Skip to content
This repository has been archived by the owner on Nov 27, 2023. It is now read-only.

Limit EFS volume creation to public subnets #2231

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Limit EFS volume creation to public subnets #2231

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions ecs/awsResources.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import (
type awsResources struct {
vpc string // shouldn't this also be an awsResource ?
subnets []awsResource
pubSubnets []awsResource
cluster awsResource
loadBalancer awsResource
loadBalancerType string
Expand Down Expand Up @@ -221,6 +222,7 @@ func (b *ecsAPIService) parseVPCExtension(ctx context.Context, project *types.Pr

r.vpc = vpc
r.subnets = subNets
r.pubSubnets = publicSubNets
return nil
}

Expand Down
5 changes: 4 additions & 1 deletion ecs/sdk.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,10 @@ func (s sdk) IsPublicSubnet(ctx context.Context, subNetID string) (bool, error)
if len(tables.RouteTables) == 0 {
// If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table.
// https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-route-tables.html
return true, nil

// Normally main route tables are used for the private subnets, so this should be FALSE and not TRUE
// regular setup is 3 public subnets + N number of private subnets
return false, nil
}
for _, routeTable := range tables.RouteTables {
for _, route := range routeTable.Routes {
Expand Down
10 changes: 5 additions & 5 deletions ecs/volumes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,21 +31,21 @@ import (

func (b *ecsAPIService) createNFSMountTarget(project *types.Project, resources awsResources, template *cloudformation.Template) {
for volume := range project.Volumes {
for _, subnet := range resources.subnets {
name := fmt.Sprintf("%sNFSMountTargetOn%s", normalizeResourceName(volume), normalizeResourceName(subnet.ID()))
for _, pubSubnet := range resources.pubSubnets {
name := fmt.Sprintf("%sNFSMountTargetOn%s", normalizeResourceName(volume), normalizeResourceName(pubSubnet.ID()))
template.Resources[name] = &efs.MountTarget{
FileSystemId: resources.filesystems[volume].ID(),
SecurityGroups: resources.allSecurityGroups(),
SubnetId: subnet.ID(),
SubnetId: pubSubnet.ID(),
}
}
}
}

func (b *ecsAPIService) mountTargets(volume string, resources awsResources) []string {
var refs []string
for _, subnet := range resources.subnets {
refs = append(refs, fmt.Sprintf("%sNFSMountTargetOn%s", normalizeResourceName(volume), normalizeResourceName(subnet.ID())))
for _, pubSubnet := range resources.pubSubnets {
refs = append(refs, fmt.Sprintf("%sNFSMountTargetOn%s", normalizeResourceName(volume), normalizeResourceName(pubSubnet.ID())))
}
return refs
}
Expand Down