Merge branch 'master' into suffix

packages/@aws-cdk/aws-ec2/README.md

@@ -1110,6 +1110,7 @@ const instance = new ec2.Instance(this, 'Instance', {
 const localPath = instance.userData.addS3DownloadCommand({
   bucket:asset.bucket,
   bucketKey:asset.s3ObjectKey,
+  region: 'us-east-1', // Optional
 });
 instance.userData.addExecuteFileCommand({
   filePath:localPath,

packages/@aws-cdk/aws-ec2/lib/user-data.ts

@@ -37,6 +37,12 @@ export interface S3DownloadOptions {
    */
   readonly localFile?: string;
 
+  /**
+   * The region of the S3 Bucket (needed for access via VPC Gateway)
+   * @default none
+   */
+  readonly region?: string
+
 }
 
 /**
@@ -156,7 +162,7 @@ class LinuxUserData extends UserData {
     const localPath = ( params.localFile && params.localFile.length !== 0 ) ? params.localFile : `/tmp/${ params.bucketKey }`;
     this.addCommands(
       `mkdir -p $(dirname '${localPath}')`,
-      `aws s3 cp '${s3Path}' '${localPath}'`,
+      `aws s3 cp '${s3Path}' '${localPath}'` + (params.region !== undefined ? ` --region ${params.region}` : ''),
     );
 
     return localPath;
@@ -215,7 +221,7 @@ class WindowsUserData extends UserData {
     const localPath = ( params.localFile && params.localFile.length !== 0 ) ? params.localFile : `C:/temp/${ params.bucketKey }`;
     this.addCommands(
       `mkdir (Split-Path -Path '${localPath}' ) -ea 0`,
-      `Read-S3Object -BucketName '${params.bucket.bucketName}' -key '${params.bucketKey}' -file '${localPath}' -ErrorAction Stop`,
+      `Read-S3Object -BucketName '${params.bucket.bucketName}' -key '${params.bucketKey}' -file '${localPath}' -ErrorAction Stop` + (params.region !== undefined ? ` -Region ${params.region}` : ''),
     );
     return localPath;
   }

packages/@aws-cdk/aws-ec2/test/userdata.test.ts

@@ -85,6 +85,35 @@ describe('user data', () => {
       'Read-S3Object -BucketName \'test2\' -key \'filename2.bat\' -file \'c:\\test\\location\\otherScript.bat\' -ErrorAction Stop</powershell>',
     );
 
+  });
+  test('can windows userdata download S3 files with given region', () => {
+    // GIVEN
+    const stack = new Stack();
+    const userData = ec2.UserData.forWindows();
+    const bucket = Bucket.fromBucketName( stack, 'testBucket', 'test' );
+    const bucket2 = Bucket.fromBucketName( stack, 'testBucket2', 'test2' );
+
+    // WHEN
+    userData.addS3DownloadCommand({
+      bucket,
+      bucketKey: 'filename.bat',
+      region: 'us-east-1',
+    } );
+    userData.addS3DownloadCommand({
+      bucket: bucket2,
+      bucketKey: 'filename2.bat',
+      localFile: 'c:\\test\\location\\otherScript.bat',
+      region: 'us-east-1',
+    } );
+
+    // THEN
+    const rendered = userData.render();
+    expect(rendered).toEqual('<powershell>mkdir (Split-Path -Path \'C:/temp/filename.bat\' ) -ea 0\n' +
+      'Read-S3Object -BucketName \'test\' -key \'filename.bat\' -file \'C:/temp/filename.bat\' -ErrorAction Stop -Region us-east-1\n' +
+      'mkdir (Split-Path -Path \'c:\\test\\location\\otherScript.bat\' ) -ea 0\n' +
+      'Read-S3Object -BucketName \'test2\' -key \'filename2.bat\' -file \'c:\\test\\location\\otherScript.bat\' -ErrorAction Stop -Region us-east-1</powershell>',
+    );
+
   });
   test('can windows userdata execute files', () => {
     // GIVEN
@@ -189,6 +218,36 @@ describe('user data', () => {
       'aws s3 cp \'s3://test2/filename2.sh\' \'c:\\test\\location\\otherScript.sh\'',
     );
 
+  });
+  test('can linux userdata download S3 files from specific region', () => {
+    // GIVEN
+    const stack = new Stack();
+    const userData = ec2.UserData.forLinux();
+    const bucket = Bucket.fromBucketName( stack, 'testBucket', 'test' );
+    const bucket2 = Bucket.fromBucketName( stack, 'testBucket2', 'test2' );
+
+    // WHEN
+    userData.addS3DownloadCommand({
+      bucket,
+      bucketKey: 'filename.sh',
+      region: 'us-east-1',
+    } );
+    userData.addS3DownloadCommand({
+      bucket: bucket2,
+      bucketKey: 'filename2.sh',
+      localFile: 'c:\\test\\location\\otherScript.sh',
+      region: 'us-east-1',
+    } );
+
+    // THEN
+    const rendered = userData.render();
+    expect(rendered).toEqual('#!/bin/bash\n' +
+      'mkdir -p $(dirname \'/tmp/filename.sh\')\n' +
+      'aws s3 cp \'s3://test/filename.sh\' \'/tmp/filename.sh\' --region us-east-1\n' +
+      'mkdir -p $(dirname \'c:\\test\\location\\otherScript.sh\')\n' +
+      'aws s3 cp \'s3://test2/filename2.sh\' \'c:\\test\\location\\otherScript.sh\' --region us-east-1',
+    );
+
   });
   test('can linux userdata execute files', () => {
     // GIVEN

packages/@aws-cdk/aws-redshift/lib/cluster.ts

@@ -483,7 +483,7 @@ export class Cluster extends ClusterBase {
       dbName: props.defaultDatabaseName || 'default_db',
       publiclyAccessible: props.publiclyAccessible || false,
       // Encryption
-      kmsKeyId: props.encryptionKey && props.encryptionKey.keyArn,
+      kmsKeyId: props.encryptionKey?.keyId,
       encrypted: props.encrypted ?? true,
     });
 

packages/@aws-cdk/aws-redshift/test/cluster.test.ts

@@ -249,10 +249,7 @@ test('create an encrypted cluster with custom KMS key', () => {
   // THEN
   Template.fromStack(stack).hasResourceProperties('AWS::Redshift::Cluster', {
     KmsKeyId: {
-      'Fn::GetAtt': [
-        'Key961B73FD',
-        'Arn',
-      ],
+      Ref: 'Key961B73FD',
     },
   });
 });

packages/@aws-cdk/aws-redshift/test/integ.database.expected.json

@@ -580,6 +580,41 @@
       "UpdateReplacePolicy": "Delete",
       "DeletionPolicy": "Delete"
     },
+    "customkmskey377C6F9A": {
+      "Type": "AWS::KMS::Key",
+      "Properties": {
+        "KeyPolicy": {
+          "Statement": [
+            {
+              "Action": "kms:*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:",
+                      {
+                        "Ref": "AWS::Partition"
+                      },
+                      ":iam::",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":root"
+                    ]
+                  ]
+                }
+              },
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      },
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete"
+    },
     "ClusterSubnetsDCFA5CB7": {
       "Type": "AWS::Redshift::ClusterSubnetGroup",
       "Properties": {
@@ -680,6 +715,9 @@
           "Ref": "ClusterSubnetsDCFA5CB7"
         },
         "Encrypted": true,
+        "KmsKeyId": {
+          "Ref": "customkmskey377C6F9A"
+        },
         "NumberOfNodes": 2,
         "PubliclyAccessible": true,
         "VpcSecurityGroupIds": [

packages/@aws-cdk/aws-redshift/test/integ.database.ts

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 /// !cdk-integ pragma:ignore-assets
 import * as ec2 from '@aws-cdk/aws-ec2';
+import * as kms from '@aws-cdk/aws-kms';
 import * as cdk from '@aws-cdk/core';
 import * as constructs from 'constructs';
 import * as redshift from '../lib';
@@ -28,6 +29,7 @@ const cluster = new redshift.Cluster(stack, 'Cluster', {
   },
   defaultDatabaseName: databaseName,
   publiclyAccessible: true,
+  encryptionKey: new kms.Key(stack, 'custom-kms-key'),
 });
 
 const databaseOptions = {