如何将此 CloudFormation 转换为 CDK(JavaScript 或 Java)?我试图这样做,但这是我第一次使用 CDK,我不知道该怎么做。
FargateTaskExecutionServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: AmazonECSTaskExecutionRolePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- 'ecr:GetAuthorizationToken'
- 'ecr:BatchCheckLayerAvailability'
- 'ecr:GetDownloadUrlForLayer'
- 'ecr:BatchGetImage'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: '*'
我正在尝试使用打字稿将以下 CloudFormation 资源迁移到 CDK:
ALBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPCId
GroupDescription: !Sub "${Application}-${Environment}-alb-sg"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: !Ref SecurityGroupIngressCidr
我尝试过这个(我不知道如何创建必要的属性):
const albSecurityGroup = new SecurityGroup(this, "ALBSecurityGroup", {
vpc: Vpc.fromLookup(this, id, {
vpcId: props.vpcId.stringValue
}),
description: appEnv + "-alb-sg"
})
并使用这样的 Cfn 构造函数(我不知道如何将 CfnSecurityGroup 与 CfnSecurityGroupIngress 加入):
const x = new CfnSecurityGroupIngress(this, id, {
ipProtocol: "tcp",
fromPort: 443,
toPort: 443,
cidrIp: props.securityGroupIngressCidr
});
const albSecurityGroupCfn = new CfnSecurityGroup(this, id, {
vpcId: props.vpcId.stringValue,
groupDescription: appEnv + …