From f5dd73bd19f546335531f587f6d7fbde8aff96ce Mon Sep 17 00:00:00 2001 From: shikha372 Date: Tue, 23 Jul 2024 17:11:49 -0700 Subject: [PATCH 1/8] feat(stepfunctions-tasks): allow BedrockInvokeModel to use JsonPath (#30298) ### Issue # (if applicable) Closes #29229. ### Reason for this change When trying to use JsonPath to specify the S3 URIs that BedrockInvokeModel will read from and write from, you get an error. Example of the Error message: `jsii.errors.JavaScriptError: Error: Field references must be the entire string, cannot concatenate them (found 's3://${Token[prompt_bucket.348]}/${Token[prompt_key.349]}')` ### Description of changes Extended the inputPath property to be allowed as an input value for the task state. Instead of adding a new S3Uri props in current `BedrockInvokeModelProps` as proposed in the original issue, leveraged the `inputPath` property that is already defined in `sfn.TaskStateBaseProps` and being extended by `BedrockInvokeModelInputProps` and `BedrockInvokeModelOutputProps` **Limitation:** We cannot limit the resource policy to specific input token for which the value might be coming from the prompt, so had to keep it as [*] here. ### Description of how you validated changes Added unit tests. Successful deployment of integration tests in the account. ### Checklist - [x] Unit Tests - [x] Integration Tests - [x] Updated ReadMe - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert9C0D2DFC.assets.json | 2 +- ...sks-bedrock-invoke-model-integ.assets.json | 6 +- ...s-bedrock-invoke-model-integ.template.json | 35 +++++- .../integ.invoke-model.js.snapshot/cdk.out | 2 +- .../integ.invoke-model.js.snapshot/integ.json | 2 +- .../manifest.json | 4 +- .../integ.invoke-model.js.snapshot/tree.json | 43 ++++++- .../test/bedrock/integ.invoke-model.ts | 8 +- .../aws-stepfunctions-tasks/README.md | 21 ++++ .../lib/bedrock/invoke-model.ts | 43 ++++++- .../test/bedrock/invoke-model.test.ts | 108 ++++++++++++++++++ 11 files changed, 255 insertions(+), 19 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json index ec22c34fcf613..62c1eb1585be8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/InvokeModelDefaultTestDeployAssert9C0D2DFC.assets.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json index 2d7004e16caf5..ea5387a06b82c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "35.0.0", + "version": "36.0.0", "files": { - "19db222d8d51351d1127c4b099aa6545a4c1ddd9425a2e0f78c328f39ff74edf": { + "e9d946bbac52fb88d3fc7c9ea4f26da0e6a6965417c8ae9fb5464e5342269444": { "source": { "path": "aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "19db222d8d51351d1127c4b099aa6545a4c1ddd9425a2e0f78c328f39ff74edf.json", + "objectKey": "e9d946bbac52fb88d3fc7c9ea4f26da0e6a6965417c8ae9fb5464e5342269444.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json index ce41a5e96cc20..a67f72f4ea158 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/aws-stepfunctions-tasks-bedrock-invoke-model-integ.template.json @@ -41,6 +41,25 @@ ] ] } + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::*" + ] + ] + } } ], "Version": "2012-10-17" @@ -72,7 +91,19 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"End\":true,\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"Next\":\"Prompt3\",\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::bedrock:invokeModel\",\"Parameters\":{\"ModelId\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt3\":{\"End\":true,\"Type\":\"Task\",\"InputPath\":\"$.names\",\"OutputPath\":\"$.names\",\"Resource\":\"arn:", { "Ref": "AWS::Partition" }, @@ -84,7 +115,7 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}}},\"TimeoutSeconds\":30}" + "::foundation-model/amazon.titan-text-express-v1\",\"Input\":{\"S3Uri.$\":\"$.names\"},\"Output\":{\"S3Uri.$\":\"$.names\"}}}},\"TimeoutSeconds\":30}" ] ] }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out index c5cb2e5de6344..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"35.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json index 5eb622d1d7b82..36143be21ab57 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "testCases": { "InvokeModel/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json index 60de1b8de8ab7..677092f63b132 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "artifacts": { "aws-stepfunctions-tasks-bedrock-invoke-model-integ.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/19db222d8d51351d1127c4b099aa6545a4c1ddd9425a2e0f78c328f39ff74edf.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e9d946bbac52fb88d3fc7c9ea4f26da0e6a6965417c8ae9fb5464e5342269444.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json index b3a2882dbd6fb..17b23007671bd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.js.snapshot/tree.json @@ -24,6 +24,14 @@ "version": "0.0.0" } }, + "Prompt3": { + "id": "Prompt3", + "path": "aws-stepfunctions-tasks-bedrock-invoke-model-integ/Prompt3", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.BedrockInvokeModel", + "version": "0.0.0" + } + }, "StateMachine": { "id": "StateMachine", "path": "aws-stepfunctions-tasks-bedrock-invoke-model-integ/StateMachine", @@ -96,6 +104,25 @@ ] ] } + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::*" + ] + ] + } } ], "Version": "2012-10-17" @@ -147,7 +174,19 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"End\":true,\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText\":\"Generate a list of five first names.\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt2\":{\"Next\":\"Prompt3\",\"Type\":\"Task\",\"ResultPath\":\"$\",\"ResultSelector\":{\"names.$\":\"$.Body.results[0].outputText\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::bedrock:invokeModel\",\"Parameters\":{\"ModelId\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}},\"Prompt3\":{\"End\":true,\"Type\":\"Task\",\"InputPath\":\"$.names\",\"OutputPath\":\"$.names\",\"Resource\":\"arn:", { "Ref": "AWS::Partition" }, @@ -159,7 +198,7 @@ { "Ref": "AWS::Region" }, - "::foundation-model/amazon.titan-text-express-v1\",\"Body\":{\"inputText.$\":\"States.Format('Alphabetize this list of first names:\\n{}', $.names)\",\"textGenerationConfig\":{\"maxTokenCount\":100,\"temperature\":1}}}}},\"TimeoutSeconds\":30}" + "::foundation-model/amazon.titan-text-express-v1\",\"Input\":{\"S3Uri.$\":\"$.names\"},\"Output\":{\"S3Uri.$\":\"$.names\"}}}},\"TimeoutSeconds\":30}" ] ] }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts index 95860f09e624e..2d98f804b4475 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/bedrock/integ.invoke-model.ts @@ -52,7 +52,13 @@ const prompt2 = new BedrockInvokeModel(stack, 'Prompt2', { resultPath: '$', }); -const chain = sfn.Chain.start(prompt1).next(prompt2); +const prompt3 = new BedrockInvokeModel(stack, 'Prompt3', { + model, + inputPath: sfn.JsonPath.stringAt('$.names'), + outputPath: sfn.JsonPath.stringAt('$.names'), +}); + +const chain = sfn.Chain.start(prompt1).next(prompt2).next(prompt3); new sfn.StateMachine(stack, 'StateMachine', { definitionBody: sfn.DefinitionBody.fromChainable(chain), diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 4b288aafd7f93..9f5943afaa16b 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -398,6 +398,27 @@ const task = new tasks.BedrockInvokeModel(this, 'Prompt Model', { names: sfn.JsonPath.stringAt('$.Body.results[0].outputText'), }, }); +``` +### Using Input Path + +Provide S3 URI as an input or output path to invoke a model + +```ts + +import * as bedrock from 'aws-cdk-lib/aws-bedrock'; + +const model = bedrock.FoundationModel.fromFoundationModelId( + this, + 'Model', + bedrock.FoundationModelIdentifier.AMAZON_TITAN_TEXT_G1_EXPRESS_V1, +); + +const task = new tasks.BedrockInvokeModel(this, 'Prompt Model', { + model, + inputPath: sfn.JsonPath.stringAt('$.prompt'), + outputPath: sfn.JsonPath.stringAt('$.prompt'), +}); + ``` You can apply a guardrail to the invocation by setting `guardrail`. diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts index f831cf606c8c5..3abc7338cab8c 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/invoke-model.ts @@ -140,12 +140,14 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { constructor(scope: Construct, id: string, private readonly props: BedrockInvokeModelProps) { super(scope, id, props); + this.integrationPattern = props.integrationPattern ?? sfn.IntegrationPattern.REQUEST_RESPONSE; validatePatternSupported(this.integrationPattern, BedrockInvokeModel.SUPPORTED_INTEGRATION_PATTERNS); const isBodySpecified = props.body !== undefined; - const isInputSpecified = props.input !== undefined && props.input.s3Location !== undefined; + //Either specific props.input with bucket name and object key or input s3 path + const isInputSpecified = (props.input !== undefined && props.input.s3Location !== undefined) || (props.inputPath !== undefined); if (isBodySpecified && isInputSpecified) { throw new Error('Either `body` or `input` must be specified, but not both.'); @@ -171,7 +173,21 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { }), ]; - if (this.props.input !== undefined && this.props.input.s3Location !== undefined) { + if (this.props.inputPath !== undefined) { + policyStatements.push( + new iam.PolicyStatement({ + actions: ['s3:GetObject'], + resources: [ + Stack.of(this).formatArn({ + region: '', + account: '', + service: 's3', + resource: '*', + }), + ], + }), + ); + } else if (this.props.input !== undefined && this.props.input.s3Location !== undefined) { policyStatements.push( new iam.PolicyStatement({ actions: ['s3:GetObject'], @@ -188,7 +204,21 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { ); } - if (this.props.output !== undefined && this.props.output.s3Location !== undefined) { + if (this.props.outputPath !== undefined) { + policyStatements.push( + new iam.PolicyStatement({ + actions: ['s3:PutObject'], + resources: [ + Stack.of(this).formatArn({ + region: '', + account: '', + service: 's3', + resource: '*', + }), + ], + }), + ); + } else if (this.props.output !== undefined && this.props.output.s3Location !== undefined) { policyStatements.push( new iam.PolicyStatement({ actions: ['s3:PutObject'], @@ -241,10 +271,10 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { Body: this.props.body?.value, Input: this.props.input?.s3Location ? { S3Uri: `s3://${this.props.input.s3Location.bucketName}/${this.props.input.s3Location.objectKey}`, - } : undefined, + } : this.props.inputPath ? { S3Uri: this.props.inputPath } : undefined, Output: this.props.output?.s3Location ? { S3Uri: `s3://${this.props.output.s3Location.bucketName}/${this.props.output.s3Location.objectKey}`, - } : undefined, + } : this.props.outputPath ? { S3Uri: this.props.outputPath }: undefined, GuardrailIdentifier: this.props.guardrail?.guardrailIdentifier, GuardrailVersion: this.props.guardrail?.guardrailVersion, Trace: this.props.traceEnabled === undefined @@ -254,5 +284,6 @@ export class BedrockInvokeModel extends sfn.TaskStateBase { : 'DISABLED', }), }; - } + }; } + diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts index 3c480ea1638a3..02fa2737bb2b8 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/bedrock/invoke-model.test.ts @@ -204,6 +204,52 @@ describe('Invoke Model', () => { }); }); + test('invoke model allows input and output json path', () => { + const stack = new cdk.Stack(); + const model = bedrock.ProvisionedModel.fromProvisionedModelArn(stack, 'Imported', 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123'); + + const task = new BedrockInvokeModel(stack, 'Invoke', { + model, + inputPath: sfn.JsonPath.stringAt('$.prompt'), + outputPath: sfn.JsonPath.stringAt('$.prompt'), + }); + + new sfn.StateMachine(stack, 'StateMachine', { + definitionBody: sfn.DefinitionBody.fromChainable(task), + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::bedrock:invokeModel', + ], + ], + }, + End: true, + InputPath: '$.prompt', + OutputPath: '$.prompt', + Parameters: { + ModelId: 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123', + Input: { + //Expected key modified from S3Uri to S3Uri.$ as per the State Machine context key field transformation + //Reference: https://docs.aws.amazon.com/step-functions/latest/dg/input-output-example.html + 'S3Uri.$': '$.prompt', + }, + Output: { + 'S3Uri.$': '$.prompt', + }, + }, + }); + }); + test('S3 permissions are created in generated policy when input and output locations are specified', () => { // GIVEN const stack = new cdk.Stack(); @@ -276,6 +322,68 @@ describe('Invoke Model', () => { }); }); + test('S3 permissions are created in generated policy when input and output path are specified', () => { + // GIVEN + const stack = new cdk.Stack(); + const model = bedrock.ProvisionedModel.fromProvisionedModelArn(stack, 'Imported', 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123'); + + // WHEN + const task = new BedrockInvokeModel(stack, 'Invoke', { + model, + inputPath: sfn.JsonPath.stringAt('$.prompt'), + outputPath: sfn.JsonPath.stringAt('$.prompt'), + }); + + new sfn.StateMachine(stack, 'StateMachine', { + definitionBody: sfn.DefinitionBody.fromChainable(task), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: Match.objectLike({ + Statement: Match.arrayWith([ + { + Action: 'bedrock:InvokeModel', + Effect: 'Allow', + Resource: 'arn:aws:bedrock:us-turbo-2:123456789012:provisioned-model/abc-123', + }, + { + Action: 's3:GetObject', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':s3:::*', + ], + ], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':s3:::*', + ], + ], + }, + }, + ]), + }), + }); + }); + test('fails on neither input nor body set', () => { // GIVEN const stack = new cdk.Stack(); From 597228c1552a21f8dc7250a0be62160f838bb776 Mon Sep 17 00:00:00 2001 From: yuppe <63234480+yuppe-kyupeen@users.noreply.github.com> Date: Wed, 24 Jul 2024 10:02:08 +0900 Subject: [PATCH 2/8] feat(ec2): add `versionDescription` property for `LaunchTemplate` (#30837) ### Issue # (if applicable) ### Reason for this change The change introduces the `versionDescription` property to the `LaunchTemplate` ### Description of changes - Add the `versionDescription` property for `LaunchTemplateProps`, which was missing in the L2 construct. - Add validation for character limit ### Description of how you validated changes I Added a unit test for launch template and added the `versionDescription` property in the integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-ec2-lt-metadata-1.assets.json | 4 +- .../aws-cdk-ec2-lt-metadata-1.template.json | 3 +- .../manifest.json | 2 +- .../tree.json | 107 +++++++++--------- .../aws-ec2/test/integ.launch-template.ts | 1 + packages/aws-cdk-lib/aws-ec2/README.md | 2 + .../aws-ec2/lib/launch-template.ts | 16 +++ .../aws-ec2/test/launch-template.test.ts | 22 ++++ 8 files changed, 100 insertions(+), 57 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.assets.json index 3fdfa3f0a8b2d..1147a2215bf03 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.assets.json @@ -14,7 +14,7 @@ } } }, - "f6f451c7b6b6085fc3c3c85e56c55856c2b6d5f71491ba5d0f9b93436468b5de": { + "8cd8c63d04ed01a1a76f21f94fa840809a354a12b00cfac1a16d1bfb8973a85a": { "source": { "path": "aws-cdk-ec2-lt-metadata-1.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f6f451c7b6b6085fc3c3c85e56c55856c2b6d5f71491ba5d0f9b93436468b5de.json", + "objectKey": "8cd8c63d04ed01a1a76f21f94fa840809a354a12b00cfac1a16d1bfb8973a85a.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.template.json index 07935b6686310..061a117dbcb13 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/aws-cdk-ec2-lt-metadata-1.template.json @@ -211,7 +211,8 @@ } ] } - ] + ], + "VersionDescription": "test template v1" } }, "sg2860DD91F": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/manifest.json index 9d0fde1e73ce8..92489c9202eb6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f6f451c7b6b6085fc3c3c85e56c55856c2b6d5f71491ba5d0f9b93436468b5de.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8cd8c63d04ed01a1a76f21f94fa840809a354a12b00cfac1a16d1bfb8973a85a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/tree.json index 0475a6ce3a9fe..ed2fedb904e4d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RestrictDefaultSecurityGroupCustomResource": { @@ -43,28 +43,28 @@ "id": "Default", "path": "aws-cdk-ec2-lt-metadata-1/MyVpc/RestrictDefaultSecurityGroupCustomResource/Default", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "LatestNodeRuntimeMap": { "id": "LatestNodeRuntimeMap", "path": "aws-cdk-ec2-lt-metadata-1/LatestNodeRuntimeMap", "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Custom::VpcRestrictDefaultSGCustomResourceProvider": { @@ -75,30 +75,30 @@ "id": "Staging", "path": "aws-cdk-ec2-lt-metadata-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Role": { "id": "Role", "path": "aws-cdk-ec2-lt-metadata-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Handler": { "id": "Handler", "path": "aws-cdk-ec2-lt-metadata-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "sg1": { @@ -125,14 +125,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "LT": { @@ -198,18 +198,19 @@ } ] } - ] + ], + "versionDescription": "test template v1" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "sg2": { @@ -236,14 +237,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "LTWithMachineImage": { @@ -298,52 +299,52 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "path": "aws-cdk-ec2-lt-metadata-1/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "path": "aws-cdk-ec2-lt-metadata-1/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-ec2-lt-metadata-1/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-ec2-lt-metadata-1/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "LambdaTest": { @@ -370,22 +371,22 @@ "id": "BootstrapVersion", "path": "LambdaTest/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "LambdaTest/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -410,8 +411,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts index 39d71b394b897..0aa48e0277a81 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts @@ -16,6 +16,7 @@ const sg1 = new ec2.SecurityGroup(stack, 'sg1', { }); const lt = new ec2.LaunchTemplate(stack, 'LT', { + versionDescription: 'test template v1', httpEndpoint: true, httpProtocolIpv6: true, httpPutResponseHopLimit: 2, diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 5d10fd95d7e5f..686eb78ed2a3f 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -2287,6 +2287,8 @@ const instanceProfile = new iam.InstanceProfile(this, 'InstanceProfile', { }); const template = new ec2.LaunchTemplate(this, 'LaunchTemplate', { + launchTemplateName: 'MyTemplateV1', + versionDescription: 'This is my v1 template', machineImage: ec2.MachineImage.latestAmazonLinux2023(), securityGroup: new ec2.SecurityGroup(this, 'LaunchTemplateSG', { vpc: vpc, diff --git a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts index 04ec805533bd9..eea0bfe06dd65 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts @@ -221,6 +221,17 @@ export interface LaunchTemplateProps { */ readonly launchTemplateName?: string; + /** + * A description for the first version of the launch template. + * + * The version description must be maximum 255 characters long. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-versiondescription + * + * @default - No description + */ + readonly versionDescription?: string; + /** * Type of instance to launch. * @@ -735,8 +746,13 @@ export class LaunchTemplate extends Resource implements ILaunchTemplate, iam.IGr ? [{ deviceIndex: 0, associatePublicIpAddress: props.associatePublicIpAddress, groups: securityGroupsToken }] : undefined; + if (props.versionDescription && !Token.isUnresolved(props.versionDescription) && props.versionDescription.length > 255) { + throw new Error(`versionDescription must be less than or equal to 255 characters, got ${props.versionDescription.length}`); + } + const resource = new CfnLaunchTemplate(this, 'Resource', { launchTemplateName: props?.launchTemplateName, + versionDescription: props?.versionDescription, launchTemplateData: { blockDeviceMappings: props?.blockDevices !== undefined ? launchTemplateBlockDeviceMappings(this, props.blockDevices) : undefined, creditSpecification: props?.cpuCredits !== undefined ? { diff --git a/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts b/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts index 227eb1c1b0d84..a818c23b8f1cb 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts @@ -147,6 +147,28 @@ describe('LaunchTemplate', () => { }); }); + test('Given versionDescription', () => { + // WHEN + new LaunchTemplate(stack, 'Template', { + versionDescription: 'test template', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::LaunchTemplate', { + VersionDescription: 'test template', + }); + }); + + test('throw error when versionDescription is too long', () => { + const tooLongDescription = 'a'.repeat(256); + // WHEN / THEN + expect(() => { + new LaunchTemplate(stack, 'TemplateWithTooLongDescription', { + versionDescription: tooLongDescription, + }); + }).toThrow('versionDescription must be less than or equal to 255 characters, got 256'); + }); + test('Given instanceType', () => { // WHEN new LaunchTemplate(stack, 'Template', { From 7b2a65384a1592410cd820b745c680fea00d8c95 Mon Sep 17 00:00:00 2001 From: Pahud Hsieh Date: Wed, 24 Jul 2024 11:37:14 -0400 Subject: [PATCH 3/8] chore(eks): update failing snapshots (#30829) update `framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts` that might fail in some cases: 1. set `aws.region` for the helm charts to ensure successful helm deployment 2. make sure each helm charts assertion use different chart source to avoid conflict 3. update the snapshots ### Issue # (if applicable) Closes #. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../apply/__init__.py | 0 .../get/__init__.py | 0 .../helm/__init__.py | 1 + .../index.py | 0 .../patch/__init__.py | 0 .../aws-cdk-eks-helm-test.assets.json | 14 ++--- .../aws-cdk-eks-helm-test.template.json | 60 +++++++++++++++++-- ...bectlProvider207F42E4.nested.template.json | 2 +- .../manifest.json | 2 +- .../tree.json | 4 +- .../test/aws-eks/test/integ.eks-helm-asset.ts | 21 +++++-- 11 files changed, 81 insertions(+), 23 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/{asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098 => asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51}/apply/__init__.py (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/{asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098 => asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51}/get/__init__.py (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/{asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098 => asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51}/helm/__init__.py (99%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/{asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098 => asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51}/index.py (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/{asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098 => asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51}/patch/__init__.py (100%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/apply/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/apply/__init__.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/apply/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/apply/__init__.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/get/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/get/__init__.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/get/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/get/__init__.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/helm/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/helm/__init__.py similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/helm/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/helm/__init__.py index ddf0753a8aa6b..a8964465650a1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/helm/__init__.py +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/helm/__init__.py @@ -186,6 +186,7 @@ def helm(verb, release, chart = None, repo = None, file = None, namespace = None cmnd.append('--atomic') cmnd.extend(['--kubeconfig', kubeconfig]) + print(cmnd) maxAttempts = 3 retry = maxAttempts while retry > 0: diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/index.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/index.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/index.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/patch/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/patch/__init__.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098/patch/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51/patch/__init__.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json index 8b758cfa82d6c..c193dbe6fc296 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json @@ -53,15 +53,15 @@ } } }, - "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098": { + "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51": { "source": { - "path": "asset.abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098", + "path": "asset.58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098.zip", + "objectKey": "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -105,7 +105,7 @@ } } }, - "e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75": { + "103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8": { "source": { "path": "awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json", "packaging": "file" @@ -113,12 +113,12 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75.json", + "objectKey": "103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "87e05e7e56d00f8bd9133b97480ff01b622c9f7f500f8544cef311a412454395": { + "cce6daec2a6b207f27324c17c5286150f99302d682cd87133faac356ffa683f3": { "source": { "path": "aws-cdk-eks-helm-test.template.json", "packaging": "file" @@ -126,7 +126,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "87e05e7e56d00f8bd9133b97480ff01b622c9f7f500f8544cef311a412454395.json", + "objectKey": "cce6daec2a6b207f27324c17c5286150f99302d682cd87133faac356ffa683f3.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json index 03d07827f9b96..ff5440e467401 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json @@ -1092,6 +1092,18 @@ "Release": "s3-chart", "Chart": "s3-chart", "Version": "v0.1.0", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", "Repository": "oci://public.ecr.aws/aws-controllers-k8s/s3-chart", "CreateNamespace": true @@ -1123,6 +1135,18 @@ "Release": "lambda-chart-release", "Chart": "lambda-chart", "Version": "v0.1.4", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", "Repository": "oci://public.ecr.aws/aws-controllers-k8s/lambda-chart", "CreateNamespace": true @@ -1153,7 +1177,19 @@ }, "Release": "rds-chart-release", "Chart": "rds-chart", - "Version": "v1.1.2", + "Version": "1.4.1", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", "Repository": "oci://public.ecr.aws/aws-controllers-k8s/rds-chart", "CreateNamespace": true, @@ -1183,11 +1219,23 @@ "Arn" ] }, - "Release": "rds-chart-release", - "Chart": "rds-chart", - "Version": "v1.1.2", + "Release": "ec2-chart-release", + "Chart": "ec2-chart", + "Version": "1.2.13", + "Values": { + "Fn::Join": [ + "", + [ + "{\"aws\":{\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\"}}" + ] + ] + }, "Namespace": "ack-system", - "Repository": "oci://public.ecr.aws/aws-controllers-k8s/rds-chart", + "Repository": "oci://public.ecr.aws/aws-controllers-k8s/ec2-chart", "CreateNamespace": true, "SkipCrds": true, "Atomic": true @@ -1298,7 +1346,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75.json" + "/103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8.json" ] ] } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json index 4defc3836af59..0b1f5db1afccd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/awscdkekshelmtestawscdkawseksKubectlProvider207F42E4.nested.template.json @@ -7,7 +7,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098.zip" + "S3Key": "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51.zip" }, "Description": "onEvent handler for EKS kubectl resource provider", "Environment": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json index 0abd7f388ac4e..f0cda2a802f8a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/87e05e7e56d00f8bd9133b97480ff01b622c9f7f500f8544cef311a412454395.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cce6daec2a6b207f27324c17c5286150f99302d682cd87133faac356ffa683f3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json index e37cdfc5ebf7d..297cff6003621 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/tree.json @@ -3010,7 +3010,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "abc70c90ded969d12235ca11768293cb20557cff54518518480c0d9fb344a098.zip" + "s3Key": "58216e9cbe7ed5d0c2b7c7d47e173e8f81c25ea6457f5446c34c22be7e6f7f51.zip" }, "description": "onEvent handler for EKS kubectl resource provider", "environment": { @@ -3481,7 +3481,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/e23ed13a7821108db50050a225f7b03107502f583d2faa3a1f82a71756081a75.json" + "/103a1c2a2539a9843f062d1d618f1fbd8483ea496405f34f6aca5ae90f507af8.json" ] ] } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts index 2a06da34209f8..b79d8b3629fd4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.ts @@ -51,6 +51,7 @@ class EksClusterStack extends Stack { chartAsset: chartAsset, }); + // https://gallery.ecr.aws/aws-controllers-k8s/s3-chart this.cluster.addHelmChart('test-oci-chart', { chart: 's3-chart', release: 's3-chart', @@ -58,6 +59,7 @@ class EksClusterStack extends Stack { version: 'v0.1.0', namespace: 'ack-system', createNamespace: true, + values: { aws: { region: this.region } }, }); // there is no opinionated way of testing charts from private ECR, so there is description of manual steps needed to reproduce: @@ -68,6 +70,7 @@ class EksClusterStack extends Stack { // 5. Change `repository` in above test to oci://YOUR_ACCOUNT_ID.dkr.ecr.YOUR_REGION.amazonaws.com/helm-charts-test // 6. Run integration tests as usual + // https://gallery.ecr.aws/aws-controllers-k8s/lambda-chart this.cluster.addHelmChart('test-oci-chart-different-release-name', { chart: 'lambda-chart', release: 'lambda-chart-release', @@ -75,31 +78,37 @@ class EksClusterStack extends Stack { version: 'v0.1.4', namespace: 'ack-system', createNamespace: true, + values: { aws: { region: this.region } }, }); // testing the disable mechanism of the installation of CRDs + // https://gallery.ecr.aws/aws-controllers-k8s/rds-chart this.cluster.addHelmChart('test-skip-crd-installation', { chart: 'rds-chart', release: 'rds-chart-release', repository: 'oci://public.ecr.aws/aws-controllers-k8s/rds-chart', - version: 'v1.1.2', + version: '1.4.1', namespace: 'ack-system', createNamespace: true, skipCrds: true, + values: { aws: { region: this.region } }, }); - //testing installation with atomic flag set to true + // testing installation with atomic flag set to true + // https://gallery.ecr.aws/aws-controllers-k8s/sns-chart this.cluster.addHelmChart('test-atomic-installation', { - chart: 'rds-chart', - release: 'rds-chart-release', - repository: 'oci://public.ecr.aws/aws-controllers-k8s/rds-chart', - version: 'v1.1.2', + chart: 'ec2-chart', + release: 'ec2-chart-release', + repository: 'oci://public.ecr.aws/aws-controllers-k8s/ec2-chart', + version: '1.2.13', namespace: 'ack-system', createNamespace: true, skipCrds: true, atomic: true, + values: { aws: { region: this.region } }, }); + // https://github.com/orgs/grafana-operator/packages/container/package/helm-charts%2Fgrafana-operator this.cluster.addHelmChart('test-non-ecr-oci-chart', { chart: 'grafana-operator', release: 'grafana-operator-release', From 71315394394634f92b01ed70aa25b59116ad6ec0 Mon Sep 17 00:00:00 2001 From: Grace Luo <54298030+gracelu0@users.noreply.github.com> Date: Wed, 24 Jul 2024 10:27:31 -0700 Subject: [PATCH 4/8] chore: add note to bug report template (#30934) ### Issue # (if applicable) N/A ### Reason for this change Remind users to submit security-related issues using the existing mechanism in GitHub. ### Description of changes Add note to the top of the template ### Description of how you validated changes Previewed the template in GitHub (can't find a way to actually view the updated template locally) ### Checklist - [n/a] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/ISSUE_TEMPLATE/bug-report.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index eecd4056ab65c..c3843d23481d8 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -5,6 +5,14 @@ title: "(module name): (short issue description)" labels: [bug, needs-triage] assignees: [] body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + **⚠️ Please read this before filling out the form below:** + If the bug you are reporting is a security-related issue or a security vulnerability, + please report it via [Report a security vulnerability](https://github.com/aws/aws-cdk/security/advisories/new) instead of this template. - type: textarea id: description attributes: From e7af8f8d1fbbe7b1a9b5998c33574e620368480f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Durand?= Date: Wed, 24 Jul 2024 21:02:51 +0200 Subject: [PATCH 5/8] docs(rds): clarify how to enable S3Import/S3Export in Readme.md (#30459) ### Reason for this change Documentation does not state clearly that feature needs to be manually enabled when using Postgres Example : The following code will fail with the error message ```ts const cluster = new rds.DatabaseCluster(this, 'Database', { engine: rds.DatabaseClusterEngine.auroraPostgres({version: AuroraPostgresEngineVersion.of('12.7','12')}), writer: rds.ClusterInstance.provisioned('writer', { instanceType: ec2.InstanceType.of(ec2.InstanceClass.R6G, ec2.InstanceSize.XLARGE4), }), serverlessV2MinCapacity: 6.5, serverlessV2MaxCapacity: 64, s3ImportRole: sampleRole }); ``` Will fail with this error message :`Error: s3Import is not supported for Postgres version: 12.7. Use a version that supports the s3Import feature` But the thing is that 12.7 does support it ! The real problem here is that the feature needs to be enabled as such ```ts const cluster = new rds.DatabaseCluster(this, 'Database', { engine: rds.DatabaseClusterEngine.auroraPostgres({version: AuroraPostgresEngineVersion.of('12.7','12', {s3Export: true, s3Import:true})}), writer: rds.ClusterInstance.provisioned('writer', { instanceType: ec2.InstanceType.of(ec2.InstanceClass.R6G, ec2.InstanceSize.XLARGE4), }), serverlessV2MinCapacity: 6.5, serverlessV2MaxCapacity: 64, s3ImportRole: sampleRole }); ``` ### Description of changes Small update to Readme.md and inline TSdoc ### Description of how you validated changes None ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-rds/README.md | 1 + packages/aws-cdk-lib/aws-rds/lib/cluster.ts | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index 973762247098e..58eed278f186d 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -938,6 +938,7 @@ Data in S3 buckets can be imported to and exported from certain database engines functionality, set the `s3ImportBuckets` and `s3ExportBuckets` properties for import and export respectively. When configured, the CDK automatically creates and configures IAM roles as required. Additionally, the `s3ImportRole` and `s3ExportRole` properties can be used to set this role directly. +Note: To use `s3ImportRole` and `s3ExportRole` with Aurora PostgreSQL, you must also enable the S3 import and export features when you create the DatabaseClusterEngine. You can read more about loading data to (or from) S3 here: diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts index 30bfd914d6303..515115663b828 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts @@ -253,7 +253,7 @@ interface DatabaseClusterBaseProps { * This feature is only supported by the Aurora database engine. * * This property must not be used if `s3ImportBuckets` is used. - * + * To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine * For MySQL: * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.LoadFromS3.html * @@ -284,7 +284,7 @@ interface DatabaseClusterBaseProps { * This feature is only supported by the Aurora database engine. * * This property must not be used if `s3ExportBuckets` is used. - * + * To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine * For MySQL: * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.SaveIntoS3.html * From 64afa72e1ca035331a56e3d3fdf24097464275f1 Mon Sep 17 00:00:00 2001 From: GZ Date: Wed, 24 Jul 2024 12:33:40 -0700 Subject: [PATCH 6/8] chore: lock conversations on closed issues and PRs with message (#30941) ### Issue # (if applicable) ### Reason for this change Lock conversations on closed issues and PRs to make sure important comments are not left on closed items and no one would be able to see it. Force people to create new issues instead. ### Description of changes Lock conversations. ### Description of how you validated changes Tested in a forked repo and it works correctly. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/workflows/closed-issue-message.yml | 21 --------- .../workflows/lock-issue-pr-with-message.yml | 47 +++++++++++++++++++ 2 files changed, 47 insertions(+), 21 deletions(-) delete mode 100644 .github/workflows/closed-issue-message.yml create mode 100644 .github/workflows/lock-issue-pr-with-message.yml diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml deleted file mode 100644 index ebd26358d80f9..0000000000000 --- a/.github/workflows/closed-issue-message.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Closed Issue Message -on: - issues: - types: [closed] - pull_request_target: - types: [closed] -jobs: - auto_comment: - permissions: - pull-requests: write - issues: write - runs-on: ubuntu-latest - steps: - - uses: aws-actions/closed-issue-message@v1 - with: - # These inputs are both required - repo-token: "${{ secrets.GITHUB_TOKEN }}" - message: | - Comments on closed issues and PRs are hard for our team to see. - If you need help, please open a new issue that references this one. - If you wish to keep having a conversation with other community members under this issue feel free to do so. diff --git a/.github/workflows/lock-issue-pr-with-message.yml b/.github/workflows/lock-issue-pr-with-message.yml new file mode 100644 index 0000000000000..10650ddbeec4d --- /dev/null +++ b/.github/workflows/lock-issue-pr-with-message.yml @@ -0,0 +1,47 @@ +name: Lock Closed Issues and PRs with message + +on: + pull_request_target: + types: [closed] + issues: + types: [closed] + +jobs: + auto_comment: + permissions: + pull-requests: write + issues: write + runs-on: ubuntu-latest + steps: + - uses: aws-actions/closed-issue-message@v1 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + message: | + Comments on closed issues and PRs are hard for our team to see. + If you need help, please open a new issue that references this one. + If you wish to keep having a conversation with other community members under this issue feel free to do so. + lock: + permissions: + pull-requests: write + issues: write + runs-on: ubuntu-latest + needs: auto_comment + steps: + - name: Lock closed issue or PR + run: | + if [ "${{ github.event_name }}" == "issues" ]; then + ISSUE_NUMBER=${{ github.event.issue.number }} + ISSUE_URL=https://api.github.com/repos/${{ github.repository }}/issues/${ISSUE_NUMBER}/lock + else + ISSUE_NUMBER=${{ github.event.pull_request.number }} + ISSUE_URL=https://api.github.com/repos/${{ github.repository }}/issues/${ISSUE_NUMBER}/lock + fi + + curl -s -X PUT -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github.v3+json" \ + ${ISSUE_URL} \ + -d @- < Date: Thu, 25 Jul 2024 05:57:24 +0900 Subject: [PATCH 7/8] chore(elasticloadbalancingv2): specific 5XX CloudWatch metrics for ALB (#30659) ### Reason for this change ALB supports metrics for specific load balancer generated 5XX level error metrics. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html However, they are currently not included in `HttpCodeElb`, so the `metrics.httpCodeElb` method is not available and `metrics.custom` must be used. ```ts let alb: IApplicationLoadBalancer; alb.metrics.httpCodeElb(HttpCodeElb.ELB_5XX_COUNT); // we can do this alb.metrics.httpCodeElb(HttpCodeElb.ELB_500_COUNT); // currently we cannot do this alb.metrics.custom("HTTPCode_ELB_500_Count"); ``` Adding the metric names to `HttpCodeElb` makes it easier to understand as it can be configured in the same way as `HTTPCode_ELB_5XX_Count`. ### Description of changes Add metrics names to `HttpCodeElb`. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/alb/application-load-balancer.ts | 20 ++++++++++++++++ .../test/alb/load-balancer.test.ts | 23 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts index 6a0914ea8e153..0ec173c7b77df 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts @@ -753,6 +753,26 @@ export enum HttpCodeElb { * The number of HTTP 5XX server error codes that originate from the load balancer. */ ELB_5XX_COUNT = 'HTTPCode_ELB_5XX_Count', + + /** + * The number of HTTP 500 server error codes that originate from the load balancer. + */ + ELB_500_COUNT = 'HTTPCode_ELB_500_Count', + + /** + * The number of HTTP 502 server error codes that originate from the load balancer. + */ + ELB_502_COUNT = 'HTTPCode_ELB_502_Count', + + /** + * The number of HTTP 503 server error codes that originate from the load balancer. + */ + ELB_503_COUNT = 'HTTPCode_ELB_503_Count', + + /** + * The number of HTTP 504 server error codes that originate from the load balancer. + */ + ELB_504_COUNT = 'HTTPCode_ELB_504_Count', } /** diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts index 930f3a2a18923..958a881846fab 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts @@ -684,6 +684,29 @@ describe('tests', () => { } }); + test.each([ + elbv2.HttpCodeElb.ELB_500_COUNT, + elbv2.HttpCodeElb.ELB_502_COUNT, + elbv2.HttpCodeElb.ELB_503_COUNT, + elbv2.HttpCodeElb.ELB_504_COUNT, + ])('use specific load balancer generated 5XX metrics', (metricName) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + const metric = lb.metrics.httpCodeElb(metricName); + + // THEN + expect(metric.namespace).toEqual('AWS/ApplicationELB'); + expect(metric.statistic).toEqual('Sum'); + expect(metric.metricName).toEqual(metricName); + expect(stack.resolve(metric.dimensions)).toEqual({ + LoadBalancer: { 'Fn::GetAtt': ['LB8A12904C', 'LoadBalancerFullName'] }, + }); + }); + test('loadBalancerName', () => { // GIVEN const stack = new cdk.Stack(); From cd80fcaeba32f79e76586af63eca5363b731895b Mon Sep 17 00:00:00 2001 From: GZ Date: Wed, 24 Jul 2024 15:15:26 -0700 Subject: [PATCH 8/8] chore: update message in GHA lock conversations (#30942) ### Issue # (if applicable) Fix the misleading message in https://github.com/aws/aws-cdk/pull/30941 ### Reason for this change Update message left by GHA ### Description of changes Since we lock conversations, we should update the message to be more accurate. ### Description of how you validated changes Tested in private fork with GHA. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/workflows/lock-issue-pr-with-message.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/lock-issue-pr-with-message.yml b/.github/workflows/lock-issue-pr-with-message.yml index 10650ddbeec4d..8192c5ac7898e 100644 --- a/.github/workflows/lock-issue-pr-with-message.yml +++ b/.github/workflows/lock-issue-pr-with-message.yml @@ -19,13 +19,12 @@ jobs: message: | Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. - If you wish to keep having a conversation with other community members under this issue feel free to do so. lock: permissions: pull-requests: write issues: write runs-on: ubuntu-latest - needs: auto_comment + needs: auto_comment # only run after comment is complete steps: - name: Lock closed issue or PR run: |