feat: support CodeBuild on VPC for ContainerImageBuild (#25)

tmokmss · Jan 25, 2025 · d0e97c4 · d0e97c4
1 parent c2d1940
commit d0e97c4
Show file tree

Hide file tree

Showing 8 changed files with 3,550 additions and 1,563 deletions.
diff --git a/API.md b/API.md
diff --git a/LICENSE b/LICENSE
diff --git a/src/container-image-build.ts b/src/container-image-build.ts
@@ -3,6 +3,7 @@ import { existsSync, readFileSync } from 'fs';
 import { join } from 'path';
 import { CfnResource, CustomResource, Duration, RemovalPolicy } from 'aws-cdk-lib';
 import { BuildSpec, LinuxBuildImage } from 'aws-cdk-lib/aws-codebuild';
+import { IVpc } from 'aws-cdk-lib/aws-ec2';
 import { IRepository, Repository } from 'aws-cdk-lib/aws-ecr';
 import { DockerImageAssetProps } from 'aws-cdk-lib/aws-ecr-assets';
 import { ContainerImage } from 'aws-cdk-lib/aws-ecs';
@@ -31,6 +32,15 @@ export interface ContainerImageBuildProps extends DockerImageAssetProps {
    * @default false
    */
   readonly zstdCompression?: boolean;
+
+  /**
+   * The VPC where your build job will be deployed.
+   * This VPC must have private subnets with NAT Gateways.
+   *
+   * Use this property when you want to control the outbound IP addresses that base images are pulled from.
+   * @default No VPC used.
+   */
+  readonly vpc?: IVpc;
 }
 
 /**
@@ -74,6 +84,7 @@ export class ContainerImageBuild extends Construct implements IGrantable {
         buildImage: buildImage,
         privileged: true,
       },
+      vpc: props.vpc,
       buildSpec: BuildSpec.fromObject({
         version: '0.2',
         phases: {

diff --git a/src/singleton-project.ts b/src/singleton-project.ts
@@ -32,7 +32,7 @@ export class SingletonProject extends Construct {
   }
 
   private ensureProject(props: SingletonProjectProps): Project {
-    const constructName = (props.projectPurpose ?? 'SingletonProject') + this.slugify(props.uuid);
+    const constructName = (props.projectPurpose ?? 'SingletonProject') + this.slugify(props.uuid, this.propsToAdditionalString(props));
     const existing = Stack.of(this).node.tryFindChild(constructName);
     if (existing) {
       return existing as Project;
@@ -41,7 +41,18 @@ export class SingletonProject extends Construct {
     return new Project(Stack.of(this), constructName, props);
   }
 
-  private slugify(x: string): string {
-    return x.replace(/[^a-zA-Z0-9]/g, '');
+  private propsToAdditionalString(props: SingletonProjectProps) {
+    // This string must be stable to avoid from replacement.
+    // Things that can be added to the slug later (we have to create a new project per these properties):
+    //   * vpc addr
+    //   * instance type
+    // But actually, replacement will not cause any disruption because of its stateless nature.
+    let slug = '';
+    slug += props.vpc?.node.addr ?? '';
+    return slug;
+  }
+
+  private slugify(x: string, additionalString?: string): string {
+    return `${x}${additionalString ?? ''}`.replace(/[^a-zA-Z0-9]/g, '');
   }
 }