diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index eecd4056ab65c..c3843d23481d8 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -5,6 +5,14 @@ title: "(module name): (short issue description)" labels: [bug, needs-triage] assignees: [] body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + **⚠️ Please read this before filling out the form below:** + If the bug you are reporting is a security-related issue or a security vulnerability, + please report it via [Report a security vulnerability](https://github.com/aws/aws-cdk/security/advisories/new) instead of this template. - type: textarea id: description attributes: diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml deleted file mode 100644 index ebd26358d80f9..0000000000000 --- a/.github/workflows/closed-issue-message.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Closed Issue Message -on: - issues: - types: [closed] - pull_request_target: - types: [closed] -jobs: - auto_comment: - permissions: - pull-requests: write - issues: write - runs-on: ubuntu-latest - steps: - - uses: aws-actions/closed-issue-message@v1 - with: - # These inputs are both required - repo-token: "${{ secrets.GITHUB_TOKEN }}" - message: | - Comments on closed issues and PRs are hard for our team to see. - If you need help, please open a new issue that references this one. - If you wish to keep having a conversation with other community members under this issue feel free to do so. diff --git a/.github/workflows/lock-issue-pr-with-message.yml b/.github/workflows/lock-issue-pr-with-message.yml new file mode 100644 index 0000000000000..8192c5ac7898e --- /dev/null +++ b/.github/workflows/lock-issue-pr-with-message.yml @@ -0,0 +1,46 @@ +name: Lock Closed Issues and PRs with message + +on: + pull_request_target: + types: [closed] + issues: + types: [closed] + +jobs: + auto_comment: + permissions: + pull-requests: write + issues: write + runs-on: ubuntu-latest + steps: + - uses: aws-actions/closed-issue-message@v1 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + message: | + Comments on closed issues and PRs are hard for our team to see. + If you need help, please open a new issue that references this one. + lock: + permissions: + pull-requests: write + issues: write + runs-on: ubuntu-latest + needs: auto_comment # only run after comment is complete + steps: + - name: Lock closed issue or PR + run: | + if [ "${{ github.event_name }}" == "issues" ]; then + ISSUE_NUMBER=${{ github.event.issue.number }} + ISSUE_URL=https://api.github.com/repos/${{ github.repository }}/issues/${ISSUE_NUMBER}/lock + else + ISSUE_NUMBER=${{ github.event.pull_request.number }} + ISSUE_URL=https://api.github.com/repos/${{ github.repository }}/issues/${ISSUE_NUMBER}/lock + fi + + curl -s -X PUT -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github.v3+json" \ + ${ISSUE_URL} \ + -d @- < 0: diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/index.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/index.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/index.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/patch/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/patch/__init__.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/patch/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/patch/__init__.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json index 8b758cfa82d6c..c193dbe6fc296 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json @@ -53,15 +53,15 @@ } } }, - "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098": { + "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51": { "source": { - "path": "asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098", + "path": "asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098.zip", + "objectKey": "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -105,7 +105,7 @@ } } }, - "e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75": { + "103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8": { "source": { "path": "awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json", "packaging": "file" @@ -113,12 +113,12 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75.json", + "objectKey": "103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "87e05e7e56d00f8bd9133b97480ff01b622c9f7f500f8544cef311a412454395": { + "cce6daec2a6b207f27324c17c5286150f99302d682cd87133faac356ffa683f3": { "source": { "path": "aws-cdk-eks-helm-test.template.json", "packaging": "file" @@ -126,7 +126,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "87e05e7e56d00f8bd9133b97480ff01b622c9f7f500f8544cef311a412454395.json", + "objectKey": "cce6daec2a6b207f27324c17c5286150f99302d682cd87133faac356ffa683f3.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json index 03d07827f9b96..ff5440e467401 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json @@ -1092,6 +1092,18 @@ "Release": "s3-chart", "Chart": "s3-chart", "Version": "v0.1.0", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", "Repository": "oci://public.ecr.aws/aws-controllers-k8s/s3-chart", "CreateNamespace": true @@ -1123,6 +1135,18 @@ "Release": "lambda-chart-release", "Chart": "lambda-chart", "Version": "v0.1.4", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", "Repository": "oci://public.ecr.aws/aws-controllers-k8s/lambda-chart", "CreateNamespace": true @@ -1153,7 +1177,19 @@ }, "Release": "rds-chart-release", "Chart": "rds-chart", - "Version": "v1.1.2", + "Version": "1.4.1", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", "Repository": "oci://public.ecr.aws/aws-controllers-k8s/rds-chart", "CreateNamespace": true, @@ -1183,11 +1219,23 @@ "Arn" ] }, - "Release": "rds-chart-release", - "Chart": "rds-chart", - "Version": "v1.1.2", + "Release": "ec2-chart-release", + "Chart": "ec2-chart", + "Version": "1.2.13", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", - "Repository": "oci://public.ecr.aws/aws-controllers-k8s/rds-chart", + "Repository": "oci://public.ecr.aws/aws-controllers-k8s/ec2-chart", "CreateNamespace": true, "SkipCrds": true, "Atomic": true @@ -1298,7 +1346,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75.json" + "/103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8.json" ] ] } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json index 4defc3836af59..0b1f5db1afccd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json @@ -7,7 +7,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098.zip" + "S3Key": "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51.zip" }, "Description": "onEvent handler for EKS kubectl resource provider", "Environment": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json index 0abd7f388ac4e..f0cda2a802f8a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/87e05e7e56d00f8bd9133b97480ff01b622c9f7f500f8544cef311a412454395.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cce6daec2a6b207f27324c17c5286150f99302d682cd87133faac356ffa683f3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json index e37cdfc5ebf7d..297cff6003621 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json @@ -3010,7 +3010,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098.zip" + "s3Key": "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51.zip" }, "description": "onEvent handler for EKS kubectl resource provider", "environment": { @@ -3481,7 +3481,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75.json" + "/103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8.json" ] ] } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts index 2a06da34209f8..b79d8b3629fd4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts @@ -51,6 +51,7 @@ class EksClusterStack extends Stack { chartAsset: chartAsset, }); + // https://gallery.ecr.aws/aws-controllers-k8s/s3-chart this.cluster.addHelmChart('test-oci-chart', { chart: 's3-chart', release: 's3-chart', @@ -58,6 +59,7 @@ class EksClusterStack extends Stack { version: 'v0.1.0', namespace: 'ack-system', createNamespace: true, + values: { aws: { region: this.region } }, }); // there is no opinionated way of testing charts from private ECR, so there is description of manual steps needed to reproduce: @@ -68,6 +70,7 @@ class EksClusterStack extends Stack { // 5. Change `repository` in above test to oci://YOUR_ACCOUNT_ID.dkr.ecr.YOUR_REGION.amazonaws.com/helm-charts-test // 6. Run integration tests as usual + // https://gallery.ecr.aws/aws-controllers-k8s/lambda-chart this.cluster.addHelmChart('test-oci-chart-different-release-name', { chart: 'lambda-chart', release: 'lambda-chart-release', @@ -75,31 +78,37 @@ class EksClusterStack extends Stack { version: 'v0.1.4', namespace: 'ack-system', createNamespace: true, + values: { aws: { region: this.region } }, }); // testing the disable mechanism of the installation of CRDs + // https://gallery.ecr.aws/aws-controllers-k8s/rds-chart this.cluster.addHelmChart('test-skip-crd-installation', { chart: 'rds-chart', release: 'rds-chart-release', repository: 'oci://public.ecr.aws/aws-controllers-k8s/rds-chart', - version: 'v1.1.2', + version: '1.4.1', namespace: 'ack-system', createNamespace: true, skipCrds: true, + values: { aws: { region: this.region } }, }); - //testing installation with atomic flag set to true + // testing installation with atomic flag set to true + // https://gallery.ecr.aws/aws-controllers-k8s/sns-chart this.cluster.addHelmChart('test-atomic-installation', { - chart: 'rds-chart', - release: 'rds-chart-release', - repository: 'oci://public.ecr.aws/aws-controllers-k8s/rds-chart', - version: 'v1.1.2', + chart: 'ec2-chart', + release: 'ec2-chart-release', + repository: 'oci://public.ecr.aws/aws-controllers-k8s/ec2-chart', + version: '1.2.13', namespace: 'ack-system', createNamespace: true, skipCrds: true, atomic: true, + values: { aws: { region: this.region } }, }); + // https://github.com/orgs/grafana-operator/packages/container/package/helm-charts%2Fgrafana-operator this.cluster.addHelmChart('test-non-ecr-oci-chart', { chart: 'grafana-operator', release: 'grafana-operator-release', diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json index ec22c34fcf613..62c1eb1585be8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json index 2d7004e16caf5..ea5387a06b82c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "35.0.0", + "version": "36.0.0", "files": { - "19db222d8d51351d1127c4b099aa6545a4c1ddd9425a2e0f78c328f39ff74edf": { + "e9d946bbac52fb88d3fc7c9ea4f26da0e6a6965417c8ae9fb5464e5342269444": { "source": { "path": "aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "19db222d8d51351d1127c4b099aa6545a4c1ddd9425a2e0f78c328f39ff74edf.json", + "objectKey": "e9d946bbac52fb88d3fc7c9ea4f26da0e6a6965417c8ae9fb5464e5342269444.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json index ce41a5e96cc20..a67f72f4ea158 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json @@ -41,6 +41,25 @@ ] ] } + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::*" + ] + ] + } } ], "Version": "2012-10-17" @@ -72,7 +91,19 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"End\":true,\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"Next\":\"Prompt3\",\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::bedrock:invokeModel\",\"Parameters\":{\"ModelId\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt3\":{\"End\":true,\"Type\":\"Task\",\"InputPath\":\"$.names\",\"OutputPath\":\"$.names\",\"Resource\":\"arn:", { "Ref": "AWS::Partition" }, @@ -84,7 +115,7 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}}},\"TimeoutSeconds\":30}" + "::foundation-model/amazon.titan-text-express-v1\",\"Input\":{\"S3Uri.$\":\"$.names\"},\"Output\":{\"S3Uri.$\":\"$.names\"}}}},\"TimeoutSeconds\":30}" ] ] }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out index c5cb2e5de6344..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"35.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json index 5eb622d1d7b82..36143be21ab57 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "testCases": { "InvokeModel/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json index 60de1b8de8ab7..677092f63b132 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "artifacts": { "aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/19db222d8d51351d1127c4b099aa6545a4c1ddd9425a2e0f78c328f39ff74edf.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e9d946bbac52fb88d3fc7c9ea4f26da0e6a6965417c8ae9fb5464e5342269444.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json index b3a2882dbd6fb..17b23007671bd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json @@ -24,6 +24,14 @@ "version": "0.0.0" } }, + "Prompt3": { + "id": "Prompt3", + "path": "aws-stepfunctions-tasks-bedrock-invoke-model-integ/Prompt3", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.BedrockInvokeModel", + "version": "0.0.0" + } + }, "StateMachine": { "id": "StateMachine", "path": "aws-stepfunctions-tasks-bedrock-invoke-model-integ/StateMachine", @@ -96,6 +104,25 @@ ] ] } + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::*" + ] + ] + } } ], "Version": "2012-10-17" @@ -147,7 +174,19 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"End\":true,\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"Next\":\"Prompt3\",\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::bedrock:invokeModel\",\"Parameters\":{\"ModelId\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt3\":{\"End\":true,\"Type\":\"Task\",\"InputPath\":\"$.names\",\"OutputPath\":\"$.names\",\"Resource\":\"arn:", { "Ref": "AWS::Partition" }, @@ -159,7 +198,7 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}}},\"TimeoutSeconds\":30}" + "::foundation-model/amazon.titan-text-express-v1\",\"Input\":{\"S3Uri.$\":\"$.names\"},\"Output\":{\"S3Uri.$\":\"$.names\"}}}},\"TimeoutSeconds\":30}" ] ] }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts index 95860f09e624e..2d98f804b4475 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts @@ -52,7 +52,13 @@ const prompt2 = new BedrockInvokeModel(stack, 'Prompt2', { resultPath: '$', }); -const chain = sfn.Chain.start(prompt1).next(prompt2); +const prompt3 = new BedrockInvokeModel(stack, 'Prompt3', { + model, + inputPath: sfn.JsonPath.stringAt('$.names'), + outputPath: sfn.JsonPath.stringAt('$.names'), +}); + +const chain = sfn.Chain.start(prompt1).next(prompt2).next(prompt3); new sfn.StateMachine(stack, 'StateMachine', { definitionBody: sfn.DefinitionBody.fromChainable(chain), diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 5d10fd95d7e5f..686eb78ed2a3f 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -2287,6 +2287,8 @@ const instanceProfile = new iam.InstanceProfile(this, 'InstanceProfile', { }); const template = new ec2.LaunchTemplate(this, 'LaunchTemplate', { + launchTemplateName: 'MyTemplateV1', + versionDescription: 'This is my v1 template', machineImage: ec2.MachineImage.latestAmazonLinux2023(), securityGroup: new ec2.SecurityGroup(this, 'LaunchTemplateSG', { vpc: vpc, diff --git a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts index 04ec805533bd9..eea0bfe06dd65 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts @@ -221,6 +221,17 @@ export interface LaunchTemplateProps { */ readonly launchTemplateName?: string; + /** + * A description for the first version of the launch template. + * + * The version description must be maximum 255 characters long. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-versiondescription + * + * @default - No description + */ + readonly versionDescription?: string; + /** * Type of instance to launch. * @@ -735,8 +746,13 @@ export class LaunchTemplate extends Resource implements ILaunchTemplate, iam.IGr ? [{ deviceIndex: 0, associatePublicIpAddress: props.associatePublicIpAddress, groups: securityGroupsToken }] : undefined; + if (props.versionDescription && !Token.isUnresolved(props.versionDescription) && props.versionDescription.length > 255) { + throw new Error(`versionDescription must be less than or equal to 255 characters, got ${props.versionDescription.length}`); + } + const resource = new CfnLaunchTemplate(this, 'Resource', { launchTemplateName: props?.launchTemplateName, + versionDescription: props?.versionDescription, launchTemplateData: { blockDeviceMappings: props?.blockDevices !== undefined ? launchTemplateBlockDeviceMappings(this, props.blockDevices) : undefined, creditSpecification: props?.cpuCredits !== undefined ? { diff --git a/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts b/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts index 227eb1c1b0d84..a818c23b8f1cb 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts @@ -147,6 +147,28 @@ describe('LaunchTemplate', () => { }); }); + test('Given versionDescription', () => { + // WHEN + new LaunchTemplate(stack, 'Template', { + versionDescription: 'test template', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::LaunchTemplate', { + VersionDescription: 'test template', + }); + }); + + test('throw error when versionDescription is too long', () => { + const tooLongDescription = 'a'.repeat(256); + // WHEN / THEN + expect(() => { + new LaunchTemplate(stack, 'TemplateWithTooLongDescription', { + versionDescription: tooLongDescription, + }); + }).toThrow('versionDescription must be less than or equal to 255 characters, got 256'); + }); + test('Given instanceType', () => { // WHEN new LaunchTemplate(stack, 'Template', { diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts index 6a0914ea8e153..0ec173c7b77df 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts @@ -753,6 +753,26 @@ export enum HttpCodeElb { * The number of HTTP 5XX server error codes that originate from the load balancer. */ ELB_5XX_COUNT = 'HTTPCode_ELB_5XX_Count', + + /** + * The number of HTTP 500 server error codes that originate from the load balancer. + */ + ELB_500_COUNT = 'HTTPCode_ELB_500_Count', + + /** + * The number of HTTP 502 server error codes that originate from the load balancer. + */ + ELB_502_COUNT = 'HTTPCode_ELB_502_Count', + + /** + * The number of HTTP 503 server error codes that originate from the load balancer. + */ + ELB_503_COUNT = 'HTTPCode_ELB_503_Count', + + /** + * The number of HTTP 504 server error codes that originate from the load balancer. + */ + ELB_504_COUNT = 'HTTPCode_ELB_504_Count', } /** diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts index 930f3a2a18923..958a881846fab 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts @@ -684,6 +684,29 @@ describe('tests', () => { } }); + test.each([ + elbv2.HttpCodeElb.ELB_500_COUNT, + elbv2.HttpCodeElb.ELB_502_COUNT, + elbv2.HttpCodeElb.ELB_503_COUNT, + elbv2.HttpCodeElb.ELB_504_COUNT, + ])('use specific load balancer generated 5XX metrics', (metricName) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + const metric = lb.metrics.httpCodeElb(metricName); + + // THEN + expect(metric.namespace).toEqual('AWS/ApplicationELB'); + expect(metric.statistic).toEqual('Sum'); + expect(metric.metricName).toEqual(metricName); + expect(stack.resolve(metric.dimensions)).toEqual({ + LoadBalancer: { 'Fn::GetAtt': ['LB8A12904C', 'LoadBalancerFullName'] }, + }); + }); + test('loadBalancerName', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index 973762247098e..58eed278f186d 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -938,6 +938,7 @@ Data in S3 buckets can be imported to and exported from certain database engines functionality, set the `s3ImportBuckets` and `s3ExportBuckets` properties for import and export respectively. When configured, the CDK automatically creates and configures IAM roles as required. Additionally, the `s3ImportRole` and `s3ExportRole` properties can be used to set this role directly. +Note: To use `s3ImportRole` and `s3ExportRole` with Aurora PostgreSQL, you must also enable the S3 import and export features when you create the DatabaseClusterEngine. You can read more about loading data to (or from) S3 here: diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts index 30bfd914d6303..515115663b828 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts @@ -253,7 +253,7 @@ interface DatabaseClusterBaseProps { * This feature is only supported by the Aurora database engine. * * This property must not be used if `s3ImportBuckets` is used. - * + * To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine * For MySQL: * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.LoadFromS3.html * @@ -284,7 +284,7 @@ interface DatabaseClusterBaseProps { * This feature is only supported by the Aurora database engine. * * This property must not be used if `s3ExportBuckets` is used. - * + * To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine * For MySQL: * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.SaveIntoS3.html * diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 4b288aafd7f93..9f5943afaa16b 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -398,6 +398,27 @@ const task = new tasks.BedrockInvokeModel(this, 'Prompt Model', { names: sfn.JsonPath.stringAt('$.Body.results[0].outputText'), }, }); +``` +### Using Input Path + +Provide S3 URI as an input or output path to invoke a model + +```ts + +import * as bedrock from 'aws-cdk-lib/aws-bedrock'; + +const model = bedrock.FoundationModel.fromFoundationModelId( + this, + 'Model', + bedrock.FoundationModelIdentifier.AMAZON_TITAN_TEXT_G1_EXPRESS_V1, +); + +const task = new tasks.BedrockInvokeModel(this, 'Prompt Model', { + model, + inputPath: sfn.JsonPath.stringAt('$.prompt'), + outputPath: sfn.JsonPath.stringAt('$.prompt'), +}); + ``` You can apply a guardrail to the invocation by setting `guardrail`. diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts index f831cf606c8c5..3abc7338cab8c 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts @@ -140,12 +140,14 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { constructor(scope: Construct, id: string, private readonly props: BedrockInvokeModelProps) { super(scope, id, props); + this.integrationPattern = props.integrationPattern ?? sfn.IntegrationPattern.REQUEST_RESPONSE; validatePatternSupported(this.integrationPattern, BedrockInvokeModel.SUPPORTED_INTEGRATION_PATTERNS); const isBodySpecified = props.body !== undefined; - const isInputSpecified = props.input !== undefined && props.input.s3Location !== undefined; + //Either specific props.input with bucket name and object key or input s3 path + const isInputSpecified = (props.input !== undefined && props.input.s3Location !== undefined) || (props.inputPath !== undefined); if (isBodySpecified && isInputSpecified) { throw new Error('Either `body` or `input` must be specified, but not both.'); @@ -171,7 +173,21 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { }), ]; - if (this.props.input !== undefined && this.props.input.s3Location !== undefined) { + if (this.props.inputPath !== undefined) { + policyStatements.push( + new iam.PolicyStatement({ + actions: ['s3:GetObject'], + resources: [ + Stack.of(this).formatArn({ + region: '', + account: '', + service: 's3', + resource: '*', + }), + ], + }), + ); + } else if (this.props.input !== undefined && this.props.input.s3Location !== undefined) { policyStatements.push( new iam.PolicyStatement({ actions: ['s3:GetObject'], @@ -188,7 +204,21 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { ); } - if (this.props.output !== undefined && this.props.output.s3Location !== undefined) { + if (this.props.outputPath !== undefined) { + policyStatements.push( + new iam.PolicyStatement({ + actions: ['s3:PutObject'], + resources: [ + Stack.of(this).formatArn({ + region: '', + account: '', + service: 's3', + resource: '*', + }), + ], + }), + ); + } else if (this.props.output !== undefined && this.props.output.s3Location !== undefined) { policyStatements.push( new iam.PolicyStatement({ actions: ['s3:PutObject'], @@ -241,10 +271,10 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { Body: this.props.body?.value, Input: this.props.input?.s3Location ? { S3Uri: `s3://${this.props.input.s3Location.bucketName}/${this.props.input.s3Location.objectKey}`, - } : undefined, + } : this.props.inputPath ? { S3Uri: this.props.inputPath } : undefined, Output: this.props.output?.s3Location ? { S3Uri: `s3://${this.props.output.s3Location.bucketName}/${this.props.output.s3Location.objectKey}`, - } : undefined, + } : this.props.outputPath ? { S3Uri: this.props.outputPath }: undefined, GuardrailIdentifier: this.props.guardrail?.guardrailIdentifier, GuardrailVersion: this.props.guardrail?.guardrailVersion, Trace: this.props.traceEnabled === undefined @@ -254,5 +284,6 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { : 'DISABLED', }), }; - } + }; } + diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts index 3c480ea1638a3..02fa2737bb2b8 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts @@ -204,6 +204,52 @@ describe('Invoke Model', () => { }); }); + test('invoke model allows input and output json path', () => { + const stack = new cdk.Stack(); + const model = bedrock.ProvisionedModel.fromProvisionedModelArn(stack, 'Imported', 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123'); + + const task = new BedrockInvokeModel(stack, 'Invoke', { + model, + inputPath: sfn.JsonPath.stringAt('$.prompt'), + outputPath: sfn.JsonPath.stringAt('$.prompt'), + }); + + new sfn.StateMachine(stack, 'StateMachine', { + definitionBody: sfn.DefinitionBody.fromChainable(task), + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::bedrock:invokeModel', + ], + ], + }, + End: true, + InputPath: '$.prompt', + OutputPath: '$.prompt', + Parameters: { + ModelId: 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123', + Input: { + //Expected key modified from S3Uri to S3Uri.$ as per the State Machine context key field transformation + //Reference: https://docs.aws.amazon.com/step-functions/latest/dg/input-output-example.html + 'S3Uri.$': '$.prompt', + }, + Output: { + 'S3Uri.$': '$.prompt', + }, + }, + }); + }); + test('S3 permissions are created in generated policy when input and output locations are specified', () => { // GIVEN const stack = new cdk.Stack(); @@ -276,6 +322,68 @@ describe('Invoke Model', () => { }); }); + test('S3 permissions are created in generated policy when input and output path are specified', () => { + // GIVEN + const stack = new cdk.Stack(); + const model = bedrock.ProvisionedModel.fromProvisionedModelArn(stack, 'Imported', 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123'); + + // WHEN + const task = new BedrockInvokeModel(stack, 'Invoke', { + model, + inputPath: sfn.JsonPath.stringAt('$.prompt'), + outputPath: sfn.JsonPath.stringAt('$.prompt'), + }); + + new sfn.StateMachine(stack, 'StateMachine', { + definitionBody: sfn.DefinitionBody.fromChainable(task), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: Match.objectLike({ + Statement: Match.arrayWith([ + { + Action: 'bedrock:InvokeModel', + Effect: 'Allow', + Resource: 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123', + }, + { + Action: 's3:GetObject', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':s3:::*', + ], + ], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':s3:::*', + ], + ], + }, + }, + ]), + }), + }); + }); + test('fails on neither input nor body set', () => { // GIVEN const stack = new cdk.Stack();