ecs-patterns: enable to specify securityGroups in NetworkLoadBalancedFargateService

[wafuwafu13]

Describe the feature

We can't specify securityGroups in NetworkLoadBalancedFargateService now.

Use Case

Default is an empty array, so we have to specify securityGroups.

aws-cdk/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-load-balancer.ts

Lines 206 to 216 in 730fe63

	/**
	* After the implementation of `IConnectable` (see https://github.com/aws/aws-cdk/pull/28494), the default
	* value for `securityGroups` is set by the `ec2.Connections` constructor to an empty array.
	* To keep backward compatibility (`securityGroups` is `undefined` if the related property is not specified)
	* a getter has been added.
	*/
	public get securityGroups(): string[] | undefined {
	return this.isSecurityGroupsPropertyDefined || this.connections.securityGroups.length
	? this.connections.securityGroups.map(sg => sg.securityGroupId)
	: undefined;
	}

Proposed Solution

Add securityGroups property to NetworkLoadBalancedFargateServiceProps.

aws-cdk/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/network-load-balanced-fargate-service.ts

Lines 9 to 28 in 730fe63

	/**
	* The properties for the NetworkLoadBalancedFargateService service.
	*/
	export interface NetworkLoadBalancedFargateServiceProps extends NetworkLoadBalancedServiceBaseProps, FargateServiceBaseProps {
	/**
	* Determines whether the service will be assigned a public IP address.
	*
	* @default false
	*/
	readonly assignPublicIp?: boolean;
	/**
	* The subnets to associate with the service.
	*
	* @default - Public subnets if `assignPublicIp` is set, otherwise the first available one of Private, Isolated, Public, in that order.
	*/
	readonly taskSubnets?: SubnetSelection;
	}

Other Information

ApplicationLoadBalancedFargateServiceProps has securityGroups property already.

aws-cdk/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts

Lines 26 to 31 in 730fe63

	/**
	* The security groups to associate with the service. If you do not specify a security group, a new security group is created.
	*
	* @default - A new security group is created.
	*/
	readonly securityGroups?: ISecurityGroup[];

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

v2.132.0

Environment details (OS name and version, etc.)

Darwin tagawahirotakanoMacBook-Pro.local 23.2.0 Darwin Kernel Version 23.2.0: Wed Nov 15 21:53:18 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T6000 arm64

[pahud]

Yes I think now that NLB supports security group, we probably should expose that as a optional prop to the surface. I will invite the maintainers for more input on this.

[xazhao]

The proposed solution looks good to me. I see there's already a PR opened to fix the issue. Thanks for the contribution. Will review the PR.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.