michaelfecher/backend-task-stack.ts

## backend-task-stack.ts
// file: lib/backend-task-stack.ts
import * as cdk from "@aws-cdk/core";
import * as ecs from "@aws-cdk/aws-ecs";
import * as iam from "@aws-cdk/aws-iam";
import * as ecr from "@aws-cdk/aws-ecr";
import { DBCredentials } from "./db-credentials-stack";

export interface BackendStackProps extends cdk.StackProps {
  backendPort: number;
  dbEndpoint: string;
  dbCredentials: DBCredentials;
  dbHost: string;
  dbPort: string;
  dbName: string;
}

export class BackendTaskStack extends cdk.Stack {
  readonly taskDefinition: ecs.TaskDefinition;

  constructor(scope: cdk.Construct, id: string, props: BackendStackProps) {
    super(scope, id, props);

    const usernameSecret = props.dbCredentials.username;
    const passwordSecret = props.dbCredentials.password;
    const taskRole = new iam.Role(this, "BackendTaskRole", {
      roleName: "BackendECSTaskRole",
      assumedBy: new iam.ServicePrincipal("ecs-tasks.amazonaws.com"),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName(
          "service-role/AmazonECSTaskExecutionRolePolicy"
        ),
      ],
    });

    usernameSecret.grantRead(taskRole);
    passwordSecret.grantRead(taskRole);

    const taskDef = new ecs.FargateTaskDefinition(this, "BackendTask", {
      taskRole: taskRole,
    });

    taskDef.addContainer("BackendContainer", {
      image: ecs.ContainerImage.fromEcrRepository("yourEcrRepo"),
      secrets: {
        DB_USER: ecs.Secret.fromSecretsManager(usernameSecret),
        DB_PW: ecs.Secret.fromSecretsManager(passwordSecret),
      },
      environment: {
        NODE_ENV: "production",
        DB_DIALECT: "postgres",
        DB_HOST: props.dbHost,
        DB_PORT: props.dbPort,
        DB_NAME: props.dbName,
      },
    });
    this.taskDefinition = taskDef;
  }
}
	// file: lib/backend-task-stack.ts
	import * as cdk from "@aws-cdk/core";
	import * as ecs from "@aws-cdk/aws-ecs";
	import * as iam from "@aws-cdk/aws-iam";
	import * as ecr from "@aws-cdk/aws-ecr";
	import { DBCredentials } from "./db-credentials-stack";

	export interface BackendStackProps extends cdk.StackProps {
	backendPort: number;
	dbEndpoint: string;
	dbCredentials: DBCredentials;
	dbHost: string;
	dbPort: string;
	dbName: string;
	}

	export class BackendTaskStack extends cdk.Stack {
	readonly taskDefinition: ecs.TaskDefinition;

	constructor(scope: cdk.Construct, id: string, props: BackendStackProps) {
	super(scope, id, props);

	const usernameSecret = props.dbCredentials.username;
	const passwordSecret = props.dbCredentials.password;
	const taskRole = new iam.Role(this, "BackendTaskRole", {
	roleName: "BackendECSTaskRole",
	assumedBy: new iam.ServicePrincipal("ecs-tasks.amazonaws.com"),
	managedPolicies: [
	iam.ManagedPolicy.fromAwsManagedPolicyName(
	"service-role/AmazonECSTaskExecutionRolePolicy"
	),
	],
	});

	usernameSecret.grantRead(taskRole);
	passwordSecret.grantRead(taskRole);

	const taskDef = new ecs.FargateTaskDefinition(this, "BackendTask", {
	taskRole: taskRole,
	});

	taskDef.addContainer("BackendContainer", {
	image: ecs.ContainerImage.fromEcrRepository("yourEcrRepo"),
	secrets: {
	DB_USER: ecs.Secret.fromSecretsManager(usernameSecret),
	DB_PW: ecs.Secret.fromSecretsManager(passwordSecret),
	},
	environment: {
	NODE_ENV: "production",
	DB_DIALECT: "postgres",
	DB_HOST: props.dbHost,
	DB_PORT: props.dbPort,
	DB_NAME: props.dbName,
	},
	});
	this.taskDefinition = taskDef;
	}
	}