shared logic for attaching to an ELBv2\n   */\n  private attachToELBv2(targetGroup: elbv2.ITargetGroup, containerName: string, containerPort: number): elbv2.LoadBalancerTargetProps {\n    if (this.taskDefinition.networkMode === NetworkMode.NONE) {\n      throw new Error('Cannot use a load balancer if NetworkMode is None. Use Bridge, Host or AwsVpc instead.');\n    }\n\n    this.loadBalancers.push({\n      targetGroupArn: targetGroup.targetGroupArn,\n      containerName,\n      containerPort,\n    });\n\n    // Service creation can only happen after the load balancer has\n    // been associated with our target group(s), so add ordering dependency.\n    this.resource.node.addDependency(targetGroup.loadBalancerAttached);\n\n    const targetType = this.taskDefinition.networkMode === NetworkMode.AWS_VPC ? elbv2.TargetType.IP : elbv2.TargetType.INSTANCE;\n    return { targetType };\n  }\n\n  private get defaultLoadBalancerTarget() {\n    return this.loadBalancerTarget({\n      containerName: this.taskDefinition.defaultContainer!.containerName,\n    });\n  }\n\n  /**\n   * Generate the role that will be used for autoscaling this service\n   */\n  private makeAutoScalingRole(): iam.IRole {\n    // Use a Service Linked Role.\n    return iam.Role.fromRoleArn(this, 'ScalingRole', Stack.of(this).formatArn({\n      region: '',\n      service: 'iam',\n      resource: 'role/aws-service-role/ecs.application-autoscaling.amazonaws.com',\n      resourceName: 'AWSServiceRoleForApplicationAutoScaling_ECSService',\n    }));\n  }\n\n  /**\n   * Associate Service Discovery (Cloud Map) service\n   */\n  private addServiceRegistry(registry: ServiceRegistry) {\n    if (this.serviceRegistries.length >= 1) {\n      throw new Error('Cannot associate with the given service discovery registry. ECS supports at most one service registry per service.');\n    }\n\n    const sr = this.renderServiceRegistry(registry);\n    this.serviceRegistries.push(sr);\n  }\n\n  /**\n   *  Return the default grace period when load balancers are configured and\n   *  healthCheckGracePeriod is not already set\n   */\n  private evaluateHealthGracePeriod(providedHealthCheckGracePeriod?: Duration): IResolvable {\n    return Lazy.any({\n      produce: () => providedHealthCheckGracePeriod?.toSeconds() ?? (this.loadBalancers.length > 0 ? 60 : undefined),\n    });\n  }\n\n  private enableExecuteCommand() {\n    this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({\n      actions: [\n        'ssmmessages:CreateControlChannel',\n        'ssmmessages:CreateDataChannel',\n        'ssmmessages:OpenControlChannel',\n        'ssmmessages:OpenDataChannel',\n      ],\n      resources: ['*'],\n    }));\n  }\n}\n\n/**\n * The options to enabling AWS Cloud Map for an Amazon ECS service.\n */\nexport interface CloudMapOptions {\n  /**\n   * The name of the Cloud Map service to attach to the ECS service.\n   *\n   * @default CloudFormation-generated name\n   */\n  readonly name?: string,\n\n  /**\n   * The service discovery namespace for the Cloud Map service to attach to the ECS service.\n   *\n   * @default - the defaultCloudMapNamespace associated to the cluster\n   */\n  readonly cloudMapNamespace?: cloudmap.INamespace;\n\n  /**\n   * The DNS record type that you want AWS Cloud Map to create. The supported record types are A or SRV.\n   *\n   * @default - DnsRecordType.A if TaskDefinition.networkMode = AWS_VPC, otherwise DnsRecordType.SRV\n   */\n  readonly dnsRecordType?: cloudmap.DnsRecordType.A | cloudmap.DnsRecordType.SRV,\n\n  /**\n   * The amount of time that you want DNS resolvers to cache the settings for this record.\n   *\n   * @default Duration.minutes(1)\n   */\n  readonly dnsTtl?: Duration;\n\n  /**\n   * The number of 30-second intervals that you want Cloud Map to wait after receiving an UpdateInstanceCustomHealthStatus\n   * request before it changes the health status of a service instance.\n   *\n   * NOTE: This is used for HealthCheckCustomConfig\n   */\n  readonly failureThreshold?: number;\n\n  /**\n   * The container to point to for a SRV record.\n   * @default - the task definition's default container\n   */\n  readonly container?: ContainerDefinition;\n\n  /**\n   * The port to point to for a SRV record.\n   * @default - the default port of the task definition's default container\n   */\n  readonly containerPort?: number;\n}\n\n/**\n * The options for using a cloudmap service.\n */\nexport interface AssociateCloudMapServiceOptions {\n  /**\n   * The cloudmap service to register with.\n   */\n  readonly service: cloudmap.IService;\n\n  /**\n   * The container to point to for a SRV record.\n   * @default - the task definition's default container\n   */\n  readonly container?: ContainerDefinition;\n\n  /**\n   * The port to point to for a SRV record.\n   * @default - the default port of the task definition's default container\n   */\n  readonly containerPort?: number;\n}\n\n/**\n * Service Registry for ECS service\n */\ninterface ServiceRegistry {\n  /**\n   * Arn of the Cloud Map Service that will register a Cloud Map Instance for your ECS Service\n   */\n  readonly arn: string;\n\n  /**\n   * The container name value, already specified in the task definition, to be used for your service discovery service.\n   * If the task definition that your service task specifies uses the bridge or host network mode,\n   * you must specify a containerName and containerPort combination from the task definition.\n   * If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is\n   * used, you must specify either a containerName and containerPort combination or a port value, but not both.\n   */\n  readonly containerName?: string;\n\n  /**\n   * The container port value, already specified in the task definition, to be used for your service discovery service.\n   * If the task definition that your service task specifies uses the bridge or host network mode,\n   * you must specify a containerName and containerPort combination from the task definition.\n   * If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is\n   * used, you must specify either a containerName and containerPort combination or a port value, but not both.\n   */\n  readonly containerPort?: number;\n}\n\n/**\n * The launch type of an ECS service\n */\nexport enum LaunchType {\n  /**\n   * The service will be launched using the EC2 launch type\n   */\n  EC2 = 'EC2',\n\n  /**\n   * The service will be launched using the FARGATE launch type\n   */\n  FARGATE = 'FARGATE',\n\n  /**\n   * The service will be launched using the EXTERNAL launch type\n   */\n  EXTERNAL = 'EXTERNAL'\n}\n\n/**\n * The deployment controller type to use for the service.\n */\nexport enum DeploymentControllerType {\n  /**\n   * The rolling update (ECS) deployment type involves replacing the current\n   * running version of the container with the latest version.\n   */\n  ECS = 'ECS',\n\n  /**\n   * The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by AWS CodeDeploy\n   */\n  CODE_DEPLOY = 'CODE_DEPLOY',\n\n  /**\n   * The external (EXTERNAL) deployment type enables you to use any third-party deployment controller\n   */\n  EXTERNAL = 'EXTERNAL'\n}\n\n/**\n * Propagate tags from either service or task definition\n */\nexport enum PropagatedTagSource {\n  /**\n   * Propagate tags from service\n   */\n  SERVICE = 'SERVICE',\n\n  /**\n   * Propagate tags from task definition\n   */\n  TASK_DEFINITION = 'TASK_DEFINITION',\n\n  /**\n   * Do not propagate\n   */\n  NONE = 'NONE'\n}\n\n/**\n * Options for `determineContainerNameAndPort`\n */\ninterface DetermineContainerNameAndPortOptions {\n  dnsRecordType: cloudmap.DnsRecordType;\n  taskDefinition: TaskDefinition;\n  container?: ContainerDefinition;\n  containerPort?: number;\n}\n\n/**\n * Determine the name of the container and port to target for the service registry.\n */\nfunction determineContainerNameAndPort(options: DetermineContainerNameAndPortOptions) {\n  // If the record type is SRV, then provide the containerName and containerPort to target.\n  // We use the name of the default container and the default port of the default container\n  // unless the user specifies otherwise.\n  if (options.dnsRecordType === cloudmap.DnsRecordType.SRV) {\n    // Ensure the user-provided container is from the right task definition.\n    if (options.container && options.container.taskDefinition != options.taskDefinition) {\n      throw new Error('Cannot add discovery for a container from another task definition');\n    }\n\n    const container = options.container ?? options.taskDefinition.defaultContainer!;\n\n    // Ensure that any port given by the user is mapped.\n    if (options.containerPort && !container.portMappings.some(mapping => mapping.containerPort === options.containerPort)) {\n      throw new Error('Cannot add discovery for a container port that has not been mapped');\n    }\n\n    return {\n      containerName: container.containerName,\n      containerPort: options.containerPort ?? options.taskDefinition.defaultContainer!.containerPort,\n    };\n  }\n\n  return {};\n}\n"]} |
\ | No newline at end of file |