Merge branch 'main' into fix/ecs-ami-linux2-kernel

aws · Apr 22, 2024 · bb9473d · bb9473d
2 parents c93abba + 31492c6
commit bb9473d
Show file tree

Hide file tree

Showing 15 changed files with 233 additions and 36 deletions.
diff --git a/...g/test/aws-ecs/test/fargate/integ.runtime.js.snapshot/aws-ecs-integ-runtime.template.json b/...g/test/aws-ecs/test/fargate/integ.runtime.js.snapshot/aws-ecs-integ-runtime.template.json
@@ -570,6 +570,7 @@
     "Family": "awsecsintegruntimeTaskDefGraviton28E28B263",
     "Memory": "1024",
     "NetworkMode": "awsvpc",
+    "PidMode": "host",
     "RequiresCompatibilities": [
      "FARGATE"
     ],

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.runtime.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.runtime.ts
@@ -27,6 +27,7 @@ const taskDefinitiongraviton2 = new ecs.FargateTaskDefinition(stack, 'TaskDefGra
   },
   cpu: 256,
   memoryLimitMiB: 1024,
+  pidMode: ecs.PidMode.HOST,
 });
 
 taskDefinitionwindows.addContainer('windowsservercore', {

diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json
@@ -23,8 +23,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.63",
-    "@aws-cdk/service-spec-types": "^0.0.63",
+    "@aws-cdk/aws-service-spec": "^0.0.64",
+    "@aws-cdk/service-spec-types": "^0.0.64",
     "chalk": "^4",
     "diff": "^5.2.0",
     "fast-deep-equal": "^3.1.3",

diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json
@@ -74,7 +74,7 @@
     "@aws-cdk/cloud-assembly-schema": "0.0.0",
     "@aws-cdk/cloudformation-diff": "0.0.0",
     "@aws-cdk/cx-api": "0.0.0",
-    "@aws-cdk/aws-service-spec": "^0.0.63",
+    "@aws-cdk/aws-service-spec": "^0.0.64",
     "cdk-assets": "0.0.0",
     "@aws-cdk/cdk-cli-wrapper": "0.0.0",
     "aws-cdk": "0.0.0",

diff --git a/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts b/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts
@@ -89,9 +89,24 @@ export class FoundationModelIdentifier {
   /** Base model "anthropic.claude-3-sonnet-20240229-v1:0". */
   public static readonly ANTHROPIC_CLAUDE_3_SONNET_20240229_V1_0 = new FoundationModelIdentifier('anthropic.claude-3-sonnet-20240229-v1:0');
 
+  /** Base model "anthropic.claude-3-sonnet-20240229-v1:0:28k" */
+  public static readonly ANTHROPIC_CLAUDE_3_SONNET_20240229_V1_0_28K = new FoundationModelIdentifier('anthropic.claude-3-sonnet-20240229-v1:0:28k');
+
+  /** Base model "anthropic.claude-3-sonnet-20240229-v1:0:200k" */
+  public static readonly ANTHROPIC_CLAUDE_3_SONNET_20240229_V1_0_200K = new FoundationModelIdentifier('anthropic.claude-3-sonnet-20240229-v1:0:200k');
+
   /** Base model "anthropic.claude-3-haiku-20240307-v1:0". */
   public static readonly ANTHROPIC_CLAUDE_3_HAIKU_20240307_V1_0 = new FoundationModelIdentifier('anthropic.claude-3-haiku-20240307-v1:0');
 
+  /** Base model "anthropic.claude-3-haiku-20240307-v1:0:48k" */
+  public static readonly ANTHROPIC_CLAUDE_3_HAIKU_20240307_V1_0_48K = new FoundationModelIdentifier('anthropic.claude-3-haiku-20240307-v1:0:48k');
+
+  /** Base model "anthropic.claude-3-haiku-20240307-v1:0:200k" */
+  public static readonly ANTHROPIC_CLAUDE_3_HAIKU_20240307_V1_0_200K = new FoundationModelIdentifier('anthropic.claude-3-haiku-20240307-v1:0:200k');
+
+  /** Base model "anthropic.claude-3-opus-20240229-v1:0" */
+  public static readonly ANTHROPIC_CLAUDE_3_OPUS_20240229_V1_0 = new FoundationModelIdentifier('anthropic.claude-3-opus-20240229-v1:0');
+
   /** Base model "anthropic.claude-instant-v1". */
   public static readonly ANTHROPIC_CLAUDE_INSTANT_V1 = new FoundationModelIdentifier('anthropic.claude-instant-v1');
 

diff --git a/packages/aws-cdk-lib/aws-ecs/README.md b/packages/aws-cdk-lib/aws-ecs/README.md
@@ -362,6 +362,23 @@ const fargateTaskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef', {
 });
 ```
 
+To specify the process namespace to use for the containers in the task, use the `pidMode` property:
+
+```ts
+const fargateTaskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef', {
+  runtimePlatform: {
+    operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
+    cpuArchitecture: ecs.CpuArchitecture.ARM64,
+  },
+  memoryLimitMiB: 512,
+  cpu: 256,
+  pidMode: ecs.PidMode.HOST,
+});
+```
+
+**Note:** `pidMode` is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version 1.4.0
+or later (Linux). This isn't supported for Windows containers on Fargate.
+
 To add containers to a task definition, call `addContainer()`:
 
 ```ts

diff --git a/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts b/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts
@@ -193,7 +193,9 @@ export interface TaskDefinitionProps extends CommonTaskDefinitionProps {
   /**
    * The process namespace to use for the containers in the task.
    *
-   * Not supported in Fargate and Windows containers.
+   * Only supported for tasks that are hosted on AWS Fargate if the tasks
+   * are using platform version 1.4.0 or later (Linux).
+   * Not supported in Windows containers.
    *
    * @default - PidMode used by the task is not specified
    */
@@ -219,8 +221,8 @@ export interface TaskDefinitionProps extends CommonTaskDefinitionProps {
 
   /**
    * The operating system that your task definitions are running on.
-   * A runtimePlatform is supported only for tasks using the Fargate launch type.
    *
+   * A runtimePlatform is supported only for tasks using the Fargate launch type.
    *
    * @default - Undefined.
    */
@@ -372,6 +374,15 @@ export class TaskDefinition extends TaskDefinitionBase {
    */
   public readonly ephemeralStorageGiB?: number;
 
+  /**
+   * The process namespace to use for the containers in the task.
+   *
+   * Only supported for tasks that are hosted on AWS Fargate if the tasks
+   * are using platform version 1.4.0 or later (Linux).
+   * Not supported in Windows containers.
+   */
+  public readonly pidMode?: PidMode;
+
   /**
    * The container definitions.
    */
@@ -453,9 +464,10 @@ export class TaskDefinition extends TaskDefinitionBase {
     }
 
     this.ephemeralStorageGiB = props.ephemeralStorageGiB;
+    this.pidMode = props.pidMode;
 
     // validate the cpu and memory size for the Windows operation system family.
-    if (props.runtimePlatform?.operatingSystemFamily?._operatingSystemFamily.includes('WINDOWS')) {
+    if (props.runtimePlatform?.operatingSystemFamily?.isWindows()) {
       // We know that props.cpu and props.memoryMiB are defined because an error would have been thrown previously if they were not.
       // But, typescript is not able to figure this out, so using the `!` operator here to let the type-checker know they are defined.
       this.checkFargateWindowsBasedTasksSize(props.cpu!, props.memoryMiB!, props.runtimePlatform!);
@@ -485,7 +497,7 @@ export class TaskDefinition extends TaskDefinitionBase {
       cpu: props.cpu,
       memory: props.memoryMiB,
       ipcMode: props.ipcMode,
-      pidMode: props.pidMode,
+      pidMode: this.pidMode,
       inferenceAccelerators: Lazy.any({
         produce: () =>
           !isFargateCompatible(this.compatibility) ? this.renderInferenceAccelerators() : undefined,

diff --git a/packages/aws-cdk-lib/aws-ecs/lib/ec2/ec2-task-definition.ts b/packages/aws-cdk-lib/aws-ecs/lib/ec2/ec2-task-definition.ts
@@ -49,7 +49,7 @@ export interface Ec2TaskDefinitionProps extends CommonTaskDefinitionProps {
   /**
    * The process namespace to use for the containers in the task.
    *
-   * Not supported in Fargate and Windows containers.
+   * Not supported in Windows containers.
    *
    * @default - PidMode used by the task is not specified
    */

diff --git a/packages/aws-cdk-lib/aws-ecs/lib/fargate/fargate-service.ts b/packages/aws-cdk-lib/aws-ecs/lib/fargate/fargate-service.ts
@@ -128,6 +128,23 @@ export class FargateService extends BaseService implements IFargateService {
       throw new Error('Only one of SecurityGroup or SecurityGroups can be populated.');
     }
 
+    // Platform versions not supporting referencesSecretJsonField, ephemeralStorageGiB, or pidMode on a task definition
+    const unsupportedPlatformVersions = [
+      FargatePlatformVersion.VERSION1_0,
+      FargatePlatformVersion.VERSION1_1,
+      FargatePlatformVersion.VERSION1_2,
+      FargatePlatformVersion.VERSION1_3,
+    ];
+    const isUnsupportedPlatformVersion = props.platformVersion && unsupportedPlatformVersions.includes(props.platformVersion);
+
+    if (props.taskDefinition.ephemeralStorageGiB && isUnsupportedPlatformVersion) {
+      throw new Error(`The ephemeralStorageGiB feature requires platform version ${FargatePlatformVersion.VERSION1_4} or later, got ${props.platformVersion}.`);
+    }
+
+    if (props.taskDefinition.pidMode && isUnsupportedPlatformVersion) {
+      throw new Error(`The pidMode feature requires platform version ${FargatePlatformVersion.VERSION1_4} or later, got ${props.platformVersion}.`);
+    }
+
     super(scope, id, {
       ...props,
       desiredCount: props.desiredCount,
@@ -153,9 +170,7 @@ export class FargateService extends BaseService implements IFargateService {
     }
 
     this.node.addValidation({
-      validate: () => this.taskDefinition.referencesSecretJsonField
-      && props.platformVersion
-      && SECRET_JSON_FIELD_UNSUPPORTED_PLATFORM_VERSIONS.includes(props.platformVersion)
+      validate: () => this.taskDefinition.referencesSecretJsonField && isUnsupportedPlatformVersion
         ? [`The task definition of this service uses at least one container that references a secret JSON field. This feature requires platform version ${FargatePlatformVersion.VERSION1_4} or later.`]
         : [],
     });
@@ -214,10 +229,3 @@ export enum FargatePlatformVersion {
    */
   VERSION1_0 = '1.0.0',
 }
-
-const SECRET_JSON_FIELD_UNSUPPORTED_PLATFORM_VERSIONS = [
-  FargatePlatformVersion.VERSION1_0,
-  FargatePlatformVersion.VERSION1_1,
-  FargatePlatformVersion.VERSION1_2,
-  FargatePlatformVersion.VERSION1_3,
-];
diff --git a/packages/aws-cdk-lib/aws-ecs/lib/fargate/fargate-task-definition.ts b/packages/aws-cdk-lib/aws-ecs/lib/fargate/fargate-task-definition.ts
@@ -7,6 +7,7 @@ import {
   Compatibility,
   ITaskDefinition,
   NetworkMode,
+  PidMode,
   TaskDefinition,
 } from '../base/task-definition';
 import { RuntimePlatform } from '../runtime-platform';
@@ -77,6 +78,17 @@ export interface FargateTaskDefinitionProps extends CommonTaskDefinitionProps {
    * @default - Undefined.
    */
   readonly runtimePlatform?: RuntimePlatform;
+
+  /**
+   * The process namespace to use for the containers in the task.
+   *
+   * Only supported for tasks that are hosted on AWS Fargate if the tasks
+   * are using platform version 1.4.0 or later (Linux).
+   * Not supported in Windows containers.
+   *
+   * @default - PidMode used by the task is not specified
+   */
+  readonly pidMode?: PidMode;
 }
 
 /**
@@ -147,13 +159,23 @@ export class FargateTaskDefinition extends TaskDefinition implements IFargateTas
       memoryMiB: props.memoryLimitMiB !== undefined ? Tokenization.stringifyNumber(props.memoryLimitMiB) : '512',
       compatibility: Compatibility.FARGATE,
       networkMode: NetworkMode.AWS_VPC,
+      pidMode: props.pidMode,
     });
 
     // eslint-disable-next-line max-len
     if (props.ephemeralStorageGiB && !Token.isUnresolved(props.ephemeralStorageGiB) && (props.ephemeralStorageGiB < 21 || props.ephemeralStorageGiB > 200)) {
       throw new Error('Ephemeral storage size must be between 21GiB and 200GiB');
     }
 
+    if (props.pidMode) {
+      if (props.runtimePlatform?.operatingSystemFamily?.isWindows()) {
+        throw new Error('\'pidMode\' is not supported for Windows containers.');
+      }
+      if (!Token.isUnresolved(props.pidMode) && props.pidMode !== PidMode.HOST) {
+        throw new Error(`\'pidMode\' can only be set to \'${PidMode.HOST}\' for Fargate containers, got: \'${props.pidMode}\'.`);
+      }
+    }
+
     this.ephemeralStorageGiB = props.ephemeralStorageGiB;
   }
 }
diff --git a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts
@@ -1,6 +1,7 @@
 import { testDeprecated } from '@aws-cdk/cdk-build-tools';
 import { Annotations, Match, Template } from '../../../assertions';
 import * as appscaling from '../../../aws-applicationautoscaling';
+import * as batch from '../../../aws-batch';
 import * as cloudwatch from '../../../aws-cloudwatch';
 import * as ec2 from '../../../aws-ec2';
 import * as elbv2 from '../../../aws-elasticloadbalancingv2';
@@ -685,6 +686,92 @@ describe('fargate service', () => {
       }).toThrow(/one essential container/);
     });
 
+    test('errors when platform version does not support containers which references secret JSON field', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'MyVpc', {});
+      const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+      const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', {
+        runtimePlatform: {
+          operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
+          cpuArchitecture: ecs.CpuArchitecture.ARM64,
+        },
+        memoryLimitMiB: 512,
+        cpu: 256,
+      });
+
+      // Errors on validation, not on construction.
+      new ecs.FargateService(stack, 'FargateService', {
+        cluster,
+        taskDefinition,
+        platformVersion: ecs.FargatePlatformVersion.VERSION1_2,
+      });
+
+      taskDefinition.addContainer('main', {
+        image: ecs.ContainerImage.fromRegistry('somecontainer'),
+        secrets: {
+          envName: batch.Secret.fromSecretsManager(new secretsmanager.Secret(stack, 'testSecret'), 'secretField'),
+        },
+      });
+
+      // THEN
+      expect(() => {
+        Template.fromStack(stack);
+      }).toThrow(/This feature requires platform version/);
+    });
+
+    test('errors when platform version does not support ephemeralStorageGiB', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'MyVpc', {});
+      const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+      const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', {
+        runtimePlatform: {
+          operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
+          cpuArchitecture: ecs.CpuArchitecture.ARM64,
+        },
+        memoryLimitMiB: 512,
+        cpu: 256,
+        ephemeralStorageGiB: 100,
+      });
+
+      // WHEN
+      // THEN
+      expect(() => {
+        new ecs.FargateService(stack, 'FargateService', {
+          cluster,
+          taskDefinition,
+          platformVersion: ecs.FargatePlatformVersion.VERSION1_2,
+        });
+      }).toThrow(/The ephemeralStorageGiB feature requires platform version/);
+    });
+
+    test('errors when platform version does not support pidMode', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'MyVpc', {});
+      const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+      const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', {
+        runtimePlatform: {
+          operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
+          cpuArchitecture: ecs.CpuArchitecture.ARM64,
+        },
+        memoryLimitMiB: 512,
+        cpu: 256,
+        pidMode: ecs.PidMode.HOST,
+      });
+
+      // WHEN
+      // THEN
+      expect(() => {
+        new ecs.FargateService(stack, 'FargateService', {
+          cluster,
+          taskDefinition,
+          platformVersion: ecs.FargatePlatformVersion.VERSION1_2,
+        });
+      }).toThrow(/The pidMode feature requires platform version/);
+    });
+
     test('allows adding the default container after creating the service', () => {
       // GIVEN
       const stack = new cdk.Stack();