(aws-ecs): Give Cluster a method that provides task ARNs #26232
Description
Describe the feature
ARNs for tasks in a Cluster are in the form arn:{partition}:ecs:{region}:{accountId}:task/{clusterName}/{taskId}. It would be useful to have a method that can form these ARNs for you.
The aws-s3 Bucket class provides prior art for this with its arnForObjects method.
I guess this method would be called arnForTasks.
Use Case
In order to grant my task role permissions to the task protection API. My workaround is
cluster_task_arn = Stack.of(self).format_arn(
service='ecs',
resource='task',
resource_name=f'{fargate_cluster.cluster_name}/*'
)
fargate_task_definition.add_to_task_role_policy(
aws_iam.PolicyStatement(
actions=["ecs:UpdateTaskProtection"],
resources=[cluster_task_arn],
)
)
With this method, the call would be
fargate_task_definition.add_to_task_role_policy(
aws_iam.PolicyStatement(
actions=["ecs:UpdateTaskProtection"],
resources=[fargate_cluster.arn_for_tasks('*')],
)
)
Proposed Solution
I'm not sure what best practice for forming ARNs within the CDK is, but using formatArn as I do in my example above would work.
Other Information
See also my request for a grantTaskProtection method
Acknowledgements
- I may be able to implement this feature request
- This feature might incur a breaking change
CDK version used
2.85.0
Environment details (OS name and version, etc.)
Ubuntu (Windows Subsystem for Linux)