jyapayne/langflow
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
langflow/scripts/aws/lib/construct/iam.ts
kazuki306 3eeda84d28
 Fix bug in deployment procedure in AWS CDK and support HTTPS (#1491) 
* add cloudfront

* modify: healthcheck disable

* modify: health check option

* modify nodejsbuild

* add nodejs version

* endpoint configuration

* set axios url

* remote console.log VITE_PROXY_TARGET

* create alb stack

* add alb to origin

* alb build success

* remote baseURL setting

* add redirect

* change responseHttpStatus to 200

* modify output and readme

* modify architecture

* add health check path route to cloudfront routing

* modified: c9 env name in deploy langflow section

* modified : package dependency for pymysql

* modified: deploy procedure

* modified: deploy procedure (ja)

---------

Co-authored-by: nsxshota <nsxshota@amazon.co.jp>
Co-authored-by: ymkazuki <ymkazuki@amazon.co.jp>
Co-authored-by: Shota Nakamoto <53632932+nsy0328@users.noreply.github.com>
2024-03-04 08:50:51 -03:00

82 lines
No EOL
2.5 KiB
TypeScript
Raw Permalink Blame History

import { RemovalPolicy, Duration } from 'aws-cdk-lib'
import { Construct } from 'constructs'
import {
aws_rds as rds,
aws_iam as iam,
} from 'aws-cdk-lib';
interface IAMProps {
rdsCluster:rds.DatabaseCluster
}
export class EcsIAM extends Construct {
readonly backendTaskRole: iam.Role;
readonly backendTaskExecutionRole: iam.Role;
constructor(scope: Construct, id: string, props:IAMProps) {
super(scope, id)
// Policy Statements
// ECS Policy State
const ECSExecPolicyStatement = new iam.PolicyStatement({
sid: 'allowECSExec',
resources: ['*'],
actions: [
'ecr:GetAuthorizationToken',
'ecr:BatchCheckLayerAvailability',
'ecr:GetDownloadUrlForLayer',
'ecr:BatchGetImage',
],
});
// Bedrock Policy State
const BedrockPolicyStatement = new iam.PolicyStatement({
sid: 'allowBedrockAccess',
resources: ['*'],
actions: [
'bedrock:*',
],
});
// Kendra Policy State
const KendraPolicyStatement = new iam.PolicyStatement({
sid: 'allowKendraAccess',
resources: ['*'],
actions: [
'kendra:*'
],
});
// Create Rag Policy
const RagAccessPolicy = new iam.Policy(this, 'RAGFullAccess', {
statements: [KendraPolicyStatement,BedrockPolicyStatement],
})
// Secrets ManagerからDB認証情報を取ってくるためのPolicy
const SecretsManagerPolicy = new iam.Policy(this, 'SMGetPolicy', {
statements: [new iam.PolicyStatement({
actions: ['secretsmanager:GetSecretValue'],
resources: [props.rdsCluster.secret!.secretArn],
})],
})
// BackEnd Task Role
this.backendTaskRole = new iam.Role(this, 'BackendTaskRole', {
assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
});
// ECS Exec Policyの付与
this.backendTaskRole.addToPolicy(ECSExecPolicyStatement);
// KendraとBedrockのアクセス権付与
this.backendTaskRole.attachInlinePolicy(RagAccessPolicy);
// BackEnd Task ExecutionRole
this.backendTaskExecutionRole = new iam.Role(this, 'backendTaskExecutionRole', {
assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
managedPolicies: [
{
managedPolicyArn:
'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
},
],
});
this.backendTaskExecutionRole.attachInlinePolicy(SecretsManagerPolicy);
this.backendTaskExecutionRole.attachInlinePolicy(RagAccessPolicy);
}
}
Reference in a new issue View git blame Copy permalink