Allow passing security groups of the Fargate task (#25)

* Allow passing security groups of the Fargate task being launched. Not passing them defaults to keep using the default security group * Fix parameter name in actions.yml * Print task specification * Display in JSON * Passes required env variable * Remove unnecessary debug output * Re-adding debugging lines * remove idea folder * Remove accidentally pushed idea files * Removed debug output
newrelic · Aug 28, 2023 · bf080a6 · bf080a6
1 parent 24d91dd
commit bf080a6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/action.yml b/action.yml
@@ -22,6 +22,9 @@ inputs:
   aws_vpc_subnet:
     description: Task Definition.
     required: true
+  aws_vpc_security_groups:
+    description: Security group to be used by the task. If not specified, the default security group of the VPC will be used.
+    required: false
   log_filters:
     description: Regexp filters that will be applied to CloudWatch output. To show the full logs add the following filter ".*". By default, it filters Ansible role execution logs.
     default: |
@@ -58,6 +61,7 @@ runs:
         CLOUD_WATCH_LOGS_GROUP_NAME: ${{ inputs.cloud_watch_logs_group_name }}
         CLOUD_WATCH_LOGS_STREAM_NAME: ${{ inputs.cloud_watch_logs_stream_name }}
         AWS_VPC_SUBNET: ${{ inputs.aws_vpc_subnet }}
+        AWS_VPC_SECURITY_GROUPS: ${{ inputs.aws_vpc_security_groups }}
         LOG_FILTERS: ${{ inputs.log_filters }}
         REPO_NAME: ${{ inputs.repo_name }}
         GIT_CLONE_URL: ${{ inputs.git_clone_url }}

diff --git a/main.go b/main.go
@@ -30,6 +30,7 @@ type Config struct {
 	TaskDefinitionName       string
 	ContainerMakeTarget      []string // If is set as a string it will unmarshall as a slice with 1 string
 	AWSVpcSubnet             string
+	AWSVpcSecurityGroups     []string // Up to 5 security groups can be provided: https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_AwsVpcConfiguration.html
 	CloudWatchLogsGroupName  string
 	CloudWatchLogsStreamName string
 	MaxLogLines              int
@@ -53,6 +54,7 @@ func LoadConfig() Config {
 	viper.BindEnv("task_definition_name")
 	viper.BindEnv("container_make_target")
 	viper.BindEnv("aws_vpc_subnet")
+	viper.BindEnv("aws_vpc_security_groups")
 	viper.BindEnv("cloud_watch_logs_group_name")
 	viper.BindEnv("cloud_watch_logs_stream_name")
 	viper.BindEnv("timeout_millis")
@@ -78,6 +80,7 @@ func LoadConfig() Config {
 		TaskDefinitionName:       viper.GetString("task_definition_name"),
 		ContainerMakeTarget:      viper.GetStringSlice("container_make_target"),
 		AWSVpcSubnet:             viper.GetString("aws_vpc_subnet"),
+		AWSVpcSecurityGroups:     viper.GetStringSlice("aws_vpc_security_groups"),
 		CloudWatchLogsGroupName:  viper.GetString("cloud_watch_logs_group_name"),
 		CloudWatchLogsStreamName: viper.GetString("cloud_watch_logs_stream_name"),
 		LogFilters:               viper.GetStringSlice("log_filters"),
@@ -126,7 +129,8 @@ func prepareFargateTask(params Config) (*TaskRunner, aws.Config) {
 
 		NetworkConfiguration: &ecsTypes.NetworkConfiguration{
 			AwsvpcConfiguration: &ecsTypes.AwsVpcConfiguration{
-				Subnets: []string{params.AWSVpcSubnet},
+				Subnets:        []string{params.AWSVpcSubnet},
+				SecurityGroups: params.AWSVpcSecurityGroups,
 			},
 		},
 	}