1 | import { Construct } from 'constructs';
|
2 | import { CfnTaskDefinition } from './ecs.generated';
|
3 | import { Construct as CoreConstruct } from '@aws-cdk/core';
|
4 |
|
5 |
|
6 |
|
7 | export interface LinuxParametersProps {
|
8 | |
9 |
|
10 |
|
11 |
|
12 |
|
13 | readonly initProcessEnabled?: boolean;
|
14 | |
15 |
|
16 |
|
17 |
|
18 |
|
19 | readonly sharedMemorySize?: number;
|
20 | }
|
21 |
|
22 |
|
23 |
|
24 | export declare class LinuxParameters extends CoreConstruct {
|
25 | |
26 |
|
27 |
|
28 | private readonly initProcessEnabled?;
|
29 | |
30 |
|
31 |
|
32 | private readonly sharedMemorySize?;
|
33 | |
34 |
|
35 |
|
36 | private readonly capAdd;
|
37 | |
38 |
|
39 |
|
40 | private readonly capDrop;
|
41 | |
42 |
|
43 |
|
44 | private readonly devices;
|
45 | |
46 |
|
47 |
|
48 | private readonly tmpfs;
|
49 | |
50 |
|
51 |
|
52 | constructor(scope: Construct, id: string, props?: LinuxParametersProps);
|
53 | /**
|
54 | * Adds one or more Linux capabilities to the Docker configuration of a container.
|
55 | *
|
56 | * Only works with EC2 launch type.
|
57 | */
|
58 | addCapabilities(...cap: Capability[]): void;
|
59 | /**
|
60 | * Removes one or more Linux capabilities to the Docker configuration of a container.
|
61 | *
|
62 | * Only works with EC2 launch type.
|
63 | */
|
64 | dropCapabilities(...cap: Capability[]): void;
|
65 | /**
|
66 | * Adds one or more host devices to a container.
|
67 | */
|
68 | addDevices(...device: Device[]): void;
|
69 | /**
|
70 | * Specifies the container path, mount options, and size (in MiB) of the tmpfs mount for a container.
|
71 | *
|
72 | * Only works with EC2 launch type.
|
73 | */
|
74 | addTmpfs(...tmpfs: Tmpfs[]): void;
|
75 | /**
|
76 | * Renders the Linux parameters to a CloudFormation object.
|
77 | */
|
78 | renderLinuxParameters(): CfnTaskDefinition.LinuxParametersProperty;
|
79 | }
|
80 | /**
|
81 | * A container instance host device.
|
82 | */
|
83 | export interface Device {
|
84 | |
85 |
|
86 |
|
87 |
|
88 |
|
89 | readonly containerPath?: string;
|
90 | |
91 |
|
92 |
|
93 | readonly hostPath: string;
|
94 | |
95 |
|
96 |
|
97 |
|
98 |
|
99 |
|
100 | readonly permissions?: DevicePermission[];
|
101 | }
|
102 |
|
103 |
|
104 |
|
105 | export interface Tmpfs {
|
106 | |
107 |
|
108 |
|
109 | readonly containerPath: string;
|
110 | |
111 |
|
112 |
|
113 | readonly size: number;
|
114 | |
115 |
|
116 |
|
117 |
|
118 | readonly mountOptions?: TmpfsMountOption[];
|
119 | }
|
120 |
|
121 |
|
122 |
|
123 | export declare enum Capability {
|
124 | ALL = "ALL",
|
125 | AUDIT_CONTROL = "AUDIT_CONTROL",
|
126 | AUDIT_WRITE = "AUDIT_WRITE",
|
127 | BLOCK_SUSPEND = "BLOCK_SUSPEND",
|
128 | CHOWN = "CHOWN",
|
129 | DAC_OVERRIDE = "DAC_OVERRIDE",
|
130 | DAC_READ_SEARCH = "DAC_READ_SEARCH",
|
131 | FOWNER = "FOWNER",
|
132 | FSETID = "FSETID",
|
133 | IPC_LOCK = "IPC_LOCK",
|
134 | IPC_OWNER = "IPC_OWNER",
|
135 | KILL = "KILL",
|
136 | LEASE = "LEASE",
|
137 | LINUX_IMMUTABLE = "LINUX_IMMUTABLE",
|
138 | MAC_ADMIN = "MAC_ADMIN",
|
139 | MAC_OVERRIDE = "MAC_OVERRIDE",
|
140 | MKNOD = "MKNOD",
|
141 | NET_ADMIN = "NET_ADMIN",
|
142 | NET_BIND_SERVICE = "NET_BIND_SERVICE",
|
143 | NET_BROADCAST = "NET_BROADCAST",
|
144 | NET_RAW = "NET_RAW",
|
145 | SETFCAP = "SETFCAP",
|
146 | SETGID = "SETGID",
|
147 | SETPCAP = "SETPCAP",
|
148 | SETUID = "SETUID",
|
149 | SYS_ADMIN = "SYS_ADMIN",
|
150 | SYS_BOOT = "SYS_BOOT",
|
151 | SYS_CHROOT = "SYS_CHROOT",
|
152 | SYS_MODULE = "SYS_MODULE",
|
153 | SYS_NICE = "SYS_NICE",
|
154 | SYS_PACCT = "SYS_PACCT",
|
155 | SYS_PTRACE = "SYS_PTRACE",
|
156 | SYS_RAWIO = "SYS_RAWIO",
|
157 | SYS_RESOURCE = "SYS_RESOURCE",
|
158 | SYS_TIME = "SYS_TIME",
|
159 | SYS_TTY_CONFIG = "SYS_TTY_CONFIG",
|
160 | SYSLOG = "SYSLOG",
|
161 | WAKE_ALARM = "WAKE_ALARM"
|
162 | }
|
163 |
|
164 |
|
165 |
|
166 | export declare enum DevicePermission {
|
167 | |
168 |
|
169 |
|
170 | READ = "read",
|
171 | |
172 |
|
173 |
|
174 | WRITE = "write",
|
175 | |
176 |
|
177 |
|
178 | MKNOD = "mknod"
|
179 | }
|
180 |
|
181 |
|
182 |
|
183 | export declare enum TmpfsMountOption {
|
184 | DEFAULTS = "defaults",
|
185 | RO = "ro",
|
186 | RW = "rw",
|
187 | SUID = "suid",
|
188 | NOSUID = "nosuid",
|
189 | DEV = "dev",
|
190 | NODEV = "nodev",
|
191 | EXEC = "exec",
|
192 | NOEXEC = "noexec",
|
193 | SYNC = "sync",
|
194 | ASYNC = "async",
|
195 | DIRSYNC = "dirsync",
|
196 | REMOUNT = "remount",
|
197 | MAND = "mand",
|
198 | NOMAND = "nomand",
|
199 | ATIME = "atime",
|
200 | NOATIME = "noatime",
|
201 | DIRATIME = "diratime",
|
202 | NODIRATIME = "nodiratime",
|
203 | BIND = "bind",
|
204 | RBIND = "rbind",
|
205 | UNBINDABLE = "unbindable",
|
206 | RUNBINDABLE = "runbindable",
|
207 | PRIVATE = "private",
|
208 | RPRIVATE = "rprivate",
|
209 | SHARED = "shared",
|
210 | RSHARED = "rshared",
|
211 | SLAVE = "slave",
|
212 | RSLAVE = "rslave",
|
213 | RELATIME = "relatime",
|
214 | NORELATIME = "norelatime",
|
215 | STRICTATIME = "strictatime",
|
216 | NOSTRICTATIME = "nostrictatime",
|
217 | MODE = "mode",
|
218 | UID = "uid",
|
219 | GID = "gid",
|
220 | NR_INODES = "nr_inodes",
|
221 | NR_BLOCKS = "nr_blocks",
|
222 | MPOL = "mpol"
|
223 | }
|