堆栈内存溢出
  繁体   English   中英

AWS ECR 的 AWS CDK V2 构造错误

[英]Error in AWS CDK V2 construct for AWS ECR

 原文  2022-12-18 13:23:51       amazon-web-services/ aws-cdk

问题描述

我已经编写了代码来创建一个 repo 和一些属性。 尽管我将reponame作为接口的一部分作为字符串“testing”传递,但我的代码正在通过 else 条件并将reponame创建为 undefined+date。

第二个问题:你能帮我找到权限策略中校长的问题吗? 我收到一条错误消息,指出props.accountIds.map错误:我正在将一个数组传递给 accountIds。

    import * as ecr from 'aws-cdk-lib/aws-ecr';
    import { Duration, RemovalPolicy, Stack } from 'aws-cdk-lib';
    import { Repository, RepositoryEncryption, TagMutability } from 'aws-cdk-lib/aws-ecr';
    import {AWSAccountDetails} from '../lib/utils/definition';  
    import * as cdk from 'aws-cdk-lib';
    
    export class ecrStack extends cdk.Stack {
        constructor(scope: cdk.App, id: string, props: any ){
        super(scope, id);
        const repository = this.createEcr(props);
        this.createAdditionalProperty(repository,props);
      }
    //Method to check and create the AWS ECR REPO
    private  createEcr( props: AWSAccountDetails): any {
      
    let imageTagMutability : ecr.TagMutability = ecr.TagMutability.IMMUTABLE;
    let imageScanOnPush : Boolean =true;
    let encryption : ecr.RepositoryEncryption =ecr.RepositoryEncryption.KMS;
    
    if ( props.imageTagMutability  in ecr.TagMutability ) {
      imageTagMutability =props.imageTagMutability;
    }
    
    if (typeof props.imageScanOnPush ! == 'boolean'){
      imageScanOnPush =props.imageScanOnPush;
    }
    
    if (typeof props.encryption ! == 'undefined'){
      encryption =props.encryption;
    }
    if (!props.repositoryName) {
      throw  Error('No repository name provided');
    }
    
      let repository = ecr.Repository.fromRepositoryName(this, 'ecrRepo', props.repositoryName);
    if (!repository.repositoryArn) {
      // Repository does not exist, create a new one with the original name
      repository=new ecr.Repository(this, props.repositoryName, {
        repositoryName: props.repositoryName,
        imageTagMutability: props.imageTagMutability,
        encryption: RepositoryEncryption.KMS,
        imageScanOnPush: props.imageScanOnPush,
        removalPolicy: RemovalPolicy.DESTROY
      });
    } else {
      const modifiedRepositoryName = `${props.repositoryName}-${Date.now()}`;
      repository= new ecr.Repository(this, modifiedRepositoryName, {
        repositoryName: modifiedRepositoryName,
        imageTagMutability: props.imageTagMutability,
        encryption: RepositoryEncryption.KMS,
        imageScanOnPush: props.imageScanOnPush,
        removalPolicy: RemovalPolicy.DESTROY
      });
    }return repository;
    }
    //Method to add the lifecycle policy,Tags and create aws account permissions.
    private createAdditionalProperty(repository: any, props:AWSAccountDetails) {
    
      let AgeOfImage :number =180;
    
      if (typeof props.ImageAge ! == 'undefined'){
    
          repository.addLifecycleRule({
            rulePriority: 1,
            maxImageAge:Duration.days(AgeOfImage)
          });
        } else {
          repository.addLifecycleRule({
            rulePriority: 1,
            maxImageAge:Duration.days(props.ImageAge) 
          });
    }
        //Tags 
        const Tags:{[key:string]:string}={
            Name: props.repositoryName,
        }
        //Permission to external aws account to grant permission for ECR pull and push
         //  const policy = new iam.PolicyDocument();
            //policy.addStatements(new iam.PolicyStatement({
             // actions: ['ecr:*'],
              //actions: ['ecr:BatchCheckLayerAvailability', 'ecr:GetDownloadUrlForLayer', 'ecr:BatchGetImage', 'ecr:PutImage']
           //   resources: [repository.repositoryArn],
           //   principals: props.accountIds.map(id => new iam.AccountPrincipal(id))
           // }));
    }
      addLifecycleRule(arg0: { rulePriority: number; maxImageAge: Duration; }) {
        throw new Error('Method not implemented.');
      }
    }

接口文件:

    import * as ecr from 'aws-cdk-lib/aws-ecr';
    import { ecrStack } from '../ecrstack-stack';
    
    export interface AWSAccountDetails  {
        ImageCount: any;
        readonly repositoryName :'abcd';   /* Repo Name */ 
        readonly ImageAge:110; //Number of days before image is deleted.i.e 90.  need to change to imageAge
        readonly imageTagMutability : ecr.TagMutability.IMMUTABLE;  /* If the Repo should  enable Tag Immutability  or not; Default setting is Enabled */
        readonly imageScanOnPush : true; /* If the Repo should enable ScanonPush or not ; Default setting is Enabled */
        readonly encryption : 'KMS'; /* If the Repo should KMS or not  ; Default setting is Enabled for AWS managed KMS Key*/
        readonly accountIds : string //Account number to grant access to pull and push.
        readonly encruptionproperty: 'KMS';
    
    }

1 个解决方案

解决方案1
 0  2022-12-19 12:28:28

我必须将道具作为对象传递,然后导出到主堆栈。 这解决了这个问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 CDK v2 的 AWS AppSync 自定义域名 AWS CDK - 如何有条件地创建 ECR 存储库 AWS CDK 部署问题 AWS-CDK 和 Gitlab 返回错误:spawnSync docker ENOENT 使用 AWS CDK 创建 AWS DMS 任务 调试 TypeScript AWS CDK 应用程序 AWS websocket 容器 cdk ecs 找不到图像:404 客户端错误:找不到:aws-ecr-push-image atlassian 管道 如何获取 ECR_AWS_ACCESS_KEY 和 ECR_AWS_SECRET_ACCESS_KEY 使用AWS CDK获取RDS Cluster ResourceID
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM