Skip to content

feat(batch): ecs execute command #35341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Sep 4, 2025
Merged

feat(batch): ecs execute command #35341

merged 16 commits into from
Sep 4, 2025

Conversation

@badmintoncryer
Copy link
Contributor

@badmintoncryer badmintoncryer commented Aug 27, 2025
edited
Loading

Issue # (if applicable)

None

Reason for this change

AWS Batch now supports for ECS execute command(ECS exec) to access to the job container.
https://aws.amazon.com/about-aws/whats-new/2025/04/aws-batch-amazon-elastic-container-service-exec-firelens-log-router/?nc1=h_ls

Description of changes

  • Add enableExecuteCommand prop ro EcsContainerDefinitionProps
  • handle batch job role to add ecs exec policies

Describe any new or updated permissions being added

  • Add some permissions to the job role
    • "ssmmessages:CreateControlChannel",
    • "ssmmessages:CreateDataChannel",
    • "ssmmessages:OpenControlChannel",
    • "ssmmessages:OpenDataChannel"

Description of how you validated changes

Add both unit and integ tests.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team August 27, 2025 15:32
@github-actions github-actions bot added p2 distinguished-contributor [Pilot] contributed 50+ PRs to the CDK labels Aug 27, 2025
iankhou
iankhou previously requested changes Aug 27, 2025
View reviewed changes
Copy link
Contributor

@iankhou iankhou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feature and tests look good, but please remove the Kiro instructions haha

packages/aws-cdk-lib/cckiro/specs/batch-enable-execute-command-firelens/design.md Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this was committed by mistake? Along with the other files in cckiro.

@mergify mergify bot dismissed iankhou’s stale review August 28, 2025 01:27

Pull request has been modified.

@badmintoncryer
Copy link
Contributor Author

@iankhou Thank you for your review and I'm sorry for adding some docs. I've removed them.

@badmintoncryer badmintoncryer requested a review from iankhou August 29, 2025 16:19
@github-actions github-actions bot mentioned this pull request Sep 1, 2025
Closed
@badmintoncryer
Copy link
Contributor Author

@iankhou Could you please confirm this PR again ?

iankhou
iankhou reviewed Sep 3, 2025
View reviewed changes
packages/aws-cdk-lib/aws-batch/lib/ecs-container-definition.ts
Comment on lines +792 to +801
private addEcsExecPermissions(role: iam.IRole): void {
role.addToPrincipalPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
'ssmmessages:CreateControlChannel',
'ssmmessages:CreateDataChannel',
'ssmmessages:OpenControlChannel',
'ssmmessages:OpenDataChannel',
],
resources: ['*'],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, validated against docs: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html#ecs-exec-required-iam-permissions

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Sep 3, 2025
iankhou
iankhou previously approved these changes Sep 3, 2025
View reviewed changes
@mergify
Copy link
Contributor

mergify bot commented Sep 3, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Contributor

mergify bot commented Sep 3, 2025

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated.

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

@mergify mergify bot dismissed iankhou’s stale review September 3, 2025 17:00

Pull request has been modified.

@badmintoncryer
Copy link
Contributor Author

@iankhou Could you please approve again?

@mergify
Copy link
Contributor

mergify bot commented Sep 4, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 30722f2 into aws:main Sep 4, 2025
21 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Sep 4, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 4, 2025
@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Sep 4, 2025
@badmintoncryer badmintoncryer deleted the ecs-exec-for-batch branch September 5, 2025 00:05
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@iankhou iankhou iankhou approved these changes

Assignees

No one assigned

Labels

distinguished-contributor [Pilot] contributed 50+ PRs to the CDK p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@badmintoncryer @iankhou @aws-cdk-automation