diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json index db4752252f4fa..de953f1e34aad 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json index e2d86bf155bda..7fbccde788f96 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33": { + "29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d": { "source": { "path": "batch-stack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33.json", + "objectKey": "29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json index 1ef8be9489013..c99047b447f4b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json @@ -1118,6 +1118,108 @@ "Type": "managed", "UpdatePolicy": {} } + }, + "ECSAL2023SecurityGroup7AE4A1D4": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/ECS_AL2023/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "ECSAL2023InstanceProfileRoleEBA7FF23": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "ECSAL2023InstanceProfile14B35A51": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ] + } + }, + "ECSAL20239DA0188B": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "ComputeResources": { + "AllocationStrategy": "BEST_FIT_PROGRESSIVE", + "Ec2Configuration": [ + { + "ImageType": "ECS_AL2023" + } + ], + "InstanceRole": { + "Fn::GetAtt": [ + "ECSAL2023InstanceProfile14B35A51", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ECSAL2023SecurityGroup7AE4A1D4", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Type": "EC2" + }, + "ReplaceComputeEnvironment": false, + "State": "ENABLED", + "Type": "managed", + "UpdatePolicy": {} + } } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json index 824bd984c00e7..1d97ef0a4308e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "BatchManagedComputeEnvironmentTest/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json index 7fff489e95068..9ec827b896504 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "batch-stack.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "batch-stack.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -339,6 +340,30 @@ "data": "taggedCE5029E6F8" } ], + "/batch-stack/ECS_AL2023/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023SecurityGroup7AE4A1D4" + } + ], + "/batch-stack/ECS_AL2023/InstanceProfileRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ], + "/batch-stack/ECS_AL2023/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023InstanceProfile14B35A51" + } + ], + "/batch-stack/ECS_AL2023/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL20239DA0188B" + } + ], "/batch-stack/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -367,6 +392,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json index 029a5cd85e503..7d665f06bcdc1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json @@ -1880,6 +1880,178 @@ "version": "0.0.0" } }, + "ECS_AL2023": { + "id": "ECS_AL2023", + "path": "batch-stack/ECS_AL2023", + "children": { + "SecurityGroup": { + "id": "SecurityGroup", + "path": "batch-stack/ECS_AL2023/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/ECS_AL2023/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceProfileRole": { + "id": "InstanceProfileRole", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole", + "children": { + "ImportInstanceProfileRole": { + "id": "ImportInstanceProfileRole", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole/ImportInstanceProfileRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "batch-stack/ECS_AL2023/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "computeResources": { + "maxvCpus": 256, + "type": "EC2", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ECSAL2023SecurityGroup7AE4A1D4", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "minvCpus": 0, + "instanceRole": { + "Fn::GetAtt": [ + "ECSAL2023InstanceProfile14B35A51", + "Arn" + ] + }, + "instanceTypes": [ + "optimal" + ], + "allocationStrategy": "BEST_FIT_PROGRESSIVE", + "ec2Configuration": [ + { + "imageType": "ECS_AL2023" + } + ] + }, + "replaceComputeEnvironment": false, + "state": "ENABLED", + "type": "managed", + "updatePolicy": {} + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.ManagedEc2EcsComputeEnvironment", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "batch-stack/BootstrapVersion", @@ -1915,7 +2087,7 @@ "path": "BatchManagedComputeEnvironmentTest/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } }, "DeployAssert": { @@ -1961,7 +2133,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts index 61de496afa32c..0d71b9cfbff4e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts @@ -3,7 +3,7 @@ import { LaunchTemplate } from 'aws-cdk-lib/aws-ec2'; import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; import { App, Duration, Stack, Tags } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; -import { AllocationStrategy, FargateComputeEnvironment, ManagedEc2EcsComputeEnvironment } from 'aws-cdk-lib/aws-batch'; +import { AllocationStrategy, FargateComputeEnvironment, ManagedEc2EcsComputeEnvironment, EcsMachineImageType } from 'aws-cdk-lib/aws-batch'; const app = new App(); const stack = new Stack(app, 'batch-stack'); @@ -79,6 +79,13 @@ const taggedEc2Ecs = new ManagedEc2EcsComputeEnvironment(stack, 'taggedCE', { Tags.of(taggedEc2Ecs).add('foo', 'bar'); Tags.of(taggedEc2Ecs).add('super', 'salamander'); +new ManagedEc2EcsComputeEnvironment(stack, 'ECS_AL2023', { + vpc, + images: [{ + imageType: EcsMachineImageType.ECS_AL2023, + }], +}); + new integ.IntegTest(app, 'BatchManagedComputeEnvironmentTest', { testCases: [stack], }); diff --git a/packages/aws-cdk-lib/aws-batch/README.md b/packages/aws-cdk-lib/aws-batch/README.md index 6b7e3eeb89a99..7528e426bb45b 100644 --- a/packages/aws-cdk-lib/aws-batch/README.md +++ b/packages/aws-cdk-lib/aws-batch/README.md @@ -111,6 +111,23 @@ computeEnv.addInstanceClass(ec2.InstanceClass.M4); computeEnv.addInstanceClass(ec2.InstanceClass.R4); ``` +#### Configure AMIs + +You can configure Amazon Machine Images (AMIs). This example configures your `ComputeEnvironment` to use Amazon Linux 2023. + +```ts +declare const vpc: ec2.IVpc; + +new batch.ManagedEc2EcsComputeEnvironment(this, 'myEc2ComputeEnv', { + vpc, + images: [ + { + imageType: batch.EcsMachineImageType.ECS_AL2023, + }, + ], +}); +``` + #### Allocation Strategies | Allocation Strategy | Optimized for | Downsides | diff --git a/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts b/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts index 64746104333ce..c9f03e9f0dd73 100644 --- a/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts +++ b/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts @@ -395,10 +395,16 @@ export interface EksMachineImage extends MachineImage{ */ export enum EcsMachineImageType { /** - * Tells Batch that this machine image runs on non-GPU instances + * Tells Batch that this machine image runs on non-GPU AL2 instances */ ECS_AL2 = 'ECS_AL2', + /** + * Tells Batch that this machine image runs on non-GPU AL2023 instances. + * Amazon Linux 2023 does not support A1 instances. + */ + ECS_AL2023 = 'ECS_AL2023', + /** * Tells Batch that this machine image runs on GPU instances */ @@ -652,6 +658,12 @@ export class ManagedEc2EcsComputeEnvironment extends ManagedComputeEnvironmentBa this.instanceTypes = props.instanceTypes ?? []; this.instanceClasses = props.instanceClasses ?? []; + if (this.images?.find(image => image.imageType === EcsMachineImageType.ECS_AL2023) && + (this.instanceClasses.includes(ec2.InstanceClass.A1) || + this.instanceTypes.find(instanceType => instanceType.sameInstanceClassAs(ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.LARGE)))) + ) { + throw new Error('Amazon Linux 2023 does not support A1 instances.'); + } const { instanceRole, instanceProfile } = createInstanceRoleAndProfile(this, props.instanceRole); this.instanceRole = instanceRole; diff --git a/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts b/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts index d20c9677d97c3..b2d572fd8de37 100644 --- a/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts +++ b/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts @@ -794,6 +794,52 @@ describe('ManagedEc2EcsComputeEnvironment', () => { }); }); + test('Amazon Linux 2023 does not support A1 instances.', () => { + expect(() => new ManagedEc2EcsComputeEnvironment(stack, 'Al2023A1InstanceClass', { + ...defaultEcsProps, + instanceClasses: [ec2.InstanceClass.A1], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2023, + }, + ], + })).toThrow('Amazon Linux 2023 does not support A1 instances.'); + + expect(() => new ManagedEc2EcsComputeEnvironment(stack, 'Al2023A1XlargeInstance', { + ...defaultEcsProps, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.XLARGE2)], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2023, + }, + ], + })).toThrow('Amazon Linux 2023 does not support A1 instances.'); + + new ManagedEc2EcsComputeEnvironment(stack, 'Al2A1InstanceClass', { + ...defaultEcsProps, + instanceClasses: [ec2.InstanceClass.A1], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2, + }, + ], + }); + + new ManagedEc2EcsComputeEnvironment(stack, 'Al2A1XlargeInstance', { + ...defaultEcsProps, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.XLARGE2)], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2, + }, + ], + }); + }); + test('can use non-default allocation strategy', () => { // WHEN new ManagedEc2EcsComputeEnvironment(stack, 'MyCE', {