@@ -361,8 +361,7 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
361361 throw new ValidationError ( 'Task Token is required in at least one `containerOverrides.environment` for callback. Use JsonPath.taskToken to set the token.' , this ) ;
362362 }
363363
364- if ( ( this . props . taskDefinition !== undefined && this . props . taskDefinitionInput !== undefined ) ||
365- ( this . props . taskDefinition === undefined && this . props . taskDefinitionInput === undefined ) ) {
364+ if ( ! this . hasProvidedOneOfTaskDefinitionOrTaskDefinitionInput ( ) ) {
366365 throw new ValidationError ( 'Exactly one of \'taskDefinition\' or \'taskDefinitionInput\' must be provided.' , this ) ;
367366 }
368367
@@ -408,7 +407,7 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
408407 }
409408 }
410409
411- this . taskPolicies = this . makePolicyStatements ( ) ;
410+ this . taskPolicies = this . makePolicyStatements ( props . taskDefinition , props . taskDefinitionInput ) ;
412411 }
413412
414413 /**
@@ -439,6 +438,12 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
439438 } ;
440439 }
441440
441+ private hasProvidedOneOfTaskDefinitionOrTaskDefinitionInput ( ) : boolean {
442+ const hasOnlyProvidedTaskDefinition = this . props . taskDefinition !== undefined && this . props . taskDefinitionInput === undefined ;
443+ const hasOnlyProvidedTaskDefinitionInput = this . props . taskDefinition === undefined && this . props . taskDefinitionInput !== undefined ;
444+ return hasOnlyProvidedTaskDefinition || hasOnlyProvidedTaskDefinitionInput ;
445+ }
446+
442447 private configureAwsVpcNetworking ( ) {
443448 const subnetSelection = this . props . subnets ??
444449 { subnetType : this . props . assignPublicIp ? ec2 . SubnetType . PUBLIC : ec2 . SubnetType . PRIVATE_WITH_EGRESS } ;
@@ -469,19 +474,20 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
469474 }
470475 }
471476
472- private makeEcsPolicyStatements ( ) : iam . PolicyStatement [ ] {
477+ private makeEcsPolicyStatements ( taskDefinition : ecs . TaskDefinition | undefined ,
478+ taskDefinitionInput : sfn . TaskInput | undefined ) : iam . PolicyStatement [ ] {
473479 const policyStatements : Array < iam . PolicyStatement > = [ ] ;
474480
475- if ( this . props . taskDefinition !== undefined ) {
481+ if ( taskDefinition !== undefined ) {
476482 policyStatements . push (
477483 new iam . PolicyStatement ( {
478484 actions : [ 'ecs:RunTask' ] ,
479485 resources : [ cdk . FeatureFlags . of ( this ) . isEnabled ( STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY )
480- ? this . getTaskDefinitionArn ( this . props . taskDefinition )
481- : this . getTaskDefinitionFamilyArn ( this . props . taskDefinition ) + ':*' ] ,
486+ ? this . getTaskDefinitionArn ( taskDefinition )
487+ : this . getTaskDefinitionFamilyArn ( taskDefinition ) + ':*' ] ,
482488 } ) ,
483489 ) ;
484- } else if ( this . props . taskDefinitionInput !== undefined ) {
490+ } else if ( taskDefinitionInput !== undefined ) {
485491 policyStatements . push (
486492 new iam . PolicyStatement ( {
487493 actions : [ 'ecs:RunTask' ] ,
@@ -506,23 +512,24 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
506512 return policyStatements ;
507513 }
508514
509- private makeIamPassRolePolicyStatements ( ) : iam . PolicyStatement [ ] {
515+ private makeIamPassRolePolicyStatements ( taskDefinition : ecs . TaskDefinition | undefined ,
516+ taskDefinitionInput : sfn . TaskInput | undefined ) : iam . PolicyStatement [ ] {
510517 const policyStatements : Array < iam . PolicyStatement > = [ ] ;
511518
512- if ( this . props . taskDefinition !== undefined ) {
519+ if ( taskDefinition !== undefined ) {
513520 // Need to be able to pass both Task and Execution role
514521 const rolesRequiringPassRole = new Array < iam . IRole > ( ) ;
515- rolesRequiringPassRole . push ( this . props . taskDefinition . taskRole ) ;
516- if ( this . props . taskDefinition . executionRole ) {
517- rolesRequiringPassRole . push ( this . props . taskDefinition . executionRole ) ;
522+ rolesRequiringPassRole . push ( taskDefinition . taskRole ) ;
523+ if ( taskDefinition . executionRole ) {
524+ rolesRequiringPassRole . push ( taskDefinition . executionRole ) ;
518525 }
519526 policyStatements . push (
520527 new iam . PolicyStatement ( {
521528 actions : [ 'iam:PassRole' ] ,
522529 resources : rolesRequiringPassRole . map ( ( r ) => r . roleArn ) ,
523530 } ) ,
524531 ) ;
525- } else if ( this . props . taskDefinitionInput !== undefined ) {
532+ } else if ( taskDefinitionInput !== undefined ) {
526533 // Need to be able to pass both task and execution role
527534 const rolesRequiringPassRole = new Array < iam . IRole > ( ) ;
528535 if ( this . props . taskRole !== undefined ) {
@@ -571,10 +578,11 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable {
571578 return policyStatements ;
572579 }
573580
574- private makePolicyStatements ( ) : iam . PolicyStatement [ ] {
581+ private makePolicyStatements ( taskDefinition : ecs . TaskDefinition | undefined ,
582+ taskDefinitionInput : sfn . TaskInput | undefined ) : iam . PolicyStatement [ ] {
575583 return [
576- ...this . makeEcsPolicyStatements ( ) ,
577- ...this . makeIamPassRolePolicyStatements ( ) ,
584+ ...this . makeEcsPolicyStatements ( taskDefinition , taskDefinitionInput ) ,
585+ ...this . makeIamPassRolePolicyStatements ( taskDefinition , taskDefinitionInput ) ,
578586 ...this . makeEventBridgePolicyStatements ( ) ,
579587 ] ;
580588 }
0 commit comments