From 51bb9248064f9dedf036c271cd737c62066951ff Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Wed, 30 Mar 2022 22:18:48 +0000 Subject: [PATCH 01/59] chore(release): 1.151.0 --- CHANGELOG.md | 15 +++++++++++++++ version.v1.json | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1621fa309c36a..cd8a6d18b516b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [1.151.0](https://github.com/aws/aws-cdk/compare/v1.150.0...v1.151.0) (2022-03-30) + + +### Features + +* add new integration test runner ([#19529](https://github.com/aws/aws-cdk/issues/19529)) ([e7f43d1](https://github.com/aws/aws-cdk/commit/e7f43d1a3bb52bbf589d7472c9a9b89e3c1cc8c1)) +* **aws-ec2:** Enable/disable EC2 "Detailed Monitoring" ([#19437](https://github.com/aws/aws-cdk/issues/19437)) ([94f9d27](https://github.com/aws/aws-cdk/commit/94f9d27e626bced5fc68a6ebbd653fea21c6e21e)) +* **cognito:** configure SNS region for UserPool SMS messages ([#19519](https://github.com/aws/aws-cdk/issues/19519)) ([6eb775e](https://github.com/aws/aws-cdk/commit/6eb775e829d62913bff849d43ed7339f9910d8de)), closes [#19434](https://github.com/aws/aws-cdk/issues/19434) + + +### Bug Fixes + +* **aws-cdk:** include nested stacks when building changesets ([#19494](https://github.com/aws/aws-cdk/issues/19494)) ([97cc8e2](https://github.com/aws/aws-cdk/commit/97cc8e29e155b222d553b1fe955a0302036feed5)), closes [#5722](https://github.com/aws/aws-cdk/issues/5722) [#17396](https://github.com/aws/aws-cdk/issues/17396) [#19224](https://github.com/aws/aws-cdk/issues/19224) +* **docdb:** DB Instance ARN uses 'docdb' as the service component instead of 'rds' ([#19555](https://github.com/aws/aws-cdk/issues/19555)) ([6a63924](https://github.com/aws/aws-cdk/commit/6a63924c0b184342befd92903b8867e45b158252)), closes [#19554](https://github.com/aws/aws-cdk/issues/19554) + ## [1.150.0](https://github.com/aws/aws-cdk/compare/v1.149.0...v1.150.0) (2022-03-26) diff --git a/version.v1.json b/version.v1.json index 4e6db4f2ccf8c..53e80ec784dce 100644 --- a/version.v1.json +++ b/version.v1.json @@ -1,3 +1,3 @@ { - "version": "1.150.0" + "version": "1.151.0" } \ No newline at end of file From ff85fd1f17d37ea3304eeb453a5e6d38c9ee2c3a Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Thu, 31 Mar 2022 05:47:32 -0400 Subject: [PATCH 02/59] docs(cfnspec): update CloudFormation documentation (#19647) --- .../spec-source/cfn-docs/cfn-docs.json | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 51903ee940094..7cd626e41dad8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -33361,7 +33361,7 @@ "AllowMajorVersionUpgrade": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n\nConstraints: Major version upgrades must be allowed when specifying a value for the `EngineVersion` parameter that is a different major version than the DB instance's current version.", "AssociatedRoles": "The AWS Identity and Access Management (IAM) roles associated with the DB instance.", "AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.", - "AvailabilityZone": "The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) .\n\n*Amazon Aurora*\n\nNot applicable. Availability Zones are managed by the DB cluster.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's AWS Region .\n\nExample: `us-east-1d`\n\nConstraint: The `AvailabilityZone` parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same AWS Region as the current endpoint.\n\n> If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.\n> \n> For more information about RDS on VMware, see the [RDS on VMware User Guide.](https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html)", + "AvailabilityZone": "The Availability Zone that the database instance will be created in.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's region.\n\nExample: `us-east-1d`\n\nConstraint: The AvailabilityZone parameter cannot be specified if the MultiAZ parameter is set to `true` . The specified Availability Zone must be in the same region as the current endpoint.", "BackupRetentionPeriod": "The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.\n\n*Amazon Aurora*\n\nNot applicable. The retention period for automated backups is managed by the DB cluster.\n\nDefault: 1\n\nConstraints:\n\n- Must be a value from 0 to 35\n- Can't be set to 0 if the DB instance is a source to read replicas", "CACertificateIdentifier": "The identifier of the CA certificate for this DB instance.\n\n> Specifying or updating this property triggers a reboot. \n\nFor more information about CA certificate identifiers for RDS DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide* .\n\nFor more information about CA certificate identifiers for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide* .", "CharacterSetName": "For supported engines, indicates that the DB instance should be associated with the specified character set.\n\n*Amazon Aurora*\n\nNot applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html) .", @@ -33433,7 +33433,7 @@ }, "description": "The `AWS::RDS::DBParameterGroup` resource creates a custom parameter group for an RDS database family.\n\nThis type can be declared in a template and referenced in the `DBParameterGroupName` property of an `[AWS::RDS::DBInstance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html)` resource.\n\nFor information about configuring parameters for Amazon RDS DB instances, see [Working with DB parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide* .\n\nFor information about configuring parameters for Amazon Aurora DB instances, see [Working with DB parameter groups and DB cluster parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide* .\n\n> Applying a parameter group to a DB instance may require the DB instance to reboot, resulting in a database outage for the duration of the reboot.", "properties": { - "Description": "Provides the customer-specified description for this DB Parameter Group.", + "Description": "Provides the customer-specified description for this DB parameter group.", "Family": "The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family.\n\n> The DB parameter group family can't be changed when updating a DB parameter group. \n\nTo list all of the available parameter group families, use the following command:\n\n`aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"`\n\nThe output contains duplicates.\n\nFor more information, see `[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)` .", "Parameters": "An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional.\n\nFor more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide* .\n\nFor more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide* .\n\n> AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.", "Tags": "Tags to assign to the DB parameter group." @@ -33537,7 +33537,7 @@ "properties": { "DBSecurityGroupIngress": "Ingress rules to be applied to the DB security group.", "EC2VpcId": "The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to.\n\n> The `EC2VpcId` property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.", - "GroupDescription": "Provides the description of the DB Security Group.", + "GroupDescription": "Provides the description of the DB security group.", "Tags": "Tags to assign to the DB security group." } }, @@ -33546,9 +33546,9 @@ "description": "The `Ingress` property type specifies an individual ingress rule within an `AWS::RDS::DBSecurityGroup` resource.", "properties": { "CIDRIP": "The IP range to authorize.", - "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSecurityGroupIngress": { @@ -33558,10 +33558,10 @@ "description": "The `AWS::RDS::DBSecurityGroupIngress` resource enables ingress to a DB security group using one of two forms of authorization. First, you can add EC2 or VPC security groups to the DB security group if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the Internet.\n\nThis type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .\n\nFor details about the settings for DB security group ingress, see [AuthorizeDBSecurityGroupIngress](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html) .", "properties": { "CIDRIP": "The IP range to authorize.", - "DBSecurityGroupName": "The name of the DB security group to add authorization to.", - "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "DBSecurityGroupName": "The name of the DB Security Group to add authorization to.", + "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSubnetGroup": { @@ -33570,9 +33570,9 @@ }, "description": "The `AWS::RDS::DBSubnetGroup` resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region.\n\nFor more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide* .", "properties": { - "DBSubnetGroupDescription": "The description for the DB subnet group.", + "DBSubnetGroupDescription": "The description for the DB Subnet Group.", "DBSubnetGroupName": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n\nExample: `mysubnetgroup`", - "SubnetIds": "The EC2 Subnet IDs for the DB subnet group.", + "SubnetIds": "The EC2 Subnet IDs for the DB Subnet Group.", "Tags": "Tags to assign to the DB subnet group." } }, @@ -33582,8 +33582,8 @@ }, "description": "The `AWS::RDS::EventSubscription` resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see [Using Amazon RDS Event Notification](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) in the *Amazon RDS User Guide* .", "properties": { - "Enabled": "A value that indicates whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active.", - "EventCategories": "A list of event categories for a particular source type ( `SourceType` ) that you want to subscribe to. You can see a list of the categories for a given source type in the \"Amazon RDS event categories and event messages\" section of the [*Amazon RDS User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) or the [*Amazon Aurora User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html) . You can also see this list by using the `DescribeEventCategories` operation.", + "Enabled": "A Boolean value; set to *true* to activate the subscription, set to *false* to create the subscription but not active it.", + "EventCategories": "A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the [Events](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) topic in the Amazon RDS User Guide or by using the *DescribeEventCategories* action.", "SnsTopicArn": "The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it.", "SourceIds": "The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.\n\nConstraints:\n\n- If a `SourceIds` value is supplied, `SourceType` must also be provided.\n- If the source type is a DB instance, a `DBInstanceIdentifier` value must be supplied.\n- If the source type is a DB cluster, a `DBClusterIdentifier` value must be supplied.\n- If the source type is a DB parameter group, a `DBParameterGroupName` value must be supplied.\n- If the source type is a DB security group, a `DBSecurityGroupName` value must be supplied.\n- If the source type is a DB snapshot, a `DBSnapshotIdentifier` value must be supplied.\n- If the source type is a DB cluster snapshot, a `DBClusterSnapshotIdentifier` value must be supplied.", "SourceType": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to `db-instance` . If this value isn't specified, all events are returned.\n\nValid values: `db-instance` | `db-cluster` | `db-parameter-group` | `db-security-group` | `db-snapshot` | `db-cluster-snapshot`" From fd1fff904a70d18dc9c7863aefc03b3ee44c2863 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizen3031593@users.noreply.github.com> Date: Thu, 31 Mar 2022 09:29:56 -0400 Subject: [PATCH 03/59] feat(lambda): warn if you use `function.grantInvoke` while also using `currentVersion` (#19464) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ‼️ Lambda is changing their authorization strategy, which means that some behavior that was previously valid now results in `access-denied` errors. Under the new behavior, customer lambda invocations will fail if the CDK generates a policy with an unqualified ARN as the resource, and the customer invokes lambda with the unqualified ARN and the `Qualifier` request parameter. Example of an affected setup: ``` Statement: { Effect: "Allow", Action: "lambda:InvokeFunction", Resource: "arn:aws:lambda:...:function:MyFunction", } API Call: lambda.Invoke({ FunctionName: "MyFunction", Qualifier: "1234", }) ``` This `Invoke` call *used* to succeed, but under the new authorization strategy it will fail. The required statement to make the call succeed would be (note the qualified ARN): ``` { Effect: "Allow", Action: "lambda:InvokeFunction", Resource: "arn:aws:lambda:...:function:MyFunction:1234", } ``` This PR aims to warn users who could be using an affected setup. Users will receive the a warning message under the following circumstances: - they grant `lambda:InvokeFunction` to an unqualified function arn - they call `lambda.currentVersion` somewhere in their code This is part of #19273. Related is #19318. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-lambda/lib/function-base.ts | 46 +++++- packages/@aws-cdk/aws-lambda/lib/function.ts | 4 + .../@aws-cdk/aws-lambda/test/function.test.ts | 150 +++++++++++++++++- 3 files changed, 198 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda/lib/function-base.ts b/packages/@aws-cdk/aws-lambda/lib/function-base.ts index a4c8b73b46a9a..e34292ab6834a 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function-base.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function-base.ts @@ -1,7 +1,7 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; -import { ArnFormat, ConstructNode, IResource, Resource, Token } from '@aws-cdk/core'; +import { Annotations, ArnFormat, ConstructNode, IResource, Resource, Token } from '@aws-cdk/core'; import { AliasOptions } from './alias'; import { Architecture } from './architecture'; import { EventInvokeConfig, EventInvokeConfigOptions } from './event-invoke-config'; @@ -12,6 +12,10 @@ import { CfnPermission } from './lambda.generated'; import { Permission } from './permission'; import { addAlias, flatMap } from './util'; +// keep this import separate from other imports to reduce chance for merge conflicts with v2-main +// eslint-disable-next-line no-duplicate-imports, import/order +import { Construct } from '@aws-cdk/core'; + export interface IFunction extends IResource, ec2.IConnectable, iam.IGrantable { /** @@ -274,12 +278,45 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC private _latestVersion?: LatestVersion; + /** + * Flag to delay adding a warning message until current version is invoked. + * @internal + */ + protected _warnIfCurrentVersionCalled: boolean = false; + /** * Mapping of invocation principals to grants. Used to de-dupe `grantInvoke()` calls. * @internal */ protected _invocationGrants: Record = {}; + /** + * A warning will be added to functions under the following conditions: + * - permissions that include `lambda:InvokeFunction` are added to the unqualified function. + * - function.currentVersion is invoked before or after the permission is created. + * + * This applies only to permissions on Lambda functions, not versions or aliases. + * This function is overridden as a noOp for QualifiedFunctionBase. + */ + public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string) { + const affectedPermissions = ['lambda:InvokeFunction', 'lambda:*', 'lambda:Invoke*']; + if (affectedPermissions.includes(action)) { + if (scope.node.tryFindChild('CurrentVersion')) { + this.warnInvokeFunctionPermissions(scope); + } else { + this._warnIfCurrentVersionCalled = true; + } + } + } + + protected warnInvokeFunctionPermissions(scope: Construct): void { + Annotations.of(scope).addWarning([ + "AWS Lambda has changed their authorization strategy, which may cause client invocations using the 'Qualifier' parameter of the lambda function to fail with Access Denied errors.", + "If you are using a lambda Version or Alias, make sure to call 'grantInvoke' or 'addPermission' on the Version or Alias, not the underlying Function", + 'See: https://github.com/aws/aws-cdk/issues/19273', + ].join('\n')); + } + /** * Adds a permission to the Lambda resource policy. * @param id The id for the permission construct @@ -296,6 +333,8 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC const action = permission.action ?? 'lambda:InvokeFunction'; const scope = permission.scope ?? this; + this.considerWarningOnInvokeFunctionPermissions(scope, action); + new CfnPermission(scope, id, { action, principal, @@ -554,6 +593,11 @@ export abstract class QualifiedFunctionBase extends FunctionBase { ...options, }); } + + public considerWarningOnInvokeFunctionPermissions(_scope: Construct, _action: string): void { + // noOp + return; + } } /** diff --git a/packages/@aws-cdk/aws-lambda/lib/function.ts b/packages/@aws-cdk/aws-lambda/lib/function.ts index 3e2c778be2891..6bc89845edf3b 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function.ts @@ -399,6 +399,10 @@ export class Function extends FunctionBase { return this._currentVersion; } + if (this._warnIfCurrentVersionCalled) { + this.warnInvokeFunctionPermissions(this); + }; + this._currentVersion = new Version(this, 'CurrentVersion', { lambda: this, ...this.currentVersionOptions, diff --git a/packages/@aws-cdk/aws-lambda/test/function.test.ts b/packages/@aws-cdk/aws-lambda/test/function.test.ts index 81edf78b9a0e7..fd9a175d93fb2 100644 --- a/packages/@aws-cdk/aws-lambda/test/function.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/function.test.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { Match, Template } from '@aws-cdk/assertions'; +import { Annotations, Match, Template } from '@aws-cdk/assertions'; import { ProfilingGroup } from '@aws-cdk/aws-codeguruprofiler'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as efs from '@aws-cdk/aws-efs'; @@ -435,6 +435,154 @@ describe('function', () => { // THEN Template.fromStack(stack).resourceCountIs('AWS::Lambda::Permission', 0); }); + + describe('annotations on different IFunctions', () => { + let stack: cdk.Stack; + let fn: lambda.Function; + let warningMessage: string; + beforeEach(() => { + warningMessage = 'AWS Lambda has changed their authorization strategy'; + stack = new cdk.Stack(); + fn = new lambda.Function(stack, 'MyLambda', { + code: lambda.Code.fromAsset(path.join(__dirname, 'my-lambda-handler')), + handler: 'index.handler', + runtime: lambda.Runtime.PYTHON_3_6, + }); + }); + + describe('permissions on functions', () => { + test('without lambda:InvokeFunction', () => { + // WHEN + fn.addPermission('MyPermission', { + action: 'lambda.GetFunction', + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // Simulate a workflow where a user has created a currentVersion with the intent to invoke it later. + fn.currentVersion; + + // THEN + Annotations.fromStack(stack).hasNoWarning('/Default/MyLambda', Match.stringLikeRegexp(warningMessage)); + }); + + describe('with lambda:InvokeFunction', () => { + test('without invoking currentVersion', () => { + // WHEN + fn.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // THEN + Annotations.fromStack(stack).hasNoWarning('/Default/MyLambda', Match.stringLikeRegexp(warningMessage)); + }); + + test('with currentVersion invoked first', () => { + // GIVEN + // Simulate a workflow where a user has created a currentVersion with the intent to invoke it later. + fn.currentVersion; + + // WHEN + fn.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // THEN + Annotations.fromStack(stack).hasWarning('/Default/MyLambda', Match.stringLikeRegexp(warningMessage)); + }); + + test('with currentVersion invoked after permissions created', () => { + // WHEN + fn.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // Simulate a workflow where a user has created a currentVersion after adding permissions to the function. + fn.currentVersion; + + // THEN + Annotations.fromStack(stack).hasWarning('/Default/MyLambda', Match.stringLikeRegexp(warningMessage)); + }); + + test('multiple currentVersion calls does not result in multiple warnings', () => { + // WHEN + fn.currentVersion; + + fn.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + fn.currentVersion; + + // THEN + const warns = Annotations.fromStack(stack).findWarning('/Default/MyLambda', Match.stringLikeRegexp(warningMessage)); + expect(warns).toHaveLength(1); + }); + }); + }); + + test('permission on versions', () => { + // GIVEN + const version = new lambda.Version(stack, 'MyVersion', { + lambda: fn.currentVersion, + }); + + // WHEN + version.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // THEN + Annotations.fromStack(stack).hasNoWarning('/Default/MyVersion', Match.stringLikeRegexp(warningMessage)); + }); + + test('permission on latest version', () => { + // WHEN + fn.latestVersion.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // THEN + // cannot add permissions on latest version, so no warning necessary + Annotations.fromStack(stack).hasNoWarning('/Default/MyLambda/$LATEST', Match.stringLikeRegexp(warningMessage)); + }); + + describe('permission on alias', () => { + test('of current version', () => { + // GIVEN + const version = new lambda.Version(stack, 'MyVersion', { + lambda: fn.currentVersion, + }); + const alias = new lambda.Alias(stack, 'MyAlias', { + aliasName: 'alias', + version, + }); + + // WHEN + alias.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // THEN + Annotations.fromStack(stack).hasNoWarning('/Default/MyAlias', Match.stringLikeRegexp(warningMessage)); + }); + + test('of latest version', () => { + // GIVEN + const alias = new lambda.Alias(stack, 'MyAlias', { + aliasName: 'alias', + version: fn.latestVersion, + }); + + // WHEN + alias.addPermission('MyPermission', { + principal: new iam.ServicePrincipal('lambda.amazonaws.com'), + }); + + // THEN + Annotations.fromStack(stack).hasNoWarning('/Default/MyAlias', Match.stringLikeRegexp(warningMessage)); + }); + }); + }); }); test('Lambda code can be read from a local directory via an asset', () => { From 9c712cc457ccb80d7180fee67a101b76fc01d207 Mon Sep 17 00:00:00 2001 From: Otavio Macedo Date: Thu, 31 Mar 2022 15:14:32 +0100 Subject: [PATCH 04/59] fix(eks): incorrect version of aws-node-termination-handler (#19510) A previous [PR](https://github.com/aws/aws-cdk/pull/18841) upgraded the version of `aws-node-termination-handler`. However, the version contained in the change, 1.14.0, refers to the `appVersion` field and not the `version` field. This change upgrades it to the latest available `version`, 0.18.0, as shown by the command: ``` $ helm search repo aws-node-termination-handler NAME CHART VERSION APP VERSION DESCRIPTION eks/aws-node-termination-handler 0.18.0 1.16.0 A Helm chart for the AWS Node Termination Handler. ``` ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-eks/lib/cluster.ts | 2 +- packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-eks/lib/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster.ts index 66821aed579e9..b73616179b9bd 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster.ts @@ -946,7 +946,7 @@ abstract class ClusterBase extends Resource implements ICluster { if (!this._spotInterruptHandler) { this._spotInterruptHandler = this.addHelmChart('spot-interrupt-handler', { chart: 'aws-node-termination-handler', - version: '1.14.1', + version: '0.18.0', repository: 'https://aws.github.io/eks-charts', namespace: 'kube-system', values: { diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 02dc4f65277ba..519b5c7ee8f03 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -2690,7 +2690,7 @@ }, "Release": "ksclustertestclusterchartspotinterrupthandlerf41ba997", "Chart": "aws-node-termination-handler", - "Version": "1.14.1", + "Version": "0.18.0", "Values": "{\"nodeSelector\":{\"lifecycle\":\"Ec2Spot\"}}", "Namespace": "kube-system", "Repository": "https://aws.github.io/eks-charts", From a74d82e667ba3cfbb3341392f7c641b0e29d47f0 Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Thu, 31 Mar 2022 07:58:05 -0700 Subject: [PATCH 05/59] fix(rds): `SnapshotCredentials.fromSecret()` takes a `Secret`, not `ISecret` (#19639) Fixes #19409 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- allowed-breaking-changes.txt | 14 +++++++++----- packages/@aws-cdk/aws-rds/lib/props.ts | 4 ++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/allowed-breaking-changes.txt b/allowed-breaking-changes.txt index 864ea5178512b..6069472407d94 100644 --- a/allowed-breaking-changes.txt +++ b/allowed-breaking-changes.txt @@ -75,7 +75,7 @@ strengthened:@aws-cdk/aws-stepfunctions-tasks.BatchSubmitJobProps removed:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps.cluster strengthened:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps -# Remove IO2 from autoscaling EbsDeviceVolumeType. This value is not supported +# Remove IO2 from autoscaling EbsDeviceVolumeType. This value is not supported # at the moment and was not supported in the past. removed:@aws-cdk/aws-autoscaling.EbsDeviceVolumeType.IO2 @@ -83,12 +83,12 @@ removed:@aws-cdk/aws-autoscaling.EbsDeviceVolumeType.IO2 removed:@aws-cdk/aws-stepfunctions-tasks.EmrCreateCluster.AutoTerminationPolicyProperty removed:@aws-cdk/aws-stepfunctions-tasks.EmrCreateClusterProps.autoTerminationPolicy -# Changed property securityGroupId to optional because either securityGroupId or +# Changed property securityGroupId to optional because either securityGroupId or # securityGroupName is required. Therefore securityGroupId is no longer mandatory. weakened:@aws-cdk/cloud-assembly-schema.SecurityGroupContextQuery # refactor autoscaling lifecycle hook target bind() methods to make role optional by -# having bind() methods create the role if it isn't passed to them +# having bind() methods create the role if it isn't passed to them incompatible-argument:@aws-cdk/aws-autoscaling-hooktargets.FunctionHook.bind incompatible-argument:@aws-cdk/aws-autoscaling-hooktargets.QueueHook.bind incompatible-argument:@aws-cdk/aws-autoscaling-hooktargets.TopicHook.bind @@ -106,7 +106,7 @@ removed:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps.maxRecord removed:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps.parallelizationFactor removed:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps.reportBatchItemFailures removed:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps.retryAttempts -removed:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps.tumblingWindow +removed:@aws-cdk/aws-lambda-event-sources.ManagedKafkaEventSourceProps.tumblingWindow removed:@aws-cdk/aws-lambda-event-sources.SelfManagedKafkaEventSourceProps.bisectBatchOnError removed:@aws-cdk/aws-lambda-event-sources.SelfManagedKafkaEventSourceProps.maxRecordAge removed:@aws-cdk/aws-lambda-event-sources.SelfManagedKafkaEventSourceProps.parallelizationFactor @@ -125,4 +125,8 @@ changed-type:@aws-cdk/aws-elasticloadbalancingv2.NetworkLoadBalancer.vpc # removed methods and properties related to event bridge notifications for S3 buckets as they are not yet supported (19 Jan 2022) removed:@aws-cdk/aws-s3.Bucket.enableEventBridgeNotification removed:@aws-cdk/aws-s3.BucketBase.enableEventBridgeNotification -removed:@aws-cdk/aws-s3.BucketProps.eventBridgeEnabled \ No newline at end of file +removed:@aws-cdk/aws-s3.BucketProps.eventBridgeEnabled + +# changed the type of RDS's SnapshotCredentials.secret from Secret to ISecret, +# shouldn't matter +changed-type:@aws-cdk/aws-rds.SnapshotCredentials.secret diff --git a/packages/@aws-cdk/aws-rds/lib/props.ts b/packages/@aws-cdk/aws-rds/lib/props.ts index 6338fa0368849..8f61088997d96 100644 --- a/packages/@aws-cdk/aws-rds/lib/props.ts +++ b/packages/@aws-cdk/aws-rds/lib/props.ts @@ -384,7 +384,7 @@ export abstract class SnapshotCredentials { * } * ``` */ - public static fromSecret(secret: secretsmanager.Secret): SnapshotCredentials { + public static fromSecret(secret: secretsmanager.ISecret): SnapshotCredentials { return { generatePassword: false, password: secret.secretValueFromJson('password'), @@ -435,7 +435,7 @@ export abstract class SnapshotCredentials { * * @default - none */ - public abstract readonly secret?: secretsmanager.Secret; + public abstract readonly secret?: secretsmanager.ISecret; /** * The characters to exclude from the generated password. From e8173812aad5f482b1bfcc6737f63cfef0c4841c Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Thu, 31 Mar 2022 08:42:08 -0700 Subject: [PATCH 06/59] fix(apigateway): allow using GENERATE_IF_NEEDED for the physical name in LambdaRestApi (#19638) Fixes #9374 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-apigateway/lib/restapi.ts | 9 ++++++--- .../aws-apigateway/test/lambda-api.test.ts | 20 +++++++++++++++++++ 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/restapi.ts b/packages/@aws-cdk/aws-apigateway/lib/restapi.ts index f6433ebab601d..7300f1da4b9b3 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/restapi.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/restapi.ts @@ -322,8 +322,11 @@ export abstract class RestApiBase extends Resource implements IRestApi { protected cloudWatchAccount?: CfnAccount; constructor(scope: Construct, id: string, props: RestApiBaseProps = { }) { - super(scope, id); - this.restApiName = props.restApiName ?? id; + const restApiName = props.restApiName ?? id; + super(scope, id, { + physicalName: restApiName, + }); + this.restApiName = restApiName; Object.defineProperty(this, RESTAPI_SYMBOL, { value: true }); } @@ -736,7 +739,7 @@ export class RestApi extends RestApiBase { super(scope, id, props); const resource = new CfnRestApi(this, 'Resource', { - name: this.restApiName, + name: this.physicalName, description: props.description, policy: props.policy, failOnWarnings: props.failOnWarnings, diff --git a/packages/@aws-cdk/aws-apigateway/test/lambda-api.test.ts b/packages/@aws-cdk/aws-apigateway/test/lambda-api.test.ts index 314225d3afe34..f7c47afe85d2b 100644 --- a/packages/@aws-cdk/aws-apigateway/test/lambda-api.test.ts +++ b/packages/@aws-cdk/aws-apigateway/test/lambda-api.test.ts @@ -242,4 +242,24 @@ describe('lambda api', () => { ], }); }); + + test('LambdaRestApi allows passing GENERATE_IF_NEEDED as the physical name', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new apigw.LambdaRestApi(stack, 'lambda-rest-api', { + handler: new lambda.Function(stack, 'handler', { + handler: 'index.handler', + code: lambda.Code.fromInline('boom'), + runtime: lambda.Runtime.NODEJS_10_X, + }), + restApiName: cdk.PhysicalName.GENERATE_IF_NEEDED, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::RestApi', { + Name: Match.absent(), + }); + }); }); From c62eeb7162d85c8cb162f8c0ad4b93fb5bccf981 Mon Sep 17 00:00:00 2001 From: Tietew Date: Fri, 1 Apr 2022 01:28:34 +0900 Subject: [PATCH 07/59] fix(aws-cognito): Lambda::Permission of lambdaTrigger should have a SourceArn (#19622) Fixes #19604 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-cognito/lib/user-pool.ts | 2 +- ...nteg.user-pool-custom-sender.expected.json | 8 +- ...teg.user-pool-explicit-props.expected.json | 80 ++++++++++++++++--- .../aws-cognito/test/user-pool.test.ts | 10 ++- 4 files changed, 85 insertions(+), 15 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts index a4157d629307d..21a41f4c8721c 100644 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts +++ b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts @@ -936,7 +936,7 @@ export class UserPool extends UserPoolBase { const capitalize = name.charAt(0).toUpperCase() + name.slice(1); fn.addPermission(`${capitalize}Cognito`, { principal: new ServicePrincipal('cognito-idp.amazonaws.com'), - sourceArn: this.userPoolArn, + sourceArn: Lazy.string({ produce: () => this.userPoolArn }), }); } diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-custom-sender.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-custom-sender.expected.json index c28251be02c92..8bc2a5deae13f 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-custom-sender.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-custom-sender.expected.json @@ -60,7 +60,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "pool056F3F7E", + "Arn" + ] + } } }, "keyFEDD6EC0": { diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json index 0811dc3173db4..bf01ef9d1faaf 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json @@ -61,7 +61,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "customMessageServiceRoleB4AE7F17": { @@ -125,7 +131,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "defineAuthChallengeServiceRole9E2D15DF": { @@ -189,7 +201,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "postAuthenticationServiceRole5B3B242A": { @@ -253,7 +271,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "postConfirmationServiceRole864BE5F9": { @@ -317,7 +341,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "preAuthenticationServiceRole9712F4D8": { @@ -381,7 +411,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "preSignUpServiceRole0A7E91EB": { @@ -445,7 +481,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "preTokenGenerationServiceRole430C3D14": { @@ -509,7 +551,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "userMigrationServiceRole091766B0": { @@ -573,7 +621,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "verifyAuthChallengeResponseServiceRole7077884C": { @@ -637,7 +691,13 @@ "Arn" ] }, - "Principal": "cognito-idp.amazonaws.com" + "Principal": "cognito-idp.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "myuserpool01998219", + "Arn" + ] + } } }, "myuserpoolsmsRole0E16FDD9": { diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts index b482d244ea6fa..25be5288800cf 100644 --- a/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts +++ b/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts @@ -335,7 +335,7 @@ describe('User Pool', () => { const fn = fooFunction(stack, 'preSignUp'); // WHEN - new UserPool(stack, 'Pool', { + const pool = new UserPool(stack, 'Pool', { lambdaTriggers: { preSignUp: fn, }, @@ -351,6 +351,7 @@ describe('User Pool', () => { Action: 'lambda:InvokeFunction', FunctionName: stack.resolve(fn.functionArn), Principal: 'cognito-idp.amazonaws.com', + SourceArn: stack.resolve(pool.userPoolArn), }); }); @@ -362,7 +363,7 @@ describe('User Pool', () => { const smsFn = fooFunction(stack, 'customSmsSender'); // WHEN - new UserPool(stack, 'Pool', { + const pool = new UserPool(stack, 'Pool', { customSenderKmsKey: kmsKey, lambdaTriggers: { customEmailSender: emailFn, @@ -387,11 +388,13 @@ describe('User Pool', () => { Action: 'lambda:InvokeFunction', FunctionName: stack.resolve(emailFn.functionArn), Principal: 'cognito-idp.amazonaws.com', + SourceArn: stack.resolve(pool.userPoolArn), }); Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', { Action: 'lambda:InvokeFunction', FunctionName: stack.resolve(smsFn.functionArn), Principal: 'cognito-idp.amazonaws.com', + SourceArn: stack.resolve(pool.userPoolArn), }); }); @@ -479,6 +482,7 @@ describe('User Pool', () => { Action: 'lambda:InvokeFunction', FunctionName: stack.resolve(fn.functionArn), Principal: 'cognito-idp.amazonaws.com', + SourceArn: stack.resolve(pool.userPoolArn), }); }); }); @@ -1760,4 +1764,4 @@ function fooFunction(scope: Construct, name: string): lambda.IFunction { function fooKey(scope: Construct, name: string): kms.Key { return new kms.Key(scope, name); -} \ No newline at end of file +} From 0096e672e02123a2ae4e094ba9bb11af3aef20b2 Mon Sep 17 00:00:00 2001 From: Ihnat Klimchuk <12488585+IhnatKlimchuk@users.noreply.github.com> Date: Thu, 31 Mar 2022 20:11:15 +0300 Subject: [PATCH 08/59] feat(ecs-patterns): PlacementStrategy and PlacementConstraint for many patterns (#19612) I've added PlacementStrategy and PlacementConstraint to - ApplicationLoadBalancedEc2Service - ApplicationMultipleTargetGroupsEc2Service - NetworkLoadBalancedEc2Service - NetworkMultipleTargetGroupsEc2Service - QueueProcessingEc2Service and pass it to AWS ECS related service. fixes https://github.com/aws/aws-cdk/issues/19225 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../application-load-balanced-ecs-service.ts | 20 ++++++++++++++++++- ...tion-multiple-target-groups-ecs-service.ts | 20 ++++++++++++++++++- .../ecs/network-load-balanced-ecs-service.ts | 20 ++++++++++++++++++- ...work-multiple-target-groups-ecs-service.ts | 20 ++++++++++++++++++- .../lib/ecs/queue-processing-ecs-service.ts | 20 ++++++++++++++++++- .../aws-ecs-patterns/test/ec2/l3s-v2.test.ts | 10 ++++++++++ .../ec2/queue-processing-ecs-service.test.ts | 4 ++++ 7 files changed, 109 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-load-balanced-ecs-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-load-balanced-ecs-service.ts index 6d1809a68d18b..25a38144d6e3e 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-load-balanced-ecs-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-load-balanced-ecs-service.ts @@ -1,4 +1,4 @@ -import { Ec2Service, Ec2TaskDefinition } from '@aws-cdk/aws-ecs'; +import { Ec2Service, Ec2TaskDefinition, PlacementConstraint, PlacementStrategy } from '@aws-cdk/aws-ecs'; import * as cxapi from '@aws-cdk/cx-api'; import { Construct } from 'constructs'; import { ApplicationLoadBalancedServiceBase, ApplicationLoadBalancedServiceBaseProps } from '../base/application-load-balanced-service-base'; @@ -63,6 +63,22 @@ export interface ApplicationLoadBalancedEc2ServiceProps extends ApplicationLoadB * @default - No memory reserved. */ readonly memoryReservationMiB?: number; + + /** + * The placement constraints to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html). + * + * @default - No constraints. + */ + readonly placementConstraints?: PlacementConstraint[]; + + /** + * The placement strategies to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html). + * + * @default - No strategies. + */ + readonly placementStrategies?: PlacementStrategy[]; } /** @@ -135,6 +151,8 @@ export class ApplicationLoadBalancedEc2Service extends ApplicationLoadBalancedSe cloudMapOptions: props.cloudMapOptions, deploymentController: props.deploymentController, circuitBreaker: props.circuitBreaker, + placementConstraints: props.placementConstraints, + placementStrategies: props.placementStrategies, }); this.addServiceAsTarget(this.service); } diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-multiple-target-groups-ecs-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-multiple-target-groups-ecs-service.ts index f77e7e4dccdc3..6934ba66eac63 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-multiple-target-groups-ecs-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/application-multiple-target-groups-ecs-service.ts @@ -1,4 +1,4 @@ -import { Ec2Service, Ec2TaskDefinition } from '@aws-cdk/aws-ecs'; +import { Ec2Service, Ec2TaskDefinition, PlacementConstraint, PlacementStrategy } from '@aws-cdk/aws-ecs'; import { ApplicationTargetGroup } from '@aws-cdk/aws-elasticloadbalancingv2'; import * as cxapi from '@aws-cdk/cx-api'; import { Construct } from 'constructs'; @@ -58,6 +58,22 @@ export interface ApplicationMultipleTargetGroupsEc2ServiceProps extends Applicat * @default - No memory reserved. */ readonly memoryReservationMiB?: number; + + /** + * The placement constraints to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html). + * + * @default - No constraints. + */ + readonly placementConstraints?: PlacementConstraint[]; + + /** + * The placement strategies to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html). + * + * @default - No strategies. + */ + readonly placementStrategies?: PlacementStrategy[]; } /** @@ -150,6 +166,8 @@ export class ApplicationMultipleTargetGroupsEc2Service extends ApplicationMultip propagateTags: props.propagateTags, enableECSManagedTags: props.enableECSManagedTags, cloudMapOptions: props.cloudMapOptions, + placementConstraints: props.placementConstraints, + placementStrategies: props.placementStrategies, }); } } diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-load-balanced-ecs-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-load-balanced-ecs-service.ts index b8862dfbed338..6b3798704f4e4 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-load-balanced-ecs-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-load-balanced-ecs-service.ts @@ -1,4 +1,4 @@ -import { Ec2Service, Ec2TaskDefinition } from '@aws-cdk/aws-ecs'; +import { Ec2Service, Ec2TaskDefinition, PlacementConstraint, PlacementStrategy } from '@aws-cdk/aws-ecs'; import * as cxapi from '@aws-cdk/cx-api'; import { Construct } from 'constructs'; import { NetworkLoadBalancedServiceBase, NetworkLoadBalancedServiceBaseProps } from '../base/network-load-balanced-service-base'; @@ -61,6 +61,22 @@ export interface NetworkLoadBalancedEc2ServiceProps extends NetworkLoadBalancedS * @default - No memory reserved. */ readonly memoryReservationMiB?: number; + + /** + * The placement constraints to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html). + * + * @default - No constraints. + */ + readonly placementConstraints?: PlacementConstraint[]; + + /** + * The placement strategies to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html). + * + * @default - No strategies. + */ + readonly placementStrategies?: PlacementStrategy[]; } /** @@ -133,6 +149,8 @@ export class NetworkLoadBalancedEc2Service extends NetworkLoadBalancedServiceBas cloudMapOptions: props.cloudMapOptions, deploymentController: props.deploymentController, circuitBreaker: props.circuitBreaker, + placementConstraints: props.placementConstraints, + placementStrategies: props.placementStrategies, }); this.addServiceAsTarget(this.service); } diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-multiple-target-groups-ecs-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-multiple-target-groups-ecs-service.ts index 12d5b25ce67fd..5e4b5a40c0a37 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-multiple-target-groups-ecs-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/network-multiple-target-groups-ecs-service.ts @@ -1,4 +1,4 @@ -import { Ec2Service, Ec2TaskDefinition } from '@aws-cdk/aws-ecs'; +import { Ec2Service, Ec2TaskDefinition, PlacementConstraint, PlacementStrategy } from '@aws-cdk/aws-ecs'; import { NetworkTargetGroup } from '@aws-cdk/aws-elasticloadbalancingv2'; import * as cxapi from '@aws-cdk/cx-api'; import { Construct } from 'constructs'; @@ -57,6 +57,22 @@ export interface NetworkMultipleTargetGroupsEc2ServiceProps extends NetworkMulti * @default - No memory reserved. */ readonly memoryReservationMiB?: number; + + /** + * The placement constraints to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html). + * + * @default - No constraints. + */ + readonly placementConstraints?: PlacementConstraint[]; + + /** + * The placement strategies to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html). + * + * @default - No strategies. + */ + readonly placementStrategies?: PlacementStrategy[]; } /** @@ -150,6 +166,8 @@ export class NetworkMultipleTargetGroupsEc2Service extends NetworkMultipleTarget propagateTags: props.propagateTags, enableECSManagedTags: props.enableECSManagedTags, cloudMapOptions: props.cloudMapOptions, + placementConstraints: props.placementConstraints, + placementStrategies: props.placementStrategies, }); } } diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts index 0d9f612abfb76..0cd4ae3e77d2a 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts @@ -1,4 +1,4 @@ -import { Ec2Service, Ec2TaskDefinition } from '@aws-cdk/aws-ecs'; +import { Ec2Service, Ec2TaskDefinition, PlacementConstraint, PlacementStrategy } from '@aws-cdk/aws-ecs'; import * as cxapi from '@aws-cdk/cx-api'; import { Construct } from 'constructs'; import { QueueProcessingServiceBase, QueueProcessingServiceBaseProps } from '../base/queue-processing-service-base'; @@ -67,6 +67,22 @@ export interface QueueProcessingEc2ServiceProps extends QueueProcessingServiceBa * @default - QueueProcessingContainer */ readonly containerName?: string; + + /** + * The placement constraints to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html). + * + * @default - No constraints. + */ + readonly placementConstraints?: PlacementConstraint[]; + + /** + * The placement strategies to use for tasks in the service. For more information, see + * [Amazon ECS Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html). + * + * @default - No strategies. + */ + readonly placementStrategies?: PlacementStrategy[]; } /** @@ -124,6 +140,8 @@ export class QueueProcessingEc2Service extends QueueProcessingServiceBase { deploymentController: props.deploymentController, circuitBreaker: props.circuitBreaker, capacityProviderStrategies: props.capacityProviderStrategies, + placementConstraints: props.placementConstraints, + placementStrategies: props.placementStrategies, }); this.configureAutoscalingForService(this.service); diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/l3s-v2.test.ts b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/l3s-v2.test.ts index 322e503a44aaf..9e7ffb5d4057c 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/l3s-v2.test.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/l3s-v2.test.ts @@ -11,6 +11,8 @@ import { Ec2TaskDefinition, PropagatedTagSource, Protocol, + PlacementStrategy, + PlacementConstraint, } from '@aws-cdk/aws-ecs'; import { ApplicationProtocol, SslPolicy } from '@aws-cdk/aws-elasticloadbalancingv2'; import { CompositePrincipal, Role, ServicePrincipal } from '@aws-cdk/aws-iam'; @@ -163,6 +165,8 @@ describe('When Application Load Balancer', () => { protocol: Protocol.TCP, }, ], + placementStrategies: [PlacementStrategy.spreadAcrossInstances(), PlacementStrategy.packedByCpu(), PlacementStrategy.randomly()], + placementConstraints: [PlacementConstraint.memberOf('attribute:ecs.instance-type =~ m5a.*')], }); // THEN @@ -189,6 +193,8 @@ describe('When Application Load Balancer', () => { ], PropagateTags: 'SERVICE', ServiceName: 'myService', + PlacementConstraints: [{ Type: 'memberOf', Expression: 'attribute:ecs.instance-type =~ m5a.*' }], + PlacementStrategies: [{ Field: 'instanceId', Type: 'spread' }, { Field: 'cpu', Type: 'binpack' }, { Type: 'random' }], }); Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { @@ -1042,6 +1048,8 @@ describe('When Network Load Balancer', () => { listener: 'listener2', }, ], + placementStrategies: [PlacementStrategy.spreadAcrossInstances(), PlacementStrategy.packedByCpu(), PlacementStrategy.randomly()], + placementConstraints: [PlacementConstraint.memberOf('attribute:ecs.instance-type =~ m5a.*')], }); // THEN @@ -1069,6 +1077,8 @@ describe('When Network Load Balancer', () => { PropagateTags: 'SERVICE', SchedulingStrategy: 'REPLICA', ServiceName: 'myService', + PlacementConstraints: [{ Type: 'memberOf', Expression: 'attribute:ecs.instance-type =~ m5a.*' }], + PlacementStrategies: [{ Field: 'instanceId', Type: 'spread' }, { Field: 'cpu', Type: 'binpack' }, { Type: 'random' }], }); Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts index e5b68caa55761..5b8800e41cc17 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts @@ -234,6 +234,8 @@ testDeprecated('test ECS queue worker service construct - with optional props', family: 'ecs-task-family', circuitBreaker: { rollback: true }, gpuCount: 256, + placementStrategies: [ecs.PlacementStrategy.spreadAcrossInstances(), ecs.PlacementStrategy.packedByCpu(), ecs.PlacementStrategy.randomly()], + placementConstraints: [ecs.PlacementConstraint.memberOf('attribute:ecs.instance-type =~ m5a.*')], }); // THEN - QueueWorker is of EC2 launch type, an SQS queue is created and all optional properties are set. @@ -252,6 +254,8 @@ testDeprecated('test ECS queue worker service construct - with optional props', DeploymentController: { Type: 'ECS', }, + PlacementConstraints: [{ Type: 'memberOf', Expression: 'attribute:ecs.instance-type =~ m5a.*' }], + PlacementStrategies: [{ Field: 'instanceId', Type: 'spread' }, { Field: 'cpu', Type: 'binpack' }, { Type: 'random' }], }); Template.fromStack(stack).hasResourceProperties('AWS::SQS::Queue', { From dab6aca5005c8d6d180aada699a4cebc2ef5aefa Mon Sep 17 00:00:00 2001 From: Mitch Lloyd Date: Thu, 31 Mar 2022 13:54:06 -0400 Subject: [PATCH 09/59] feat(kinesisanalytics-flink): Add metrics to Flink applications (#19599) I PR'd the [original version of the aws-kinesisanalytics-flink constructs](https://github.com/aws/aws-cdk/pull/12464) to CDK. I'm following up to add the missing `metric*` methods according to the [design guidelines](https://github.com/aws/aws-cdk/blob/master/docs/DESIGN_GUIDELINES.md#metrics). [Reference for Flink Application metrics](https://docs.aws.amazon.com/kinesisanalytics/latest/java/metrics-dimensions.html). I have a few running Flink apps and I was able to see that KPUs are also reported for the Flink apps. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) * [x] I don't think conventional metric changes require an update to the README. ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-kinesisanalytics-flink/README.md | 2 +- .../lib/application.ts | 658 ++++++++++++++++++ .../aws-kinesisanalytics-flink/package.json | 2 + .../test/application.test.ts | 63 ++ .../test/integ.application.lit.expected.json | 20 + .../test/integ.application.lit.ts | 9 +- 6 files changed, 752 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md b/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md index 2882cc60afc54..8e91fcd78b6ac 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md @@ -18,7 +18,7 @@ This package provides constructs for creating Kinesis Analytics Flink applications. To learn more about using using managed Flink applications, see the [AWS developer -guide](https://docs.aws.amazon.com/kinesisanalytics/latest/java/what-is.html). +guide](https://docs.aws.amazon.com/kinesisanalytics/latest/java/). ## Creating Flink Applications diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/application.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/application.ts index 4a0f3bfc36138..f0fe1f659c035 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/application.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/application.ts @@ -1,3 +1,4 @@ +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import * as iam from '@aws-cdk/aws-iam'; import { CfnApplicationCloudWatchLoggingOptionV2, CfnApplicationV2 } from '@aws-cdk/aws-kinesisanalytics'; import * as logs from '@aws-cdk/aws-logs'; @@ -37,6 +38,305 @@ export interface IApplication extends core.IResource, iam.IGrantable { * Convenience method for adding a policy statement to the application role. */ addToRolePolicy(policyStatement: iam.PolicyStatement): boolean; + + /** + * Return a CloudWatch metric associated with this Flink application. + * + * @param metricName The name of the metric + * @param props Customization properties + */ + metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The number of Kinesis Processing Units that are used to run your stream + * processing application. The average number of KPUs used each hour + * determines the billing for your application. + * + * Units: Count + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricKpus(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The time elapsed during an outage for failing/recovering jobs. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricDowntime(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The time that the job has been running without interruption. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default sample count over 5 minutes + */ + metricUptime(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total number of times this job has fully restarted since it was + * submitted. This metric does not measure fine-grained restarts. + * + * Units: Count + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricFullRestarts(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The number of times checkpointing has failed. + * + * Units: Count + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricNumberOfFailedCheckpoints(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The time it took to complete the last checkpoint. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default maximum over 5 minutes + */ + metricLastCheckpointDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total size of the last checkpoint. + * + * Units: Bytes + * + * Reporting Level: Application + * + * @default maximum over 5 minutes + */ + metricLastCheckpointSize(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The overall percentage of CPU utilization across task managers. For + * example, if there are five task managers, Kinesis Data Analytics publishes + * five samples of this metric per reporting interval. + * + * Units: Percentage + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricCpuUtilization(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * Overall heap memory utilization across task managers. For example, if there + * are five task managers, Kinesis Data Analytics publishes five samples of + * this metric per reporting interval. + * + * Units: Percentage + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricHeapMemoryUtilization(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total time spent performing old garbage collection operations. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricOldGenerationGCTime(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total number of old garbage collection operations that have occurred + * across all task managers. + * + * Units: Count + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricOldGenerationGCCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total number of live threads used by the application. + * + * Units: Count + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricThreadsCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total number of records this application, operator, or task has + * received. + * + * Units: Count + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsIn(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total number of records this application, operator or task has + * received per second. + * + * Units: Count/Second + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsInPerSecond(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total number of records this application, operator or task has emitted. + * + * Units: Count + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsOut(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total number of records this application, operator or task has emitted + * per second. + * + * Units: Count/Second + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsOutPerSecond(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The number of records this operator or task has dropped due to arriving late. + * + * Units: Count + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default sum over 5 minutes + */ + metricNumLateRecordsDropped(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The last watermark this application/operator/task/thread has received. + * + * Units: Milliseconds + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default maximum over 5 minutes + */ + metricCurrentInputWatermark(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The last watermark this application/operator/task/thread has received. + * + * Units: Milliseconds + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default maximum over 5 minutes + */ + metricCurrentOutputWatermark(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The amount of managed memory currently used. + * + * Units: Bytes + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricManagedMemoryUsed(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The total amount of managed memory. + * + * Units: Bytes + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricManagedMemoryTotal(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * Derived from managedMemoryUsed/managedMemoryTotal. + * + * Units: Percentage + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricManagedMemoryUtilization(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The time (in milliseconds) this task or operator is idle (has no data to + * process) per second. Idle time excludes back pressured time, so if the task + * is back pressured it is not idle. + * + * Units: Milliseconds + * + * Reporting Level: Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricIdleTimeMsPerSecond(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The time (in milliseconds) this task or operator is back pressured per + * second. + * + * Units: Milliseconds + * + * Reporting Level: Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricBackPressuredTimeMsPerSecond(props?: cloudwatch.MetricOptions): cloudwatch.Metric; + + /** + * The time (in milliseconds) this task or operator is busy (neither idle nor + * back pressured) per second. Can be NaN, if the value could not be + * calculated. + * + * Units: Milliseconds + * + * Reporting Level: Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricBusyTimePerMsPerSecond(props?: cloudwatch.MetricOptions): cloudwatch.Metric; } /** @@ -60,6 +360,364 @@ abstract class ApplicationBase extends core.Resource implements IApplication { return false; } + + /** + * Return a CloudWatch metric associated with this Flink application. + * + * @param metricName The name of the metric + * @param props Customization properties + */ + metric(metricName: string, props?: cloudwatch.MetricOptions) { + return new cloudwatch.Metric({ + namespace: 'AWS/KinesisAnalytics', + metricName, + dimensionsMap: { Application: this.applicationName }, + ...props, + }).attachTo(this); + } + + /** + * The number of Kinesis Processing Units that are used to run your stream + * processing application. The average number of KPUs used each hour + * determines the billing for your application. + * + * Units: Count + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricKpus(props?: cloudwatch.MetricOptions) { + return this.metric('KPUs', { statistic: 'Average', ...props }); + } + + + /** + * The time elapsed during an outage for failing/recovering jobs. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricDowntime(props?: cloudwatch.MetricOptions) { + return this.metric('downtime', { statistic: 'Average', ...props }); + } + + /** + * The time that the job has been running without interruption. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricUptime(props?: cloudwatch.MetricOptions) { + return this.metric('uptime', { statistic: 'Average', ...props }); + } + + /** + * The total number of times this job has fully restarted since it was + * submitted. This metric does not measure fine-grained restarts. + * + * Units: Count + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricFullRestarts(props?: cloudwatch.MetricOptions) { + return this.metric('fullRestarts', { statistic: 'Sum', ...props }); + } + + /** + * The number of times checkpointing has failed. + * + * Units: Count + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricNumberOfFailedCheckpoints(props?: cloudwatch.MetricOptions) { + return this.metric('numberOfFailedCheckpoints', { statistic: 'Sum', ...props }); + } + + /** + * The time it took to complete the last checkpoint. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default maximum over 5 minutes + */ + metricLastCheckpointDuration(props?: cloudwatch.MetricOptions) { + return this.metric('lastCheckpointDuration', { statistic: 'Maximum', ...props }); + } + + /** + * The total size of the last checkpoint. + * + * Units: Bytes + * + * Reporting Level: Application + * + * @default maximum over 5 minutes + */ + metricLastCheckpointSize(props?: cloudwatch.MetricOptions) { + return this.metric('lastCheckpointSize', { statistic: 'Maximum', ...props }); + } + + /** + * The overall percentage of CPU utilization across task managers. For + * example, if there are five task managers, Kinesis Data Analytics publishes + * five samples of this metric per reporting interval. + * + * Units: Percentage + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricCpuUtilization(props?: cloudwatch.MetricOptions) { + return this.metric('cpuUtilization', { statistic: 'Average', ...props }); + } + + /** + * Overall heap memory utilization across task managers. For example, if there + * are five task managers, Kinesis Data Analytics publishes five samples of + * this metric per reporting interval. + * + * Units: Percentage + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricHeapMemoryUtilization(props?: cloudwatch.MetricOptions) { + return this.metric('heapMemoryUtilization', { statistic: 'Average', ...props }); + } + + /** + * The total time spent performing old garbage collection operations. + * + * Units: Milliseconds + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricOldGenerationGCTime(props?: cloudwatch.MetricOptions) { + return this.metric('oldGenerationGCTime', { statistic: 'Sum', ...props }); + } + + /** + * The total number of old garbage collection operations that have occurred + * across all task managers. + * + * Units: Count + * + * Reporting Level: Application + * + * @default sum over 5 minutes + */ + metricOldGenerationGCCount(props?: cloudwatch.MetricOptions) { + return this.metric('oldGenerationGCCount', { statistic: 'Sum', ...props }); + } + + /** + * The total number of live threads used by the application. + * + * Units: Count + * + * Reporting Level: Application + * + * @default average over 5 minutes + */ + metricThreadsCount(props?: cloudwatch.MetricOptions) { + return this.metric('threadsCount', { statistic: 'Average', ...props }); + } + + /** + * The total number of records this application, operator, or task has + * received. + * + * Units: Count + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsIn(props?: cloudwatch.MetricOptions) { + return this.metric('numRecordsIn', { statistic: 'Average', ...props }); + } + + /** + * The total number of records this application, operator or task has received + * per second. + * + * Units: Count/Second + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsInPerSecond(props?: cloudwatch.MetricOptions) { + return this.metric('numRecordsInPerSecond', { statistic: 'Average', ...props }); + } + + /** + * The total number of records this application, operator or task has emitted. + * + * Units: Count + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsOut(props?: cloudwatch.MetricOptions) { + return this.metric('numRecordsOut', { statistic: 'Average', ...props }); + } + + /** + * The total number of records this application, operator or task has emitted + * per second. + * + * Units: Count/Second + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricNumRecordsOutPerSecond(props?: cloudwatch.MetricOptions) { + return this.metric('numRecordsOutPerSecond', { statistic: 'Average', ...props }); + } + + /** + * The number of records this operator or task has dropped due to arriving + * late. + * + * Units: Count + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default sum over 5 minutes + */ + metricNumLateRecordsDropped(props?: cloudwatch.MetricOptions) { + return this.metric('numLateRecordsDropped', { statistic: 'Sum', ...props }); + } + + /** + * The last watermark this application/operator/task/thread has received. + * + * Units: Milliseconds + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default maximum over 5 minutes + */ + metricCurrentInputWatermark(props?: cloudwatch.MetricOptions) { + return this.metric('currentInputWatermark', { statistic: 'Maximum', ...props }); + } + + /** + * The last watermark this application/operator/task/thread has received. + * + * Units: Milliseconds + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default maximum over 5 minutes + */ + metricCurrentOutputWatermark(props?: cloudwatch.MetricOptions) { + return this.metric('currentOutputWatermark', { statistic: 'Maximum', ...props }); + } + + /** + * The amount of managed memory currently used. + * + * Units: Bytes + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricManagedMemoryUsed(props?: cloudwatch.MetricOptions) { + return this.metric('managedMemoryUsed', { statistic: 'Average', ...props }); + } + + /** + * The total amount of managed memory. + * + * Units: Bytes + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricManagedMemoryTotal(props?: cloudwatch.MetricOptions) { + return this.metric('managedMemoryTotal', { statistic: 'Average', ...props }); + } + + /** + * Derived from managedMemoryUsed/managedMemoryTotal. + * + * Units: Percentage + * + * Reporting Level: Application, Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricManagedMemoryUtilization(props?: cloudwatch.MetricOptions) { + return this.metric('managedMemoryUtilization', { statistic: 'Average', ...props }); + } + + /** + * The time (in milliseconds) this task or operator is idle (has no data to + * process) per second. Idle time excludes back pressured time, so if the task + * is back pressured it is not idle. + * + * Units: Milliseconds + * + * Reporting Level: Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricIdleTimeMsPerSecond(props?: cloudwatch.MetricOptions) { + return this.metric('idleTimeMsPerSecond', { statistic: 'Average', ...props }); + } + + /** + * The time (in milliseconds) this task or operator is back pressured per + * second. + * + * Units: Milliseconds + * + * Reporting Level: Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricBackPressuredTimeMsPerSecond(props?: cloudwatch.MetricOptions) { + return this.metric('backPressuredTimeMsPerSecond', { statistic: 'Average', ...props }); + } + + /** + * The time (in milliseconds) this task or operator is busy (neither idle nor + * back pressured) per second. Can be NaN, if the value could not be + * calculated. + * + * Units: Milliseconds + * + * Reporting Level: Operator, Task, Parallelism + * + * @default average over 5 minutes + */ + metricBusyTimePerMsPerSecond(props?: cloudwatch.MetricOptions) { + return this.metric('busyTimePerMsPerSecond', { statistic: 'Average', ...props }); + } } /** diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/package.json b/packages/@aws-cdk/aws-kinesisanalytics-flink/package.json index fb639112e35c2..fff56a1f9b93c 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/package.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/package.json @@ -82,6 +82,7 @@ }, "dependencies": { "@aws-cdk/assets": "0.0.0", + "@aws-cdk/aws-cloudwatch": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-kinesisanalytics": "0.0.0", "@aws-cdk/aws-kms": "0.0.0", @@ -94,6 +95,7 @@ "homepage": "https://github.com/aws/aws-cdk", "peerDependencies": { "@aws-cdk/assets": "0.0.0", + "@aws-cdk/aws-cloudwatch": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-kinesisanalytics": "0.0.0", "@aws-cdk/aws-kms": "0.0.0", diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/application.test.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/application.test.ts index a4546a5fa9423..8c951730e65c2 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/application.test.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/application.test.ts @@ -1,5 +1,6 @@ import * as path from 'path'; import { Match, Template } from '@aws-cdk/assertions'; +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import * as iam from '@aws-cdk/aws-iam'; import * as logs from '@aws-cdk/aws-logs'; import * as s3 from '@aws-cdk/aws-s3'; @@ -602,4 +603,66 @@ describe('Application', () => { expect(flinkApp.applicationArn).toEqual(arn); expect(flinkApp.addToRolePolicy(new iam.PolicyStatement())).toBe(false); }); + + test('get metric', () => { + const flinkApp = new flink.Application(stack, 'Application', { ...requiredProps }); + expect(flinkApp.metric('KPUs', { statistic: 'Sum' })) + .toMatchObject({ + namespace: 'AWS/KinesisAnalytics', + metricName: 'KPUs', + dimensions: { Application: flinkApp.applicationName }, + statistic: 'Sum', + }); + }); + + test('canned metrics', () => { + const flinkApp = new flink.Application(stack, 'Application', { ...requiredProps }); + + // Table driven test with: [method, metricName, default statistic] + const assertions: Array<[(options?: cloudwatch.MetricOptions) => cloudwatch.Metric, string, string]> = [ + [flinkApp.metricKpus, 'KPUs', 'Average'], + [flinkApp.metricDowntime, 'downtime', 'Average'], + [flinkApp.metricUptime, 'uptime', 'Average'], + [flinkApp.metricFullRestarts, 'fullRestarts', 'Sum'], + [flinkApp.metricNumberOfFailedCheckpoints, 'numberOfFailedCheckpoints', 'Sum'], + [flinkApp.metricLastCheckpointDuration, 'lastCheckpointDuration', 'Maximum'], + [flinkApp.metricLastCheckpointSize, 'lastCheckpointSize', 'Maximum'], + [flinkApp.metricCpuUtilization, 'cpuUtilization', 'Average'], + [flinkApp.metricHeapMemoryUtilization, 'heapMemoryUtilization', 'Average'], + [flinkApp.metricOldGenerationGCTime, 'oldGenerationGCTime', 'Sum'], + [flinkApp.metricOldGenerationGCCount, 'oldGenerationGCCount', 'Sum'], + [flinkApp.metricThreadsCount, 'threadsCount', 'Average'], + [flinkApp.metricNumRecordsIn, 'numRecordsIn', 'Average'], + [flinkApp.metricNumRecordsInPerSecond, 'numRecordsInPerSecond', 'Average'], + [flinkApp.metricNumRecordsOut, 'numRecordsOut', 'Average'], + [flinkApp.metricNumRecordsOutPerSecond, 'numRecordsOutPerSecond', 'Average'], + [flinkApp.metricNumLateRecordsDropped, 'numLateRecordsDropped', 'Sum'], + [flinkApp.metricCurrentInputWatermark, 'currentInputWatermark', 'Maximum'], + [flinkApp.metricCurrentOutputWatermark, 'currentOutputWatermark', 'Maximum'], + [flinkApp.metricManagedMemoryUsed, 'managedMemoryUsed', 'Average'], + [flinkApp.metricManagedMemoryTotal, 'managedMemoryTotal', 'Average'], + [flinkApp.metricManagedMemoryUtilization, 'managedMemoryUtilization', 'Average'], + [flinkApp.metricIdleTimeMsPerSecond, 'idleTimeMsPerSecond', 'Average'], + [flinkApp.metricBackPressuredTimeMsPerSecond, 'backPressuredTimeMsPerSecond', 'Average'], + [flinkApp.metricBusyTimePerMsPerSecond, 'busyTimePerMsPerSecond', 'Average'], + ]; + + assertions.forEach(([method, metricName, defaultStatistic]) => { + // Test metrics with no options provided + expect(method.call(flinkApp)).toMatchObject({ + metricName, + statistic: defaultStatistic, + namespace: 'AWS/KinesisAnalytics', + dimensions: { + Application: flinkApp.applicationName, + }, + }); + + // Make sure we can override the default statistic and add other options + expect(method.call(flinkApp, { statistic: 'special', color: '#00ff00' })).toMatchObject({ + statistic: 'special', + color: '#00ff00', + }); + }); + }); }); diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json index 5ab3c94353f04..60f2f92a97420 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json @@ -276,6 +276,26 @@ } } } + }, + "Alarm7103F465": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "EvaluationPeriods": 1, + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppF1B96344" + } + } + ], + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.ts index 02a6a9949dcfa..11c8b5bda36f4 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.ts @@ -2,14 +2,21 @@ import * as path from 'path'; import * as core from '@aws-cdk/core'; import * as flink from '../lib'; +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; const app = new core.App(); const stack = new core.Stack(app, 'FlinkAppTest'); -new flink.Application(stack, 'App', { +const flinkApp = new flink.Application(stack, 'App', { code: flink.ApplicationCode.fromAsset(path.join(__dirname, 'code-asset')), runtime: flink.Runtime.FLINK_1_11, }); + +new cloudwatch.Alarm(stack, 'Alarm', { + metric: flinkApp.metricFullRestarts(), + evaluationPeriods: 1, + threshold: 3, +}); ///! hide app.synth(); From 88a783968a31346389a448e4207876d70b76e0b0 Mon Sep 17 00:00:00 2001 From: Tatsuya Yamamoto Date: Fri, 1 Apr 2022 03:43:08 +0900 Subject: [PATCH 10/59] chore(ssm): fix removed API ParameterStoreString (#19585) This PR replace `ParameterStoreString` to `StringParameter.fromStringParameterAttributes` in README. `ParameterStoreString` has been removed. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ssm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-ssm/README.md b/packages/@aws-cdk/aws-ssm/README.md index 23fea31765525..880cc6b7b3322 100644 --- a/packages/@aws-cdk/aws-ssm/README.md +++ b/packages/@aws-cdk/aws-ssm/README.md @@ -30,7 +30,7 @@ import * as ssm from '@aws-cdk/aws-ssm'; ## Using existing SSM Parameters in your CDK app You can reference existing SSM Parameter Store values that you want to use in -your CDK app by using `ssm.ParameterStoreString`: +your CDK app by using `ssm.StringParameter.fromStringParameterAttributes`: [using SSM parameter](test/integ.parameter-store-string.lit.ts) From e8142e944ac5fae9948e5c010fe475806b83c94b Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Thu, 31 Mar 2022 15:30:45 -0400 Subject: [PATCH 11/59] fix(elbv2): unable to add multiple certificates to NLB (#19289) This PR does a couple of things to update the NetworkListener to be on par with ApplicationListener. 1. Add a NetworkListenerCertificate construct that allows you to associate multiple certificates with a listener. 2. Add a `addCertificates` method to `NetworkListener` similar to the same method on the `ApplicationListener`. This is needed because even though the `certificates` property on a `Listener`is an array, it expects only one certificate. To add more than one you have to create an `AWS::ElasticLoadBalancingV2::ListenerCertificate`. This functionality was added to `ApplicationListner` via #13490. fixes #8918, #15328 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/nlb/network-listener-certificate.ts | 43 +++++++++++++ .../lib/nlb/network-listener.ts | 37 ++++++++++- .../test/nlb/listener.test.ts | 61 +++++++++++++++++++ 3 files changed, 139 insertions(+), 2 deletions(-) create mode 100644 packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener-certificate.ts diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener-certificate.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener-certificate.ts new file mode 100644 index 0000000000000..da8175962e49e --- /dev/null +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener-certificate.ts @@ -0,0 +1,43 @@ +import { Construct } from 'constructs'; +import { CfnListenerCertificate } from '../elasticloadbalancingv2.generated'; +import { IListenerCertificate } from '../shared/listener-certificate'; +import { INetworkListener } from './network-listener'; + +// keep this import separate from other imports to reduce chance for merge conflicts with v2-main +// eslint-disable-next-line no-duplicate-imports, import/order +import { Construct as CoreConstruct } from '@aws-cdk/core'; + +/** + * Properties for adding a set of certificates to a listener + */ +export interface NetworkListenerCertificateProps { + /** + * The listener to attach the rule to + */ + readonly listener: INetworkListener; + + /** + * Certificates to attach + * + * Duplicates are not allowed. + */ + readonly certificates: IListenerCertificate[]; +} + +/** + * Add certificates to a listener + */ +export class NetworkListenerCertificate extends CoreConstruct { + constructor(scope: Construct, id: string, props: NetworkListenerCertificateProps) { + super(scope, id); + + const certificates = [ + ...(props.certificates || []).map(c => ({ certificateArn: c.certificateArn })), + ]; + + new CfnListenerCertificate(this, 'Resource', { + listenerArn: props.listener.listenerArn, + certificates, + }); + } +} diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts index d48dbafc8202a..df043d06282b7 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts @@ -1,5 +1,5 @@ import * as cxschema from '@aws-cdk/cloud-assembly-schema'; -import { Duration, IResource, Resource } from '@aws-cdk/core'; +import { Duration, IResource, Resource, Lazy } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { BaseListener, BaseListenerLookupOptions } from '../shared/base-listener'; import { HealthCheck } from '../shared/base-target-group'; @@ -7,6 +7,7 @@ import { AlpnPolicy, Protocol, SslPolicy } from '../shared/enums'; import { IListenerCertificate } from '../shared/listener-certificate'; import { validateNetworkProtocol } from '../shared/util'; import { NetworkListenerAction } from './network-listener-action'; +import { NetworkListenerCertificate } from './network-listener-certificate'; import { INetworkLoadBalancer } from './network-load-balancer'; import { INetworkLoadBalancerTarget, INetworkTargetGroup, NetworkTargetGroup } from './network-target-group'; @@ -160,6 +161,11 @@ export class NetworkListener extends BaseListener implements INetworkListener { */ public readonly loadBalancer: INetworkLoadBalancer; + /** + * ARNs of certificates added to this listener + */ + private readonly certificateArns: string[]; + /** * the protocol of the listener */ @@ -188,13 +194,17 @@ export class NetworkListener extends BaseListener implements INetworkListener { protocol: proto, port: props.port, sslPolicy: props.sslPolicy, - certificates: props.certificates, + certificates: Lazy.any({ produce: () => this.certificateArns.map(certificateArn => ({ certificateArn })) }, { omitEmptyArray: true }), alpnPolicy: props.alpnPolicy ? [props.alpnPolicy] : undefined, }); + this.certificateArns = []; this.loadBalancer = props.loadBalancer; this.protocol = proto; + if (certs.length > 0) { + this.addCertificates('DefaultCertificates', certs); + } if (props.defaultAction && props.defaultTargetGroups) { throw new Error('Specify at most one of \'defaultAction\' and \'defaultTargetGroups\''); } @@ -208,6 +218,29 @@ export class NetworkListener extends BaseListener implements INetworkListener { } } + /** + * Add one or more certificates to this listener. + * + * After the first certificate, this creates NetworkListenerCertificates + * resources since cloudformation requires the certificates array on the + * listener resource to have a length of 1. + */ + public addCertificates(id: string, certificates: IListenerCertificate[]): void { + const additionalCerts = [...certificates]; + if (this.certificateArns.length === 0 && additionalCerts.length > 0) { + const first = additionalCerts.splice(0, 1)[0]; + this.certificateArns.push(first.certificateArn); + } + // Only one certificate can be specified per resource, even though + // `certificates` is of type Array + for (let i = 0; i < additionalCerts.length; i++) { + new NetworkListenerCertificate(this, `${id}${i + 1}`, { + listener: this, + certificates: [additionalCerts[i]], + }); + } + } + /** * Load balance incoming requests to the given target groups. * diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/listener.test.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/listener.test.ts index b92df26e76bb7..d5343c559d623 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/listener.test.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/listener.test.ts @@ -416,6 +416,62 @@ describe('tests', () => { })).toThrow(/Protocol must be TLS when certificates have been specified/); }); + test('Can pass multiple certificates to network listener constructor', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.NetworkLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + lb.addListener('Listener', { + port: 443, + certificates: [ + importedCertificate(stack, 'cert1'), + importedCertificate(stack, 'cert2'), + ], + defaultTargetGroups: [new elbv2.NetworkTargetGroup(stack, 'Group', { vpc, port: 80 })], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + Protocol: 'TLS', + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::ListenerCertificate', { + Certificates: [{ CertificateArn: 'cert2' }], + }); + }); + + test('Can add multiple certificates to network listener after construction', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.NetworkLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + const listener = lb.addListener('Listener', { + port: 443, + certificates: [ + importedCertificate(stack, 'cert1'), + ], + defaultTargetGroups: [new elbv2.NetworkTargetGroup(stack, 'Group', { vpc, port: 80 })], + }); + + listener.addCertificates('extra', [ + importedCertificate(stack, 'cert2'), + ]); + + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + Protocol: 'TLS', + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::ListenerCertificate', { + Certificates: [{ CertificateArn: 'cert2' }], + }); + }); + test('not allowed to specify defaultTargetGroups and defaultAction together', () => { // GIVEN const stack = new cdk.Stack(); @@ -462,3 +518,8 @@ class ResourceWithLBDependency extends cdk.CfnResource { this.node.addDependency(targetGroup.loadBalancerAttached); } } + +function importedCertificate(stack: cdk.Stack, + certificateArn = 'arn:aws:certificatemanager:123456789012:testregion:certificate/fd0b8392-3c0e-4704-81b6-8edf8612c852') { + return acm.Certificate.fromCertificateArn(stack, certificateArn, certificateArn); +} From 18a6b0cecb5e8a419d09a1456953cb2f422a6d76 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Thu, 31 Mar 2022 16:13:13 -0400 Subject: [PATCH 12/59] feat(elbv2): use `addAction()` on an imported application listener (#19293) This PR adds the ability to call `addAction()` on an imported `IApplicationListener`. Fixes #10902 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/alb/application-listener.ts | 45 +++++++++++ .../test/alb/listener.test.ts | 79 +++++++++++++++++++ 2 files changed, 124 insertions(+) diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index 52bfd666a0ed4..86b8593f3e8ac 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -508,6 +508,21 @@ export interface IApplicationListener extends IResource, ec2.IConnectable { * Don't call this directly. It is called by ApplicationTargetGroup. */ registerConnectable(connectable: ec2.IConnectable, portRange: ec2.Port): void; + + /** + * Perform the given action on incoming requests + * + * This allows full control of the default action of the load balancer, + * including Action chaining, fixed responses and redirect responses. See + * the `ListenerAction` class for all options. + * + * It's possible to add routing conditions to the Action added in this way. + * + * It is not possible to add a default action to an imported IApplicationListener. + * In order to add actions to an imported IApplicationListener a `priority` + * must be provided. + */ + addAction(id: string, props: AddApplicationActionProps): void; } /** @@ -627,6 +642,36 @@ abstract class ExternalApplicationListener extends Resource implements IApplicat // eslint-disable-next-line max-len throw new Error('Can only call addTargets() when using a constructed ApplicationListener; construct a new TargetGroup and use addTargetGroup.'); } + + /** + * Perform the given action on incoming requests + * + * This allows full control of the default action of the load balancer, + * including Action chaining, fixed responses and redirect responses. See + * the `ListenerAction` class for all options. + * + * It's possible to add routing conditions to the Action added in this way. + * + * It is not possible to add a default action to an imported IApplicationListener. + * In order to add actions to an imported IApplicationListener a `priority` + * must be provided. + */ + public addAction(id: string, props: AddApplicationActionProps): void { + checkAddRuleProps(props); + + if (props.priority !== undefined) { + // New rule + // + // TargetGroup.registerListener is called inside ApplicationListenerRule. + new ApplicationListenerRule(this, id + 'Rule', { + listener: this, + priority: props.priority, + ...props, + }); + } else { + throw new Error('priority must be set for actions added to an imported listener'); + } + } } /** diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts index 5caf1f756dd80..4167e012d6c4b 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts @@ -707,6 +707,85 @@ describe('tests', () => { }); }); + test('Can add actions to an imported listener', () => { + // GIVEN + const stack = new cdk.Stack(); + const stack2 = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LoadBalancer', { + vpc, + }); + const listener = lb.addListener('Listener', { + port: 80, + }); + + // WHEN + listener.addAction('Default', { + action: elbv2.ListenerAction.fixedResponse(404, { + contentType: 'text/plain', + messageBody: 'Not Found', + }), + }); + + const importedListener = elbv2.ApplicationListener.fromApplicationListenerAttributes(stack2, 'listener', { + listenerArn: 'listener-arn', + defaultPort: 443, + securityGroup: ec2.SecurityGroup.fromSecurityGroupId(stack2, 'SG', 'security-group-id', { + allowAllOutbound: false, + }), + }); + importedListener.addAction('Hello', { + action: elbv2.ListenerAction.fixedResponse(503), + conditions: [elbv2.ListenerCondition.pathPatterns(['/hello'])], + priority: 10, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + DefaultActions: [ + { + FixedResponseConfig: { + ContentType: 'text/plain', + MessageBody: 'Not Found', + StatusCode: '404', + }, + Type: 'fixed-response', + }, + ], + }); + + Template.fromStack(stack2).hasResourceProperties('AWS::ElasticLoadBalancingV2::ListenerRule', { + ListenerArn: 'listener-arn', + Priority: 10, + Actions: [ + { + FixedResponseConfig: { + StatusCode: '503', + }, + Type: 'fixed-response', + }, + ], + }); + }); + + test('actions added to an imported listener must have a priority', () => { + // GIVEN + const stack = new cdk.Stack(); + + const importedListener = elbv2.ApplicationListener.fromApplicationListenerAttributes(stack, 'listener', { + listenerArn: 'listener-arn', + defaultPort: 443, + securityGroup: ec2.SecurityGroup.fromSecurityGroupId(stack, 'SG', 'security-group-id', { + allowAllOutbound: false, + }), + }); + expect(() => { + importedListener.addAction('Hello', { + action: elbv2.ListenerAction.fixedResponse(503), + }); + }).toThrow(/priority must be set for actions added to an imported listener/); + }); + testDeprecated('Can add redirect responses', () => { // GIVEN const stack = new cdk.Stack(); From ed26731a0a6263482d76441fc06e9607963ac838 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizen3031593@users.noreply.github.com> Date: Thu, 31 Mar 2022 16:54:55 -0400 Subject: [PATCH 13/59] feat(core): add size.isUnresolved (#19569) There is a `Duration.isUnresolved()`, and I'm adding a similar function for `Size`. See discussion here for why this is necessary: https://github.com/aws/aws-cdk/pull/19550/files#r835542214 The td:dr; is that `Token.isUnresolved()` does not check for the resolvability of object properties, so something like: ```ts Token.isUnresolved(Size.mebibytes(Lazy.number({ produce: () => 10 })); ``` returns (to me, unexpectedly,) false. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/core/lib/size.ts | 7 ++++++ packages/@aws-cdk/core/test/duration.test.ts | 25 -------------------- packages/@aws-cdk/core/test/size.test.ts | 22 +++++------------ 3 files changed, 13 insertions(+), 41 deletions(-) diff --git a/packages/@aws-cdk/core/lib/size.ts b/packages/@aws-cdk/core/lib/size.ts index e8b9c66e35b72..57468f222bdc6 100644 --- a/packages/@aws-cdk/core/lib/size.ts +++ b/packages/@aws-cdk/core/lib/size.ts @@ -144,6 +144,13 @@ export class Size { public toPebibytes(opts: SizeConversionOptions = {}): number { return convert(this.amount, this.unit, StorageUnit.Pebibytes, opts); } + + /** + * Checks if size is a token or a resolvable object + */ + public isUnresolved() { + return Token.isUnresolved(this.amount); + } } /** diff --git a/packages/@aws-cdk/core/test/duration.test.ts b/packages/@aws-cdk/core/test/duration.test.ts index 99d54d15f0905..9cd7428faeb0f 100644 --- a/packages/@aws-cdk/core/test/duration.test.ts +++ b/packages/@aws-cdk/core/test/duration.test.ts @@ -18,8 +18,6 @@ describe('duration', () => { () => stack.resolve(lazyDuration.toMinutes())).toThrow( /Unable to perform time unit conversion on un-resolved token/, ); - - }); test('Duration in seconds', () => { @@ -31,8 +29,6 @@ describe('duration', () => { floatEqual(duration.toDays({ integral: false }), 300 / 86_400); expect(Duration.seconds(60 * 60 * 24).toDays()).toEqual(1); - - }); test('Duration in minutes', () => { @@ -44,8 +40,6 @@ describe('duration', () => { floatEqual(duration.toDays({ integral: false }), 300 / 86_400); expect(Duration.minutes(60 * 24).toDays()).toEqual(1); - - }); test('Duration in hours', () => { @@ -57,16 +51,12 @@ describe('duration', () => { floatEqual(duration.toDays({ integral: false }), 5 / 24); expect(Duration.hours(24).toDays()).toEqual(1); - - }); test('seconds to milliseconds', () => { const duration = Duration.seconds(5); expect(duration.toMilliseconds()).toEqual(5_000); - - }); test('Duration in days', () => { @@ -75,8 +65,6 @@ describe('duration', () => { expect(duration.toSeconds()).toEqual(86_400); expect(duration.toMinutes()).toEqual(1_440); expect(duration.toDays()).toEqual(1); - - }); testDeprecated('toISOString', () => { @@ -93,8 +81,6 @@ describe('duration', () => { expect(Duration.days(5).toISOString()).toEqual('P5D'); expect(Duration.seconds(1 + 60 * (1 + 60 * (1 + 24))).toISOString()).toEqual('P1DT1H1M1S'); - - }); test('toIsoString', () => { @@ -112,8 +98,6 @@ describe('duration', () => { expect(Duration.seconds(65).toIsoString()).toEqual('PT1M5S'); expect(Duration.seconds(1 + 60 * (1 + 60 * (1 + 24))).toIsoString()).toEqual('P1DT1H1M1S'); - - }); test('parse', () => { @@ -128,8 +112,6 @@ describe('duration', () => { expect(Duration.parse('P5D').toSeconds()).toEqual(432_000); expect(Duration.parse('P1DT1H1M1S').toSeconds()).toEqual(1 + 60 * (1 + 60 * (1 + 24))); - - }); test('reject illegal parses', () => { @@ -141,8 +123,6 @@ describe('duration', () => { expect(() => { Duration.parse('P5S'); }).toThrow(err); - - }); test('to human string', () => { @@ -165,8 +145,6 @@ describe('duration', () => { expect(Duration.millis(3666).toHumanString()).toEqual('3 seconds 666 millis'); expect(Duration.millis(3.6).toHumanString()).toEqual('3.6 millis'); - - }); test('add two durations', () => { @@ -188,7 +166,6 @@ describe('duration', () => { expect(Duration.millis(1).unitLabel()).toEqual('millis'); expect(Duration.hours(1000).unitLabel()).toEqual('hours'); expect(Duration.days(2).unitLabel()).toEqual('days'); - }); test('format number token to number', () => { @@ -197,14 +174,12 @@ describe('duration', () => { expect(stack.resolve(lazyDuration.formatTokenToNumber())).toEqual('10 minutes'); expect(Duration.hours(10).formatTokenToNumber()).toEqual('10 hours'); expect(Duration.days(5).formatTokenToNumber()).toEqual('5 days'); - }); test('duration is unresolved', () => { const lazyDuration = Duration.minutes(Lazy.number({ produce: () => 10 })); expect(lazyDuration.isUnresolved()).toEqual(true); expect(Duration.hours(10).isUnresolved()).toEqual(false); - }); }); diff --git a/packages/@aws-cdk/core/test/size.test.ts b/packages/@aws-cdk/core/test/size.test.ts index 9801fc8f53acf..8b0dc7a7eedac 100644 --- a/packages/@aws-cdk/core/test/size.test.ts +++ b/packages/@aws-cdk/core/test/size.test.ts @@ -1,10 +1,8 @@ -import { Size, SizeRoundingBehavior, Stack, Token } from '../lib'; +import { Size, SizeRoundingBehavior, Stack, Token, Lazy } from '../lib'; describe('size', () => { test('negative amount', () => { expect(() => Size.kibibytes(-1)).toThrow(/negative/); - - }); test('unresolved amount', () => { @@ -15,8 +13,6 @@ describe('size', () => { () => stack.resolve(lazySize.toMebibytes())).toThrow( /Unable to perform time unit conversion on un-resolved token/, ); - - }); test('Size in kibibytes', () => { @@ -30,8 +26,6 @@ describe('size', () => { floatEqual(size.toPebibytes({ rounding: SizeRoundingBehavior.NONE }), 4_294_967_296 / (1024 * 1024 * 1024 * 1024)); expect(Size.kibibytes(4 * 1024 * 1024).toGibibytes()).toEqual(4); - - }); test('Size in mebibytes', () => { @@ -45,8 +39,6 @@ describe('size', () => { floatEqual(size.toPebibytes({ rounding: SizeRoundingBehavior.NONE }), 4_194_304 / (1024 * 1024 * 1024)); expect(Size.mebibytes(4 * 1024).toGibibytes()).toEqual(4); - - }); test('Size in gibibyte', () => { @@ -61,8 +53,6 @@ describe('size', () => { floatEqual(size.toPebibytes({ rounding: SizeRoundingBehavior.NONE }), 5 / (1024 * 1024)); expect(Size.gibibytes(4096).toTebibytes()).toEqual(4); - - }); test('Size in tebibyte', () => { @@ -76,8 +66,6 @@ describe('size', () => { floatEqual(size.toPebibytes({ rounding: SizeRoundingBehavior.NONE }), 5 / 1024); expect(Size.tebibytes(4096).toPebibytes()).toEqual(4); - - }); test('Size in pebibytes', () => { @@ -88,8 +76,6 @@ describe('size', () => { expect(size.toGibibytes()).toEqual(5_242_880); expect(size.toTebibytes()).toEqual(5_120); expect(size.toPebibytes()).toEqual(5); - - }); test('rounding behavior', () => { @@ -105,8 +91,12 @@ describe('size', () => { expect(size.toGibibytes({ rounding: SizeRoundingBehavior.NONE })).toEqual(5.078125); expect(size.toTebibytes({ rounding: SizeRoundingBehavior.NONE })).toEqual(5200 / (1024 * 1024)); expect(size.toKibibytes({ rounding: SizeRoundingBehavior.NONE })).toEqual(5_324_800); + }); - + test('size is unresolved', () => { + const lazySize = Size.pebibytes(Lazy.number({ produce: () => 10 })); + expect(lazySize.isUnresolved()).toEqual(true); + expect(Size.mebibytes(10).isUnresolved()).toEqual(false); }); }); From 43efe5976f7442cae81c83886ee3869695ae7e90 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 31 Mar 2022 23:37:30 +0200 Subject: [PATCH 14/59] chore(core): improve token error for Duration and Size (#19650) The old error message was not up to CDK standards (not clearly describing the error and not suggesting a course of action). This should be more actionable. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/core/lib/duration.ts | 2 +- packages/@aws-cdk/core/lib/size.ts | 2 +- packages/@aws-cdk/core/test/duration.test.ts | 2 +- packages/@aws-cdk/core/test/size.test.ts | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/core/lib/duration.ts b/packages/@aws-cdk/core/lib/duration.ts index ebb5e60a19a67..29cafc4f8b189 100644 --- a/packages/@aws-cdk/core/lib/duration.ts +++ b/packages/@aws-cdk/core/lib/duration.ts @@ -316,7 +316,7 @@ function convert(amount: number, fromUnit: TimeUnit, toUnit: TimeUnit, { integra if (fromUnit.inMillis === toUnit.inMillis) { return amount; } if (Token.isUnresolved(amount)) { - throw new Error(`Unable to perform time unit conversion on un-resolved token ${amount}.`); + throw new Error(`Duration must be specified as 'Duration.${toUnit}()' here since its value comes from a token and cannot be converted (got Duration.${fromUnit})`); } const value = (amount * fromUnit.inMillis) / toUnit.inMillis; if (!Number.isInteger(value) && integral) { diff --git a/packages/@aws-cdk/core/lib/size.ts b/packages/@aws-cdk/core/lib/size.ts index 57468f222bdc6..fa938c5939271 100644 --- a/packages/@aws-cdk/core/lib/size.ts +++ b/packages/@aws-cdk/core/lib/size.ts @@ -197,7 +197,7 @@ function convert(amount: number, fromUnit: StorageUnit, toUnit: StorageUnit, opt const rounding = options.rounding ?? SizeRoundingBehavior.FAIL; if (fromUnit.inKibiBytes === toUnit.inKibiBytes) { return amount; } if (Token.isUnresolved(amount)) { - throw new Error(`Unable to perform time unit conversion on un-resolved token ${amount}.`); + throw new Error(`Size must be specified as 'Size.${toUnit}()' here since its value comes from a token and cannot be converted (got Size.${fromUnit})`); } const multiplier = fromUnit.inKibiBytes / toUnit.inKibiBytes; diff --git a/packages/@aws-cdk/core/test/duration.test.ts b/packages/@aws-cdk/core/test/duration.test.ts index 9cd7428faeb0f..466369be3f4f8 100644 --- a/packages/@aws-cdk/core/test/duration.test.ts +++ b/packages/@aws-cdk/core/test/duration.test.ts @@ -16,7 +16,7 @@ describe('duration', () => { expect(stack.resolve(lazyDuration.toSeconds())).toEqual(1337); expect( () => stack.resolve(lazyDuration.toMinutes())).toThrow( - /Unable to perform time unit conversion on un-resolved token/, + /Duration must be specified as 'Duration.minutes\(\)' here/, ); }); diff --git a/packages/@aws-cdk/core/test/size.test.ts b/packages/@aws-cdk/core/test/size.test.ts index 8b0dc7a7eedac..a7c9c93a1a5bb 100644 --- a/packages/@aws-cdk/core/test/size.test.ts +++ b/packages/@aws-cdk/core/test/size.test.ts @@ -11,7 +11,7 @@ describe('size', () => { expect(stack.resolve(lazySize.toKibibytes())).toEqual(1337); expect( () => stack.resolve(lazySize.toMebibytes())).toThrow( - /Unable to perform time unit conversion on un-resolved token/, + /Size must be specified as 'Size.mebibytes\(\)' here/, ); }); From 99924afd5d9242f7818f7660e2ec2b9797e48536 Mon Sep 17 00:00:00 2001 From: Madeline Kusters <80541297+madeline-k@users.noreply.github.com> Date: Thu, 31 Mar 2022 15:20:14 -0700 Subject: [PATCH 15/59] chore: Revert "feat: add new integration test runner (#19529)" (#19651) This reverts commit e7f43d1a3bb52bbf589d7472c9a9b89e3c1cc8c1. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../cloud-assembly-schema/lib/index.ts | 1 - .../lib/integ-tests/commands/common.ts | 202 ------ .../lib/integ-tests/commands/deploy.ts | 97 --- .../lib/integ-tests/commands/destroy.ts | 20 - .../lib/integ-tests/commands/index.ts | 3 - .../lib/integ-tests/index.ts | 3 - .../lib/integ-tests/schema.ts | 26 - .../lib/integ-tests/test-case.ts | 186 ------ .../cloud-assembly-schema/lib/manifest.ts | 24 +- .../schema/cloud-assembly.version.json | 2 +- .../schema/integ.schema.json | 474 -------------- .../scripts/update-schema.ts | 1 - .../test/integ-tests.test.ts | 137 ---- packages/@aws-cdk/integ-runner/.eslintrc.js | 3 - packages/@aws-cdk/integ-runner/.gitignore | 28 - packages/@aws-cdk/integ-runner/.npmignore | 30 - packages/@aws-cdk/integ-runner/LICENSE | 201 ------ packages/@aws-cdk/integ-runner/NOTICE | 2 - packages/@aws-cdk/integ-runner/README.md | 161 ----- .../@aws-cdk/integ-runner/bin/integ-runner | 2 - .../@aws-cdk/integ-runner/bin/integ-runner.ts | 169 ----- packages/@aws-cdk/integ-runner/jest.config.js | 10 - .../integ-runner/lib/runner/integ-tests.ts | 76 --- .../lib/runner/private/canonicalize-assets.ts | 71 -- .../lib/runner/private/cloud-assembly.ts | 66 -- .../lib/runner/private/integ-manifest.ts | 76 --- .../integ-runner/lib/runner/private/logger.ts | 20 - .../integ-runner/lib/runner/runners.ts | 606 ------------------ .../integ-runner/lib/workers/common.ts | 119 ---- .../lib/workers/extract_worker.ts | 35 - .../lib/workers/integ-snapshot-worker.ts | 51 -- .../lib/workers/integ-test-worker.ts | 124 ---- packages/@aws-cdk/integ-runner/package.json | 79 --- .../test/runner/integration-tests.test.ts | 15 - .../integ-runner/test/runner/runners.test.ts | 324 ---------- .../cdk.out | 1 - .../manifest.json | 57 -- .../test-stack.template.json | 54 -- .../tree.json | 114 ---- .../cdk.out | 1 - .../manifest.json | 57 -- .../test-stack.template.json | 54 -- .../tree.json | 114 ---- .../cdk-integ.out.test-with-snapshot/cdk.out | 1 - .../manifest.json | 57 -- .../test-stack.template.json | 54 -- .../tree.json | 114 ---- .../test/test-data/integ.integ-test1.ts | 2 - .../test/test-data/integ.integ-test2.ts | 1 - .../integ.test-with-snapshot-assets-diff.ts | 1 - .../integ.test-with-snapshot-assets.ts | 1 - .../test-data/integ.test-with-snapshot.ts | 2 - .../test/test-data/not.integ-test.ts | 0 .../cdk.out | 1 - .../manifest.json | 57 -- .../test-stack.template.json | 68 -- .../tree.json | 114 ---- .../cdk.out | 1 - .../manifest.json | 57 -- .../test-stack.template.json | 68 -- .../tree.json | 114 ---- .../cdk.out | 1 - .../manifest.json | 57 -- .../test-stack.template.json | 54 -- .../tree.json | 114 ---- .../test-with-snapshot.integ.snapshot/cdk.out | 1 - .../manifest.json | 57 -- .../test-stack.template.json | 54 -- .../tree.json | 114 ---- .../test/workers/mock-extract_worker.ts | 15 - .../integ-runner/test/workers/workers.test.ts | 266 -------- packages/@aws-cdk/integ-runner/tsconfig.json | 28 - packages/cdk-cli-wrapper/lib/cdk-wrapper.ts | 22 +- .../cdk-cli-wrapper/lib/commands/common.ts | 15 +- .../cdk-cli-wrapper/test/cdk-wrapper.test.ts | 18 +- .../cdk-build-tools/lib/package-info.ts | 1 - yarn.lock | 7 - 77 files changed, 20 insertions(+), 5413 deletions(-) delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/common.ts delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/index.ts delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/index.ts delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/test-case.ts delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/schema/integ.schema.json delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/test/integ-tests.test.ts delete mode 100644 packages/@aws-cdk/integ-runner/.eslintrc.js delete mode 100644 packages/@aws-cdk/integ-runner/.gitignore delete mode 100644 packages/@aws-cdk/integ-runner/.npmignore delete mode 100644 packages/@aws-cdk/integ-runner/LICENSE delete mode 100644 packages/@aws-cdk/integ-runner/NOTICE delete mode 100644 packages/@aws-cdk/integ-runner/README.md delete mode 100755 packages/@aws-cdk/integ-runner/bin/integ-runner delete mode 100644 packages/@aws-cdk/integ-runner/bin/integ-runner.ts delete mode 100644 packages/@aws-cdk/integ-runner/jest.config.js delete mode 100644 packages/@aws-cdk/integ-runner/lib/runner/integ-tests.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/runner/private/canonicalize-assets.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/runner/private/cloud-assembly.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/runner/private/integ-manifest.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/runner/private/logger.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/runner/runners.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/workers/common.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/workers/extract_worker.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/workers/integ-snapshot-worker.ts delete mode 100644 packages/@aws-cdk/integ-runner/lib/workers/integ-test-worker.ts delete mode 100644 packages/@aws-cdk/integ-runner/package.json delete mode 100644 packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/runner/runners.test.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/cdk.out delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/manifest.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/test-stack.template.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/tree.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/cdk.out delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/manifest.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/test-stack.template.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/tree.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/cdk.out delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/manifest.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/test-stack.template.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/tree.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test1.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test2.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets-diff.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/not.integ-test.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/cdk.out delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/manifest.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/test-stack.template.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/tree.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/cdk.out delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/manifest.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/test-stack.template.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/tree.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/cdk.out delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/manifest.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/test-stack.template.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/tree.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/cdk.out delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/manifest.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/test-stack.template.json delete mode 100644 packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/tree.json delete mode 100644 packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts delete mode 100644 packages/@aws-cdk/integ-runner/test/workers/workers.test.ts delete mode 100644 packages/@aws-cdk/integ-runner/tsconfig.json diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts index 5fd6eb6ceda07..50c2dc35a5eab 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts @@ -1,4 +1,3 @@ export * from './cloud-assembly'; export * from './assets'; export * from './manifest'; -export * from './integ-tests'; diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/common.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/common.ts deleted file mode 100644 index 01ab969b63098..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/common.ts +++ /dev/null @@ -1,202 +0,0 @@ -/** - * In what scenarios should the CLI ask for approval - */ -export enum RequireApproval { - /** - * Never ask for approval - */ - NEVER = 'never', - - /** - * Prompt for approval for any type of change to the stack - */ - ANYCHANGE = 'any-change', - - /** - * Only prompt for approval if there are security related changes - */ - BROADENING = 'broadening' -} - -/** - * Default CDK CLI options that apply to all commands - */ -export interface DefaultCdkOptions { - /** - * List of stacks to deploy - * - * Requried if `all` is not set - * - * @default - [] - */ - readonly stacks?: string[]; - - /** - * Deploy all stacks - * - * Requried if `stacks` is not set - * - * @default - false - */ - readonly all?: boolean; - - /** - * command-line for executing your app or a cloud assembly directory - * e.g. "node bin/my-app.js" - * or - * "cdk.out" - * - * @default - read from cdk.json - */ - readonly app?: string; - - - /** - * Role to pass to CloudFormation for deployment - * - * @default - use the bootstrap cfn-exec role - */ - readonly roleArn?: string; - - /** - * Additional context - * - * @default - no additional context - */ - readonly context?: { [name: string]: string }; - - /** - * Print trace for stack warnings - * - * @default false - */ - readonly trace?: boolean; - - /** - * Do not construct stacks with warnings - * - * @default false - */ - readonly strict?: boolean; - - /** - * Perform context lookups. - * - * Synthesis fails if this is disabled and context lookups need - * to be performed - * - * @default true - */ - readonly lookups?: boolean; - - /** - * Ignores synthesis errors, which will likely produce an invalid output - * - * @default false - */ - readonly ignoreErrors?: boolean; - - /** - * Use JSON output instead of YAML when templates are printed - * to STDOUT - * - * @default false - */ - readonly json?: boolean; - - /** - * show debug logs - * - * @default false - */ - readonly verbose?: boolean; - - /** - * enable emission of additional debugging information, such as creation stack - * traces of tokens - * - * @default false - */ - readonly debug?: boolean; - - /** - * Use the indicated AWS profile as the default environment - * - * @default - no profile is used - */ - readonly profile?: string; - - /** - * Use the indicated proxy. Will read from - * HTTPS_PROXY environment if specified - * - * @default - no proxy - */ - readonly proxy?: string; - - /** - * Path to CA certificate to use when validating HTTPS - * requests. - * - * @default - read from AWS_CA_BUNDLE environment variable - */ - readonly caBundlePath?: string; - - /** - * Force trying to fetch EC2 instance credentials - * - * @default - guess EC2 instance status - */ - readonly ec2Creds?: boolean; - - /** - * Include "AWS::CDK::Metadata" resource in synthesized templates - * - * @default true - */ - readonly versionReporting?: boolean; - - /** - * Include "aws:cdk:path" CloudFormation metadata for each resource - * - * @default true - */ - readonly pathMetadata?: boolean; - - /** - * Include "aws:asset:*" CloudFormation metadata for resources that use assets - * - * @default true - */ - readonly assetMetadata?: boolean; - - /** - * Copy assets to the output directory - * - * Needed for local debugging the source files with SAM CLI - * - * @default false - */ - readonly staging?: boolean; - - /** - * Emits the synthesized cloud assembly into a directory - * - * @default cdk.out - */ - readonly output?: string; - - /** - * Show relevant notices - * - * @default true - */ - readonly notices?: boolean; - - /** - * Show colors and other style from console output - * - * @default true - */ - readonly color?: boolean; -} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts deleted file mode 100644 index 09a20c610f12d..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts +++ /dev/null @@ -1,97 +0,0 @@ -import { DefaultCdkOptions, RequireApproval } from './common'; - -/** - * Options to use with cdk deploy - */ -export interface DeployOptions extends DefaultCdkOptions { - /** - * Only perform action on the given stack - * - * @default false - */ - readonly exclusively?: boolean; - - /** - * Name of the toolkit stack to use/deploy - * - * @default CDKToolkit - */ - readonly toolkitStackName?: string; - - /** - * Reuse the assets with the given asset IDs - * - * @default - do not reuse assets - */ - readonly reuseAssets?: string[]; - - /** - * Optional name to use for the CloudFormation change set. - * If not provided, a name will be generated automatically. - * - * @default - auto generate a name - */ - readonly changeSetName?: string; - - /** - * Always deploy, even if templates are identical. - * @default false - */ - readonly force?: boolean; - - /** - * Rollback failed deployments - * - * @default true - */ - readonly rollback?: boolean; - - /** - * ARNs of SNS topics that CloudFormation will notify with stack related events - * - * @default - no notifications - */ - readonly notificationArns?: string[]; - - /** - * What kind of security changes require approval - * - * @default RequireApproval.Never - */ - readonly requireApproval?: RequireApproval; - - /** - * Whether to execute the ChangeSet - * Not providing `execute` parameter will result in execution of ChangeSet - * @default true - */ - readonly execute?: boolean; - - /** - * Additional parameters for CloudFormation at deploy time - * @default {} - */ - readonly parameters?: { [name: string]: string }; - - /** - * Use previous values for unspecified parameters - * - * If not set, all parameters must be specified for every deployment. - * - * @default true - */ - readonly usePreviousParameters?: boolean; - - /** - * Path to file where stack outputs will be written after a successful deploy as JSON - * @default - Outputs are not written to any file - */ - readonly outputsFile?: string; - - /** - * Whether we are on a CI system - * - * @default false - */ - readonly ci?: boolean; -} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts deleted file mode 100644 index 9dfe8f267c6db..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts +++ /dev/null @@ -1,20 +0,0 @@ -import { DefaultCdkOptions } from './common'; - -/** - * Options to use with cdk destroy - */ -export interface DestroyOptions extends DefaultCdkOptions { - /** - * Do not ask for permission before destroying stacks - * - * @default false - */ - readonly force?: boolean; - - /** - * Only destroy the given stack - * - * @default false - */ - readonly exclusively?: boolean; -} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/index.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/index.ts deleted file mode 100644 index 528980446938b..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './common'; -export * from './deploy'; -export * from './destroy'; diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/index.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/index.ts deleted file mode 100644 index 5a08e62a47958..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './schema'; -export * from './commands'; -export * from './test-case'; diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts deleted file mode 100644 index 4eccc8a6422b4..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts +++ /dev/null @@ -1,26 +0,0 @@ -import { TestCase } from './test-case'; -/** - * Definitions for the integration testing manifest - */ -export interface IntegManifest { - /** - * Version of the manifest - */ - readonly version: string; - - /** - * Enable lookups for this test. If lookups are enabled - * then `stackUpdateWorkflow` must be set to false. - * Lookups should only be enabled when you are explicitely testing - * lookups. - * - * @default false - */ - readonly enableLookups?: boolean; - - /** - * test cases - */ - readonly testCases: { [testName: string]: TestCase }; -} - diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/test-case.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/test-case.ts deleted file mode 100644 index 6d3ecc05c626e..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/test-case.ts +++ /dev/null @@ -1,186 +0,0 @@ -import { DeployOptions, DestroyOptions } from './commands'; - -/** - * Represents an integration test test case - */ -export interface TestCase { - /** - * Stacks that should be tested as part of this test case - * The stackNames will be passed as args to the cdk commands - * so dependent stacks will be automatically deployed unless - * `exclusively` is passed - */ - readonly stacks: string[]; - - /** - * Run update workflow on this test case - * This should only be set to false to test scenarios - * that are not possible to test as part of the update workflow - * - * @default true - */ - readonly stackUpdateWorkflow?: boolean; - - /** - * Additional options to use for each CDK command - * - * @default - runner default options - */ - readonly cdkCommandOptions?: CdkCommands; - - /** - * Additional commands to run at predefined points in the test workflow - * - * e.g. { postDeploy: ['yarn', 'test'] } - * - * @default - no hooks - */ - readonly hooks?: Hooks; - - /** - * Whether or not to include asset hashes in the diff - * Asset hashes can introduces a lot of unneccessary noise into tests, - * but there are some cases where asset hashes _should_ be included. For example - * any tests involving custom resources or bundling - * - * @default false - */ - readonly diffAssets?: boolean; - - /** - * List of CloudFormation resource types in this stack that can - * be destroyed as part of an update without failing the test. - * - * This list should only include resources that for this specific - * integration test we are sure will not cause errors or an outage if - * destroyed. For example, maybe we know that a new resource will be created - * first before the old resource is destroyed which prevents any outage. - * - * e.g. ['AWS::IAM::Role'] - * - * @default - do not allow destruction of any resources on update - */ - readonly allowDestroy?: string[]; - - /** - * Limit deployment to these regions - * - * @default - can run in any region - */ - readonly regions?: string[]; -} - -/** - * Commands to run at predefined points during the - * integration test workflow - */ -export interface Hooks { - /** - * Commands to run prior to deploying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly preDeploy?: string[]; - - /** - * Commands to run prior after deploying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly postDeploy?: string[]; - - /** - * Commands to run prior to destroying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly preDestroy?: string[]; - - /** - * Commands to run after destroying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly postDestroy?: string[]; -} - -/** - * Represents a cdk command - * i.e. `synth`, `deploy`, & `destroy` - */ -export interface CdkCommand { - /** - * Whether or not to run this command as part of the workflow - * This can be used if you only want to test some of the workflow - * for example enable `synth` and disable `deploy` & `destroy` in order - * to limit the test to synthesis - * - * @default true - */ - readonly enabled?: boolean; - - /** - * If the runner should expect this command to fail - * - * @default false - */ - readonly expectError?: boolean; - - /** - * This can be used in combination with `expectedError` - * to validate that a specific message is returned. - * - * @default - do not validate message - */ - readonly expectedMessage?: string; -} - -/** - * Represents a cdk deploy command - */ -export interface DeployCommand extends CdkCommand { - /** - * Additional arguments to pass to the command - * This can be used to test specific CLI functionality - * - * @default - only default args are used - */ - readonly args?: DeployOptions; -} - -/** - * Represents a cdk destroy command - */ -export interface DestroyCommand extends CdkCommand { - /** - * Additional arguments to pass to the command - * This can be used to test specific CLI functionality - * - * @default - only default args are used - */ - readonly args?: DestroyOptions; -} - -/** - * Options for specific cdk commands that are run - * as part of the integration test workflow - */ -export interface CdkCommands { - /** - * Options to for the cdk deploy command - * - * @default - default deploy options - */ - readonly deploy?: DeployCommand; - - /** - * Options to for the cdk destroy command - * - * @default - default destroy options - */ - readonly destroy?: DestroyCommand; -} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts index 62f7894a54dd3..d2ceb45685678 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts @@ -3,7 +3,6 @@ import * as jsonschema from 'jsonschema'; import * as semver from 'semver'; import * as assets from './assets'; import * as assembly from './cloud-assembly'; -import * as integ from './integ-tests'; /* eslint-disable @typescript-eslint/no-var-requires */ /* eslint-disable @typescript-eslint/no-require-imports */ @@ -22,8 +21,6 @@ const ASSEMBLY_SCHEMA = require('../schema/cloud-assembly.schema.json'); */ const SCHEMA_VERSION = require('../schema/cloud-assembly.version.json').version; -const INTEG_SCHEMA = require('../schema/integ.schema.json'); - /** * Options for the loadManifest operation */ @@ -92,25 +89,6 @@ export class Manifest { return this.loadManifest(filePath, ASSETS_SCHEMA); } - /** - * Validates and saves the integ manifest to file. - * - * @param manifest - manifest. - * @param filePath - output file path. - */ - public static saveIntegManifest(manifest: integ.IntegManifest, filePath: string) { - Manifest.saveManifest(manifest, filePath, INTEG_SCHEMA); - } - - /** - * Load and validates the integ manifest from file. - * - * @param filePath - path to the manifest file. - */ - public static loadIntegManifest(filePath: string): integ.IntegManifest { - return this.loadManifest(filePath, INTEG_SCHEMA); - } - /** * Fetch the current schema version number. */ @@ -273,4 +251,4 @@ function noUndefined(xs: A): A { function stripEnumErrors(errors: jsonschema.ValidationError[]) { return errors.filter(e => typeof e.schema ==='string' || !('enum' in e.schema)); -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json index 90bef2e09ad39..ae7a33e962d0b 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json +++ b/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json @@ -1 +1 @@ -{"version":"17.0.0"} \ No newline at end of file +{"version":"16.0.0"} diff --git a/packages/@aws-cdk/cloud-assembly-schema/schema/integ.schema.json b/packages/@aws-cdk/cloud-assembly-schema/schema/integ.schema.json deleted file mode 100644 index 676c1bdab91dd..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/schema/integ.schema.json +++ /dev/null @@ -1,474 +0,0 @@ -{ - "$ref": "#/definitions/IntegManifest", - "definitions": { - "IntegManifest": { - "description": "Definitions for the integration testing manifest", - "type": "object", - "properties": { - "version": { - "description": "Version of the manifest", - "type": "string" - }, - "enableLookups": { - "description": "Enable lookups for this test. If lookups are enabled\nthen `stackUpdateWorkflow` must be set to false.\nLookups should only be enabled when you are explicitely testing\nlookups.", - "default": false, - "type": "boolean" - }, - "testCases": { - "description": "test cases", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/TestCase" - } - } - }, - "required": [ - "testCases", - "version" - ] - }, - "TestCase": { - "description": "Represents an integration test test case", - "type": "object", - "properties": { - "stacks": { - "description": "Stacks that should be tested as part of this test case\nThe stackNames will be passed as args to the cdk commands\nso dependent stacks will be automatically deployed unless\n`exclusively` is passed", - "type": "array", - "items": { - "type": "string" - } - }, - "stackUpdateWorkflow": { - "description": "Run update workflow on this test case\nThis should only be set to false to test scenarios\nthat are not possible to test as part of the update workflow (Default true)", - "type": "boolean" - }, - "cdkCommandOptions": { - "description": "Additional options to use for each CDK command (Default - runner default options)", - "$ref": "#/definitions/CdkCommands" - }, - "hooks": { - "description": "Additional commands to run at predefined points in the test workflow\n\ne.g. { postDeploy: ['yarn', 'test'] } (Default - no hooks)", - "$ref": "#/definitions/Hooks" - }, - "diffAssets": { - "description": "Whether or not to include asset hashes in the diff\nAsset hashes can introduces a lot of unneccessary noise into tests,\nbut there are some cases where asset hashes _should_ be included. For example\nany tests involving custom resources or bundling", - "default": false, - "type": "boolean" - }, - "allowDestroy": { - "description": "List of CloudFormation resource types in this stack that can\nbe destroyed as part of an update without failing the test.\n\nThis list should only include resources that for this specific\nintegration test we are sure will not cause errors or an outage if\ndestroyed. For example, maybe we know that a new resource will be created\nfirst before the old resource is destroyed which prevents any outage.\n\ne.g. ['AWS::IAM::Role'] (Default - do not allow destruction of any resources on update)", - "type": "array", - "items": { - "type": "string" - } - }, - "regions": { - "description": "Limit deployment to these regions (Default - can run in any region)", - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "stacks" - ] - }, - "CdkCommands": { - "description": "Options for specific cdk commands that are run\nas part of the integration test workflow", - "type": "object", - "properties": { - "deploy": { - "description": "Options to for the cdk deploy command (Default - default deploy options)", - "$ref": "#/definitions/DeployCommand" - }, - "destroy": { - "description": "Options to for the cdk destroy command (Default - default destroy options)", - "$ref": "#/definitions/DestroyCommand" - } - } - }, - "DeployCommand": { - "description": "Represents a cdk deploy command", - "type": "object", - "properties": { - "args": { - "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", - "$ref": "#/definitions/DeployOptions" - }, - "enabled": { - "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", - "type": "boolean" - }, - "expectError": { - "description": "If the runner should expect this command to fail", - "default": false, - "type": "boolean" - }, - "expectedMessage": { - "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", - "type": "string" - } - } - }, - "DeployOptions": { - "description": "Options to use with cdk deploy", - "type": "object", - "properties": { - "exclusively": { - "description": "Only perform action on the given stack", - "default": false, - "type": "boolean" - }, - "toolkitStackName": { - "description": "Name of the toolkit stack to use/deploy (Default CDKToolkit)", - "type": "string" - }, - "reuseAssets": { - "description": "Reuse the assets with the given asset IDs (Default - do not reuse assets)", - "type": "array", - "items": { - "type": "string" - } - }, - "changeSetName": { - "description": "Optional name to use for the CloudFormation change set.\nIf not provided, a name will be generated automatically. (Default - auto generate a name)", - "type": "string" - }, - "force": { - "description": "Always deploy, even if templates are identical.", - "default": false, - "type": "boolean" - }, - "rollback": { - "description": "Rollback failed deployments (Default true)", - "type": "boolean" - }, - "notificationArns": { - "description": "ARNs of SNS topics that CloudFormation will notify with stack related events (Default - no notifications)", - "type": "array", - "items": { - "type": "string" - } - }, - "requireApproval": { - "description": "What kind of security changes require approval (Default RequireApproval.Never)", - "enum": [ - "any-change", - "broadening", - "never" - ], - "type": "string" - }, - "execute": { - "description": "Whether to execute the ChangeSet\nNot providing `execute` parameter will result in execution of ChangeSet (Default true)", - "type": "boolean" - }, - "parameters": { - "description": "Additional parameters for CloudFormation at deploy time (Default [object Object])", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "usePreviousParameters": { - "description": "Use previous values for unspecified parameters\n\nIf not set, all parameters must be specified for every deployment. (Default true)", - "type": "boolean" - }, - "outputsFile": { - "description": "Path to file where stack outputs will be written after a successful deploy as JSON (Default - Outputs are not written to any file)", - "type": "string" - }, - "ci": { - "description": "Whether we are on a CI system", - "default": false, - "type": "boolean" - }, - "stacks": { - "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", - "type": "array", - "items": { - "type": "string" - } - }, - "all": { - "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", - "type": "boolean" - }, - "app": { - "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", - "type": "string" - }, - "roleArn": { - "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", - "type": "string" - }, - "context": { - "description": "Additional context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "trace": { - "description": "Print trace for stack warnings", - "default": false, - "type": "boolean" - }, - "strict": { - "description": "Do not construct stacks with warnings", - "default": false, - "type": "boolean" - }, - "lookups": { - "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", - "type": "boolean" - }, - "ignoreErrors": { - "description": "Ignores synthesis errors, which will likely produce an invalid output", - "default": false, - "type": "boolean" - }, - "json": { - "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", - "default": false, - "type": "boolean" - }, - "verbose": { - "description": "show debug logs", - "default": false, - "type": "boolean" - }, - "debug": { - "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", - "default": false, - "type": "boolean" - }, - "profile": { - "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", - "type": "string" - }, - "proxy": { - "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", - "type": "string" - }, - "caBundlePath": { - "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", - "type": "string" - }, - "ec2Creds": { - "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", - "type": "boolean" - }, - "versionReporting": { - "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", - "type": "boolean" - }, - "pathMetadata": { - "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", - "type": "boolean" - }, - "assetMetadata": { - "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", - "type": "boolean" - }, - "staging": { - "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", - "default": false, - "type": "boolean" - }, - "output": { - "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", - "type": "string" - }, - "notices": { - "description": "Show relevant notices (Default true)", - "type": "boolean" - }, - "color": { - "description": "Show colors and other style from console output (Default true)", - "type": "boolean" - } - } - }, - "DestroyCommand": { - "description": "Represents a cdk destroy command", - "type": "object", - "properties": { - "args": { - "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", - "$ref": "#/definitions/DestroyOptions" - }, - "enabled": { - "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", - "type": "boolean" - }, - "expectError": { - "description": "If the runner should expect this command to fail", - "default": false, - "type": "boolean" - }, - "expectedMessage": { - "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", - "type": "string" - } - } - }, - "DestroyOptions": { - "description": "Options to use with cdk destroy", - "type": "object", - "properties": { - "force": { - "description": "Do not ask for permission before destroying stacks", - "default": false, - "type": "boolean" - }, - "exclusively": { - "description": "Only destroy the given stack", - "default": false, - "type": "boolean" - }, - "stacks": { - "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", - "type": "array", - "items": { - "type": "string" - } - }, - "all": { - "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", - "type": "boolean" - }, - "app": { - "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", - "type": "string" - }, - "roleArn": { - "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", - "type": "string" - }, - "context": { - "description": "Additional context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "trace": { - "description": "Print trace for stack warnings", - "default": false, - "type": "boolean" - }, - "strict": { - "description": "Do not construct stacks with warnings", - "default": false, - "type": "boolean" - }, - "lookups": { - "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", - "type": "boolean" - }, - "ignoreErrors": { - "description": "Ignores synthesis errors, which will likely produce an invalid output", - "default": false, - "type": "boolean" - }, - "json": { - "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", - "default": false, - "type": "boolean" - }, - "verbose": { - "description": "show debug logs", - "default": false, - "type": "boolean" - }, - "debug": { - "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", - "default": false, - "type": "boolean" - }, - "profile": { - "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", - "type": "string" - }, - "proxy": { - "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", - "type": "string" - }, - "caBundlePath": { - "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", - "type": "string" - }, - "ec2Creds": { - "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", - "type": "boolean" - }, - "versionReporting": { - "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", - "type": "boolean" - }, - "pathMetadata": { - "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", - "type": "boolean" - }, - "assetMetadata": { - "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", - "type": "boolean" - }, - "staging": { - "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", - "default": false, - "type": "boolean" - }, - "output": { - "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", - "type": "string" - }, - "notices": { - "description": "Show relevant notices (Default true)", - "type": "boolean" - }, - "color": { - "description": "Show colors and other style from console output (Default true)", - "type": "boolean" - } - } - }, - "Hooks": { - "description": "Commands to run at predefined points during the\nintegration test workflow", - "type": "object", - "properties": { - "preDeploy": { - "description": "Commands to run prior to deploying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "postDeploy": { - "description": "Commands to run prior after deploying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "preDestroy": { - "description": "Commands to run prior to destroying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "postDestroy": { - "description": "Commands to run after destroying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "$schema": "http://json-schema.org/draft-07/schema#" -} \ No newline at end of file diff --git a/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts b/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts index 13a410cd4a36f..e92083d34b0a6 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts +++ b/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts @@ -17,7 +17,6 @@ const SCHEMA_DIR = path.resolve(__dirname, '../schema'); const SCHEMA_DEFINITIONS: { [schemaName: string]: { rootTypeName: string } } = { 'assets': { rootTypeName: 'AssetManifest' }, 'cloud-assembly': { rootTypeName: 'AssemblyManifest' }, - 'integ': { rootTypeName: 'IntegManifest' }, }; export const SCHEMAS = Object.keys(SCHEMA_DEFINITIONS); diff --git a/packages/@aws-cdk/cloud-assembly-schema/test/integ-tests.test.ts b/packages/@aws-cdk/cloud-assembly-schema/test/integ-tests.test.ts deleted file mode 100644 index 3baefc89d750f..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/test/integ-tests.test.ts +++ /dev/null @@ -1,137 +0,0 @@ -import * as fs from 'fs'; -import * as os from 'os'; -import * as path from 'path'; -import { Manifest } from '../lib'; - -describe('Integration test', () => { - test('valid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - testCase1: { - stacks: ['stack1', 'stack2'], - stackUpdateWorkflow: true, - cdkCommandOptions: { - deploy: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - exclusively: true, - toolkitStackName: 'Stack', - reuseAssets: ['asset1', 'asset2'], - changeSetName: 'changeset', - force: true, - rollback: false, - notificationArns: ['arn1', 'arn2'], - execute: true, - parameters: { - 'MYPARAM': 'Value', - 'Stack1:OtherParam': 'OtherValue', - }, - usePreviousParameters: true, - outputsFile: 'outputs.json', - ci: true, - requireApproval: 'never', - app: 'node bin/my-app.js', - roleArn: 'roleArn', - context: { - KEY: 'value', - }, - trace: true, - strict: true, - lookups: true, - ignoreErrors: true, - json: true, - verbose: true, - debug: true, - profile: 'profile', - proxy: 'https://proxy', - caBundlePath: 'path/to/bundle', - ec2Creds: true, - versionReporting: false, - pathMetadata: false, - assetMetadata: true, - staging: false, - output: true, - notices: true, - color: false, - }, - }, - synth: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - quiet: true, - exclusively: true, - validation: true, - }, - }, - destroy: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - force: true, - exclusively: true, - }, - }, - }, - hooks: { - preDeploy: ['yarn test'], - postDeploy: ['some other command'], - preDestroy: ['command1', 'command2'], - postDestroy: ['command3', 'command4'], - }, - diffAssets: true, - allowDestroy: ['AWS::IAM::Role'], - region: ['us-east-1', 'us-east-2'], - }, - }, - }); - }); - }); - - test('invalid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - stacks: true, - }, - }); - }).toThrow(/instance\.testCases\.stacks is not of a type\(s\) object/); - }); - - test('without command options', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - testCase1: { - stacks: ['stack1', 'stack2'], - stackUpdateWorkflow: true, - hooks: { - preDeploy: ['yarn test'], - }, - diffAssets: true, - }, - }, - }); - }); - }); -}); - -function validate(manifest: any) { - const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'integ.test.')); - const filePath = path.join(dir, 'manifest.json'); - fs.writeFileSync(filePath, JSON.stringify(manifest, undefined, 2)); - try { - Manifest.loadIntegManifest(filePath); - } finally { - fs.unlinkSync(filePath); - fs.rmdirSync(dir); - } -} diff --git a/packages/@aws-cdk/integ-runner/.eslintrc.js b/packages/@aws-cdk/integ-runner/.eslintrc.js deleted file mode 100644 index 2658ee8727166..0000000000000 --- a/packages/@aws-cdk/integ-runner/.eslintrc.js +++ /dev/null @@ -1,3 +0,0 @@ -const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); -baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; -module.exports = baseConfig; diff --git a/packages/@aws-cdk/integ-runner/.gitignore b/packages/@aws-cdk/integ-runner/.gitignore deleted file mode 100644 index d24092a6feda2..0000000000000 --- a/packages/@aws-cdk/integ-runner/.gitignore +++ /dev/null @@ -1,28 +0,0 @@ -*.js -*.js.map -*.d.ts -!lib/init-templates/**/javascript/**/* -node_modules -dist - -# Generated by generate.sh -build-info.json - -.LAST_BUILD -.nyc_output -coverage -nyc.config.js -.LAST_PACKAGE -*.snk - -!test/integ/run-wrappers/dist -!test/integ/cli/**/* -assets.json -npm-shrinkwrap.json -!.eslintrc.js -!jest.config.js - -junit.xml - -# Ignore this symlink, we recreate it at test time -test/test-archive-follow/data/linked diff --git a/packages/@aws-cdk/integ-runner/.npmignore b/packages/@aws-cdk/integ-runner/.npmignore deleted file mode 100644 index 45b8808bdd7ac..0000000000000 --- a/packages/@aws-cdk/integ-runner/.npmignore +++ /dev/null @@ -1,30 +0,0 @@ -# Don't include original .ts files when doing `npm pack` -*.ts -!*.template.ts -!*.d.ts -coverage -.nyc_output -*.tgz - -dist -.LAST_PACKAGE -.LAST_BUILD -*.snk - -!lib/init-templates/*/*/tsconfig.json -!test/integ/cli/**/*.js -!test/integ/run-wrappers/dist - -*.tsbuildinfo - -tsconfig.json - -# init templates include default tsconfig.json files which we need -!lib/init-templates/**/tsconfig.json -.eslintrc.js -jest.config.js - -# exclude cdk artifacts -**/cdk.out -junit.xml -test/ \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/LICENSE b/packages/@aws-cdk/integ-runner/LICENSE deleted file mode 100644 index 82ad00bb02d0b..0000000000000 --- a/packages/@aws-cdk/integ-runner/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/packages/@aws-cdk/integ-runner/NOTICE b/packages/@aws-cdk/integ-runner/NOTICE deleted file mode 100644 index 1b7adbb891265..0000000000000 --- a/packages/@aws-cdk/integ-runner/NOTICE +++ /dev/null @@ -1,2 +0,0 @@ -AWS Cloud Development Kit (AWS CDK) -Copyright 2018-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/integ-runner/README.md b/packages/@aws-cdk/integ-runner/README.md deleted file mode 100644 index e67a64282a42b..0000000000000 --- a/packages/@aws-cdk/integ-runner/README.md +++ /dev/null @@ -1,161 +0,0 @@ -# integ-runner - - - ---- - -![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) - -> The APIs of higher level constructs in this module are experimental and under active development. -> They are subject to non-backward compatible changes or removal in any future version. These are -> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be -> announced in the release notes. This means that while you may use them, you may need to update -> your source code when upgrading to a newer version of this package. - ---- - - - - -## Overview - - -## Usage - -- Run all integration tests in `test` directory - -```bash -integ-runner [ARGS] [TEST...] -``` - -This will look for all files that match the naming convention of `/integ.*.ts$/`. Each of these files will be expected -to be a self contained CDK app. The runner will execute the following for each file (app): - -1. Check if a snapshot file exists (i.e. `/integ.*.expected.snapshot$/`) -2. If the snapshot does not exist - 2a. Synth the integ app which will produce the `integ.json` file -3. Read the `integ.json` file which contains instructions on what the runner should do. -4. Execute instructions - -### Options - -- `--update-on-failed` (default=false) - Rerun integration tests if snapshot fails -- `--clean` (default=`true`) - Destroy stacks after deploy (use `--no-clean` for debugging) -- `--verbose` (default=`false`) - verbose logging -- `--parallel` (default=`false`) - Run tests in parallel across default regions -- `--parallel-regions` - List of regions to run tests in. If this is provided then all tests will - be run in parallel across these regions -- `--directory` (default=`test`) - Search for integration tests recursively from this starting directory -- `--force` (default=`false`) - Rerun integration test even if the test passes -- `--file` - Read the list of tests from this file - -Example: - -```bash -integ-runner --update --parallel --parallel-regions us-east-1 --parallel-regions us-east-2 --parallel-regions us-west-2 --directory ./ -``` - -This will search for integration tests recursively from the current directory and then execute them in parallel across `us-east-1`, `us-east-2`, & `us-west-2`. - -### integ.json schema - -See [@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts](../cloud-assembly-schema/lib/integ-tests/schema.ts) - -### defining an integration test - -In most cases an integration test will be an instance of a stack - -```ts -import { Function, FunctionOptions } from '../lib'; - -interface MyIntegTestProps extends StackOptions { - functionProps?: FunctionOptions; -} -class MyIntegTest extends Stack { - constructor(scope: Construct, id: string, props: MyIntegTestProps) { - super(scope, id, props); - - new Function(this, 'Handler', { - runtime: Runtime.NODEJS_12_X, - handler: 'index.handler', - code: Code.fromAsset(path.join(__dirname, 'lambda-handler')), - ...props.functionProps, - }); - } -} -``` - -You would then use the `IntegTest` construct to create your test cases - -```ts -new IntegTeset(app, 'ArmTest', { - stacks: [ - new MyIntegTest(app, 'Stack1', { - functionProps: { - architecture: lambda.Architecture.ARM_64, - }, - }), - ], - diffAssets: true, - update: true, - cdkCommandOptions: { - deploy: { - args: { - requireApproval: RequireApproval.NEVER, - json: true, - }, - }, - destroy: { - args: { - force: true, - }, - }, - }, -}); - -new IntegTeset(app, 'AmdTest', { - stacks: [ - new MyIntegTest(app, 'Stack2', { - functionProps: { - architecture: lambda.Architecture.X86_64, - }, - }), - ], -}); -``` - -This will synthesize an `integ.json` file with the following contents - -```json -{ - "ArmTest": { - "stacks": ["Stack1"], - "diffAssets": true, - "update": true, - "cdkCommands": { - "deploy": { - "args": { - "requireApproval": "never", - "json": true - } - }, - "destroy": { - "args": { - "force": true - } - } - } - }, - "AmdTest": { - "stacks": ["Stack2"] - } -} -``` diff --git a/packages/@aws-cdk/integ-runner/bin/integ-runner b/packages/@aws-cdk/integ-runner/bin/integ-runner deleted file mode 100755 index 20ace56b80449..0000000000000 --- a/packages/@aws-cdk/integ-runner/bin/integ-runner +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env node -require('./integ-runner.js'); diff --git a/packages/@aws-cdk/integ-runner/bin/integ-runner.ts b/packages/@aws-cdk/integ-runner/bin/integ-runner.ts deleted file mode 100644 index ca343920f91cb..0000000000000 --- a/packages/@aws-cdk/integ-runner/bin/integ-runner.ts +++ /dev/null @@ -1,169 +0,0 @@ -#!/usr/bin/env node -// Exercise all integ stacks and if they deploy, update the expected synth files -import * as os from 'os'; -import * as path from 'path'; -import * as chalk from 'chalk'; -import * as workerpool from 'workerpool'; -import * as yargs from 'yargs'; -import { IntegrationTests, IntegTestConfig } from '../lib/runner/integ-tests'; -import * as logger from '../lib/runner/private/logger'; -import { IntegBatchResponse, printResults } from '../lib/workers/common'; -import { SnapshotBatchRequest } from '../lib/workers/extract_worker'; -import { runIntegrationTestsInParallel, IntegTestRunOptions } from '../lib/workers/integ-test-worker'; - - -/** - * Split a list of snapshot tests into batches that can be run using a workerpool. - */ -function batchTests(tests: IntegTestConfig[]): SnapshotBatchRequest[] { - let batchSize = 3; - const ret: SnapshotBatchRequest[] = []; - for (let i = 0; i < tests.length; i += batchSize) { - ret.push({ - tests: tests.slice(i, i + batchSize), - }); - } - return ret; -} - -export function printSummary(total: number, failed: number): void { - if (failed > 0) { - logger.print('%s: %s %s, %s total', chalk.bold('Tests'), chalk.red(failed), chalk.red('failed'), total); - } else { - logger.print('%s: %s %s, %s total', chalk.bold('Tests'), chalk.green(total), chalk.green('passed'), total); - } -} - -/** - * Run Integration tests. - */ -async function runIntegrationTests(options: IntegTestRunOptions): Promise { - logger.highlight('\nRunning integration tests for failed tests...\n'); - logger.print('Running in parallel across: %s', options.regions.join(', ')); - const totalTests = options.tests.length; - const failedTests: IntegTestConfig[] = []; - - const responses = await runIntegrationTestsInParallel(options); - for (const response of responses) { - failedTests.push(...response.failedTests); - } - logger.highlight('\nTest Results: \n'); - printSummary(totalTests, failedTests.length); -} - -/** - * Run Snapshot tests - * First batch up the tests. By default there will be 3 tests per batch. - * Use a workerpool to run the batches in parallel. - */ -async function runSnapshotTests(pool: workerpool.WorkerPool, tests: IntegTestConfig[]): Promise { - const testsToRun: IntegTestConfig[] = []; - const requests = batchTests(tests); - logger.highlight('\nVerifying integration test snapshots...\n'); - const responses: IntegBatchResponse[] = await Promise.all( - requests.map((request) => pool.exec('snapshotTestBatch', [request], { - on: printResults, - })), - ); - for (const response of responses) { - testsToRun.push(...response.failedTests); - } - - logger.highlight('\nSnapshot Results: \n'); - printSummary(tests.length, testsToRun.length); - return testsToRun; -} - -async function main() { - const argv = yargs - .usage('Usage: integ-runner [TEST...]') - .option('list', { type: 'boolean', default: false, desc: 'List tests instead of running them' }) - .option('clean', { type: 'boolean', default: true, desc: 'Skips stack clean up after test is completed (use --no-clean to negate)' }) - .option('verbose', { type: 'boolean', default: false, alias: 'v', desc: 'Verbose logs' }) - .option('dry-run', { type: 'boolean', default: false, desc: 'do not actually deploy the stack. just update the snapshot (not recommended!)' }) - .option('update-on-failed', { type: 'boolean', default: false, desc: 'rerun integration tests and update snapshots for failed tests.' }) - .option('force', { type: 'boolean', default: false, desc: 'Rerun all integration tests even if tests are passing' }) - .option('parallel', { type: 'boolean', default: false, desc: 'run integration tests in parallel' }) - .option('parallel-regions', { type: 'array', desc: 'if --parallel is used then these regions are used to run tests in parallel', nargs: 1, default: [] }) - .options('directory', { type: 'string', default: 'test', desc: 'starting directory to discover integration tests' }) - .argv; - - // Cap to a reasonable top-level limit to prevent thrash on machines with many, many cores. - const maxWorkers = parseInt(process.env.CDK_INTEG_MAX_WORKER_COUNT ?? '16'); - const N = Math.min(maxWorkers, Math.max(1, Math.ceil(os.cpus().length / 2))); - const pool = workerpool.pool(path.join(__dirname, '../lib/workers/extract_worker.js'), { - maxWorkers: N, - }); - - // list of integration tests that will be executed - const testsToRun: IntegTestConfig[] = []; - const testsFromArgs: IntegTestConfig[] = []; - const parallelRegions = arrayFromYargs(argv['parallel-regions']); - const testRegions: string[] = parallelRegions ?? ['us-east-1', 'us-east-2', 'us-west-2']; - const runUpdateOnFailed = argv['update-on-failed'] ?? false; - - - try { - if (argv.list) { - const tests = await new IntegrationTests(argv.directory).fromCliArgs(); - process.stdout.write(tests.map(t => t.fileName).join('\n') + '\n'); - return; - } - - if (argv._.length === 0) { - testsFromArgs.push(...(await new IntegrationTests(argv.directory).fromCliArgs())); - } else { - testsFromArgs.push(...(await new IntegrationTests(argv.directory).fromCliArgs(argv._.map(x => x.toString())))); - } - - // If `--force` is not used then first validate the snapshots and gather - // the failed snapshot tests. If `--force` is used then we will skip snapshot - // tests and run integration tests for all tests - if (!argv.force) { - const failedSnapshots = await runSnapshotTests(pool, testsFromArgs); - testsToRun.push(...failedSnapshots); - } else { - testsToRun.push(...testsFromArgs); - } - - - // run integration tests if `--update-on-failed` OR `--force` is used - if (runUpdateOnFailed || argv.force) { - await runIntegrationTests({ - pool, - tests: testsToRun, - regions: testRegions, - clean: argv.clean, - dryRun: argv['dry-run'], - verbose: argv.verbose, - }); - - if (argv.clean === false) { - logger.warning('Not cleaning up stacks since "--no-clean" was used'); - } - } - - } finally { - void pool.terminate(); - } -} - -/** - * Translate a Yargs input array to something that makes more sense in a programming language - * model (telling the difference between absence and an empty array) - * - * - An empty array is the default case, meaning the user didn't pass any arguments. We return - * undefined. - * - If the user passed a single empty string, they did something like `--array=`, which we'll - * take to mean they passed an empty array. - */ -function arrayFromYargs(xs: string[]): string[] | undefined { - if (xs.length === 0) { return undefined; } - return xs.filter(x => x !== ''); -} - -main().catch(e => { - // eslint-disable-next-line no-console - console.error(e); - process.exit(1); -}); diff --git a/packages/@aws-cdk/integ-runner/jest.config.js b/packages/@aws-cdk/integ-runner/jest.config.js deleted file mode 100644 index d052cbb29f05d..0000000000000 --- a/packages/@aws-cdk/integ-runner/jest.config.js +++ /dev/null @@ -1,10 +0,0 @@ -const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); -module.exports = { - ...baseConfig, - coverageThreshold: { - global: { - ...baseConfig.coverageThreshold.global, - branches: 60, - }, - }, -}; diff --git a/packages/@aws-cdk/integ-runner/lib/runner/integ-tests.ts b/packages/@aws-cdk/integ-runner/lib/runner/integ-tests.ts deleted file mode 100644 index 0fd648c31c5d1..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/runner/integ-tests.ts +++ /dev/null @@ -1,76 +0,0 @@ -import * as path from 'path'; -import * as fs from 'fs-extra'; - -/** - * Represents a single integration test - */ -export interface IntegTestConfig { - readonly directory: string; - readonly fileName: string; -} - -/** - * Discover integration tests - */ -export class IntegrationTests { - constructor(private readonly directory: string) { - } - - /** - * Takes an optional list of tests to look for, otherwise - * it will look for all tests from the directory - */ - public async fromCliArgs(tests?: string[]): Promise { - let allTests = await this.discover(); - const all = allTests.map(x => x.fileName); - let foundAll = true; - - if (tests && tests.length > 0) { - // Pare down found tests to filter - allTests = allTests.filter(t => { - const parts = path.parse(t.fileName); - return (tests.includes(t.fileName) || tests.includes(parts.base)); - }); - - const selectedNames = allTests.map(t => path.parse(t.fileName).base); - for (const unmatched of tests.filter(t => !selectedNames.includes(t))) { - process.stderr.write(`No such integ test: ${unmatched}\n`); - foundAll = false; - } - } - - if (!foundAll) { - process.stderr.write(`Available tests: ${all.join(' ')}\n`); - return []; - } - - return allTests; - } - - private async discover(): Promise { - const files = await this.readTree(); - const integs = files.filter(fileName => path.basename(fileName).startsWith('integ.') && path.basename(fileName).endsWith('.js')); - return this.request(integs); - } - - private request(files: string[]): IntegTestConfig[] { - return files.map(fileName => { return { directory: this.directory, fileName }; }); - } - - private async readTree(): Promise { - const ret = new Array(); - - async function recurse(dir: string) { - const files = await fs.readdir(dir); - for (const file of files) { - const fullPath = path.join(dir, file); - const statf = await fs.stat(fullPath); - if (statf.isFile()) { ret.push(fullPath); } - if (statf.isDirectory()) { await recurse(path.join(fullPath)); } - } - } - - await recurse(this.directory); - return ret; - } -} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/private/canonicalize-assets.ts b/packages/@aws-cdk/integ-runner/lib/runner/private/canonicalize-assets.ts deleted file mode 100644 index 9cee3d4742b3c..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/runner/private/canonicalize-assets.ts +++ /dev/null @@ -1,71 +0,0 @@ -/** - * Reduce template to a normal form where asset references have been normalized - * - * This makes it possible to compare templates if all that's different between - * them is the hashes of the asset values. - * - * Currently only handles parameterized assets, but can (and should) - * be adapted to handle convention-mode assets as well when we start using - * more of those. - */ -export function canonicalizeTemplate(template: any): any { - // For the weird case where we have an array of templates... - if (Array.isArray(template)) { - return template.map(canonicalizeTemplate); - } - - // Find assets via parameters - const stringSubstitutions = new Array<[RegExp, string]>(); - const paramRe = /^AssetParameters([a-zA-Z0-9]{64})(S3Bucket|S3VersionKey|ArtifactHash)([a-zA-Z0-9]{8})$/; - - const assetsSeen = new Set(); - for (const paramName of Object.keys(template?.Parameters || {})) { - const m = paramRe.exec(paramName); - if (!m) { continue; } - if (assetsSeen.has(m[1])) { continue; } - - assetsSeen.add(m[1]); - const ix = assetsSeen.size; - - // Full parameter reference - stringSubstitutions.push([ - new RegExp(`AssetParameters${m[1]}(S3Bucket|S3VersionKey|ArtifactHash)([a-zA-Z0-9]{8})`), - `Asset${ix}$1`, - ]); - // Substring asset hash reference - stringSubstitutions.push([ - new RegExp(`${m[1]}`), - `Asset${ix}Hash`, - ]); - } - - // Substitute them out - return substitute(template); - - function substitute(what: any): any { - if (Array.isArray(what)) { - return what.map(substitute); - } - - if (typeof what === 'object' && what !== null) { - const ret: any = {}; - for (const [k, v] of Object.entries(what)) { - ret[stringSub(k)] = substitute(v); - } - return ret; - } - - if (typeof what === 'string') { - return stringSub(what); - } - - return what; - } - - function stringSub(x: string) { - for (const [re, replacement] of stringSubstitutions) { - x = x.replace(re, replacement); - } - return x; - } -} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/private/cloud-assembly.ts b/packages/@aws-cdk/integ-runner/lib/runner/private/cloud-assembly.ts deleted file mode 100644 index 99626ea53bdb2..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/runner/private/cloud-assembly.ts +++ /dev/null @@ -1,66 +0,0 @@ -import * as path from 'path'; -import { AssemblyManifest, Manifest, ArtifactType, AwsCloudFormationStackProperties } from '@aws-cdk/cloud-assembly-schema'; -import * as fs from 'fs-extra'; - -/** - * Reads a Cloud Assembly manifest - */ -export class AssemblyManifestReader { - public static readonly DEFAULT_FILENAME = 'manifest.json'; - - /** - * Reads a Cloud Assembly manifest from a file - */ - public static fromFile(fileName: string): AssemblyManifestReader { - try { - const obj = Manifest.loadAssemblyManifest(fileName); - return new AssemblyManifestReader(path.dirname(fileName), obj); - - } catch (e) { - throw new Error(`Cannot read integ manifest '${fileName}': ${e.message}`); - } - } - - /** - * Reads a Cloud Assembly manifest from a file or a directory - * If the given filePath is a directory then it will look for - * a file within the directory with the DEFAULT_FILENAME - */ - public static fromPath(filePath: string): AssemblyManifestReader { - let st; - try { - st = fs.statSync(filePath); - } catch (e) { - throw new Error(`Cannot read integ manifest at '${filePath}': ${e.message}`); - } - if (st.isDirectory()) { - return AssemblyManifestReader.fromFile(path.join(filePath, AssemblyManifestReader.DEFAULT_FILENAME)); - } - return AssemblyManifestReader.fromFile(filePath); - } - - /** - * The directory where the manifest was found - */ - public readonly directory: string; - - constructor(directory: string, private readonly manifest: AssemblyManifest) { - this.directory = directory; - } - - /** - * Get the stacks from the manifest - * returns a map of artifactId to CloudFormation template - */ - public get stacks(): Record { - const stacks: Record = {}; - for (const [artifactId, artifact] of Object.entries(this.manifest.artifacts ?? {})) { - if (artifact.type !== ArtifactType.AWS_CLOUDFORMATION_STACK) { continue; } - const props = artifact.properties as AwsCloudFormationStackProperties; - - const template = fs.readJSONSync(path.resolve(this.directory, props.templateFile)); - stacks[artifactId] = template; - } - return stacks; - } -} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/private/integ-manifest.ts b/packages/@aws-cdk/integ-runner/lib/runner/private/integ-manifest.ts deleted file mode 100644 index 80b567dbb69ce..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/runner/private/integ-manifest.ts +++ /dev/null @@ -1,76 +0,0 @@ -import * as path from 'path'; -import { IntegManifest, Manifest, TestCase } from '@aws-cdk/cloud-assembly-schema'; -import * as fs from 'fs-extra'; - -/** - * Test case configuration read from the integ manifest - */ -export interface IntegTestConfig { - /** - * Test cases contained in this integration test - */ - readonly testCases: { [testCaseName: string]: TestCase }; - - /** - * Whether to enable lookups for this test - * - * @default false - */ - readonly enableLookups: boolean; -} - -/** - * Reads an integration tests manifest - */ -export class IntegManifestReader { - public static readonly DEFAULT_FILENAME = 'integ.json'; - - /** - * Reads an integration test manifest from the specified file - */ - public static fromFile(fileName: string): IntegManifestReader { - try { - const obj = Manifest.loadIntegManifest(fileName); - return new IntegManifestReader(path.dirname(fileName), obj); - - } catch (e) { - throw new Error(`Cannot read integ manifest '${fileName}': ${e.message}`); - } - } - - /** - * Reads a Integration test manifest from a file or a directory - * If the given filePath is a directory then it will look for - * a file within the directory with the DEFAULT_FILENAME - */ - public static fromPath(filePath: string): IntegManifestReader { - let st; - try { - st = fs.statSync(filePath); - } catch (e) { - throw new Error(`Cannot read integ manifest at '${filePath}': ${e.message}`); - } - if (st.isDirectory()) { - return IntegManifestReader.fromFile(path.join(filePath, IntegManifestReader.DEFAULT_FILENAME)); - } - return IntegManifestReader.fromFile(filePath); - } - - /** - * The directory where the manifest was found - */ - public readonly directory: string; - constructor(directory: string, private readonly manifest: IntegManifest) { - this.directory = directory; - } - - /** - * List of integration tests in the manifest - */ - public get tests(): IntegTestConfig { - return { - testCases: this.manifest.testCases, - enableLookups: this.manifest.enableLookups ?? false, - }; - } -} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/private/logger.ts b/packages/@aws-cdk/integ-runner/lib/runner/private/logger.ts deleted file mode 100644 index 55c7f80b24365..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/runner/private/logger.ts +++ /dev/null @@ -1,20 +0,0 @@ -import { Writable } from 'stream'; -import * as util from 'util'; -import * as chalk from 'chalk'; - -type StyleFn = (str: string) => string; -const { stderr } = process; - -const logger = (stream: Writable, styles?: StyleFn[]) => (fmt: string, ...args: any[]) => { - let str = util.format(fmt, ...args); - if (styles && styles.length) { - str = styles.reduce((a, style) => style(a), str); - } - stream.write(str + '\n'); -}; - -export const print = logger(stderr); -export const error = logger(stderr, [chalk.red]); -export const warning = logger(stderr, [chalk.yellow]); -export const success = logger(stderr, [chalk.green]); -export const highlight = logger(stderr, [chalk.bold]); diff --git a/packages/@aws-cdk/integ-runner/lib/runner/runners.ts b/packages/@aws-cdk/integ-runner/lib/runner/runners.ts deleted file mode 100644 index 747d240c8f04d..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/runner/runners.ts +++ /dev/null @@ -1,606 +0,0 @@ -import * as path from 'path'; -import { Writable, WritableOptions } from 'stream'; -import { StringDecoder, NodeStringDecoder } from 'string_decoder'; -import { TestCase, RequireApproval, DefaultCdkOptions } from '@aws-cdk/cloud-assembly-schema'; -import { diffTemplate, formatDifferences } from '@aws-cdk/cloudformation-diff'; -import { AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY, FUTURE_FLAGS, TARGET_PARTITIONS } from '@aws-cdk/cx-api'; -import { CdkCliWrapper, ICdk } from 'cdk-cli-wrapper'; -import * as fs from 'fs-extra'; -import { Diagnostic, DiagnosticReason } from '../workers/common'; -import { canonicalizeTemplate } from './private/canonicalize-assets'; -import { AssemblyManifestReader } from './private/cloud-assembly'; -import { IntegManifestReader } from './private/integ-manifest'; - -const CDK_OUTDIR_PREFIX = 'cdk-integ.out'; -const CDK_INTEG_STACK_PRAGMA = '/// !cdk-integ'; -const PRAGMA_PREFIX = 'pragma:'; -const SET_CONTEXT_PRAGMA_PREFIX = 'pragma:set-context:'; -const VERIFY_ASSET_HASHES = 'pragma:include-assets-hashes'; -const ENABLE_LOOKUPS_PRAGMA = 'pragma:enable-lookups'; - -/** - * Options for creating an integration test runner - */ -export interface IntegRunnerOptions { - /** - * The name of the file that contains the integration test - * This should be a JavaScript file - */ - readonly fileName: string, - - /** - * Additional environment variables that will be available - * to the CDK CLI - * - * @default - no additional environment variables - */ - readonly env?: { [name: string]: string }, - - /** - * tmp cdk.out directory - * - * @default - directory will be `cdk-integ.out.${testName}` - */ - readonly integOutDir?: string, - - /** - * Instance of the CDK CLI to use - * - * @default - CdkCliWrapper - */ - readonly cdk?: ICdk; -} - -/** - * Represents an Integration test runner - */ -export abstract class IntegRunner { - /** - * The directory where the snapshot will be stored - */ - public readonly snapshotDir: string; - - /** - * An instance of the CDK CLI - */ - public readonly cdk: ICdk; - - /** - * Pretty name of the test - */ - public readonly testName: string; - - /** - * The path to the integration test file - */ - protected readonly sourceFilePath: string; - - /** - * The value used in the '--app' CLI parameter - */ - protected readonly cdkApp: string; - - /** - * The path where the `cdk.context.json` file - * will be created - */ - protected readonly cdkContextPath: string; - - /** - * The relative path from the cwd to the snapshot directory - */ - protected readonly relativeSnapshotDir: string; - - /** - * The integration tests that this runner will execute - */ - protected _tests?: { [testName: string]: TestCase }; - - /** - * The working directory that the integration tests will be - * executed from - */ - protected readonly directory: string; - - /** - * Default options to pass to the CDK CLI - */ - protected readonly defaultArgs: DefaultCdkOptions = { - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - } - - private _enableLookups?: boolean; - - /** - * The directory where the CDK will be synthed to - */ - protected readonly cdkOutDir: string; - - constructor(options: IntegRunnerOptions) { - const parsed = path.parse(options.fileName); - this.directory = parsed.dir; - this.testName = parsed.name.slice(6); - this.snapshotDir = path.join(this.directory, `${this.testName}.integ.snapshot`); - this.relativeSnapshotDir = `${this.testName}.integ.snapshot`; - this.sourceFilePath = path.join(this.directory, parsed.base); - this.cdkContextPath = path.join(this.directory, 'cdk.context.json'); - this.cdk = options.cdk ?? new CdkCliWrapper({ - directory: this.directory, - env: options.env, - }); - this.cdkOutDir = options.integOutDir ?? `${CDK_OUTDIR_PREFIX}.${this.testName}`; - this.cdkApp = `node ${parsed.base}`; - if (this.hasSnapshot()) { - this.loadManifest(); - } - } - - /** - * Whether or not lookups are enabled for a given test case - */ - protected get enableLookups(): boolean { - return this._enableLookups ?? false; - } - - /** - * Return this list of test cases for this integration test - */ - public get tests(): { [testName: string]: TestCase } | undefined { - return this._tests; - } - - /** - * Returns true if a snapshot already exists for this test - */ - public hasSnapshot(): boolean { - if (fs.existsSync(this.snapshotDir)) { - return true; - } else { - return false; - } - } - - protected loadManifest(dir?: string): void { - try { - const reader = IntegManifestReader.fromPath(dir ?? this.snapshotDir); - this._tests = reader.tests.testCases; - this._enableLookups = reader.tests.enableLookups; - } catch (e) { - this._tests = this.renderTestCasesForLegacyTests(); - this._enableLookups = this.pragmas().includes(ENABLE_LOOKUPS_PRAGMA); - } - } - - protected cleanup(): void { - const cdkOutPath = path.join(this.directory, this.cdkOutDir); - if (fs.existsSync(cdkOutPath)) { - fs.removeSync(cdkOutPath); - } - } - - protected createSnapshot(): void { - if (fs.existsSync(this.snapshotDir)) { - fs.removeSync(this.snapshotDir); - } - - // if lookups are enabled then we need to synth again - // using dummy context and save that as the snapshot - if (this.enableLookups) { - this.writeContext(); - this.cdk.synth({ - ...this.defaultArgs, - all: true, - app: this.cdkApp, - output: this.relativeSnapshotDir, - // TODO: figure out if we need this... - // env: { - // ...DEFAULT_SYNTH_OPTIONS.env, - // }, - }); - this.cleanupContextFile(); - } else { - fs.moveSync(path.join(this.directory, this.cdkOutDir), this.snapshotDir, { overwrite: true }); - } - } - - /** - * Returns the single test stack to use. - * - * If the test has a single stack, it will be chosen. Otherwise a pragma is expected within the - * test file the name of the stack: - * - * @example - * - * /// !cdk-integ - * - */ - private renderTestCasesForLegacyTests(): { [testName: string]: TestCase } { - const tests: TestCase = { - stacks: [], - }; - const pragma = this.readStackPragma(); - if (pragma.length > 0) { - tests.stacks.push(...pragma); - } else { - const stacks = (this.cdk.list({ - ...this.defaultArgs, - all: true, - app: this.cdkApp, - output: this.cdkOutDir, - })).split('\n'); - if (stacks.length !== 1) { - throw new Error('"cdk-integ" can only operate on apps with a single stack.\n\n' + - ' If your app has multiple stacks, specify which stack to select by adding this to your test source:\n\n' + - ` ${CDK_INTEG_STACK_PRAGMA} STACK ...\n\n` + - ` Available stacks: ${stacks.join(' ')} (wildcards are also supported)\n`); - } - tests.stacks.push(...stacks); - } - - return { - [this.testName]: tests, - }; - } - - /** - * Reads stack names from the "!cdk-integ" pragma. - * - * Every word that's NOT prefixed by "pragma:" is considered a stack name. - * - * @example - * - * /// !cdk-integ - */ - private readStackPragma(): string[] { - return (this.readIntegPragma()).filter(p => !p.startsWith(PRAGMA_PREFIX)); - } - - /** - * Read arbitrary cdk-integ pragma directives - * - * Reads the test source file and looks for the "!cdk-integ" pragma. If it exists, returns it's - * contents. This allows integ tests to supply custom command line arguments to "cdk deploy" and "cdk synth". - * - * @example - * - * /// !cdk-integ [...] - */ - private readIntegPragma(): string[] { - const source = fs.readFileSync(this.sourceFilePath, { encoding: 'utf-8' }); - const pragmaLine = source.split('\n').find(x => x.startsWith(CDK_INTEG_STACK_PRAGMA + ' ')); - if (!pragmaLine) { - return []; - } - - const args = pragmaLine.substring(CDK_INTEG_STACK_PRAGMA.length).trim().split(' '); - if (args.length === 0) { - throw new Error(`Invalid syntax for cdk-integ pragma. Usage: "${CDK_INTEG_STACK_PRAGMA} [STACK] [pragma:PRAGMA] [...]"`); - } - return args; - } - - /** - * Return the non-stack pragmas - * - * These are all pragmas that start with "pragma:". - * - * For backwards compatibility reasons, all pragmas that DON'T start with this - * string are considered to be stack names. - */ - protected pragmas(): string[] { - return (this.readIntegPragma()).filter(p => p.startsWith(PRAGMA_PREFIX)); - } - - /** - * There is not currently a way to pass structured context to the CLI - * so to workaround this we write the context to a file - */ - protected writeContext(additionalContext?: Record): void { - const ctxPragmaContext: Record = {}; - - // apply context from set-context pragma - // usage: pragma:set-context:key=value - const ctxPragmas = (this.pragmas()).filter(p => p.startsWith(SET_CONTEXT_PRAGMA_PREFIX)); - for (const p of ctxPragmas) { - const instruction = p.substring(SET_CONTEXT_PRAGMA_PREFIX.length); - const [key, value] = instruction.split('='); - if (key == null || value == null) { - throw new Error(`invalid "set-context" pragma syntax. example: "pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true" got: ${p}`); - } - - ctxPragmaContext[key] = value; - } - const context: Record = { - ...DEFAULT_SYNTH_OPTIONS.context, - ...ctxPragmaContext, - ...additionalContext, - }; - fs.writeFileSync(this.cdkContextPath, JSON.stringify(context, undefined, 2), { encoding: 'utf-8' }); - } - - protected cleanupContextFile() { - if (fs.existsSync(this.cdkContextPath)) { - fs.unlinkSync(this.cdkContextPath); - } - } -} - -/** - * Options for the integration test runner - */ -export interface IntegTestRunOptions { - /** - * The test case to execute - */ - readonly testCase: TestCase; - - /** - * Whether or not to run `cdk destroy` and cleanup the - * integration test stacks. - * - * Set this to false if you need to perform any validation - * or troubleshooting after deployment. - * - * @default true - */ - readonly clean?: boolean; - - /** - * If set to true, the integration test will not deploy - * anything and will simply update the snapshot. - * - * You should NOT use this method since you are essentially - * bypassing the integration test. - * - * @default false - */ - readonly dryRun?: boolean; -} - -/** - * An integration test runner that orchestrates executing - * integration tests - */ -export class IntegTestRunner extends IntegRunner { - constructor(options: IntegRunnerOptions) { - super(options); - } - - /** - * Orchestrates running integration tests. Currently this includes - * - * 1. Deploying the integration test stacks - * 2. Saving the snapshot - * 3. Destroying the integration test stacks - */ - public runIntegTestCase(options: IntegTestRunOptions): void { - const clean = options.clean ?? true; - try { - if (!options.dryRun) { - this.cdk.deploy({ - ...this.defaultArgs, - stacks: options.testCase.stacks, - requireApproval: RequireApproval.NEVER, - output: this.cdkOutDir, - app: this.cdkApp, - lookups: this.enableLookups, - }); - } else { - this.cdk.synth({ - ...this.defaultArgs, - stacks: options.testCase.stacks, - output: this.cdkOutDir, - app: this.cdkApp, - lookups: this.enableLookups, - }); - } - this.createSnapshot(); - } catch (e) { - throw e; - } finally { - if (!options.dryRun) { - if (clean) { - this.cdk.destroy({ - ...this.defaultArgs, - stacks: options.testCase.stacks, - force: true, - app: this.cdkApp, - output: this.cdkOutDir, - }); - } - } - this.cleanup(); - } - } - - /** - * Generate a snapshot if one does not exist - * This will synth and then load the integration test manifest - */ - public generateSnapshot(): void { - if (this.hasSnapshot()) { - throw new Error(`${this.testName} already has a snapshot: ${this.snapshotDir}`); - } - - this.cdk.synth({ - ...this.defaultArgs, - all: true, - app: this.cdkApp, - output: this.cdkOutDir, - }); - this.loadManifest(this.cdkOutDir); - } -} - -/** - * Runner for snapshot tests. This handles orchestrating - * the validation of the integration test snapshots - */ -export class IntegSnapshotRunner extends IntegRunner { - constructor(options: IntegRunnerOptions) { - super(options); - } - - /** - * Synth the integration tests and compare the templates - * to the existing snapshot. - */ - public testSnapshot(): Diagnostic[] { - try { - // read the existing snapshot - const expectedStacks = this.readAssembly(this.snapshotDir); - - // if lookups are enabled then write the dummy context file - if (this.enableLookups) { - this.writeContext(); - } - // synth the integration test - this.cdk.synth({ - ...this.defaultArgs, - all: true, - app: this.cdkApp, - output: this.cdkOutDir, - lookups: this.enableLookups, - }); - const actualStacks = this.readAssembly(path.join(this.directory, this.cdkOutDir)); - - // diff the existing snapshot (expected) with the integration test (actual) - const diagnostics = this.diffAssembly(expectedStacks, actualStacks); - return diagnostics; - } catch (e) { - throw e; - } finally { - this.cleanupContextFile(); - this.cleanup(); - } - } - - private diffAssembly(existing: Record, actual: Record): Diagnostic[] { - const verifyHashes = this.pragmas().includes(VERIFY_ASSET_HASHES); - const failures: Diagnostic[] = []; - for (const templateId of Object.keys(existing)) { - if (!actual.hasOwnProperty(templateId)) { - failures.push({ - testName: this.testName, - reason: DiagnosticReason.SNAPSHOT_FAILED, - message: `${templateId} exists in snapshot, but not in actual`, - }); - } - } - - for (const templateId of Object.keys(actual)) { - if (!existing.hasOwnProperty(templateId)) { - failures.push({ - testName: this.testName, - reason: DiagnosticReason.SNAPSHOT_FAILED, - message: `${templateId} does not exist in snapshot, but does in actual`, - }); - } else { - let actualTemplate = actual[templateId]; - let expectedTemplate = existing[templateId]; - - if (!verifyHashes) { - actualTemplate = canonicalizeTemplate(actualTemplate); - expectedTemplate = canonicalizeTemplate(expectedTemplate); - } - const diff = diffTemplate(expectedTemplate, actualTemplate); - if (!diff.isEmpty) { - const writable = new StringWritable({}); - formatDifferences(writable, diff); - failures.push({ - reason: DiagnosticReason.SNAPSHOT_FAILED, - message: writable.data, - testName: this.testName, - }); - } - } - } - - return failures; - } - - private readAssembly(dir: string): Record { - const assembly = AssemblyManifestReader.fromPath(dir); - const stacks = assembly.stacks; - - return stacks; - } -} - -class StringWritable extends Writable { - public data: string; - private _decoder: NodeStringDecoder; - constructor(options: WritableOptions) { - super(options); - this._decoder = new StringDecoder(); - this.data = ''; - } - - _write(chunk: any, encoding: string, callback: (error?: Error | null) => void): void { - if (encoding === 'buffer') { - chunk = this._decoder.write(chunk); - } - - this.data += chunk; - callback(); - } - - _final(callback: (error?: Error | null) => void): void { - this.data += this._decoder.end(); - callback(); - } -} - -// Default context we run all integ tests with, so they don't depend on the -// account of the exercising user. -const DEFAULT_SYNTH_OPTIONS = { - context: { - [AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY]: ['test-region-1a', 'test-region-1b', 'test-region-1c'], - 'availability-zones:account=12345678:region=test-region': ['test-region-1a', 'test-region-1b', 'test-region-1c'], - 'ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2:region=test-region': 'ami-1234', - 'ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2:region=test-region': 'ami-1234', - 'ssm:account=12345678:parameterName=/aws/service/ecs/optimized-ami/amazon-linux/recommended:region=test-region': '{"image_id": "ami-1234"}', - // eslint-disable-next-line max-len - 'ami:account=12345678:filters.image-type.0=machine:filters.name.0=amzn-ami-vpc-nat-*:filters.state.0=available:owners.0=amazon:region=test-region': 'ami-1234', - 'vpc-provider:account=12345678:filter.isDefault=true:region=test-region:returnAsymmetricSubnets=true': { - vpcId: 'vpc-60900905', - subnetGroups: [ - { - type: 'Public', - name: 'Public', - subnets: [ - { - subnetId: 'subnet-e19455ca', - availabilityZone: 'us-east-1a', - routeTableId: 'rtb-e19455ca', - }, - { - subnetId: 'subnet-e0c24797', - availabilityZone: 'us-east-1b', - routeTableId: 'rtb-e0c24797', - }, - { - subnetId: 'subnet-ccd77395', - availabilityZone: 'us-east-1c', - routeTableId: 'rtb-ccd77395', - }, - ], - }, - ], - }, - // Enable feature flags for all integ tests - ...FUTURE_FLAGS, - - // Restricting to these target partitions makes most service principals synthesize to - // `service.${URL_SUFFIX}`, which is technically *incorrect* (it's only `amazonaws.com` - // or `amazonaws.com.cn`, never UrlSuffix for any of the restricted regions) but it's what - // most existing integ tests contain, and we want to disturb as few as possible. - [TARGET_PARTITIONS]: ['aws', 'aws-cn'], - }, - env: { - CDK_INTEG_ACCOUNT: '12345678', - CDK_INTEG_REGION: 'test-region', - }, -}; diff --git a/packages/@aws-cdk/integ-runner/lib/workers/common.ts b/packages/@aws-cdk/integ-runner/lib/workers/common.ts deleted file mode 100644 index db196cc809937..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/workers/common.ts +++ /dev/null @@ -1,119 +0,0 @@ -import { IntegTestConfig } from '../runner/integ-tests'; -import * as logger from '../runner/private/logger'; - -/** - * Integration test results - */ -export interface IntegBatchResponse { - failedTests: IntegTestConfig[]; -} - -/** - * Common options for running integration tests - */ -export interface IntegTestOptions { - /** - * A list of integration tests to run - * in this batch - */ - readonly tests: IntegTestConfig[]; - - /** - * Whether or not to destroy the stacks at the - * end of the test - * - * @default true - */ - readonly clean?: boolean; - - /** - * When this is set to `true` the snapshot will - * be created _without_ running the integration test - * The resulting snapshot SHOULD NOT be checked in - * - * @default false - */ - readonly dryRun?: boolean; - - /** - * Whether to enable verbose logging - * - * @default false - */ - readonly verbose?: boolean; -} - -/** - * Represents possible reasons for a diagnostic - */ -export enum DiagnosticReason { - /** - * The integration test failed because there - * is not existing snapshot - */ - NO_SNAPSHOT = 'NO_SNAPSHOT', - - /** - * The integration test failed - */ - TEST_FAILED = 'TEST_FAILED', - - /** - * The snapshot test failed because the actual - * snapshot was different than the expected snapshot - */ - SNAPSHOT_FAILED = 'SNAPSHOT_FAILED', - - /** - * The snapshot test succeeded - */ - SNAPSHOT_SUCCESS = 'SNAPSHOT_SUCCESS', - - /** - * The integration test succeeded - */ - TEST_SUCCESS = 'TEST_SUCCESS', -} - -/** - * Integration test diagnostics - * This is used to report back the status of each test - */ -export interface Diagnostic { - /** - * The name of the test - */ - readonly testName: string; - - /** - * The diagnostic message - */ - readonly message: string; - - /** - * The reason for the diagnostic - */ - readonly reason: DiagnosticReason; -} - -/** - * Print out the results from tests - */ -export function printResults(diagnostic: Diagnostic): void { - switch (diagnostic.reason) { - case DiagnosticReason.SNAPSHOT_SUCCESS: - logger.success(' %s No Change!', diagnostic.testName); - break; - case DiagnosticReason.TEST_SUCCESS: - logger.success(' %s Test Succeeded!', diagnostic.testName); - break; - case DiagnosticReason.NO_SNAPSHOT: - logger.error(' %s - No Snapshot!', diagnostic.testName); - break; - case DiagnosticReason.SNAPSHOT_FAILED: - logger.error(' %s - Snapshot changed!\n%s', diagnostic.testName, diagnostic.message); - break; - case DiagnosticReason.TEST_FAILED: - logger.error(' %s - Failed!\n%s', diagnostic.testName, diagnostic.message); - } -} diff --git a/packages/@aws-cdk/integ-runner/lib/workers/extract_worker.ts b/packages/@aws-cdk/integ-runner/lib/workers/extract_worker.ts deleted file mode 100644 index 42b0e63b1f9af..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/workers/extract_worker.ts +++ /dev/null @@ -1,35 +0,0 @@ -import * as workerpool from 'workerpool'; -import { IntegTestConfig } from '../runner/integ-tests'; -import { Diagnostic, IntegBatchResponse } from './common'; -import { singleThreadedSnapshotRunner } from './integ-snapshot-worker'; -import { singleThreadedTestRunner, IntegTestBatchRequest } from './integ-test-worker'; - -/** - * Options for running snapshot tests - */ -export interface SnapshotBatchRequest { - readonly tests: IntegTestConfig[]; -} - -/** - * Snapshot test results - */ -export interface SnapshotBatchResponse { - diagnostics: Diagnostic[]; - failedTests: IntegTestConfig[]; -} - -function integTestBatch(request: IntegTestBatchRequest): IntegBatchResponse { - const result = singleThreadedTestRunner(request); - return result; -} - -function snapshotTestBatch(request: SnapshotBatchRequest): IntegBatchResponse { - const result = singleThreadedSnapshotRunner(request.tests); - return result; -} - -workerpool.worker({ - snapshotTestBatch, - integTestBatch, -}); diff --git a/packages/@aws-cdk/integ-runner/lib/workers/integ-snapshot-worker.ts b/packages/@aws-cdk/integ-runner/lib/workers/integ-snapshot-worker.ts deleted file mode 100644 index f92efe543746a..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/workers/integ-snapshot-worker.ts +++ /dev/null @@ -1,51 +0,0 @@ -import * as workerpool from 'workerpool'; -import { IntegTestConfig } from '../runner/integ-tests'; -import { IntegSnapshotRunner } from '../runner/runners'; -import { DiagnosticReason, IntegBatchResponse } from './common'; - -/** - * Runs a single snapshot test batch request. - * For each integration test this will check to see - * if there is an existing snapshot, and if there is will - * check if there are any changes - */ -export function singleThreadedSnapshotRunner(tests: IntegTestConfig[]): IntegBatchResponse { - const failedTests = new Array(); - for (const test of tests) { - const runner = new IntegSnapshotRunner({ fileName: test.fileName }); - try { - if (!runner.hasSnapshot()) { - workerpool.workerEmit({ - reason: DiagnosticReason.NO_SNAPSHOT, - testName: runner.testName, - message: 'No Snapshot', - }); - failedTests.push(test); - } else { - const snapshotDiagnostics = runner.testSnapshot(); - if (snapshotDiagnostics.length > 0) { - snapshotDiagnostics.forEach(diagnostic => workerpool.workerEmit(diagnostic)); - failedTests.push(test); - } else { - workerpool.workerEmit({ - reason: DiagnosticReason.SNAPSHOT_SUCCESS, - testName: runner.testName, - message: 'Success', - }); - } - } - } catch (e) { - failedTests.push(test); - workerpool.workerEmit({ - message: e.message, - testName: runner.testName, - reason: DiagnosticReason.SNAPSHOT_FAILED, - }); - } - } - - return { - failedTests, - }; -} - diff --git a/packages/@aws-cdk/integ-runner/lib/workers/integ-test-worker.ts b/packages/@aws-cdk/integ-runner/lib/workers/integ-test-worker.ts deleted file mode 100644 index def9915d91c35..0000000000000 --- a/packages/@aws-cdk/integ-runner/lib/workers/integ-test-worker.ts +++ /dev/null @@ -1,124 +0,0 @@ -import * as workerpool from 'workerpool'; -import { IntegTestConfig } from '../runner/integ-tests'; -import * as logger from '../runner/private/logger'; -import { IntegTestRunner } from '../runner/runners'; -import { printResults, IntegBatchResponse, IntegTestOptions, DiagnosticReason } from './common'; - -/** - * Options for an integration test batch - */ -export interface IntegTestBatchRequest extends IntegTestOptions { - /** - * The AWS region to run this batch in - */ - readonly region: string; -} - -/** - * Options for running all integration tests - */ -export interface IntegTestRunOptions extends IntegTestOptions { - /** - * The regions to run the integration tests across. - * This allows the runner to run integration tests in parallel - */ - readonly regions: string[]; - - /** - * The workerpool to use - */ - readonly pool: workerpool.WorkerPool; -} - - -/** - * Runs a set of integration tests in parallel across a list of AWS regions. - * Only a single test can be run at a time in a given region. Once a region - * is done running a test, the next test will be pulled from the queue - */ -export async function runIntegrationTestsInParallel( - options: IntegTestRunOptions, -): Promise { - - const queue = options.tests; - const results: IntegBatchResponse[] = []; - - async function runTest(region: string): Promise { - do { - const test = queue.pop(); - if (!test) break; - logger.highlight(`Running test ${test.fileName} in ${region}`); - const response: IntegBatchResponse = await options.pool.exec('integTestBatch', [{ - region, - tests: [test], - clean: options.clean, - dryRun: options.dryRun, - verbose: options.verbose, - }], { - on: printResults, - }); - - results.push(response); - } while (queue.length > 0); - } - - const workers = options.regions.map((region) => runTest(region)); - await Promise.all(workers); - return results; -} - -/** - * Runs a single integration test batch request. - * If the test does not have an existing snapshot, - * this will first generate a snapshot and then execute - * the integration tests. - * - * If the tests succeed it will then save the snapshot - */ -export function singleThreadedTestRunner(request: IntegTestBatchRequest): IntegBatchResponse { - const failures: IntegTestConfig[] = []; - for (const test of request.tests) { - const runner = new IntegTestRunner({ - fileName: test.fileName, - env: { - AWS_REGION: request.region, - }, - }); - try { - if (!runner.hasSnapshot()) { - runner.generateSnapshot(); - } - - if (!runner.tests) { - throw new Error(`No tests defined for ${runner.testName}`); - } - for (const [testName, testCase] of Object.entries(runner.tests)) { - try { - runner.runIntegTestCase({ - testCase: testCase, - clean: request.clean, - dryRun: request.dryRun, - }); - workerpool.workerEmit({ - reason: DiagnosticReason.TEST_SUCCESS, - testName: testName, - message: 'Success', - }); - } catch (e) { - failures.push(test); - workerpool.workerEmit({ - reason: DiagnosticReason.TEST_FAILED, - testName: testName, - message: `Integration test failed: ${e}`, - }); - } - } - } catch (e) { - logger.error(`Errors running test cases: ${e}`); - } - } - - return { - failedTests: failures, - }; -} diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json deleted file mode 100644 index af90b78aef132..0000000000000 --- a/packages/@aws-cdk/integ-runner/package.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "name": "@aws-cdk/integ-runner", - "description": "CDK Integration Testing Tool", - "version": "0.0.0", - "main": "lib/index.js", - "types": "lib/index.d.ts", - "bin": { - "integ-runner": "bin/integ-runner" - }, - "scripts": { - "build": "cdk-build", - "lint": "cdk-lint", - "package": "cdk-package", - "awslint": "cdk-awslint", - "pkglint": "pkglint -f", - "test": "cdk-test", - "watch": "cdk-watch", - "build+test": "yarn build && yarn test", - "build+test+package": "yarn build+test && yarn package", - "compat": "cdk-compat", - "build+extract": "yarn build", - "build+test+extract": "yarn build+test" - }, - "author": { - "name": "Amazon Web Services", - "url": "https://aws.amazon.com", - "organization": true - }, - "license": "Apache-2.0", - "devDependencies": { - "@aws-cdk/cdk-build-tools": "0.0.0", - "@aws-cdk/pkglint": "0.0.0", - "@types/fs-extra": "^8.1.2", - "@types/jest": "^27.4.1", - "@types/node": "^10.17.60", - "@types/workerpool": "^6.1.0", - "@types/yargs": "^15.0.14", - "jest": "^27.5.1" - }, - "dependencies": { - "@aws-cdk/cloud-assembly-schema": "0.0.0", - "@aws-cdk/cloudformation-diff": "0.0.0", - "@aws-cdk/cx-api": "0.0.0", - "aws-cdk": "0.0.0", - "cdk-cli-wrapper": "0.0.0", - "chalk": "^4", - "fs-extra": "^9.1.0", - "workerpool": "^6.2.0", - "yargs": "^16.2.0" - }, - "repository": { - "url": "https://github.com/aws/aws-cdk.git", - "type": "git", - "directory": "packages/@aws-cdk/integ-runner" - }, - "keywords": [ - "aws", - "cdk" - ], - "homepage": "https://github.com/aws/aws-cdk", - "engines": { - "node": ">= 10.13.0 <13 || >=13.7.0" - }, - "cdk-package": { - "shrinkWrap": true - }, - "nozem": { - "ostools": [ - "unzip", - "diff", - "rm" - ] - }, - "stability": "experimental", - "maturity": "experimental", - "publishConfig": { - "tag": "latest" - } -} diff --git a/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts b/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts deleted file mode 100644 index 878f5bf5d2489..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts +++ /dev/null @@ -1,15 +0,0 @@ -import * as path from 'path'; -import { IntegrationTests } from '../../lib/runner/integ-tests'; - -const directory = path.join(__dirname, '../test-data'); - -describe('IntegrationTests', () => { - test('from cli args', async () => { - const tests = new IntegrationTests(directory); - - const integTests = await tests.fromCliArgs(['integ.integ-test1.js']); - - expect(integTests.length).toEqual(1); - expect(integTests[0].fileName).toEqual(expect.stringMatching(/integ.integ-test1.js$/)); - }); -}); diff --git a/packages/@aws-cdk/integ-runner/test/runner/runners.test.ts b/packages/@aws-cdk/integ-runner/test/runner/runners.test.ts deleted file mode 100644 index 8894f5ba92843..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/runner/runners.test.ts +++ /dev/null @@ -1,324 +0,0 @@ -import * as path from 'path'; -import * as fs from 'fs-extra'; -import { IntegTestRunner, IntegSnapshotRunner } from '../../lib/runner/runners'; -import { DiagnosticReason } from '../../lib/workers/common'; - -describe('IntegTest runSnapshotTests', () => { - let synthMock: jest.SpyInstance; - beforeEach(() => { - jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); - jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); - }); - afterEach(() => { - jest.clearAllMocks(); - jest.resetAllMocks(); - jest.restoreAllMocks(); - }); - test('with defaults no diff', () => { - // WHEN - const integTest = new IntegSnapshotRunner({ - fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot.js'), - integOutDir: 'test-with-snapshot.integ.snapshot', - }); - synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); - integTest.testSnapshot(); - - // THEN - expect(synthMock).toHaveBeenCalledTimes(1); - expect(synthMock.mock.calls[0][0]).toEqual({ - all: true, - app: 'node integ.test-with-snapshot.js', - output: 'test-with-snapshot.integ.snapshot', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - lookups: false, - }); - }); - - test('with defaults and diff', () => { - // WHEN - const integTest = new IntegSnapshotRunner({ - fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot.js'), - integOutDir: 'test-with-snapshot-diff.integ.snapshot', - }); - synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); - const diagnostics = integTest.testSnapshot(); - - // THEN - expect(synthMock).toHaveBeenCalledTimes(1); - expect(synthMock.mock.calls[0][0]).toEqual({ - all: true, - app: 'node integ.test-with-snapshot.js', - output: 'test-with-snapshot-diff.integ.snapshot', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - lookups: false, - }); - expect(diagnostics).toEqual(expect.arrayContaining([expect.objectContaining({ - reason: DiagnosticReason.SNAPSHOT_FAILED, - testName: integTest.testName, - message: expect.stringContaining('foobar'), - })])); - }); - - test('dont diff asset hashes', () => { - // WHEN - const integTest = new IntegSnapshotRunner({ - fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot-assets-diff.js'), - integOutDir: 'test-with-snapshot-assets.integ.snapshot', - }); - synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); - expect(() => { - integTest.testSnapshot(); - }).not.toThrow(); - - // THEN - expect(synthMock).toHaveBeenCalledTimes(1); - expect(synthMock.mock.calls[0][0]).toEqual({ - all: true, - app: 'node integ.test-with-snapshot-assets-diff.js', - output: 'test-with-snapshot-assets.integ.snapshot', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - lookups: true, - }); - }); - - test('diff asset hashes', () => { - // WHEN - const integTest = new IntegSnapshotRunner({ - fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot-assets.js'), - integOutDir: 'test-with-snapshot-assets-diff.integ.snapshot', - }); - synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); - const diagnostics = integTest.testSnapshot(); - - // THEN - expect(synthMock).toHaveBeenCalledTimes(1); - expect(synthMock.mock.calls[0][0]).toEqual({ - all: true, - app: 'node integ.test-with-snapshot-assets.js', - output: 'test-with-snapshot-assets-diff.integ.snapshot', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - lookups: false, - }); - expect(diagnostics).toEqual(expect.arrayContaining([expect.objectContaining({ - reason: DiagnosticReason.SNAPSHOT_FAILED, - testName: integTest.testName, - message: expect.stringContaining('Parameters'), - })])); - }); -}); - -describe('IntegTest runIntegTests', () => { - let integTest: IntegTestRunner; - let deployMock: jest.SpyInstance; - let destroyMock: jest.SpyInstance; - let synthMock: jest.SpyInstance; - let listMock: jest.SpyInstance; - // let stderrMock: jest.SpyInstance; - beforeEach(() => { - integTest = new IntegTestRunner({ fileName: path.join(__dirname, '../test-data/integ.integ-test1.js') }); - deployMock = jest.spyOn(integTest.cdk, 'deploy').mockImplementation(); - destroyMock = jest.spyOn(integTest.cdk, 'destroy').mockImplementation(); - synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); - listMock = jest.spyOn(integTest.cdk, 'list').mockImplementation(); - jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); - }); - afterEach(() => { - jest.clearAllMocks(); - jest.resetAllMocks(); - jest.restoreAllMocks(); - }); - test('with defaults', () => { - // WHEN - integTest.runIntegTestCase({ - testCase: { - stacks: ['stack1'], - }, - }); - - // THEN - expect(deployMock).toHaveBeenCalledTimes(1); - expect(destroyMock).toHaveBeenCalledTimes(1); - expect(synthMock).toHaveBeenCalledTimes(0); - expect(deployMock.mock.calls[0][0]).toEqual({ - app: 'node integ.integ-test1.js', - requireApproval: 'never', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - lookups: false, - stacks: ['stack1'], - output: 'cdk-integ.out.integ-test1', - }); - expect(destroyMock.mock.calls[0][0]).toEqual({ - app: 'node integ.integ-test1.js', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - force: true, - stacks: ['stack1'], - output: 'cdk-integ.out.integ-test1', - }); - }); - - test('with lookups', () => { - // WHEN - integTest = new IntegTestRunner({ fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot-assets-diff.js') }); - deployMock = jest.spyOn(integTest.cdk, 'deploy').mockImplementation(); - destroyMock = jest.spyOn(integTest.cdk, 'destroy').mockImplementation(); - synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); - listMock = jest.spyOn(integTest.cdk, 'list').mockImplementation(); - integTest.runIntegTestCase({ - testCase: { - stacks: ['test-stack'], - }, - }); - - // THEN - expect(deployMock).toHaveBeenCalledTimes(1); - expect(destroyMock).toHaveBeenCalledTimes(1); - expect(synthMock).toHaveBeenCalledTimes(1); - expect(deployMock.mock.calls[0][0]).toEqual({ - app: 'node integ.test-with-snapshot-assets-diff.js', - requireApproval: 'never', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - lookups: true, - stacks: ['test-stack'], - output: 'cdk-integ.out.test-with-snapshot-assets-diff', - }); - expect(synthMock.mock.calls[0][0]).toEqual({ - app: 'node integ.test-with-snapshot-assets-diff.js', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - all: true, - output: 'test-with-snapshot-assets-diff.integ.snapshot', - }); - expect(destroyMock.mock.calls[0][0]).toEqual({ - app: 'node integ.test-with-snapshot-assets-diff.js', - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - force: true, - stacks: ['test-stack'], - output: 'cdk-integ.out.test-with-snapshot-assets-diff', - }); - }); - - test('no clean', () => { - // WHEN - integTest.runIntegTestCase({ - clean: false, - testCase: { - stacks: ['stack1'], - }, - }); - - // THEN - expect(deployMock).toHaveBeenCalledTimes(1); - expect(destroyMock).toHaveBeenCalledTimes(0); - expect(synthMock).toHaveBeenCalledTimes(0); - }); - - test('dryrun', () => { - // WHEN - integTest.runIntegTestCase({ - dryRun: true, - testCase: { - stacks: ['stack1'], - }, - }); - - // THEN - expect(deployMock).toHaveBeenCalledTimes(0); - expect(destroyMock).toHaveBeenCalledTimes(0); - expect(synthMock).toHaveBeenCalledTimes(1); - }); - - test('determine test stack via pragma', () => { - // WHEN - integTest.generateSnapshot(); - - // THEN - expect(integTest.tests).toEqual(expect.objectContaining({ - 'integ-test1': { - stacks: ['stack1'], - }, - })); - expect(listMock).toHaveBeenCalledTimes(0); - }); - - test('generate snapshot', () => { - // WHEN - integTest.generateSnapshot(); - - // THEN - expect(synthMock).toHaveBeenCalledTimes(1); - expect(synthMock.mock.calls[0][0]).toEqual({ - all: true, - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - app: 'node integ.integ-test1.js', - output: 'cdk-integ.out.integ-test1', - }); - }); -}); - -describe('IntegTest no pragma', () => { - let integTest: IntegTestRunner; - let synthMock: jest.SpyInstance; - beforeEach(() => { - integTest = new IntegTestRunner({ fileName: path.join(__dirname, '../test-data/integ.integ-test2.js') }); - jest.spyOn(integTest.cdk, 'deploy').mockImplementation(); - jest.spyOn(integTest.cdk, 'destroy').mockImplementation(); - synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); - jest.spyOn(integTest.cdk, 'list').mockImplementation(() => { - return 'stackabc'; - }); - jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); - }); - afterEach(() => { - jest.clearAllMocks(); - jest.resetAllMocks(); - jest.restoreAllMocks(); - }); - test('get stacks from list', async () => { - // WHEN - integTest.generateSnapshot(); - - // THEN - expect(integTest.tests).toEqual(expect.objectContaining({ - 'integ-test2': { - stacks: ['stackabc'], - }, - })); - expect(synthMock).toHaveBeenCalledTimes(1); - expect(synthMock.mock.calls[0][0]).toEqual({ - app: 'node integ.integ-test2.js', - all: true, - pathMetadata: false, - assetMetadata: false, - versionReporting: false, - output: 'cdk-integ.out.integ-test2', - }); - }); -}); diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/cdk.out deleted file mode 100644 index 2efc89439fab8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/manifest.json deleted file mode 100644 index c0da3afe14484..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/manifest.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "version": "17.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "test-stack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "test-stack.template.json", - "validateOnSynth": false - }, - "metadata": { - "/test-stack/MyFunction1/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction1ServiceRole9852B06B", - "trace": [ - "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ], - "/test-stack/MyFunction1/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction12A744C2E", - "trace": [ - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ] - }, - "displayName": "test-stack" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/test-stack.template.json deleted file mode 100644 index 40f4c8238c04f..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/test-stack.template.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "Resources": { - "MyFunction1ServiceRole9852B06B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "MyFunction12A744C2E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "foo" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x" - }, - "DependsOn": [ - "MyFunction1ServiceRole9852B06B" - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/tree.json deleted file mode 100644 index b664bec74b37c..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets-diff/tree.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" - } - }, - "test-stack": { - "id": "test-stack", - "path": "test-stack", - "children": { - "MyFunction1": { - "id": "MyFunction1", - "path": "test-stack/MyFunction1", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "test-stack/MyFunction1/ServiceRole", - "children": { - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "foo" - }, - "role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "handler": "index.handler", - "runtime": "nodejs14.x" - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.Function", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/cdk.out deleted file mode 100644 index 2efc89439fab8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/manifest.json deleted file mode 100644 index c0da3afe14484..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/manifest.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "version": "17.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "test-stack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "test-stack.template.json", - "validateOnSynth": false - }, - "metadata": { - "/test-stack/MyFunction1/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction1ServiceRole9852B06B", - "trace": [ - "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ], - "/test-stack/MyFunction1/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction12A744C2E", - "trace": [ - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ] - }, - "displayName": "test-stack" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/test-stack.template.json deleted file mode 100644 index 40f4c8238c04f..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/test-stack.template.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "Resources": { - "MyFunction1ServiceRole9852B06B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "MyFunction12A744C2E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "foo" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x" - }, - "DependsOn": [ - "MyFunction1ServiceRole9852B06B" - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/tree.json deleted file mode 100644 index b664bec74b37c..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/tree.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" - } - }, - "test-stack": { - "id": "test-stack", - "path": "test-stack", - "children": { - "MyFunction1": { - "id": "MyFunction1", - "path": "test-stack/MyFunction1", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "test-stack/MyFunction1/ServiceRole", - "children": { - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "foo" - }, - "role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "handler": "index.handler", - "runtime": "nodejs14.x" - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.Function", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/cdk.out deleted file mode 100644 index 2efc89439fab8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/manifest.json deleted file mode 100644 index c0da3afe14484..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/manifest.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "version": "17.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "test-stack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "test-stack.template.json", - "validateOnSynth": false - }, - "metadata": { - "/test-stack/MyFunction1/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction1ServiceRole9852B06B", - "trace": [ - "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ], - "/test-stack/MyFunction1/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction12A744C2E", - "trace": [ - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ] - }, - "displayName": "test-stack" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/test-stack.template.json deleted file mode 100644 index 40f4c8238c04f..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/test-stack.template.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "Resources": { - "MyFunction1ServiceRole9852B06B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "MyFunction12A744C2E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "foo" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x" - }, - "DependsOn": [ - "MyFunction1ServiceRole9852B06B" - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/tree.json deleted file mode 100644 index b664bec74b37c..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/tree.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" - } - }, - "test-stack": { - "id": "test-stack", - "path": "test-stack", - "children": { - "MyFunction1": { - "id": "MyFunction1", - "path": "test-stack/MyFunction1", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "test-stack/MyFunction1/ServiceRole", - "children": { - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "foo" - }, - "role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "handler": "index.handler", - "runtime": "nodejs14.x" - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.Function", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test1.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test1.ts deleted file mode 100644 index 26679b49d93bc..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test1.ts +++ /dev/null @@ -1,2 +0,0 @@ -/// !cdk-integ stack1 pragma:ignore-assets -/// !cdk-integ pragma:ignore-assets diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test2.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test2.ts deleted file mode 100644 index bb0eb24f2756d..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test2.ts +++ /dev/null @@ -1 +0,0 @@ -/// !cdk-integ pragma:enable-lookups diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets-diff.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets-diff.ts deleted file mode 100644 index bcdc92fbcdcf2..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets-diff.ts +++ /dev/null @@ -1 +0,0 @@ -/// !cdk-integ test-stack pragma:enable-lookups diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets.ts deleted file mode 100644 index ff230f9f7e58e..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets.ts +++ /dev/null @@ -1 +0,0 @@ -/// !cdk-integ test-stack pragma:include-assets-hashes diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot.ts deleted file mode 100644 index c3548a8acffcc..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot.ts +++ /dev/null @@ -1,2 +0,0 @@ -/// !cdk-integ test-stack pragma:ignore-assets -/// !cdk-integ pragma:ignore-assets diff --git a/packages/@aws-cdk/integ-runner/test/test-data/not.integ-test.ts b/packages/@aws-cdk/integ-runner/test/test-data/not.integ-test.ts deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/cdk.out deleted file mode 100644 index 2efc89439fab8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/manifest.json deleted file mode 100644 index c0da3afe14484..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/manifest.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "version": "17.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "test-stack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "test-stack.template.json", - "validateOnSynth": false - }, - "metadata": { - "/test-stack/MyFunction1/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction1ServiceRole9852B06B", - "trace": [ - "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ], - "/test-stack/MyFunction1/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction12A744C2E", - "trace": [ - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ] - }, - "displayName": "test-stack" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/test-stack.template.json deleted file mode 100644 index 969780cdf33e5..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/test-stack.template.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "Resources": { - "MyFunction1ServiceRole9852B06B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "MyFunction12A744C2E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "foo" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x" - }, - "DependsOn": [ - "MyFunction1ServiceRole9852B06B" - ] - } - }, - "Parameters": { - "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3BucketBF50F97C": { - "Type": "String", - "Description": "S3 bucket for asset \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" - }, - "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1": { - "Type": "String", - "Description": "S3 key for asset version \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" - }, - "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509ArtifactHash5D8C129B": { - "Type": "String", - "Description": "Artifact hash for asset \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/tree.json deleted file mode 100644 index b664bec74b37c..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/tree.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" - } - }, - "test-stack": { - "id": "test-stack", - "path": "test-stack", - "children": { - "MyFunction1": { - "id": "MyFunction1", - "path": "test-stack/MyFunction1", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "test-stack/MyFunction1/ServiceRole", - "children": { - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "foo" - }, - "role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "handler": "index.handler", - "runtime": "nodejs14.x" - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.Function", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/cdk.out deleted file mode 100644 index 2efc89439fab8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/manifest.json deleted file mode 100644 index c0da3afe14484..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/manifest.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "version": "17.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "test-stack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "test-stack.template.json", - "validateOnSynth": false - }, - "metadata": { - "/test-stack/MyFunction1/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction1ServiceRole9852B06B", - "trace": [ - "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ], - "/test-stack/MyFunction1/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction12A744C2E", - "trace": [ - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ] - }, - "displayName": "test-stack" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/test-stack.template.json deleted file mode 100644 index ed2a09b94be23..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/test-stack.template.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "Resources": { - "MyFunction1ServiceRole9852B06B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "MyFunction12A744C2E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "foo" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x" - }, - "DependsOn": [ - "MyFunction1ServiceRole9852B06B" - ] - } - }, - "Parameters": { - "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3BucketBF50F97C": { - "Type": "String", - "Description": "S3 bucket for asset \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" - }, - "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1": { - "Type": "String", - "Description": "S3 key for asset version \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" - }, - "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509ArtifactHash5D8C129B": { - "Type": "String", - "Description": "Artifact hash for asset \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/tree.json deleted file mode 100644 index b664bec74b37c..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/tree.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" - } - }, - "test-stack": { - "id": "test-stack", - "path": "test-stack", - "children": { - "MyFunction1": { - "id": "MyFunction1", - "path": "test-stack/MyFunction1", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "test-stack/MyFunction1/ServiceRole", - "children": { - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "foo" - }, - "role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "handler": "index.handler", - "runtime": "nodejs14.x" - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.Function", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/cdk.out deleted file mode 100644 index 2efc89439fab8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/manifest.json deleted file mode 100644 index c0da3afe14484..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/manifest.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "version": "17.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "test-stack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "test-stack.template.json", - "validateOnSynth": false - }, - "metadata": { - "/test-stack/MyFunction1/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction1ServiceRole9852B06B", - "trace": [ - "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ], - "/test-stack/MyFunction1/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction12A744C2E", - "trace": [ - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ] - }, - "displayName": "test-stack" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/test-stack.template.json deleted file mode 100644 index 3d62830b46139..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/test-stack.template.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "Resources": { - "MyFunction1ServiceRole9852B06B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "MyFunction12A744C2E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "foobar" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x" - }, - "DependsOn": [ - "MyFunction1ServiceRole9852B06B" - ] - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/tree.json deleted file mode 100644 index b664bec74b37c..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/tree.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" - } - }, - "test-stack": { - "id": "test-stack", - "path": "test-stack", - "children": { - "MyFunction1": { - "id": "MyFunction1", - "path": "test-stack/MyFunction1", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "test-stack/MyFunction1/ServiceRole", - "children": { - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "foo" - }, - "role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "handler": "index.handler", - "runtime": "nodejs14.x" - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.Function", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/cdk.out deleted file mode 100644 index 2efc89439fab8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/manifest.json deleted file mode 100644 index c0da3afe14484..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/manifest.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "version": "17.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "test-stack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "test-stack.template.json", - "validateOnSynth": false - }, - "metadata": { - "/test-stack/MyFunction1/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction1ServiceRole9852B06B", - "trace": [ - "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ], - "/test-stack/MyFunction1/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyFunction12A744C2E", - "trace": [ - "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", - "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", - "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", - "Module._compile (node:internal/modules/cjs/loader:1103:14)", - "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", - "Module.load (node:internal/modules/cjs/loader:981:32)", - "Function.Module._load (node:internal/modules/cjs/loader:822:12)", - "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", - "node:internal/main/run_main_module:17:47" - ] - } - ] - }, - "displayName": "test-stack" - } - } -} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/test-stack.template.json deleted file mode 100644 index 40f4c8238c04f..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/test-stack.template.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "Resources": { - "MyFunction1ServiceRole9852B06B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "MyFunction12A744C2E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "foo" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x" - }, - "DependsOn": [ - "MyFunction1ServiceRole9852B06B" - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/tree.json deleted file mode 100644 index b664bec74b37c..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/tree.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" - } - }, - "test-stack": { - "id": "test-stack", - "path": "test-stack", - "children": { - "MyFunction1": { - "id": "MyFunction1", - "path": "test-stack/MyFunction1", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "test-stack/MyFunction1/ServiceRole", - "children": { - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyFunction1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "foo" - }, - "role": { - "Fn::GetAtt": [ - "MyFunction1ServiceRole9852B06B", - "Arn" - ] - }, - "handler": "index.handler", - "runtime": "nodejs14.x" - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-lambda.Function", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts b/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts deleted file mode 100644 index 7479d229302b8..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts +++ /dev/null @@ -1,15 +0,0 @@ -import * as workerpool from 'workerpool'; -import { IntegBatchResponse } from '../../lib/workers/common'; -import { IntegTestBatchRequest } from '../../lib/workers/integ-test-worker'; - - -function integTestBatch(request: IntegTestBatchRequest): IntegBatchResponse { - return { - failedTests: request.tests, - }; -} - -workerpool.worker({ - integTestBatch, -}); - diff --git a/packages/@aws-cdk/integ-runner/test/workers/workers.test.ts b/packages/@aws-cdk/integ-runner/test/workers/workers.test.ts deleted file mode 100644 index cc0be1ec8a9b0..0000000000000 --- a/packages/@aws-cdk/integ-runner/test/workers/workers.test.ts +++ /dev/null @@ -1,266 +0,0 @@ -import * as child_process from 'child_process'; -import * as path from 'path'; -import * as fs from 'fs-extra'; -import * as workerpool from 'workerpool'; -import { singleThreadedSnapshotRunner } from '../../lib/workers/integ-snapshot-worker'; -import { singleThreadedTestRunner, runIntegrationTestsInParallel } from '../../lib/workers/integ-test-worker'; - -const directory = path.join(__dirname, '../test-data'); -describe('Snapshot tests', () => { - beforeEach(() => { - jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); - jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); - }); - afterEach(() => { - jest.clearAllMocks(); - jest.resetAllMocks(); - jest.restoreAllMocks(); - }); - test('no snapshot', () => { - // WHEN - const test = { - fileName: path.join(directory, 'integ.integ-test1.js'), - directory: directory, - }; - const result = singleThreadedSnapshotRunner([test]); - - // THEN - expect(result.failedTests.length).toEqual(1); - expect(result.failedTests[0]).toEqual(test); - }); - - test('has snapshot', () => { - // WHEN - jest.spyOn(child_process, 'spawnSync').mockResolvedValue; - const test = { - fileName: path.join(directory, 'integ.test-with-snapshot.js'), - directory: directory, - }; - const result = singleThreadedSnapshotRunner([test]); - - // THEN - expect(result.failedTests.length).toEqual(0); - }); - - test('failed snapshot', () => { - // WHEN - jest.spyOn(child_process, 'spawnSync').mockRejectedValue; - const test = { - fileName: path.join(directory, 'integ.test-with-snapshot-assets.js'), - directory: directory, - }; - const result = singleThreadedSnapshotRunner([test]); - - // THEN - expect(result.failedTests.length).toEqual(1); - expect(result.failedTests[0]).toEqual(test); - }); -}); - -describe('test runner', () => { - beforeEach(() => { - jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); - jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); - }); - afterEach(() => { - jest.clearAllMocks(); - jest.resetAllMocks(); - jest.restoreAllMocks(); - }); - - test('no snapshot', () => { - // WHEN - const test = { - fileName: path.join(directory, 'integ.integ-test1.js'), - directory: directory, - }; - const spawnSyncMock = jest.spyOn(child_process, 'spawnSync').mockImplementation(); - singleThreadedTestRunner({ - tests: [test], - region: 'us-east-1', - }); - - expect(spawnSyncMock).toHaveBeenCalledWith( - expect.stringMatching(/cdk/), - ['synth', '--app', 'node integ.integ-test1.js', '--no-version-reporting', '--no-path-metadata', '--no-asset-metadata', '--output', 'cdk-integ.out.integ-test1', '--all'], - expect.anything(), - ); - }); -}); - -describe('parallel worker', () => { - let pool: workerpool.WorkerPool; - let stderrMock: jest.SpyInstance; - beforeEach(() => { - pool = workerpool.pool(path.join(__dirname, './mock-extract_worker.js')); - stderrMock = jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); - jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); - jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); - }); - afterEach(() => { - jest.clearAllMocks(); - jest.resetAllMocks(); - jest.restoreAllMocks(); - void pool.terminate(); - }); - test('run tests', async () => { - const tests = [{ - fileName: 'integ.test-with-snapshot.js', - directory, - }]; - const results = await runIntegrationTestsInParallel({ - tests, - pool, - regions: ['us-east-1'], - }); - - expect(stderrMock.mock.calls[0][0]).toContain( - 'Running test integ.test-with-snapshot.js in us-east-1', - ); - expect(results).toEqual([ - { - failedTests: [{ - fileName: 'integ.test-with-snapshot.js', - directory, - }], - }, - ]); - }); - - test('run multiple tests', async () => { - const tests = [ - { - fileName: 'integ.test-with-snapshot.js', - directory, - }, - { - fileName: 'integ.another-test-with-snapshot.js', - directory, - }, - ]; - const results = await runIntegrationTestsInParallel({ - tests, - pool, - regions: ['us-east-1', 'us-east-2'], - }); - - expect(stderrMock.mock.calls[1][0]).toContain( - 'Running test integ.test-with-snapshot.js in us-east-2', - ); - expect(stderrMock.mock.calls[0][0]).toContain( - 'Running test integ.another-test-with-snapshot.js in us-east-1', - ); - expect(results).toEqual(expect.arrayContaining([ - { - failedTests: [ - { - fileName: 'integ.test-with-snapshot.js', - directory, - }, - ], - }, - { - failedTests: [ - { - fileName: 'integ.another-test-with-snapshot.js', - directory, - }, - ], - }, - ])); - }); - - test('more tests than regions', async () => { - const tests = [ - { - fileName: 'integ.test-with-snapshot.js', - directory, - }, - { - fileName: 'integ.another-test-with-snapshot.js', - directory, - }, - ]; - const results = await runIntegrationTestsInParallel({ - tests, - pool, - regions: ['us-east-1'], - }); - - expect(stderrMock.mock.calls[1][0]).toContain( - 'Running test integ.test-with-snapshot.js in us-east-1', - ); - expect(stderrMock.mock.calls[0][0]).toContain( - 'Running test integ.another-test-with-snapshot.js in us-east-1', - ); - expect(results).toEqual([ - { - failedTests: [ - { - fileName: 'integ.another-test-with-snapshot.js', - directory, - }, - ], - }, - { - failedTests: [ - { - fileName: 'integ.test-with-snapshot.js', - directory, - }, - ], - }, - ]); - }); - - test('more regions than tests', async () => { - const tests = [ - { - fileName: 'integ.test-with-snapshot.js', - directory, - }, - { - fileName: 'integ.another-test-with-snapshot.js', - directory, - }, - ]; - const results = await runIntegrationTestsInParallel({ - tests, - pool, - regions: ['us-east-1', 'us-east-2', 'us-west-2'], - }); - - expect(stderrMock.mock.calls[1][0]).toContain( - 'Running test integ.test-with-snapshot.js in us-east-2', - ); - expect(stderrMock.mock.calls[0][0]).toContain( - 'Running test integ.another-test-with-snapshot.js in us-east-1', - ); - expect(results).toEqual(expect.arrayContaining([ - { - failedTests: [ - { - fileName: 'integ.another-test-with-snapshot.js', - directory, - }, - ], - }, - { - failedTests: [ - { - fileName: 'integ.test-with-snapshot.js', - directory, - }, - ], - }, - ])); - }); -}); diff --git a/packages/@aws-cdk/integ-runner/tsconfig.json b/packages/@aws-cdk/integ-runner/tsconfig.json deleted file mode 100644 index 04e0404f04442..0000000000000 --- a/packages/@aws-cdk/integ-runner/tsconfig.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "compilerOptions": { - "target": "ES2018", - "module": "commonjs", - "lib": ["es2018", "dom"], - "strict": true, - "alwaysStrict": true, - "declaration": true, - "inlineSourceMap": true, - "inlineSources": true, - "noUnusedLocals": true, - "noUnusedParameters": true, - "noImplicitReturns": true, - "noFallthroughCasesInSwitch": true, - "resolveJsonModule": true, - "composite": true, - "incremental": true - }, - "include": [ - "**/*.ts", - "**/*.d.ts", - "lib/init-templates/*/*/add-project.hook.ts" - ], - "exclude": [ - "lib/init-templates/*/typescript/**/*.ts" - ] -} - diff --git a/packages/cdk-cli-wrapper/lib/cdk-wrapper.ts b/packages/cdk-cli-wrapper/lib/cdk-wrapper.ts index bfcd4983f776d..80bc2f407555a 100644 --- a/packages/cdk-cli-wrapper/lib/cdk-wrapper.ts +++ b/packages/cdk-cli-wrapper/lib/cdk-wrapper.ts @@ -110,16 +110,11 @@ export class CdkCliWrapper implements ICdk { } } - private validateArgs(options: DefaultCdkOptions): void { - if (!options.stacks && !options.all) { - throw new Error('one of "app" or "stacks" must be provided'); - } - } - public list(options: ListOptions): string { const listCommandArgs: string[] = [ - ...renderBooleanArg('long', options.long), ...this.createDefaultArguments(options), + ...renderBooleanArg('long', options.long), + ...options.stacks, ]; return exec([this.cdk, 'ls', ...listCommandArgs], { @@ -133,6 +128,7 @@ export class CdkCliWrapper implements ICdk { */ public deploy(options: DeployOptions): void { const deployCommandArgs: string[] = [ + ...this.createDefaultArguments(options), ...renderBooleanArg('ci', options.ci), ...renderBooleanArg('execute', options.execute), ...renderBooleanArg('exclusively', options.exclusively), @@ -147,7 +143,7 @@ export class CdkCliWrapper implements ICdk { ...options.requireApproval ? ['--require-approval', options.requireApproval] : [], ...options.changeSetName ? ['--change-set-name', options.changeSetName] : [], ...options.toolkitStackName ? ['--toolkit-stack-name', options.toolkitStackName] : [], - ...this.createDefaultArguments(options), + ...options.stacks, ]; exec([this.cdk, 'deploy', ...deployCommandArgs], { @@ -162,9 +158,10 @@ export class CdkCliWrapper implements ICdk { */ public destroy(options: DestroyOptions): void { const destroyCommandArgs: string[] = [ + ...this.createDefaultArguments(options), ...renderBooleanArg('force', options.force), ...renderBooleanArg('exclusively', options.exclusively), - ...this.createDefaultArguments(options), + ...options.stacks, ]; exec([this.cdk, 'destroy', ...destroyCommandArgs], { @@ -179,10 +176,11 @@ export class CdkCliWrapper implements ICdk { */ public synth(options: SynthOptions): void { const synthCommandArgs: string[] = [ + ...this.createDefaultArguments(options), ...renderBooleanArg('validation', options.validation), ...renderBooleanArg('quiet', options.quiet), ...renderBooleanArg('exclusively', options.exclusively), - ...this.createDefaultArguments(options), + ...options.stacks, ]; exec([this.cdk, 'synth', ...synthCommandArgs], { @@ -211,8 +209,6 @@ export class CdkCliWrapper implements ICdk { } private createDefaultArguments(options: DefaultCdkOptions): string[] { - this.validateArgs(options); - const stacks = options.stacks ?? []; return [ ...options.app ? ['--app', options.app] : [], ...renderBooleanArg('strict', options.strict), @@ -234,8 +230,6 @@ export class CdkCliWrapper implements ICdk { ...options.caBundlePath ? ['--ca-bundle-path', options.caBundlePath] : [], ...options.roleArn ? ['--role-arn', options.roleArn] : [], ...options.output ? ['--output', options.output] : [], - ...stacks, - ...options.all ? ['--all'] : [], ]; } } diff --git a/packages/cdk-cli-wrapper/lib/commands/common.ts b/packages/cdk-cli-wrapper/lib/commands/common.ts index 01ab969b63098..78e027cd922ca 100644 --- a/packages/cdk-cli-wrapper/lib/commands/common.ts +++ b/packages/cdk-cli-wrapper/lib/commands/common.ts @@ -24,21 +24,8 @@ export enum RequireApproval { export interface DefaultCdkOptions { /** * List of stacks to deploy - * - * Requried if `all` is not set - * - * @default - [] - */ - readonly stacks?: string[]; - - /** - * Deploy all stacks - * - * Requried if `stacks` is not set - * - * @default - false */ - readonly all?: boolean; + readonly stacks: string[]; /** * command-line for executing your app or a cloud assembly directory diff --git a/packages/cdk-cli-wrapper/test/cdk-wrapper.test.ts b/packages/cdk-cli-wrapper/test/cdk-wrapper.test.ts index 5cc294f3b5b7b..2f25054632cae 100644 --- a/packages/cdk-cli-wrapper/test/cdk-wrapper.test.ts +++ b/packages/cdk-cli-wrapper/test/cdk-wrapper.test.ts @@ -1,6 +1,6 @@ import * as child_process from 'child_process'; import { CdkCliWrapper } from '../lib/cdk-wrapper'; -import { RequireApproval } from '../lib/commands'; +import { RequireApproval } from '../lib/commands/common'; let spawnSyncMock: jest.SpyInstance; beforeEach(() => { @@ -89,6 +89,8 @@ test('deploy with all arguments', () => { expect.stringMatching(/aws-cdk\/bin\/cdk/), expect.arrayContaining([ 'deploy', + '--app', + 'node bin/my-app.js', '--no-strict', '--no-trace', '--no-lookups', @@ -120,8 +122,6 @@ test('deploy with all arguments', () => { '--change-set-name', 'my-change-set', '--toolkit-stack-name', 'Toolkit', '--previous-parameters', - '--app', - 'node bin/my-app.js', 'test-stack1', ]), expect.objectContaining({ @@ -182,10 +182,10 @@ test('can parse parameters', () => { expect.stringMatching(/aws-cdk\/bin\/cdk/), [ 'deploy', - '--parameters', 'myparam=test', - '--parameters', 'test-stack1:myotherparam=test', '--app', 'node bin/my-app.js', + '--parameters', 'myparam=test', + '--parameters', 'test-stack1:myotherparam=test', 'test-stack1', ], expect.objectContaining({ @@ -246,10 +246,10 @@ test('can parse array arguments', () => { expect.stringMatching(/aws-cdk\/bin\/cdk/), [ 'deploy', - '--notification-arns', 'arn:aws:us-east-1:1111111111:some:resource', - '--notification-arns', 'arn:aws:us-east-1:1111111111:some:other-resource', '--app', 'node bin/my-app.js', + '--notification-arns', 'arn:aws:us-east-1:1111111111:some:resource', + '--notification-arns', 'arn:aws:us-east-1:1111111111:some:other-resource', 'test-stack1', ], expect.objectContaining({ @@ -355,7 +355,7 @@ test('destroy arguments', () => { // THEN expect(spawnSyncMock).toHaveBeenCalledWith( expect.stringMatching(/aws-cdk\/bin\/cdk/), - ['destroy', '--force', '--no-exclusively', '--app', 'node bin/my-app.js', 'test-stack1'], + ['destroy', '--app', 'node bin/my-app.js', '--force', '--no-exclusively', 'test-stack1'], expect.objectContaining({ env: expect.objectContaining({ KEY: 'value', @@ -416,7 +416,7 @@ test('ls arguments', () => { // THEN expect(spawnSyncMock).toHaveBeenCalledWith( expect.stringMatching(/aws-cdk\/bin\/cdk/), - ['ls', '--long', '--app', 'node bin/my-app.js', '*'], + ['ls', '--app', 'node bin/my-app.js', '--long', '*'], expect.objectContaining({ env: expect.objectContaining({ KEY: 'value', diff --git a/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts b/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts index 83ca5563887e6..afc76b48bdefd 100644 --- a/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts +++ b/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts @@ -83,7 +83,6 @@ export async function unitTestFiles(): Promise { } export async function hasIntegTests(): Promise { - if (currentPackageJson().name === '@aws-cdk/integ-runner') return false; const files = await listFiles('test', f => f.filename.startsWith('integ.') && f.filename.endsWith('.js')); return files.length > 0; } diff --git a/yarn.lock b/yarn.lock index 469782c499a97..dddaf06264d5a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1994,13 +1994,6 @@ resolved "https://registry.npmjs.org/@types/uuid/-/uuid-8.3.4.tgz#bd86a43617df0594787d38b735f55c805becf1bc" integrity sha512-c/I8ZRb51j+pYGAu5CrFMRxqZ2ke4y2grEBO5AUjgSkSk+qT2Ea+OdWElz/OiMf5MNpn2b17kuVBwZLQJXzihw== -"@types/workerpool@^6.1.0": - version "6.1.0" - resolved "https://registry.npmjs.org/@types/workerpool/-/workerpool-6.1.0.tgz#16c3b9d3c62a8f6e6ad2e4d6212a68130f0cd3b1" - integrity sha512-C+J/c1BHyc351xJuiH2Jbe+V9hjf5mCzRP0UK4KEpF5SpuU+vJ/FC5GLZsCU/PJpp/3I6Uwtfm3DG7Lmrb7LOQ== - dependencies: - "@types/node" "*" - "@types/wrap-ansi@^3.0.0": version "3.0.0" resolved "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz#18b97a972f94f60a679fd5c796d96421b9abb9fd" From a20873360eafe6b9eccb3f393322c1598a6c280f Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Thu, 31 Mar 2022 22:25:10 +0000 Subject: [PATCH 16/59] chore(release): 1.151.0 --- CHANGELOG.md | 26 ++++++++++++++++++++++++++ version.v1.json | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1621fa309c36a..a102971d9dfea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,32 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [1.151.0](https://github.com/aws/aws-cdk/compare/v1.150.0...v1.151.0) (2022-03-31) + + +### Features + +* **aws-ec2:** Enable/disable EC2 "Detailed Monitoring" ([#19437](https://github.com/aws/aws-cdk/issues/19437)) ([94f9d27](https://github.com/aws/aws-cdk/commit/94f9d27e626bced5fc68a6ebbd653fea21c6e21e)) +* **cognito:** configure SNS region for UserPool SMS messages ([#19519](https://github.com/aws/aws-cdk/issues/19519)) ([6eb775e](https://github.com/aws/aws-cdk/commit/6eb775e829d62913bff849d43ed7339f9910d8de)), closes [#19434](https://github.com/aws/aws-cdk/issues/19434) +* **core:** add size.isUnresolved ([#19569](https://github.com/aws/aws-cdk/issues/19569)) ([ed26731](https://github.com/aws/aws-cdk/commit/ed26731a0a6263482d76441fc06e9607963ac838)), closes [/github.com/aws/aws-cdk/pull/19550/files#r835542214](https://github.com/aws//github.com/aws/aws-cdk/pull/19550/files/issues/r835542214) +* **ecs-patterns:** PlacementStrategy and PlacementConstraint for many patterns ([#19612](https://github.com/aws/aws-cdk/issues/19612)) ([0096e67](https://github.com/aws/aws-cdk/commit/0096e672e02123a2ae4e094ba9bb11af3aef20b2)) +* **elbv2:** use `addAction()` on an imported application listener ([#19293](https://github.com/aws/aws-cdk/issues/19293)) ([18a6b0c](https://github.com/aws/aws-cdk/commit/18a6b0cecb5e8a419d09a1456953cb2f422a6d76)), closes [#10902](https://github.com/aws/aws-cdk/issues/10902) +* **kinesisanalytics-flink:** Add metrics to Flink applications ([#19599](https://github.com/aws/aws-cdk/issues/19599)) ([dab6aca](https://github.com/aws/aws-cdk/commit/dab6aca5005c8d6d180aada699a4cebc2ef5aefa)) +* **lambda:** warn if you use `function.grantInvoke` while also using `currentVersion` ([#19464](https://github.com/aws/aws-cdk/issues/19464)) ([fd1fff9](https://github.com/aws/aws-cdk/commit/fd1fff904a70d18dc9c7863aefc03b3ee44c2863)), closes [#19273](https://github.com/aws/aws-cdk/issues/19273) [#19318](https://github.com/aws/aws-cdk/issues/19318) +* add new integration test runner ([#19529](https://github.com/aws/aws-cdk/issues/19529)) ([e7f43d1](https://github.com/aws/aws-cdk/commit/e7f43d1a3bb52bbf589d7472c9a9b89e3c1cc8c1)) + + +### Bug Fixes + +* **apigateway:** allow using GENERATE_IF_NEEDED for the physical name in LambdaRestApi ([#19638](https://github.com/aws/aws-cdk/issues/19638)) ([e817381](https://github.com/aws/aws-cdk/commit/e8173812aad5f482b1bfcc6737f63cfef0c4841c)), closes [#9374](https://github.com/aws/aws-cdk/issues/9374) +* **apigateway:** id in schema model maps to $id ([#15113](https://github.com/aws/aws-cdk/issues/15113)) ([ac5a345](https://github.com/aws/aws-cdk/commit/ac5a3458fe3687014166b20aefe30442867d162a)), closes [#14585](https://github.com/aws/aws-cdk/issues/14585) +* **aws-cdk:** include nested stacks when building changesets ([#19494](https://github.com/aws/aws-cdk/issues/19494)) ([97cc8e2](https://github.com/aws/aws-cdk/commit/97cc8e29e155b222d553b1fe955a0302036feed5)), closes [#5722](https://github.com/aws/aws-cdk/issues/5722) [#17396](https://github.com/aws/aws-cdk/issues/17396) [#19224](https://github.com/aws/aws-cdk/issues/19224) +* **aws-cognito:** Lambda::Permission of lambdaTrigger should have a SourceArn ([#19622](https://github.com/aws/aws-cdk/issues/19622)) ([c62eeb7](https://github.com/aws/aws-cdk/commit/c62eeb7162d85c8cb162f8c0ad4b93fb5bccf981)), closes [#19604](https://github.com/aws/aws-cdk/issues/19604) +* **docdb:** DB Instance ARN uses 'docdb' as the service component instead of 'rds' ([#19555](https://github.com/aws/aws-cdk/issues/19555)) ([6a63924](https://github.com/aws/aws-cdk/commit/6a63924c0b184342befd92903b8867e45b158252)), closes [#19554](https://github.com/aws/aws-cdk/issues/19554) +* **eks:** incorrect version of aws-node-termination-handler ([#19510](https://github.com/aws/aws-cdk/issues/19510)) ([9c712cc](https://github.com/aws/aws-cdk/commit/9c712cc457ccb80d7180fee67a101b76fc01d207)) +* **elbv2:** unable to add multiple certificates to NLB ([#19289](https://github.com/aws/aws-cdk/issues/19289)) ([e8142e9](https://github.com/aws/aws-cdk/commit/e8142e944ac5fae9948e5c010fe475806b83c94b)), closes [#13490](https://github.com/aws/aws-cdk/issues/13490) [#8918](https://github.com/aws/aws-cdk/issues/8918) [#15328](https://github.com/aws/aws-cdk/issues/15328) +* **rds:** `SnapshotCredentials.fromSecret()` takes a `Secret`, not `ISecret` ([#19639](https://github.com/aws/aws-cdk/issues/19639)) ([a74d82e](https://github.com/aws/aws-cdk/commit/a74d82e667ba3cfbb3341392f7c641b0e29d47f0)), closes [#19409](https://github.com/aws/aws-cdk/issues/19409) + ## [1.150.0](https://github.com/aws/aws-cdk/compare/v1.149.0...v1.150.0) (2022-03-26) diff --git a/version.v1.json b/version.v1.json index 4e6db4f2ccf8c..53e80ec784dce 100644 --- a/version.v1.json +++ b/version.v1.json @@ -1,3 +1,3 @@ { - "version": "1.150.0" + "version": "1.151.0" } \ No newline at end of file From 1ec08dfc85122fc6f3d9e3c28abc7cd116f08d91 Mon Sep 17 00:00:00 2001 From: Jeff Bachtel Date: Thu, 31 Mar 2022 17:04:46 -0600 Subject: [PATCH 17/59] feat(eks): alb-controller v2.4.1 (#19653) Add [alb-controller v2.4.1](https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/tag/v2.4.1). The content of `packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json` comes from [here](https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.1/docs/install/iam_policy.json). ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-eks/README.md | 4 +- .../lib/addons/alb-iam_policy-v2.4.1.json | 219 ++++++++++++++++++ .../@aws-cdk/aws-eks/lib/alb-controller.ts | 7 +- .../aws-eks/test/alb-controller.test.ts | 4 +- .../@aws-cdk/aws-eks/test/cluster.test.ts | 2 +- .../test/integ.alb-controller.expected.json | 2 +- .../aws-eks/test/integ.alb-controller.ts | 2 +- .../test/integ.eks-inference.expected.json | 2 +- .../aws-eks/test/integ.eks-inference.ts | 2 +- 9 files changed, 234 insertions(+), 10 deletions(-) create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json diff --git a/packages/@aws-cdk/aws-eks/README.md b/packages/@aws-cdk/aws-eks/README.md index 001a2cbb3022a..ad531945ba3c1 100644 --- a/packages/@aws-cdk/aws-eks/README.md +++ b/packages/@aws-cdk/aws-eks/README.md @@ -539,7 +539,7 @@ To deploy the controller on your EKS cluster, configure the `albController` prop new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_21, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); ``` @@ -1417,7 +1417,7 @@ Kubernetes [endpoint access](#endpoint-access), you must also specify: ## Logging -EKS supports cluster logging for 5 different types of events: +EKS supports cluster logging for 5 different types of events: * API requests to the cluster. * Cluster access via the Kubernetes API. diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json new file mode 100644 index 0000000000000..a8d47c8ba68c2 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json @@ -0,0 +1,219 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/alb-controller.ts b/packages/@aws-cdk/aws-eks/lib/alb-controller.ts index 7841f581990c2..d2df1dc1bf688 100644 --- a/packages/@aws-cdk/aws-eks/lib/alb-controller.ts +++ b/packages/@aws-cdk/aws-eks/lib/alb-controller.ts @@ -82,6 +82,11 @@ export class AlbControllerVersion { */ public static readonly V2_3_1 = new AlbControllerVersion('v2.3.1', false); + /** + * v2.4.1 + */ + public static readonly V2_4_1 = new AlbControllerVersion('v2.4.1', false); + /** * Specify a custom version. * Use this if the version you need is not available in one of the predefined versions. @@ -101,7 +106,7 @@ export class AlbControllerVersion { /** * Whether or not its a custom version. */ - public readonly custom: boolean) {} + public readonly custom: boolean) { } } /** diff --git a/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts b/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts index 66d2d3f0ff1fd..db5403acc4483 100644 --- a/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts +++ b/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts @@ -36,7 +36,7 @@ test('can configure a custom repository', () => { AlbController.create(stack, { cluster, - version: AlbControllerVersion.V2_3_1, + version: AlbControllerVersion.V2_4_1, repository: 'custom', }); @@ -53,7 +53,7 @@ test('can configure a custom repository', () => { { Ref: 'ClusterDefaultVpcFA9F2722', }, - '","image":{"repository":"custom","tag":"v2.3.1"}}', + '","image":{"repository":"custom","tag":"v2.4.1"}}', ], ], }, diff --git a/packages/@aws-cdk/aws-eks/test/cluster.test.ts b/packages/@aws-cdk/aws-eks/test/cluster.test.ts index 5e579c4f2a247..e2887ad82b5e4 100644 --- a/packages/@aws-cdk/aws-eks/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks/test/cluster.test.ts @@ -27,7 +27,7 @@ describe('cluster', () => { const cluster = new eks.Cluster(stack, 'Cluster', { version: CLUSTER_VERSION, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json index b8bc3541bb0cd..0cad0a02b111b 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json @@ -1615,7 +1615,7 @@ { "Ref": "Vpc8378EB38" }, - "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.3.1\"}}" + "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.4.1\"}}" ] ] }, diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts index 2fdd7ef81899b..c0f52416279b1 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts @@ -19,7 +19,7 @@ class EksClusterAlbControllerStack extends TestStack { vpc, version: eks.KubernetesVersion.V1_21, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json index ea0f68dd56ea8..7576e0c311ff5 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json @@ -1980,7 +1980,7 @@ { "Ref": "Vpc8378EB38" }, - "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.3.1\"}}" + "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.4.1\"}}" ] ] }, diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts index 13057cdaadbfa..0ea30b491a9f8 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts @@ -16,7 +16,7 @@ class EksClusterInferenceStack extends TestStack { vpc, version: eks.KubernetesVersion.V1_21, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); From 1ead5d41acc130d4554a6832ae4865aacbdd2e46 Mon Sep 17 00:00:00 2001 From: Peter Woodworth <44349620+peterwoodworth@users.noreply.github.com> Date: Thu, 31 Mar 2022 16:47:34 -0700 Subject: [PATCH 18/59] chore: set aws-cdk-owners as reviewer for all PRs (#19633) --- .github/workflows/issue-label-assign.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index 14fe7ff0cde62..b38072a275697 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -3,9 +3,9 @@ on: issues: types: [opened, edited] pull_request: - types: [opened, edited] + types: [opened] pull_request_target: - types: [opened, edited] + types: [opened] jobs: issue-triage-manager: @@ -39,7 +39,7 @@ jobs: included-labels: "[guidance]" default-area: ${{ env.OSDS_DEVS }} parameters: > - [{"area":"guidance","keywords":["guidance"]}] + [{"area":"guidance","keywords":["guidancekeyword"]}] pr-triage-manager: permissions: issues: write @@ -51,9 +51,11 @@ jobs: github-token: "${{ secrets.GITHUB_TOKEN }}" target: "pull-requests" area-is-keyword: true - excluded-labels: "[contribution/core]" - parameters: ${{ env.AREA_PARAMS }} - affixes: ${{ env.AREA_AFFIXES }} + default-area: > + {"reviewers":{"teamReviewers":["aws-cdk-owners"]}} + parameters: > + [{"area":"pullrequests","keywords":["pullrequestkeyword"]}] + env: OSDS_DEVS: > From 38c6d52dad34ff76e82488e0e3c0952b1c669b9b Mon Sep 17 00:00:00 2001 From: Madeline Kusters Date: Thu, 31 Mar 2022 17:11:14 -0700 Subject: [PATCH 19/59] fix changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 44f1026b96053..5c908f29e0c15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ All notable changes to this project will be documented in this file. See [standa * **aws-ec2:** Enable/disable EC2 "Detailed Monitoring" ([#19437](https://github.com/aws/aws-cdk/issues/19437)) ([94f9d27](https://github.com/aws/aws-cdk/commit/94f9d27e626bced5fc68a6ebbd653fea21c6e21e)) * **cognito:** configure SNS region for UserPool SMS messages ([#19519](https://github.com/aws/aws-cdk/issues/19519)) ([6eb775e](https://github.com/aws/aws-cdk/commit/6eb775e829d62913bff849d43ed7339f9910d8de)), closes [#19434](https://github.com/aws/aws-cdk/issues/19434) -* **core:** add size.isUnresolved ([#19569](https://github.com/aws/aws-cdk/issues/19569)) ([ed26731](https://github.com/aws/aws-cdk/commit/ed26731a0a6263482d76441fc06e9607963ac838)), closes [/github.com/aws/aws-cdk/pull/19550/files#r835542214](https://github.com/aws//github.com/aws/aws-cdk/pull/19550/files/issues/r835542214) +* **core:** add size.isUnresolved ([#19569](https://github.com/aws/aws-cdk/issues/19569)) ([ed26731](https://github.com/aws/aws-cdk/commit/ed26731a0a6263482d76441fc06e9607963ac838)) * **ecs-patterns:** PlacementStrategy and PlacementConstraint for many patterns ([#19612](https://github.com/aws/aws-cdk/issues/19612)) ([0096e67](https://github.com/aws/aws-cdk/commit/0096e672e02123a2ae4e094ba9bb11af3aef20b2)) * **elbv2:** use `addAction()` on an imported application listener ([#19293](https://github.com/aws/aws-cdk/issues/19293)) ([18a6b0c](https://github.com/aws/aws-cdk/commit/18a6b0cecb5e8a419d09a1456953cb2f422a6d76)), closes [#10902](https://github.com/aws/aws-cdk/issues/10902) * **kinesisanalytics-flink:** Add metrics to Flink applications ([#19599](https://github.com/aws/aws-cdk/issues/19599)) ([dab6aca](https://github.com/aws/aws-cdk/commit/dab6aca5005c8d6d180aada699a4cebc2ef5aefa)) From 9c1c09e4324e47e7224eca69ad14e82682e5217e Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Thu, 31 Mar 2022 20:32:10 -0400 Subject: [PATCH 20/59] chore(codedeploy): fix broken integration tests (#19662) Update lambda runtime to NODEJS_14 from deprecated NODEJS_10 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/lambda/integ.deployment-group.expected.json | 10 +++++----- .../test/lambda/integ.deployment-group.ts | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json index e9b096abe09f9..1686127fc7771 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json @@ -79,13 +79,13 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "HandlerServiceRoleFCDC14AE" ] }, - "HandlerCurrentVersion93FB80BFb2de9794fd0f0df5e5c01c16ba4b05cf": { + "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -101,7 +101,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "HandlerCurrentVersion93FB80BFb2de9794fd0f0df5e5c01c16ba4b05cf", + "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6", "Version" ] }, @@ -250,7 +250,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "PreHookServiceRoleDefaultPolicy65358F76", @@ -383,7 +383,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "PostHookServiceRoleDefaultPolicy82AEE758", diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts index ced2c76f4d447..4464fd9fc9a21 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts @@ -11,7 +11,7 @@ const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-lambda'); const handler = new lambda.Function(stack, 'Handler', { code: lambda.Code.fromAsset(path.join(__dirname, 'handler')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const version = handler.currentVersion; const blueGreenAlias = new lambda.Alias(stack, 'Alias', { @@ -22,12 +22,12 @@ const blueGreenAlias = new lambda.Alias(stack, 'Alias', { const preHook = new lambda.Function(stack, 'PreHook', { code: lambda.Code.fromAsset(path.join(__dirname, 'preHook')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const postHook = new lambda.Function(stack, 'PostHook', { code: lambda.Code.fromAsset(path.join(__dirname, 'postHook')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); new codedeploy.LambdaDeploymentGroup(stack, 'BlueGreenDeployment', { From 66eae6eadaefc09f95ea4b1a62e60a52b5172723 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Thu, 31 Mar 2022 21:16:25 -0400 Subject: [PATCH 21/59] chore(aws-cloudtrail): fix broken integration tests (#19658) Upgrades lambda runtime from NODEJS_10 (deprecated) to NODEJS_14. Also enables autoDeleteObjects on the S3 buckets so that all the resources are cleaned up. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...oudtrail-supplied-bucket.lit.expected.json | 253 +++++++++++++++++- .../integ.cloudtrail-supplied-bucket.lit.ts | 13 +- .../test/integ.cloudtrail.lit.expected.json | 186 ++++++++++++- .../test/integ.cloudtrail.lit.ts | 7 +- 4 files changed, 449 insertions(+), 10 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json index e115d5360fee6..f8a12f1430107 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json @@ -2,9 +2,177 @@ "Resources": { "Bucket83908E77": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "LambdaFunctionServiceRoleC555A460": { "Type": "AWS::IAM::Role", "Properties": { @@ -49,7 +217,7 @@ ] }, "Handler": "hello.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaFunctionServiceRoleC555A460" @@ -57,8 +225,16 @@ }, "S3486F821D": { "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "S3Policy2E4AA1D6": { "Type": "AWS::S3::BucketPolicy", @@ -68,6 +244,44 @@ }, "PolicyDocument": { "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, { "Action": "s3:GetBucketAcl", "Effect": "Allow", @@ -116,6 +330,25 @@ } } }, + "S3AutoDeleteObjectsCustomResource5A4102C9": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "S3486F821D" + } + }, + "DependsOn": [ + "S3Policy2E4AA1D6" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "Trail022F0CF2": { "Type": "AWS::CloudTrail::Trail", "Properties": { @@ -171,5 +404,19 @@ "S3Policy2E4AA1D6" ] } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts index aeb9139462bb5..1e399351646d1 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts @@ -8,9 +8,12 @@ import * as cloudtrail from '../lib'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-cloudtrail'); -const bucket = new s3.Bucket(stack, 'Bucket', { removalPolicy: cdk.RemovalPolicy.DESTROY }); +const bucket = new s3.Bucket(stack, 'Bucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, +}); const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'hello.handler', code: lambda.Code.fromInline('exports.handler = {}'), }); @@ -18,7 +21,11 @@ const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', { // using exctecy the same code as inside the cloudtrail class to produce the supplied bucket and policy const cloudTrailPrincipal = new iam.ServicePrincipal('cloudtrail.amazonaws.com'); -const Trailbucket = new s3.Bucket(stack, 'S3', { encryption: s3.BucketEncryption.UNENCRYPTED }); +const Trailbucket = new s3.Bucket(stack, 'S3', { + encryption: s3.BucketEncryption.UNENCRYPTED, + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, +}); Trailbucket.addToResourcePolicy(new iam.PolicyStatement({ resources: [Trailbucket.bucketArn], diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json index 90c9dd9724771..10acbfff90f7f 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json @@ -2,9 +2,177 @@ "Resources": { "Bucket83908E77": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "TopicBFC7AF6E": { "Type": "AWS::SNS::Topic" }, @@ -71,14 +239,14 @@ "Code": { "ZipFile": "exports.handler = {}" }, - "Handler": "hello.handler", "Role": { "Fn::GetAtt": [ "LambdaFunctionServiceRoleC555A460", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "hello.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaFunctionServiceRoleC555A460" @@ -240,5 +408,19 @@ "TrailS3PolicyE42170FE" ] } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts index 8aeb2aab84eae..8280f7f797a44 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts @@ -7,10 +7,13 @@ import * as cloudtrail from '../lib'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-cloudtrail'); -const bucket = new s3.Bucket(stack, 'Bucket', { removalPolicy: cdk.RemovalPolicy.DESTROY }); +const bucket = new s3.Bucket(stack, 'Bucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, +}); const topic = new sns.Topic(stack, 'Topic'); const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'hello.handler', code: lambda.Code.fromInline('exports.handler = {}'), }); From 75a6fa75d053fc1172e83b57a27e4b450bb79729 Mon Sep 17 00:00:00 2001 From: Steven Smiley <53946040+StevenSmiley@users.noreply.github.com> Date: Thu, 31 Mar 2022 18:58:56 -0700 Subject: [PATCH 22/59] fix(aws_applicationautoscaling): Add missing members to PredefinedMetric enum (#18978) Five predefined metrics for autoscaling using target tracking metrics are supported by CloudFormation but missing from the CDK enum PredefinedMetric. Fixes #18969 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/target-tracking-scaling-policy.ts | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts b/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts index e0252b377ddc9..a8b83e2395f68 100644 --- a/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts +++ b/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts @@ -184,12 +184,31 @@ function renderCustomMetric(metric?: cloudwatch.IMetric): CfnScalingPolicy.Custo */ export enum PredefinedMetric { /** - * DYNAMODB_READ_CAPACITY_UTILIZATIO - * @see https://docs.aws.amazon.com/autoscaling/application/APIReference/API_PredefinedMetricSpecification.html + * Average percentage of instances in an AppStream fleet that are being used. + */ + APPSTREAM_AVERAGE_CAPACITY_UTILIZATION = 'AppStreamAverageCapacityUtilization', + /** + * Percentage of provisioned read capacity units utilized by a Keyspaces table. + */ + CASSANDRA_READ_CAPACITY_UTILIZATION = 'CassandraReadCapacityUtilization', + /** + * Percentage of provisioned write capacity units utilized by a Keyspaces table. + */ + CASSANDRA_WRITE_CAPACITY_UTILIZATION = 'CassandraWriteCapacityUtilization', + /** + * Percentage of provisioned inference units utilized by a Comprehend endpoint. + */ + COMPREHEND_INFERENCE_UTILIZATION = 'ComprehendInferenceUtilization', + /** + * Average CPU Utilization of read replica instances in a Neptune DB cluster. + */ + NEPTURE_READER_AVERAGE_CPU_UTILIZATION = 'NeptuneReaderAverageCPUUtilization', + /** + * Percentage of provisioned read capacity units consumed by a DynamoDB table. */ DYNAMODB_READ_CAPACITY_UTILIZATION = 'DynamoDBReadCapacityUtilization', /** - * DYNAMODB_WRITE_CAPACITY_UTILIZATION + * Percentage of provisioned write capacity units consumed by a DynamoDB table. * * Suffix `dummy` is necessary due to jsii bug (https://github.com/aws/jsii/issues/2782). * Duplicate values will be dropped, so this suffix is added as a workaround. From eb9b8e23906e2e1375f45f795d71b905bc0a52af Mon Sep 17 00:00:00 2001 From: Josh Kellendonk Date: Thu, 31 Mar 2022 20:42:14 -0600 Subject: [PATCH 23/59] feat(cli): add --build option (#19663) Adds a `--build` option to the CDK CLI so that customers can specify pre-synth build commands without modifying their cdk.json settings. Customers can use this feature to run special build commands during `cdk watch` that cdk should not run during a `cdk synth`. Fixes #19667 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/README.md | 2 +- packages/aws-cdk/lib/cli.ts | 1 + packages/aws-cdk/lib/settings.ts | 1 + packages/aws-cdk/test/settings.test.ts | 11 +++++++++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk/README.md b/packages/aws-cdk/README.md index 0ac2e08947ec8..f50fb6509b1f9 100644 --- a/packages/aws-cdk/README.md +++ b/packages/aws-cdk/README.md @@ -643,7 +643,7 @@ Some of the interesting keys that can be used in the JSON configuration files: ```json5 { "app": "node bin/main.js", // Command to start the CDK app (--app='node bin/main.js') - "build": "mvn package", // Specify pre-synth build (no command line option) + "build": "mvn package", // Specify pre-synth build (--build='mvn package') "context": { // Context entries (--context=key=value) "key": "value" }, diff --git a/packages/aws-cdk/lib/cli.ts b/packages/aws-cdk/lib/cli.ts index b7c2931d233ae..1a20ed9edf279 100644 --- a/packages/aws-cdk/lib/cli.ts +++ b/packages/aws-cdk/lib/cli.ts @@ -56,6 +56,7 @@ async function parseCommandLineArguments() { .env('CDK') .usage('Usage: cdk -a COMMAND') .option('app', { type: 'string', alias: 'a', desc: 'REQUIRED: command-line for executing your app or a cloud assembly directory (e.g. "node bin/my-app.js")', requiresArg: true }) + .option('build', { type: 'string', desc: 'Command-line for a pre-synth build' }) .option('context', { type: 'array', alias: 'c', desc: 'Add contextual string parameter (KEY=VALUE)', nargs: 1, requiresArg: true }) .option('plugin', { type: 'array', alias: 'p', desc: 'Name or path of a node package that extend the CDK features. Can be specified multiple times', nargs: 1 }) .option('trace', { type: 'boolean', desc: 'Print trace for stack warnings' }) diff --git a/packages/aws-cdk/lib/settings.ts b/packages/aws-cdk/lib/settings.ts index ddb28be756292..7a213111f6c9f 100644 --- a/packages/aws-cdk/lib/settings.ts +++ b/packages/aws-cdk/lib/settings.ts @@ -265,6 +265,7 @@ export class Settings { return new Settings({ app: argv.app, browser: argv.browser, + build: argv.build, context, debug: argv.debug, tags, diff --git a/packages/aws-cdk/test/settings.test.ts b/packages/aws-cdk/test/settings.test.ts index aef16e6bac946..8c2c894ae4634 100644 --- a/packages/aws-cdk/test/settings.test.ts +++ b/packages/aws-cdk/test/settings.test.ts @@ -144,3 +144,14 @@ test('should include outputs-file in settings', () => { // THEN expect(settings.get(['outputsFile'])).toEqual('my-outputs-file.json'); }); + +test('providing a build arg', () => { + // GIVEN + const settings = Settings.fromCommandLineArguments({ + _: [Command.SYNTH], + build: 'mvn package', + }); + + // THEN + expect(settings.get(['build'])).toEqual('mvn package'); +}); \ No newline at end of file From 2ae79e2ea35975851ba91756398cec0a5db09885 Mon Sep 17 00:00:00 2001 From: Tom Keller <1083460+kellertk@users.noreply.github.com> Date: Thu, 31 Mar 2022 20:30:45 -0700 Subject: [PATCH 24/59] chore: Standardize issue templates for discussions (#19670) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../{bug.yml => bug-report.yml} | 65 ++++++++------ .github/ISSUE_TEMPLATE/config.yml | 7 +- .github/ISSUE_TEMPLATE/doc.yml | 32 ------- .github/ISSUE_TEMPLATE/documentation.yml | 23 +++++ .github/ISSUE_TEMPLATE/feature-request.yml | 49 ++++++----- .github/ISSUE_TEMPLATE/general-issue.yml | 87 ------------------- 6 files changed, 92 insertions(+), 171 deletions(-) rename .github/ISSUE_TEMPLATE/{bug.yml => bug-report.yml} (56%) delete mode 100644 .github/ISSUE_TEMPLATE/doc.yml create mode 100644 .github/ISSUE_TEMPLATE/documentation.yml delete mode 100644 .github/ISSUE_TEMPLATE/general-issue.yml diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug-report.yml similarity index 56% rename from .github/ISSUE_TEMPLATE/bug.yml rename to .github/ISSUE_TEMPLATE/bug-report.yml index f77fa5beb193e..aa7f959e2ca80 100644 --- a/.github/ISSUE_TEMPLATE/bug.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -1,44 +1,64 @@ -name: Bug Report +--- +name: "🐛 Bug Report" description: Report a bug -title: "(module name): short issue description" +title: "(module name): (short issue description)" labels: [bug, needs-triage] +assignees: [] body: - type: textarea - id: problem + id: description attributes: - label: What is the problem? + label: Describe the bug + description: What is the problem? A clear and concise description of the bug. validations: required: true - - type: textarea - id: reproduction + id: expected attributes: - label: Reproduction Steps + label: Expected Behavior description: | - Minimal amount of code that causes the bug (if possible) or a reference. - - The code sample should be an SSCCE. See http://sscce.org/ for details. - In short, provide a code sample that we can copy/paste, run and reproduce. + What did you expect to happen? validations: required: true - - type: textarea - id: expected + id: current attributes: - label: What did you expect to happen? + label: Current Behavior description: | - What were you trying to achieve by performing the steps above? + What actually happened? + + Please include full errors, uncaught exceptions, stack traces, and relevant logs. + If service responses are relevant, please include wire logs. validations: required: true - - type: textarea - id: actual + id: reproduction attributes: - label: What actually happened? + label: Reproduction Steps description: | - What is the unexpected behavior you were seeing? If you got an error, paste it here. + Provide a self-contained, concise snippet of code that can be used to reproduce the issue. + For more complex issues provide a repo with the smallest sample that reproduces the bug. + + Avoid including business logic or unrelated code, it makes diagnosis more difficult. + The code sample should be an SSCCE. See http://sscce.org/ for details. In short, please provide a code sample that we can copy/paste, run and reproduce. validations: required: true + - type: textarea + id: solution + attributes: + label: Possible Solution + description: | + Suggest a fix/reason for the bug + validations: + required: false + - type: textarea + id: context + attributes: + label: Additional Information/Context + description: | + Anything else that might be relevant for troubleshooting this bug. Providing context helps us come up with a solution that is most useful in the real world. + validations: + required: false - type: input id: cdk-version @@ -99,10 +119,3 @@ body: e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, slack, etc validations: required: false - - - type: markdown - attributes: - value: | - --- - - This is :bug: Bug Report diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index ebbc970f83c09..b4c0c5049128b 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,5 +1,6 @@ +--- blank_issues_enabled: false contact_links: - - name: Stackoverflow - url: https://stackoverflow.com/questions/tagged/aws-cdk - about: Please ask and answer questions here. + - name: 💬 General Question + url: https://github.com/aws/aws-cdk/discussions/categories/q-a + about: Please ask and answer questions as a discussion thread \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/doc.yml b/.github/ISSUE_TEMPLATE/doc.yml deleted file mode 100644 index 974a752cac810..0000000000000 --- a/.github/ISSUE_TEMPLATE/doc.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Documentation Issue -description: Issue in the reference documentation or developer guide -title: "(module name): short issue description" -labels: [feature-request, documentation, needs-triage] -body: - - type: markdown - attributes: - value: | - Developer guide? Raise issue/pr here: https://github.com/awsdocs/aws-cdk-guide - - Want to help? Submit a pull request here: https://github.com/aws/aws-cdk - - - type: input - id: doc-link - attributes: - label: link to reference doc page - validations: - required: false - - - type: textarea - id: issue - attributes: - label: Describe your issue? - validations: - required: true - - - type: markdown - attributes: - value: | - --- - - This is a 📕 documentation issue diff --git a/.github/ISSUE_TEMPLATE/documentation.yml b/.github/ISSUE_TEMPLATE/documentation.yml new file mode 100644 index 0000000000000..c068514d136c5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/documentation.yml @@ -0,0 +1,23 @@ +--- +name: "📕 Documentation Issue" +description: Report an issue in the API Reference documentation or Developer Guide +title: "(short issue description)" +labels: [documentation, needs-triage] +assignees: [] +body: + - type: textarea + id: description + attributes: + label: Describe the issue + description: A clear and concise description of the issue. + validations: + required: true + + - type: textarea + id: links + attributes: + label: Links + description: | + Include links to affected documentation page(s). + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml index a16053f420a82..23c385d1ef6d1 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.yml +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -1,56 +1,59 @@ -name: Feature Request -description: Request a new feature -title: "(module name): short issue description" +--- +name: 🚀 Feature Request +description: Suggest an idea for this project +title: "(short issue description)" labels: [feature-request, needs-triage] +assignees: [] body: - type: textarea id: description attributes: - label: Description - description: Short description of the feature you are proposing. + label: Describe the feature + description: A clear and concise description of the feature you are proposing. validations: required: true - - type: textarea id: use-case attributes: label: Use Case description: | - Why do you need this feature? + Why do you need this feature? For example: "I'm always frustrated when..." validations: - required: true - + required: true - type: textarea id: solution attributes: label: Proposed Solution description: | - Please include prototype/workaround/sketch/reference implementation. + Suggest how to implement the addition or change. Please include prototype/workaround/sketch/reference implementation. validations: - required: true - + required: false - type: textarea id: other attributes: - label: Other information + label: Other Information description: | - e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, slack, etc + Any alternative solutions or features you considered, a more detailed explanation, stack traces, related issues, links for context, etc. validations: required: false - - type: checkboxes - id: acknowledgments + id: ack attributes: - label: Acknowledge + label: Acknowledgements options: - label: I may be able to implement this feature request required: false - label: This feature might incur a breaking change required: false - - - type: markdown + - type: input + id: sdk-version attributes: - value: | - --- - - This is a :rocket: Feature Request + label: CDK version used + validations: + required: true + - type: input + id: environment + attributes: + label: Environment details (OS name and version, etc.) + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/general-issue.yml b/.github/ISSUE_TEMPLATE/general-issue.yml deleted file mode 100644 index 61119a33a761c..0000000000000 --- a/.github/ISSUE_TEMPLATE/general-issue.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: General Issue -description: Create a new issue -title: "(module name): short issue description" -labels: [needs-triage, guidance] -body: - - type: markdown - attributes: - value: | - If there is an issue regarding developer guide, please create an issue [here](https://github.com/awsdocs/aws-cdk-guide/issues). - - - type: input - id: issue - attributes: - label: General Issue - description: | - For support questions, please first reference our [documentation](https://docs.aws.amazon.com/cdk/api/latest), then use [Stackoverflow](https://stackoverflow.com/questions/tagged/aws-cdk). This repository's issues are intended for feature requests and bug reports. - validations: - required: true - - - type: textarea - id: question - attributes: - label: The Question - description: | - Ask your question here. Include any details relevant. Make sure you are not falling prey to the [X/Y problem](http://xyproblem.info)! - validations: - required: true - - - type: input - id: cdk-version - attributes: - label: CDK CLI Version - description: Output of `cdk version` - validations: - required: true - - - type: input - id: framework-version - attributes: - label: Framework Version - validations: - required: false - - - type: input - id: node-version - attributes: - label: Node.js Version - validations: - required: false - - - type: input - id: operating-system - attributes: - label: OS - validations: - required: false - - - type: dropdown - id: language - attributes: - label: Language - multiple: true - options: - - Typescript - - Python - - .NET - - Java - - Go - validations: - required: true - - - type: input - id: language-version - attributes: - label: Language Version - description: E.g. TypeScript (3.8.3) | Java (8) | Python (3.7.3) - validations: - required: false - - - type: textarea - id: other - attributes: - label: Other information - description: | - e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, slack, etc - validations: - required: false From f1d9b6aa39c10a85c61ab3aaceabac88789bd2cf Mon Sep 17 00:00:00 2001 From: Robert Djurasaj Date: Thu, 31 Mar 2022 22:16:39 -0600 Subject: [PATCH 25/59] feat(lambda): add support for ephemeral storage (#19552) Depends on cfnspec bump PR https://github.com/aws/aws-cdk/pull/19553 CFN Docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-ephemeralstorage.html Blog: https://aws.amazon.com/blogs/aws/aws-lambda-now-supports-up-to-10-gb-ephemeral-storage/ image Closes #19605. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-lambda/README.md | 18 ++++++++ packages/@aws-cdk/aws-lambda/lib/function.ts | 17 ++++++- .../@aws-cdk/aws-lambda/test/function.test.ts | 46 +++++++++++++++++++ 3 files changed, 80 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-lambda/README.md b/packages/@aws-cdk/aws-lambda/README.md index 9c9182b174550..e5cc514c9d365 100644 --- a/packages/@aws-cdk/aws-lambda/README.md +++ b/packages/@aws-cdk/aws-lambda/README.md @@ -710,6 +710,24 @@ const fn = new lambda.Function(this, 'MyLambda', { }); ``` +## Ephemeral Storage + +You can configure ephemeral storage on a function to control the amount of storage it gets for reading +or writing data, allowing you to use AWS Lambda for ETL jobs, ML inference, or other data-intensive workloads. +The ephemeral storage will be accessible in the functions' `/tmp` directory. + +```ts +import { Size } from '@aws-cdk/core'; + +const fn = new lambda.Function(this, 'MyFunction', { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')), + ephemeralStorageSize: Size.mebibytes(1024), +}); +``` + +Read more about using this feature in [this AWS blog post](https://aws.amazon.com/blogs/aws/aws-lambda-now-supports-up-to-10-gb-ephemeral-storage/). ## Singleton Function diff --git a/packages/@aws-cdk/aws-lambda/lib/function.ts b/packages/@aws-cdk/aws-lambda/lib/function.ts index 6bc89845edf3b..904fe515e5a7c 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function.ts @@ -6,7 +6,7 @@ import * as kms from '@aws-cdk/aws-kms'; import * as logs from '@aws-cdk/aws-logs'; import * as sns from '@aws-cdk/aws-sns'; import * as sqs from '@aws-cdk/aws-sqs'; -import { Annotations, ArnFormat, CfnResource, Duration, Fn, Lazy, Names, Stack, Token } from '@aws-cdk/core'; +import { Annotations, ArnFormat, CfnResource, Duration, Fn, Lazy, Names, Size, Stack, Token } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { Architecture } from './architecture'; import { Code, CodeConfig } from './code'; @@ -95,6 +95,13 @@ export interface FunctionOptions extends EventInvokeConfigOptions { */ readonly memorySize?: number; + /** + * The size of the function’s /tmp directory in MB. + * + * @default 512 MiB + */ + readonly ephemeralStorageSize?: Size; + /** * Initial policy statements to add to the created Lambda Role. * @@ -747,6 +754,11 @@ export class Function extends FunctionBase { } this._architecture = props.architecture ?? (props.architectures && props.architectures[0]); + if (props.ephemeralStorageSize && !props.ephemeralStorageSize.isUnresolved() + && (props.ephemeralStorageSize.toMebibytes() < 512 || props.ephemeralStorageSize.toMebibytes() > 10240)) { + throw new Error(`Ephemeral storage size must be between 512 and 10240 MB, received ${props.ephemeralStorageSize}.`); + } + const resource: CfnFunction = new CfnFunction(this, 'Resource', { functionName: this.physicalName, description: props.description, @@ -767,6 +779,9 @@ export class Function extends FunctionBase { // Token, actually *modifies* the 'environment' map. environment: Lazy.uncachedAny({ produce: () => this.renderEnvironment() }), memorySize: props.memorySize, + ephemeralStorage: props.ephemeralStorageSize ? { + size: props.ephemeralStorageSize.toMebibytes(), + } : undefined, vpcConfig: this.configureVpc(props), deadLetterConfig: this.buildDeadLetterConfig(dlqTopicOrQueue), tracingConfig: this.buildTracingConfig(props), diff --git a/packages/@aws-cdk/aws-lambda/test/function.test.ts b/packages/@aws-cdk/aws-lambda/test/function.test.ts index fd9a175d93fb2..f22216222baa2 100644 --- a/packages/@aws-cdk/aws-lambda/test/function.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/function.test.ts @@ -15,6 +15,7 @@ import * as cdk from '@aws-cdk/core'; import * as constructs from 'constructs'; import * as _ from 'lodash'; import * as lambda from '../lib'; +import { Lazy, Size } from '@aws-cdk/core'; describe('function', () => { test('default function', () => { @@ -2584,6 +2585,7 @@ describe('function', () => { architectures: [lambda.Architecture.X86_64, lambda.Architecture.ARM_64], })).toThrow(/one architecture must be specified/); }); + test('Architecture is properly readable from the function', () => { const stack = new cdk.Stack(); const fn = new lambda.Function(stack, 'MyFunction', { @@ -2635,6 +2637,50 @@ describe('function', () => { }); }); +test('throws if ephemeral storage size is out of bound', () => { + const stack = new cdk.Stack(); + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'bar', + runtime: lambda.Runtime.NODEJS_14_X, + ephemeralStorageSize: Size.mebibytes(511), + })).toThrow(/Ephemeral storage size must be between 512 and 10240 MB/); +}); + +test('set ephemeral storage to desired size', () => { + const stack = new cdk.Stack(); + new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'bar', + runtime: lambda.Runtime.NODEJS_14_X, + ephemeralStorageSize: Size.mebibytes(1024), + }); + + Template.fromStack(stack).hasResource('AWS::Lambda::Function', { + Properties: + { + Code: { ZipFile: 'foo' }, + Handler: 'bar', + Runtime: 'nodejs14.x', + EphemeralStorage: { + Size: 1024, + }, + }, + }); +}); + +test('ephemeral storage allows unresolved tokens', () => { + const stack = new cdk.Stack(); + expect(() => { + new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'bar', + runtime: lambda.Runtime.NODEJS_14_X, + ephemeralStorageSize: Size.mebibytes(Lazy.number({ produce: () => 1024 })), + }); + }).not.toThrow(); +}); + function newTestLambda(scope: constructs.Construct) { return new lambda.Function(scope, 'MyLambda', { code: new lambda.InlineCode('foo'), From 4071d9b0b6af241e1d91d6e5b828334f1693b8a5 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Fri, 1 Apr 2022 05:06:32 -0400 Subject: [PATCH 26/59] chore(aws-apprunner): fix integration tests (#19660) splitting up the integration tests into separate tests so that we can separate the ones that can be run and those that can't. The github test requires a connection to github so it can't be run in automation. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ.service-ecr-public.expected.json | 38 +++++ .../test/integ.service-ecr-public.ts | 18 +++ ...d.json => integ.service-ecr.expected.json} | 148 +++--------------- .../aws-apprunner/test/integ.service-ecr.ts | 32 ++++ .../test/integ.service-github.expected.json | 86 ++++++++++ .../test/integ.service-github.ts | 35 +++++ .../aws-apprunner/test/integ.service.ts | 71 --------- 7 files changed, 227 insertions(+), 201 deletions(-) create mode 100644 packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.expected.json create mode 100644 packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.ts rename packages/@aws-cdk/aws-apprunner/test/{integ.service.expected.json => integ.service-ecr.expected.json} (68%) create mode 100644 packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.ts create mode 100644 packages/@aws-cdk/aws-apprunner/test/integ.service-github.expected.json create mode 100644 packages/@aws-cdk/aws-apprunner/test/integ.service-github.ts delete mode 100644 packages/@aws-cdk/aws-apprunner/test/integ.service.ts diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.expected.json b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.expected.json new file mode 100644 index 0000000000000..f790c8ae78487 --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.expected.json @@ -0,0 +1,38 @@ +{ + "Resources": { + "Service1EDCC8134": { + "Type": "AWS::AppRunner::Service", + "Properties": { + "SourceConfiguration": { + "AuthenticationConfiguration": {}, + "ImageRepository": { + "ImageConfiguration": { + "Port": "8000" + }, + "ImageIdentifier": "public.ecr.aws/aws-containers/hello-app-runner:latest", + "ImageRepositoryType": "ECR_PUBLIC" + } + }, + "InstanceConfiguration": {} + } + } + }, + "Outputs": { + "URL1": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Fn::GetAtt": [ + "Service1EDCC8134", + "ServiceUrl" + ] + } + ] + ] + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.ts new file mode 100644 index 0000000000000..82d2c7c4794f1 --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.ts @@ -0,0 +1,18 @@ +import * as cdk from '@aws-cdk/core'; +import { Service, Source } from '../lib'; + + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'integ-apprunner-ecr-public'); + +// Scenario 1: Create the service from ECR public +const service1 = new Service(stack, 'Service1', { + source: Source.fromEcrPublic({ + imageConfiguration: { + port: 8000, + }, + imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest', + }), +}); +new cdk.CfnOutput(stack, 'URL1', { value: `https://${service1.serviceUrl}` }); diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.expected.json similarity index 68% rename from packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json rename to packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.expected.json index 9ca183c3ca56a..107dc235584de 100644 --- a/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.expected.json @@ -1,22 +1,6 @@ { "Resources": { - "Service1EDCC8134": { - "Type": "AWS::AppRunner::Service", - "Properties": { - "SourceConfiguration": { - "AuthenticationConfiguration": {}, - "ImageRepository": { - "ImageConfiguration": { - "Port": "8000" - }, - "ImageIdentifier": "public.ecr.aws/aws-containers/hello-app-runner:latest", - "ImageRepositoryType": "ECR_PUBLIC" - } - }, - "InstanceConfiguration": {} - } - }, - "Service2AccessRole759CA73D": { + "Service3AccessRole3ACBAAA0": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -33,7 +17,7 @@ } } }, - "Service2AccessRoleDefaultPolicy08C28479": { + "Service3AccessRoleDefaultPolicy57B9744E": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -66,7 +50,7 @@ { "Ref": "AWS::AccountId" }, - ":repository/nginx" + ":repository/aws-cdk/assets" ] ] } @@ -74,29 +58,29 @@ ], "Version": "2012-10-17" }, - "PolicyName": "Service2AccessRoleDefaultPolicy08C28479", + "PolicyName": "Service3AccessRoleDefaultPolicy57B9744E", "Roles": [ { - "Ref": "Service2AccessRole759CA73D" + "Ref": "Service3AccessRole3ACBAAA0" } ] } }, - "Service2AB4D14D8": { + "Service342D067F2": { "Type": "AWS::AppRunner::Service", "Properties": { "SourceConfiguration": { "AuthenticationConfiguration": { "AccessRoleArn": { "Fn::GetAtt": [ - "Service2AccessRole759CA73D", + "Service3AccessRole3ACBAAA0", "Arn" ] } }, "ImageRepository": { "ImageConfiguration": { - "Port": "80" + "Port": "8000" }, "ImageIdentifier": { "Fn::Join": [ @@ -113,7 +97,7 @@ { "Ref": "AWS::URLSuffix" }, - "/nginx:latest" + "/aws-cdk/assets:77284835684772d19c95f4f5a37e7618d5f9efc40db9321d44ac039db457b967" ] ] }, @@ -123,7 +107,7 @@ "InstanceConfiguration": {} } }, - "Service3AccessRole3ACBAAA0": { + "Service2AccessRole759CA73D": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -140,7 +124,7 @@ } } }, - "Service3AccessRoleDefaultPolicy57B9744E": { + "Service2AccessRoleDefaultPolicy08C28479": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -181,29 +165,29 @@ ], "Version": "2012-10-17" }, - "PolicyName": "Service3AccessRoleDefaultPolicy57B9744E", + "PolicyName": "Service2AccessRoleDefaultPolicy08C28479", "Roles": [ { - "Ref": "Service3AccessRole3ACBAAA0" + "Ref": "Service2AccessRole759CA73D" } ] } }, - "Service342D067F2": { + "Service2AB4D14D8": { "Type": "AWS::AppRunner::Service", "Properties": { "SourceConfiguration": { "AuthenticationConfiguration": { "AccessRoleArn": { "Fn::GetAtt": [ - "Service3AccessRole3ACBAAA0", + "Service2AccessRole759CA73D", "Arn" ] } }, "ImageRepository": { "ImageConfiguration": { - "Port": "8000" + "Port": "80" }, "ImageIdentifier": { "Fn::Join": [ @@ -229,89 +213,9 @@ }, "InstanceConfiguration": {} } - }, - "Service429949929": { - "Type": "AWS::AppRunner::Service", - "Properties": { - "SourceConfiguration": { - "AuthenticationConfiguration": { - "ConnectionArn": "MOCK" - }, - "CodeRepository": { - "CodeConfiguration": { - "ConfigurationSource": "REPOSITORY" - }, - "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", - "SourceCodeVersion": { - "Type": "BRANCH", - "Value": "main" - } - } - }, - "InstanceConfiguration": {} - } - }, - "Service5AD92B5A5": { - "Type": "AWS::AppRunner::Service", - "Properties": { - "SourceConfiguration": { - "AuthenticationConfiguration": { - "ConnectionArn": "MOCK" - }, - "CodeRepository": { - "CodeConfiguration": { - "CodeConfigurationValues": { - "BuildCommand": "yum install -y pycairo && pip install -r requirements.txt", - "Port": "8000", - "Runtime": "PYTHON_3", - "StartCommand": "python app.py" - }, - "ConfigurationSource": "API" - }, - "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", - "SourceCodeVersion": { - "Type": "BRANCH", - "Value": "main" - } - } - }, - "InstanceConfiguration": {} - } } }, "Outputs": { - "URL1": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Fn::GetAtt": [ - "Service1EDCC8134", - "ServiceUrl" - ] - } - ] - ] - } - }, - "URL2": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Fn::GetAtt": [ - "Service2AB4D14D8", - "ServiceUrl" - ] - } - ] - ] - } - }, "URL3": { "Value": { "Fn::Join": [ @@ -328,23 +232,7 @@ ] } }, - "URL4": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Fn::GetAtt": [ - "Service429949929", - "ServiceUrl" - ] - } - ] - ] - } - }, - "URL5": { + "URL2": { "Value": { "Fn::Join": [ "", @@ -352,7 +240,7 @@ "https://", { "Fn::GetAtt": [ - "Service5AD92B5A5", + "Service2AB4D14D8", "ServiceUrl" ] } diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.ts new file mode 100644 index 0000000000000..347cdced6ef4b --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.ts @@ -0,0 +1,32 @@ +import * as path from 'path'; +import * as assets from '@aws-cdk/aws-ecr-assets'; +import * as cdk from '@aws-cdk/core'; +import { Service, Source } from '../lib'; + + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'integ-apprunner'); + + +// Scenario 3: Create the service from local code assets +const imageAsset = new assets.DockerImageAsset(stack, 'ImageAssets', { + directory: path.join(__dirname, './docker.assets'), +}); +const service3 = new Service(stack, 'Service3', { + source: Source.fromAsset({ + imageConfiguration: { port: 8000 }, + asset: imageAsset, + }), +}); +new cdk.CfnOutput(stack, 'URL3', { value: `https://${service3.serviceUrl}` }); + +// Scenario 2: Create the service from existing ECR repository +const service2 = new Service(stack, 'Service2', { + source: Source.fromEcr({ + imageConfiguration: { port: 80 }, + repository: imageAsset.repository, + tag: imageAsset.assetHash, + }), +}); +new cdk.CfnOutput(stack, 'URL2', { value: `https://${service2.serviceUrl}` }); diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-github.expected.json b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.expected.json new file mode 100644 index 0000000000000..a30841a30e91c --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.expected.json @@ -0,0 +1,86 @@ +{ + "Resources": { + "Service429949929": { + "Type": "AWS::AppRunner::Service", + "Properties": { + "SourceConfiguration": { + "AuthenticationConfiguration": { + "ConnectionArn": "MOCK" + }, + "CodeRepository": { + "CodeConfiguration": { + "ConfigurationSource": "REPOSITORY" + }, + "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", + "SourceCodeVersion": { + "Type": "BRANCH", + "Value": "main" + } + } + }, + "InstanceConfiguration": {} + } + }, + "Service5AD92B5A5": { + "Type": "AWS::AppRunner::Service", + "Properties": { + "SourceConfiguration": { + "AuthenticationConfiguration": { + "ConnectionArn": "MOCK" + }, + "CodeRepository": { + "CodeConfiguration": { + "CodeConfigurationValues": { + "BuildCommand": "yum install -y pycairo && pip install -r requirements.txt", + "Port": "8000", + "Runtime": "PYTHON_3", + "StartCommand": "python app.py" + }, + "ConfigurationSource": "API" + }, + "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", + "SourceCodeVersion": { + "Type": "BRANCH", + "Value": "main" + } + } + }, + "InstanceConfiguration": {} + } + } + }, + "Outputs": { + "URL4": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Fn::GetAtt": [ + "Service429949929", + "ServiceUrl" + ] + } + ] + ] + } + }, + "URL5": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Fn::GetAtt": [ + "Service5AD92B5A5", + "ServiceUrl" + ] + } + ] + ] + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-github.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.ts new file mode 100644 index 0000000000000..8813865f04259 --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.ts @@ -0,0 +1,35 @@ +import * as cdk from '@aws-cdk/core'; +import { Service, Source, GitHubConnection, ConfigurationSourceType, Runtime } from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'integ-apprunner'); + +// Scenario 4: Create the service from Github. Make sure you specify a valid connection ARN. +const connectionArn = process.env.CONNECTION_ARN || 'MOCK'; +const service4 = new Service(stack, 'Service4', { + source: Source.fromGitHub({ + repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', + branch: 'main', + configurationSource: ConfigurationSourceType.REPOSITORY, + connection: GitHubConnection.fromConnectionArn(connectionArn), + }), +}); +new cdk.CfnOutput(stack, 'URL4', { value: `https://${service4.serviceUrl}` }); + +// Scenario 5: Create the service from Github with configuration values override. +const service5 = new Service(stack, 'Service5', { + source: Source.fromGitHub({ + repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', + branch: 'main', + configurationSource: ConfigurationSourceType.API, + codeConfigurationValues: { + runtime: Runtime.PYTHON_3, + port: '8000', + startCommand: 'python app.py', + buildCommand: 'yum install -y pycairo && pip install -r requirements.txt', + }, + connection: GitHubConnection.fromConnectionArn(connectionArn), + }), +}); +new cdk.CfnOutput(stack, 'URL5', { value: `https://${service5.serviceUrl}` }); diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service.ts deleted file mode 100644 index 2df2dab9301aa..0000000000000 --- a/packages/@aws-cdk/aws-apprunner/test/integ.service.ts +++ /dev/null @@ -1,71 +0,0 @@ -import * as path from 'path'; -import * as ecr from '@aws-cdk/aws-ecr'; -import * as assets from '@aws-cdk/aws-ecr-assets'; -import * as cdk from '@aws-cdk/core'; -import { Service, Source, GitHubConnection, ConfigurationSourceType, Runtime } from '../lib'; - - -const app = new cdk.App(); - -const stack = new cdk.Stack(app, 'integ-apprunner'); - -// Scenario 1: Create the service from ECR public -const service1 = new Service(stack, 'Service1', { - source: Source.fromEcrPublic({ - imageConfiguration: { - port: 8000, - }, - imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest', - }), -}); -new cdk.CfnOutput(stack, 'URL1', { value: `https://${service1.serviceUrl}` }); - -// Scenario 2: Create the service from existing ECR repository, make sure you have `nginx` ECR repo in your account. -const service2 = new Service(stack, 'Service2', { - source: Source.fromEcr({ - imageConfiguration: { port: 80 }, - repository: ecr.Repository.fromRepositoryName(stack, 'NginxRepository', 'nginx'), - }), -}); -new cdk.CfnOutput(stack, 'URL2', { value: `https://${service2.serviceUrl}` }); - -// Scenario 3: Create the service from local code assets -const imageAsset = new assets.DockerImageAsset(stack, 'ImageAssets', { - directory: path.join(__dirname, './docker.assets'), -}); -const service3 = new Service(stack, 'Service3', { - source: Source.fromAsset({ - imageConfiguration: { port: 8000 }, - asset: imageAsset, - }), -}); -new cdk.CfnOutput(stack, 'URL3', { value: `https://${service3.serviceUrl}` }); - -// Scenario 4: Create the service from Github. Make sure you specify a valid connection ARN. -const connectionArn = stack.node.tryGetContext('CONNECTION_ARN') || 'MOCK'; -const service4 = new Service(stack, 'Service4', { - source: Source.fromGitHub({ - repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', - branch: 'main', - configurationSource: ConfigurationSourceType.REPOSITORY, - connection: GitHubConnection.fromConnectionArn(connectionArn), - }), -}); -new cdk.CfnOutput(stack, 'URL4', { value: `https://${service4.serviceUrl}` }); - -// Scenario 5: Create the service from Github with configuration values override. -const service5 = new Service(stack, 'Service5', { - source: Source.fromGitHub({ - repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', - branch: 'main', - configurationSource: ConfigurationSourceType.API, - codeConfigurationValues: { - runtime: Runtime.PYTHON_3, - port: '8000', - startCommand: 'python app.py', - buildCommand: 'yum install -y pycairo && pip install -r requirements.txt', - }, - connection: GitHubConnection.fromConnectionArn(connectionArn), - }), -}); -new cdk.CfnOutput(stack, 'URL5', { value: `https://${service5.serviceUrl}` }); From 4b7827f230227ab263b4d22e6e048f1b1fbd0d54 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Fri, 1 Apr 2022 05:52:51 -0400 Subject: [PATCH 27/59] chore(aws-lambda): fix broken integration tests (#19654) This updates/removes any reference to the deprecated NODEJS_10 runtime since you can no longer deploy functions with that runtime. It also updates the docker image used in the docker integ tests to use an image from the public ecr repository so that it is not tied to a specific region's ECR repo. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-lambda/test/code.test.ts | 6 +- .../test/docker-lambda-handler/Dockerfile | 4 +- .../test/integ.autoscaling.lit.expected.json | 10 +- .../aws-lambda/test/integ.autoscaling.lit.ts | 2 +- .../test/integ.lambda.docker.expected.json | 2 +- .../test/integ.lambda.expected.json | 8 +- ...integ.lambda.prov.concurrent.expected.json | 16 +-- .../test/integ.lambda.prov.concurrent.ts | 4 +- .../@aws-cdk/aws-lambda/test/integ.lambda.ts | 2 +- .../integ.layer-version.lit.expected.json | 10 +- .../test/integ.layer-version.lit.ts | 4 +- .../test/integ.log-retention.expected.json | 6 +- .../aws-lambda/test/integ.log-retention.ts | 6 +- .../integ.runtime.inlinecode.expected.json | 110 ------------------ .../test/integ.runtime.inlinecode.ts | 14 --- 15 files changed, 40 insertions(+), 164 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda/test/code.test.ts b/packages/@aws-cdk/aws-lambda/test/code.test.ts index 76e771596d735..9bd03c3082ae8 100644 --- a/packages/@aws-cdk/aws-lambda/test/code.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/code.test.ts @@ -301,7 +301,7 @@ describe('code', () => { { Ref: 'AWS::Region' }, '.', { Ref: 'AWS::URLSuffix' }, - '/aws-cdk/assets:f0fe8a410cb4b860a25f6f3e09237abf69cd38ab59f9ef2441597c75f598c634', + '/aws-cdk/assets:768d7b6c1d41b85135f498fe0cca69fea410be3c3322c69cf08690aaad29a610', ]], }, }, @@ -384,7 +384,7 @@ describe('code', () => { // then Template.fromStack(stack).hasResource('AWS::Lambda::Function', { Metadata: { - [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.650a009a909c30e767a843a84ff7812616447251d245e0ab65d9bfb37f413e32', + [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.dd84d39b518e69c0e62a55312372cdd9ab3ef901c74a4861d92e951215257b3c', [cxapi.ASSET_RESOURCE_METADATA_DOCKERFILE_PATH_KEY]: dockerfilePath, [cxapi.ASSET_RESOURCE_METADATA_DOCKER_BUILD_ARGS_KEY]: dockerBuildArgs, [cxapi.ASSET_RESOURCE_METADATA_DOCKER_BUILD_TARGET_KEY]: dockerBuildTarget, @@ -408,7 +408,7 @@ describe('code', () => { // then Template.fromStack(stack).hasResource('AWS::Lambda::Function', { Metadata: { - [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.a3cc4528c34874616814d9b3436ff0e5d01514c1d563ed8899657ca00982f308', + [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.b7767e24de8d852617d9600e7a60395334454ca017d648f93b2d990aec7f50fd', [cxapi.ASSET_RESOURCE_METADATA_DOCKERFILE_PATH_KEY]: 'Dockerfile', [cxapi.ASSET_RESOURCE_METADATA_PROPERTY_KEY]: 'Code.ImageUri', }, diff --git a/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile b/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile index 18064bbe78ba1..f03af5f73f1a5 100644 --- a/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile +++ b/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile @@ -1,8 +1,8 @@ -FROM 628053151772.dkr.ecr.sa-east-1.amazonaws.com/awslambda/nodejs12.x-runtime-internal:beta +FROM public.ecr.aws/lambda/nodejs:12 ARG FUNCTION_DIR="/var/task" # Create function directory RUN mkdir -p ${FUNCTION_DIR} # Copy handler function and package.json COPY app.js ${FUNCTION_DIR} # Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile) -CMD [ "app.handler" ] \ No newline at end of file +CMD [ "app.handler" ] diff --git a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json index 1ee05ac72cef8..bb6ee0277bb99 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json @@ -37,20 +37,20 @@ "Code": { "ZipFile": "exports.handler = async () => { console.log('hello world'); };" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaServiceRole4539ECB6", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaServiceRole4539ECB6" ] }, - "MyLambdaCurrentVersionE7A382CC03fc10af301b823dc69dee9357b5caa0": { + "MyLambdaCurrentVersionE7A382CCc9b5d5d60612e848a9b7c670d8802822": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -66,7 +66,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaCurrentVersionE7A382CC03fc10af301b823dc69dee9357b5caa0", + "MyLambdaCurrentVersionE7A382CCc9b5d5d60612e848a9b7c670d8802822", "Version" ] }, @@ -160,4 +160,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts index e8d3411b072f3..ec6387c230c1a 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts @@ -14,7 +14,7 @@ class TestStack extends cdk.Stack { const fn = new lambda.Function(this, 'MyLambda', { code: new lambda.InlineCode('exports.handler = async () => { console.log(\'hello world\'); };'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const version = fn.currentVersion; diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json index 6affea556c9d9..d7f68ed5f5a1f 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json @@ -50,7 +50,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:f0fe8a410cb4b860a25f6f3e09237abf69cd38ab59f9ef2441597c75f598c634" + "/aws-cdk/assets:768d7b6c1d41b85135f498fe0cca69fea410be3c3322c69cf08690aaad29a610" ] ] } diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json index 88e7b53442a15..a6928d7344a66 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json @@ -58,21 +58,21 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaServiceRole4539ECB6", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaServiceRoleDefaultPolicy5BBC6F68", "MyLambdaServiceRole4539ECB6" ] }, - "MyLambdaCurrentVersionE7A382CC306b64ef431b3e873cc6258340b63a78": { + "MyLambdaCurrentVersionE7A382CCaab0ffd2d3271bb29338c3fe7c7f3151": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -88,7 +88,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaCurrentVersionE7A382CC306b64ef431b3e873cc6258340b63a78", + "MyLambdaCurrentVersionE7A382CCaab0ffd2d3271bb29338c3fe7c7f3151", "Version" ] }, diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json index 15a57b7a0e598..668799ec1d170 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json @@ -58,21 +58,21 @@ "Code": { "ZipFile": "exports.handler = async function(event, context) { console.log(\"Hello from CDK! with Alias Provisioned Concurrent Exec!\");}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaAliasPCEServiceRoleF7C9F212", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaAliasPCEServiceRoleDefaultPolicyE7418D56", "MyLambdaAliasPCEServiceRoleF7C9F212" ] }, - "MyLambdaAliasPCECurrentVersion072335D3974767ca5ab9a8786a5779ede8cb8cc5": { + "MyLambdaAliasPCECurrentVersion072335D3f742c0f8cc0b7f48bb32fb34b63bc22c": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -88,7 +88,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaAliasPCECurrentVersion072335D3974767ca5ab9a8786a5779ede8cb8cc5", + "MyLambdaAliasPCECurrentVersion072335D3f742c0f8cc0b7f48bb32fb34b63bc22c", "Version" ] }, @@ -166,21 +166,21 @@ "Code": { "ZipFile": "exports.handler = async function(event, context) { console.log(\"Hello from CDK! with Version Provisioned Concurrent Exec!\");}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaVersionPCEServiceRole2ACFB73E", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaVersionPCEServiceRoleDefaultPolicy229A1552", "MyLambdaVersionPCEServiceRole2ACFB73E" ] }, - "MyLambdaVersionPCECurrentVersion27FC3932a1bc5d5d20600bf4225d17df43a36ea5": { + "MyLambdaVersionPCECurrentVersion27FC3932fbc6188ae863cb6dc15d61f96ad00420": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -199,7 +199,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaVersionPCECurrentVersion27FC3932a1bc5d5d20600bf4225d17df43a36ea5", + "MyLambdaVersionPCECurrentVersion27FC3932fbc6188ae863cb6dc15d61f96ad00420", "Version" ] }, diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts index 4a100b4d6e462..dde4a27d84ceb 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts @@ -15,7 +15,7 @@ const pce = 5; const fn = new lambda.Function(stack, 'MyLambdaAliasPCE', { code: new lambda.InlineCode(lambdaCode.replace('#type#', 'Alias')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); fn.addToRolePolicy(new iam.PolicyStatement({ @@ -39,7 +39,7 @@ alias.addPermission('AliasPermission', { const fnVersionPCE = new lambda.Function(stack, 'MyLambdaVersionPCE', { code: new lambda.InlineCode(lambdaCode.replace('#type#', 'Version')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, currentVersionOptions: { provisionedConcurrentExecutions: pce, }, diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts b/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts index c6ca7302a1f91..1dc7ec07b6cfd 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts @@ -9,7 +9,7 @@ const stack = new cdk.Stack(app, 'aws-cdk-lambda-1'); const fn = new lambda.Function(stack, 'MyLambda', { code: new lambda.InlineCode('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); fn.addToRolePolicy(new iam.PolicyStatement({ diff --git a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json index 93687882379f7..0c6e5b2d4447a 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json @@ -42,7 +42,7 @@ } }, "CompatibleRuntimes": [ - "nodejs10.x" + "nodejs14.x" ], "Description": "A layer to test the L2 construct", "LicenseInfo": "Apache-2.0" @@ -97,19 +97,19 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLayeredLambdaServiceRole1A7DC118", "Arn" ] }, - "Runtime": "nodejs10.x", + "Handler": "index.handler", "Layers": [ { "Ref": "MyLayer38944FA5" } - ] + ], + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLayeredLambdaServiceRole1A7DC118" @@ -130,4 +130,4 @@ "Description": "Artifact hash for asset \"8811a2632ac5564a08fd269e159298f7e497f259578b0dc5e927a1f48ab24d34\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts index d26722365c72e..49ba7c75a8675 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts @@ -12,7 +12,7 @@ const awsAccountId = stack.account; /// !show const layer = new lambda.LayerVersion(stack, 'MyLayer', { code: lambda.Code.fromAsset(path.join(__dirname, 'layer-code')), - compatibleRuntimes: [lambda.Runtime.NODEJS_10_X], + compatibleRuntimes: [lambda.Runtime.NODEJS_14_X], license: 'Apache-2.0', description: 'A layer to test the L2 construct', }); @@ -26,7 +26,7 @@ layer.addPermission('remote-account-grant', { accountId: awsAccountId }); new lambda.Function(stack, 'MyLayeredLambda', { code: new lambda.InlineCode('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, layers: [layer], }); /// !hide diff --git a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json index 1765faee07465..8aafc5fe25b04 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "OneWeekServiceRole05A6F9F8" @@ -227,7 +227,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "OneMonthServiceRoleFBD1064F" @@ -300,7 +300,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "OneYearServiceRole24D47762" diff --git a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts index 7b4901f651252..965a04c5597d6 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts @@ -10,21 +10,21 @@ const stack = new cdk.Stack(app, 'aws-cdk-lambda-log-retention'); new lambda.Function(stack, 'OneWeek', { code: new lambda.InlineCode('exports.handler = (event) => console.log(JSON.stringify(event));'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, logRetention: logs.RetentionDays.ONE_WEEK, }); new lambda.Function(stack, 'OneMonth', { code: new lambda.InlineCode('exports.handler = (event) => console.log(JSON.stringify(event));'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, logRetention: logs.RetentionDays.ONE_MONTH, }); new lambda.Function(stack, 'OneYear', { code: new lambda.InlineCode('exports.handler = (event) => console.log(JSON.stringify(event));'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, logRetention: logs.RetentionDays.ONE_YEAR, }); diff --git a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json index 2a6f6c964822b..ccc1856ef6196 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json @@ -1,55 +1,5 @@ { "Resources": { - "NODEJS10XServiceRole2FD24B65": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "NODEJS10XF3831960": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = async function(event) { return \"success\" }" - }, - "Role": { - "Fn::GetAtt": [ - "NODEJS10XServiceRole2FD24B65", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs10.x" - }, - "DependsOn": [ - "NODEJS10XServiceRole2FD24B65" - ] - }, "NODEJS12XServiceRole59E71436": { "Type": "AWS::IAM::Role", "Properties": { @@ -100,56 +50,6 @@ "NODEJS12XServiceRole59E71436" ] }, - "PYTHON27ServiceRoleF484A17D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "PYTHON27F8E941FA": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "def handler(event, context):\n return \"success\"" - }, - "Role": { - "Fn::GetAtt": [ - "PYTHON27ServiceRoleF484A17D", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "python2.7" - }, - "DependsOn": [ - "PYTHON27ServiceRoleF484A17D" - ] - }, "PYTHON36ServiceRole814B3AD9": { "Type": "AWS::IAM::Role", "Properties": { @@ -402,21 +302,11 @@ } }, "Outputs": { - "NODEJS10XfunctionName": { - "Value": { - "Ref": "NODEJS10XF3831960" - } - }, "NODEJS12XfunctionName": { "Value": { "Ref": "NODEJS12X8B8075A4" } }, - "PYTHON27functionName": { - "Value": { - "Ref": "PYTHON27F8E941FA" - } - }, "PYTHON36functionName": { "Value": { "Ref": "PYTHON364935EF15" diff --git a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts index ff6160da9ac27..0aff4e4ff02a8 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts @@ -15,13 +15,6 @@ const app = new App(); const stack = new Stack(app, 'aws-cdk-lambda-runtime-inlinecode'); -const node10xfn = new Function(stack, 'NODEJS_10_X', { - code: new InlineCode('exports.handler = async function(event) { return "success" }'), - handler: 'index.handler', - runtime: Runtime.NODEJS_10_X, -}); -new CfnOutput(stack, 'NODEJS_10_X-functionName', { value: node10xfn.functionName }); - const node12xfn = new Function(stack, 'NODEJS_12_X', { code: new InlineCode('exports.handler = async function(event) { return "success" }'), handler: 'index.handler', @@ -29,13 +22,6 @@ const node12xfn = new Function(stack, 'NODEJS_12_X', { }); new CfnOutput(stack, 'NODEJS_12_X-functionName', { value: node12xfn.functionName }); -const python27 = new Function(stack, 'PYTHON_2_7', { - code: new InlineCode('def handler(event, context):\n return "success"'), - handler: 'index.handler', - runtime: Runtime.PYTHON_2_7, -}); -new CfnOutput(stack, 'PYTHON_2_7-functionName', { value: python27.functionName }); - const python36 = new Function(stack, 'PYTHON_3_6', { code: new InlineCode('def handler(event, context):\n return "success"'), handler: 'index.handler', From d19a4b07562d47a42c562d1cc39e302a1d773634 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Fri, 1 Apr 2022 06:36:26 -0400 Subject: [PATCH 28/59] chore(aws-cloudfront): fix broken integration tests (#19657) This fixes a couple of broken integration tests due to: 1. Lambda functions using deprecated NODEJS_10 2. Invalid geo codes ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ....cloudfront-geo-restrictions.expected.json | 21 +++++++++++-------- .../test/integ.cloudfront-geo-restrictions.ts | 2 +- ...loudfront-lambda-association.expected.json | 2 +- .../integ.cloudfront-lambda-association.ts | 2 +- .../integ.distribution-lambda.expected.json | 6 +++--- .../test/integ.distribution-lambda.ts | 2 +- 6 files changed, 19 insertions(+), 16 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json index 9307879bca924..5fc5a888c4c11 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json @@ -1,9 +1,9 @@ { "Resources": { "Bucket83908E77": { - "DeletionPolicy": "Delete", + "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", - "Type": "AWS::S3::Bucket" + "DeletionPolicy": "Delete" }, "MyDistributionCFDistributionDE147309": { "Type": "AWS::CloudFront::Distribution", @@ -18,6 +18,7 @@ "GET", "HEAD" ], + "Compress": true, "ForwardedValues": { "Cookies": { "Forward": "none" @@ -25,8 +26,7 @@ "QueryString": false }, "TargetOriginId": "origin1", - "ViewerProtocolPolicy": "redirect-to-https", - "Compress": true + "ViewerProtocolPolicy": "redirect-to-https" }, "DefaultRootObject": "index.html", "Enabled": true, @@ -47,17 +47,20 @@ } ], "PriceClass": "PriceClass_100", - "ViewerCertificate": { - "CloudFrontDefaultCertificate": true - }, "Restrictions": { "GeoRestriction": { - "Locations": ["US", "UK"], + "Locations": [ + "US", + "GB" + ], "RestrictionType": "whitelist" } + }, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": true } } } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts index 7f90fff25740e..b89fee939cb4c 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts @@ -19,7 +19,7 @@ new cloudfront.CloudFrontWebDistribution(stack, 'MyDistribution', { behaviors: [{ isDefaultBehavior: true }], }, ], - geoRestriction: cloudfront.GeoRestriction.allowlist('US', 'UK'), + geoRestriction: cloudfront.GeoRestriction.allowlist('US', 'GB'), }); app.synth(); diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json index 8759a3b629e14..d8528288e52d0 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json @@ -52,7 +52,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaServiceRoleA8ED4D3B" diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts index 83eea22f40cef..6427b28195c51 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts @@ -14,7 +14,7 @@ const sourceBucket = new s3.Bucket(stack, 'Bucket', { const lambdaFunction = new lambda.Function(stack, 'Lambda', { code: lambda.Code.fromInline('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const lambdaVersion = new lambda.Version(stack, 'LambdaVersion', { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json index d87415745eed9..301d18dd22920 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json @@ -47,13 +47,13 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaServiceRoleA8ED4D3B" ] }, - "LambdaCurrentVersionDF706F6A25bf7d67df4eb614ea2e1ea69c8759b6": { + "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -72,7 +72,7 @@ { "EventType": "origin-request", "LambdaFunctionARN": { - "Ref": "LambdaCurrentVersionDF706F6A25bf7d67df4eb614ea2e1ea69c8759b6" + "Ref": "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d" } } ], diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts index b6da02f0fa860..c277e93f4a678 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts @@ -9,7 +9,7 @@ const stack = new cdk.Stack(app, 'integ-distribution-lambda', { env: { region: ' const lambdaFunction = new lambda.Function(stack, 'Lambda', { code: lambda.Code.fromInline('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); new cloudfront.Distribution(stack, 'Dist', { From 2321eced6cc16925c6d50e35b140f9ad4008d758 Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Fri, 1 Apr 2022 04:20:43 -0700 Subject: [PATCH 29/59] fix(cli): support attributes of DynamoDB Tables for hotswapping (#19620) When using Nested Stacks, Parameters are used to pass values between the parent and child Stacks. A customer had a setup where a DynamoDB Table was in the parent Stack, and a Lambda using that Table (through environment variables) was in the child Stack. In order to be able to hotswap the Lambda in the child Stack, we have to correctly resolve attributes of the `AWS::DynamoDB::Table` resource, like `Ref` and `Arn`, to resolve the values of the Parameters passed to the child Stack. Fixes #19421 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../api/evaluate-cloudformation-template.ts | 1 + .../state-machine-hotswap-deployments.test.ts | 79 +++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts b/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts index 56cdb394fee31..534066445cc0b 100644 --- a/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts +++ b/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts @@ -360,6 +360,7 @@ const RESOURCE_TYPE_ATTRIBUTES_FORMATS: { [type: string]: { [attribute: string]: // the name attribute of the EventBus is the same as the Ref Name: parts => parts.resourceName, }, + 'AWS::DynamoDB::Table': { Arn: stdSlashResourceArnFmt }, 'AWS::AppSync::GraphQLApi': { ApiId: appsyncGraphQlApiApiIdFmt }, }; diff --git a/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts b/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts index e5b84a1c7095c..54580f2927fc8 100644 --- a/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts +++ b/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts @@ -558,3 +558,82 @@ test('knows how to handle attributes of the AWS::Events::EventBus resource', asy }), }); }); + +test('knows how to handle attributes of the AWS::DynamoDB::Table resource', async () => { + // GIVEN + setup.setCurrentCfnStackTemplate({ + Resources: { + Table: { + Type: 'AWS::DynamoDB::Table', + Properties: { + KeySchema: [{ + AttributeName: 'name', + KeyType: 'HASH', + }], + AttributeDefinitions: [{ + AttributeName: 'name', + AttributeType: 'S', + }], + BillingMode: 'PAY_PER_REQUEST', + }, + }, + Machine: { + Type: 'AWS::StepFunctions::StateMachine', + Properties: { + DefinitionString: '{}', + StateMachineName: 'my-machine', + }, + }, + }, + }); + setup.pushStackResourceSummaries( + setup.stackSummaryOf('Table', 'AWS::DynamoDB::Table', 'my-dynamodb-table'), + ); + const cdkStackArtifact = setup.cdkStackArtifactOf({ + template: { + Resources: { + Table: { + Type: 'AWS::DynamoDB::Table', + Properties: { + KeySchema: [{ + AttributeName: 'name', + KeyType: 'HASH', + }], + AttributeDefinitions: [{ + AttributeName: 'name', + AttributeType: 'S', + }], + BillingMode: 'PAY_PER_REQUEST', + }, + }, + Machine: { + Type: 'AWS::StepFunctions::StateMachine', + Properties: { + DefinitionString: { + 'Fn::Join': ['', [ + '{"TableName":"', + { Ref: 'Table' }, + '","TableArn":"', + { 'Fn::GetAtt': ['Table', 'Arn'] }, + '"}', + ]], + }, + StateMachineName: 'my-machine', + }, + }, + }, + }, + }); + + // THEN + const result = await hotswapMockSdkProvider.tryHotswapDeployment(cdkStackArtifact); + + expect(result).not.toBeUndefined(); + expect(mockUpdateMachineDefinition).toHaveBeenCalledWith({ + stateMachineArn: 'arn:aws:states:here:123456789012:stateMachine:my-machine', + definition: JSON.stringify({ + TableName: 'my-dynamodb-table', + TableArn: 'arn:aws:dynamodb:here:123456789012:table/my-dynamodb-table', + }), + }); +}); From 7d9ab2a783d1d3ae4508760149dee7ac263fdd44 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 1 Apr 2022 14:05:12 +0200 Subject: [PATCH 30/59] fix(core): detect and resolve stringified number tokens (#19578) Number tokens are encoded as a range of very large negative numbers (for example: -1.888154589709072e+289). When these are naively stringified, the `resolve()` method doesn't recognize and translate them anymore, and these numbers end up in the target template in a confusing way. However, recognizing them is actually not that hard and can be done using a regex. We can then do the token resolution appropriately, making it so that construct authors do not have to call `Tokenization.stringifyNumber()` anymore in order to support stringification of number values. Fixes #19546, closes #19550. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/batch/submit-job.test.ts | 27 ++++++++++ .../core/lib/private/cloudformation-lang.ts | 17 ++++--- .../@aws-cdk/core/lib/private/encoding.ts | 16 +++++- .../@aws-cdk/core/lib/private/token-map.ts | 6 ++- .../@aws-cdk/core/lib/string-fragments.ts | 6 ++- packages/@aws-cdk/core/test/tokens.test.ts | 50 ++++++++++++++----- 6 files changed, 96 insertions(+), 26 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts index 0885dcfb55930..aa9ccbdd8a0d8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts @@ -169,6 +169,33 @@ test('supports tokens', () => { }); }); +test('container overrides are tokens', () => { + // WHEN + const task = new BatchSubmitJob(stack, 'Task', { + jobDefinitionArn: batchJobDefinition.jobDefinitionArn, + jobName: 'JobName', + jobQueueArn: batchJobQueue.jobQueueArn, + containerOverrides: { + memory: cdk.Size.mebibytes(sfn.JsonPath.numberAt('$.asdf')), + }, + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':states:::batch:submitJob.sync']] }, + End: true, + Parameters: { + JobDefinition: { Ref: 'JobDefinition24FFE3ED' }, + JobName: 'JobName', + JobQueue: { Ref: 'JobQueueEE3AD499' }, + ContainerOverrides: { + ResourceRequirements: [{ 'Type': 'MEMORY', 'Value.$': '$.asdf' }], + }, + }, + }); +}); + test('supports passing task input into payload', () => { // WHEN const task = new BatchSubmitJob(stack, 'Task', { diff --git a/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts b/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts index 049ceb207f92f..82d2809255806 100644 --- a/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts +++ b/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts @@ -43,8 +43,8 @@ export class CloudFormationLang { // Some case analysis to produce minimal expressions if (parts.length === 1) { return parts[0]; } - if (parts.length === 2 && typeof parts[0] === 'string' && typeof parts[1] === 'string') { - return parts[0] + parts[1]; + if (parts.length === 2 && isConcatable(parts[0]) && isConcatable(parts[1])) { + return `${parts[0]}${parts[1]}`; } // Otherwise return a Join intrinsic (already in the target document language to avoid taking @@ -323,8 +323,8 @@ export function minimalCloudFormationJoin(delimiter: string, values: any[]): any const el = values[i]; if (isSplicableFnJoinIntrinsic(el)) { values.splice(i, 1, ...el['Fn::Join'][1]); - } else if (i > 0 && isPlainString(values[i - 1]) && isPlainString(values[i])) { - values[i - 1] += delimiter + values[i]; + } else if (i > 0 && isConcatable(values[i - 1]) && isConcatable(values[i])) { + values[i - 1] = `${values[i-1]}${delimiter}${values[i]}`; values.splice(i, 1); } else { i += 1; @@ -333,10 +333,6 @@ export function minimalCloudFormationJoin(delimiter: string, values: any[]): any return values; - function isPlainString(obj: any): boolean { - return typeof obj === 'string' && !Token.isUnresolved(obj); - } - function isSplicableFnJoinIntrinsic(obj: any): boolean { if (!isIntrinsic(obj)) { return false; } if (Object.keys(obj)[0] !== 'Fn::Join') { return false; } @@ -351,6 +347,11 @@ export function minimalCloudFormationJoin(delimiter: string, values: any[]): any } } +function isConcatable(obj: any): boolean { + return ['string', 'number'].includes(typeof obj) && !Token.isUnresolved(obj); +} + + /** * Return whether the given value represents a CloudFormation intrinsic */ diff --git a/packages/@aws-cdk/core/lib/private/encoding.ts b/packages/@aws-cdk/core/lib/private/encoding.ts index fae5b1a41ec63..15be87cf42ee0 100644 --- a/packages/@aws-cdk/core/lib/private/encoding.ts +++ b/packages/@aws-cdk/core/lib/private/encoding.ts @@ -14,7 +14,10 @@ const QUOTED_BEGIN_STRING_TOKEN_MARKER = regexQuote(BEGIN_STRING_TOKEN_MARKER); const QUOTED_BEGIN_LIST_TOKEN_MARKER = regexQuote(BEGIN_LIST_TOKEN_MARKER); const QUOTED_END_TOKEN_MARKER = regexQuote(END_TOKEN_MARKER); -const STRING_TOKEN_REGEX = new RegExp(`${QUOTED_BEGIN_STRING_TOKEN_MARKER}([${VALID_KEY_CHARS}]+)${QUOTED_END_TOKEN_MARKER}`, 'g'); +// Sometimes the number of digits is different +export const STRINGIFIED_NUMBER_PATTERN = '-1\\.\\d{10,16}e\\+289'; + +const STRING_TOKEN_REGEX = new RegExp(`${QUOTED_BEGIN_STRING_TOKEN_MARKER}([${VALID_KEY_CHARS}]+)${QUOTED_END_TOKEN_MARKER}|(${STRINGIFIED_NUMBER_PATTERN})`, 'g'); const LIST_TOKEN_REGEX = new RegExp(`${QUOTED_BEGIN_LIST_TOKEN_MARKER}([${VALID_KEY_CHARS}]+)${QUOTED_END_TOKEN_MARKER}`, 'g'); /** @@ -52,7 +55,7 @@ export class TokenString { ret.addLiteral(this.str.substring(rest, m.index)); } - ret.addToken(lookup(m[1])); + ret.addToken(lookup(m[1] ?? m[2])); rest = this.re.lastIndex; m = this.re.exec(this.str); @@ -218,3 +221,12 @@ export function extractTokenDouble(encoded: number): number | undefined { return ints[0] + shl32(ints[1] & 0xFFFF); /* eslint-enable no-bitwise */ } + +const STRINGIFIED_NUMBER_REGEX = new RegExp(STRINGIFIED_NUMBER_PATTERN); + +/** + * Return whether the given string contains accidentally stringified number tokens + */ +export function stringContainsNumberTokens(x: string) { + return !!x.match(STRINGIFIED_NUMBER_REGEX); +} diff --git a/packages/@aws-cdk/core/lib/private/token-map.ts b/packages/@aws-cdk/core/lib/private/token-map.ts index 1a5b0e1f29547..ed2b6a59d0a4f 100644 --- a/packages/@aws-cdk/core/lib/private/token-map.ts +++ b/packages/@aws-cdk/core/lib/private/token-map.ts @@ -177,8 +177,12 @@ export class TokenMap { private registerNumberKey(token: IResolvable): number { const counter = this.tokenCounter++; + const dbl = createTokenDouble(counter); + // Register in the number map, as well as a string representation of that token + // in the string map. this.numberTokenMap.set(counter, token); - return createTokenDouble(counter); + this.stringTokenMap.set(`${dbl}`, token); + return dbl; } } diff --git a/packages/@aws-cdk/core/lib/string-fragments.ts b/packages/@aws-cdk/core/lib/string-fragments.ts index b92fd3628a28d..4fea67f333a2a 100644 --- a/packages/@aws-cdk/core/lib/string-fragments.ts +++ b/packages/@aws-cdk/core/lib/string-fragments.ts @@ -1,5 +1,5 @@ import { IFragmentConcatenator, IResolvable } from './resolvable'; -import { isResolvableObject } from './token'; +import { isResolvableObject, Token } from './token'; /** * Result of the split of a string with Tokens @@ -71,8 +71,10 @@ export class TokenizedStringFragments { const mapped = mapper.mapToken(f.token); if (isResolvableObject(mapped)) { ret.addToken(mapped); - } else { + } else if (Token.isUnresolved(mapped)) { ret.addIntrinsic(mapped); + } else { + ret.addLiteral(mapped); } break; case 'intrinsic': diff --git a/packages/@aws-cdk/core/test/tokens.test.ts b/packages/@aws-cdk/core/test/tokens.test.ts index 48e07c1fc720f..62cd683da6ac2 100644 --- a/packages/@aws-cdk/core/test/tokens.test.ts +++ b/packages/@aws-cdk/core/test/tokens.test.ts @@ -1,5 +1,5 @@ -import { Fn, isResolvableObject, Lazy, Stack, Token, Tokenization } from '../lib'; -import { createTokenDouble, extractTokenDouble } from '../lib/private/encoding'; +import { CfnResource, Fn, isResolvableObject, Lazy, Stack, Token, Tokenization } from '../lib'; +import { createTokenDouble, extractTokenDouble, stringContainsNumberTokens, STRINGIFIED_NUMBER_PATTERN } from '../lib/private/encoding'; import { Intrinsic } from '../lib/private/intrinsic'; import { findTokens } from '../lib/private/resolve'; import { IResolvable } from '../lib/resolvable'; @@ -482,15 +482,12 @@ describe('tokens', () => { expect(() => { resolve({ value: encoded[0] }); }).toThrow(/Found an encoded list/); - - }); }); describe('number encoding', () => { test('basic integer encoding works', () => { expect(16).toEqual(extractTokenDouble(createTokenDouble(16))); - }); test('arbitrary integers can be encoded, stringified, and recovered', () => { @@ -504,16 +501,12 @@ describe('tokens', () => { const decoded = extractTokenDouble(roundtripped); expect(decoded).toEqual(x); } - - }); test('arbitrary numbers are correctly detected as not being tokens', () => { expect(undefined).toEqual(extractTokenDouble(0)); expect(undefined).toEqual(extractTokenDouble(1243)); expect(undefined).toEqual(extractTokenDouble(4835e+532)); - - }); test('can number-encode and resolve Token objects', () => { @@ -528,8 +521,42 @@ describe('tokens', () => { // THEN const resolved = resolve({ value: encoded }); expect(resolved).toEqual({ value: 123 }); + }); + test('regex detects all stringifications of encoded tokens', () => { + expect(stringContainsNumberTokens(`${createTokenDouble(0)}`)).toBeTruthy(); + expect(stringContainsNumberTokens(`${createTokenDouble(Math.pow(2, 48) - 1)}`)).toBeTruthy(); // MAX_ENCODABLE_INTEGER + expect(stringContainsNumberTokens('1234')).toBeFalsy(); + }); + test('check that the first N encoded numbers can be detected', () => { + const re = new RegExp(STRINGIFIED_NUMBER_PATTERN); + // Ran this up to 1 million offline + for (let i = 0; i < 1000; i++) { + expect(`${createTokenDouble(i)}`).toMatch(re); + } + }); + + test('handle stringified number token', () => { + // GIVEN + const tok = `the answer is: ${Lazy.number({ produce: () => 86 })}`; + + // THEN + expect(resolve({ value: `${tok}` })).toEqual({ + value: 'the answer is: 86', + }); + }); + + test('handle stringified number reference', () => { + const stack = new Stack(); + const res = new CfnResource(stack, 'Resource', { type: 'My::Resource' }); + // GIVEN + const tok = `the answer is: ${Token.asNumber(res.ref)}`; + + // THEN + expect(resolve({ value: `${tok}` })).toEqual({ + value: { 'Fn::Join': ['', ['the answer is: ', { Ref: 'Resource' }]] }, + }); }); }); @@ -694,25 +721,21 @@ describe('tokens', () => { describe('stringifyNumber', () => { test('converts number to string', () => { expect(Tokenization.stringifyNumber(100)).toEqual('100'); - }); test('converts tokenized number to string', () => { expect(resolve(Tokenization.stringifyNumber({ resolve: () => 100, } as any))).toEqual('100'); - }); test('string remains the same', () => { expect(Tokenization.stringifyNumber('123' as any)).toEqual('123'); - }); test('Ref remains the same', () => { const val = { Ref: 'SomeLogicalId' }; expect(Tokenization.stringifyNumber(val as any)).toEqual(val); - }); test('lazy Ref remains the same', () => { @@ -791,3 +814,4 @@ function tokensThatResolveTo(value: any): Token[] { function resolve(x: any) { return new Stack().resolve(x); } + From 51419b6d980e2c2d159105d5c44eefdf1278adc6 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Fri, 1 Apr 2022 08:48:31 -0400 Subject: [PATCH 31/59] docs(cfnspec): update CloudFormation documentation (#19678) --- .../spec-source/cfn-docs/cfn-docs.json | 156 +++++++++++------- 1 file changed, 95 insertions(+), 61 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 7cd626e41dad8..7579ea5532a2f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -8583,7 +8583,7 @@ "ProviderURL": "The URL of the provider of the Amazon Cognito user pool, specified as a `String` .", "Ref": "`Ref` returns a generated ID, such as `us-east-2_zgaEXAMPLE` ." }, - "description": "The `AWS::Cognito::UserPool` resource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see [Amazon Cognito User Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) and [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) .", + "description": "The `AWS::Cognito::UserPool` resource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see [Amazon Cognito User Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) and [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) .\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { "AccountRecoverySetting": "Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` . It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.", "AdminCreateUserConfig": "The configuration for creating a new user profile.", @@ -8622,7 +8622,7 @@ "properties": { "AllowAdminCreateUserOnly": "Set to `True` if only the administrator is allowed to create user profiles. Set to `False` if users can sign themselves up via an app.", "InviteMessageTemplate": "The message template to be used for the welcome message to new users.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", - "UnusedAccountValidityDays": "The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `\"RESEND\"` for the `MessageAction` parameter. The default value for this parameter is 7.\n\n> If you set a value for `TemporaryPasswordValidityDays` in `PasswordPolicy` , that value will be used, and `UnusedAccountValidityDays` will be no longer be an available parameter for that user pool." + "UnusedAccountValidityDays": "The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `\"RESEND\"` for the `MessageAction` parameter. The default value for this parameter is 7.\n\n> If you set a value for `TemporaryPasswordValidityDays` in `PasswordPolicy` , that value will be used, and `UnusedAccountValidityDays` will be no longer be an available parameter for that user pool." } }, "AWS::Cognito::UserPool.CustomEmailSender": { @@ -8783,9 +8783,9 @@ "attributes": { "Ref": "`Ref` returns the Amazon Cognito user pool client ID, such as `1h57kf5cpq17m0eml12EXAMPLE` ." }, - "description": "The `AWS::Cognito::UserPoolClient` resource specifies an Amazon Cognito user pool client.", + "description": "The `AWS::Cognito::UserPoolClient` resource specifies an Amazon Cognito user pool client.\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { - "AccessTokenValidity": "The time limit, after which the access token is no longer valid and cannot be used.", + "AccessTokenValidity": "The time limit after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you override the default time unit of *hours* . The default time unit for AccessTokenValidity in an API request is hours.", "AllowedOAuthFlows": "The allowed OAuth flows.\n\nSet to `code` to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.\n\nSet to `implicit` to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.\n\nSet to `client_credentials` to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.", "AllowedOAuthFlowsUserPoolClient": "Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.", "AllowedOAuthScopes": "The allowed OAuth scopes. Possible values provided by OAuth are: `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are: `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported.", @@ -8796,13 +8796,13 @@ "EnableTokenRevocation": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client.", "ExplicitAuthFlows": "The authentication flows that are supported by the user pool clients. Flow names without the `ALLOW_` prefix are no longer supported, in favor of new names with the `ALLOW_` prefix.\n\n> Values with `ALLOW_` prefix must be used only along with the `ALLOW_` prefix. \n\nValid values include:\n\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.\n- `ALLOW_CUSTOM_AUTH` : Enable AWS Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.", "GenerateSecret": "Boolean to specify whether you want to generate a secret for the user pool client being created.", - "IdTokenValidity": "The time limit, after which the ID token is no longer valid and cannot be used.", + "IdTokenValidity": "The time limit after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you override the default time unit of *hours* . The default time unit for AccessTokenValidity in an API request is hours.", "LogoutURLs": "A list of allowed logout URLs for the identity providers.", "PreventUserExistenceErrors": "Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.", "ReadAttributes": "The read attributes.", - "RefreshTokenValidity": "The time limit, in days, after which the refresh token is no longer valid and can't be used.", + "RefreshTokenValidity": "The time limit after which the refresh token is no longer valid and can't be used. The default time unit for RefreshTokenValidity in an API request is days.", "SupportedIdentityProviders": "A list of provider names for the identity providers that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `SignInWithApple` , `Google` and `LoginWithAmazon` .", - "TokenValidityUnits": "The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.", + "TokenValidityUnits": "The units in which the validity times are represented. The default unit for RefreshToken is days, and default for ID and access tokens are hours.", "UserPoolId": "The user pool ID for the user pool where you want to create a user pool client.", "WriteAttributes": "The user pool attributes that the app client can write to.\n\nIf your app client allows users to sign in through an identity provider, this array must include all attributes that you have mapped to identity provider attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying Identity Provider Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } @@ -8820,11 +8820,11 @@ }, "AWS::Cognito::UserPoolClient.TokenValidityUnits": { "attributes": {}, - "description": "The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.", + "description": "The units in which the validity times are represented. The default unit for RefreshToken is days, and the default for ID and access tokens is hours.", "properties": { - "AccessToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d or \u201cdays\u201d for the value in AccessTokenValidity, defaults to hours.", - "IdToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d or \u201cdays\u201d for the value in IdTokenValidity, defaults to hours.", - "RefreshToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d or \u201cdays\u201d for the value in RefreshTokenValidity, defaults to days." + "AccessToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d, or \u201cdays\u201d for the value in AccessTokenValidity, defaulting to hours.", + "IdToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d, or \u201cdays\u201d for the value in IdTokenValidity, defaulting to hours.", + "RefreshToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d, or \u201cdays\u201d for the value in RefreshTokenValidity, defaulting to days." } }, "AWS::Cognito::UserPoolDomain": { @@ -8849,7 +8849,7 @@ "attributes": { "Ref": "`Ref` returns the name of the user pool group. For example: `Admins` ." }, - "description": "Specifies a new group in the identified user pool.\n\nCalling this action requires developer credentials.", + "description": "Specifies a new group in the identified user pool.\n\nCalling this action requires developer credentials.\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { "Description": "A string containing the description of the group.", "GroupName": "The name of the group. Must be unique.", @@ -8876,7 +8876,7 @@ "attributes": { "Ref": "`Ref` returns physicalResourceId, which is the resource server identifier \u201cIdentifier\". For example:\n\n`{ \"Ref\": \"yourResourceServerIdentifier\" }`\n\nFor the Amazon Cognito resource server `yourResourceServerIdentifier` , Ref returns the name of the resource server." }, - "description": "The `AWS::Cognito::UserPoolResourceServer` resource creates a new OAuth2.0 resource server and defines custom scopes in it.", + "description": "The `AWS::Cognito::UserPoolResourceServer` resource creates a new OAuth2.0 resource server and defines custom scopes in it.\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { "Identifier": "A unique resource server identifier for the resource server. This could be an HTTPS endpoint where the resource server is located. For example: `https://my-weather-api.example.com` .", "Name": "A friendly name for the resource server.", @@ -10681,7 +10681,16 @@ "attributes": {}, "description": "Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru.", "properties": { - "CloudFormation": "Information about AWS CloudFormation stacks. You can use up to 500 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* ." + "CloudFormation": "Information about AWS CloudFormation stacks. You can use up to 500 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* .", + "Tags": "The AWS tags used to filter the resources in the resource collection.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- An optional field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `Devops-guru-deployment-application` or `Devops-guru-rds-application` . While *keys* are case-sensitive, the case of *key* characters don't matter to DevOps Guru. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` ." + } + }, + "AWS::DevOpsGuru::ResourceCollection.TagCollection": { + "attributes": {}, + "description": "A collection of AWS stags.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- An optional field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `Devops-guru-deployment-application` or `Devops-guru-rds-application` . While *keys* are case-sensitive, the case of *key* characters don't matter to DevOps Guru. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "properties": { + "AppBoundaryKey": "An AWS tag *key* that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this *key* make up your DevOps Guru application and analysis boundary.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `Devops-guru-deployment-application` or `Devops-guru-rds-application` . While *keys* are case-sensitive, the case of *key* characters don't matter to DevOps Guru. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "TagValues": "The values in an AWS tag collection.\n\nThe tag's *value* is an optional field used to associate a string with the tag *key* (for example, `111122223333` , `Production` , or a team name). The *key* and *value* are the tag's *key* pair. Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. You can specify a maximum of 256 characters for a tag value." } }, "AWS::DeviceFarm::DevicePool": { @@ -10900,6 +10909,7 @@ "DBClusterIdentifier": "The identifier of the cluster that the instance will belong to.", "DBInstanceClass": "The compute and memory capacity of the instance; for example, `db.m4.large` . If you change the class of an instance there can be some interruption in the cluster's service.", "DBInstanceIdentifier": "The instance identifier. This parameter is stored as a lowercase string.\n\nConstraints:\n\n- Must contain from 1 to 63 letters, numbers, or hyphens.\n- The first character must be a letter.\n- Cannot end with a hyphen or contain two consecutive hyphens.\n\nExample: `mydbinstance`", + "EnablePerformanceInsights": "", "PreferredMaintenanceWindow": "The time range each week during which system maintenance can occur, in Universal Coordinated Time (UTC).\n\nFormat: `ddd:hh24:mi-ddd:hh24:mi`\n\nThe default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region , occurring on a random day of the week.\n\nValid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun\n\nConstraints: Minimum 30-minute window.", "Tags": "The tags to be assigned to the instance. You can assign up to 10 tags to an instance." } @@ -12218,6 +12228,13 @@ "VCpuCount": "The minimum and maximum number of vCPUs." } }, + "AWS::EC2::LaunchTemplate.Ipv4PrefixSpecification": { + "attributes": {}, + "description": "Describes an IPv4 prefix.", + "properties": { + "Ipv4Prefix": "The IPv4 prefix. For information, see [Assigning prefixes to Amazon EC2 network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the *Amazon Elastic Compute Cloud User Guide* ." + } + }, "AWS::EC2::LaunchTemplate.Ipv6Add": { "attributes": {}, "description": "Specifies an IPv6 address in an Amazon EC2 launch template.\n\n`Ipv6Add` is a property of [AWS::EC2::LaunchTemplate NetworkInterface](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-networkinterface.html) .", @@ -12225,6 +12242,13 @@ "Ipv6Address": "One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying a number of IPv6 addresses." } }, + "AWS::EC2::LaunchTemplate.Ipv6PrefixSpecification": { + "attributes": {}, + "description": "Describes the IPv6 prefix.", + "properties": { + "Ipv6Prefix": "The IPv6 prefix." + } + }, "AWS::EC2::LaunchTemplate.LaunchTemplateData": { "attributes": {}, "description": "The information to include in the launch template.", @@ -16725,36 +16749,36 @@ }, "AWS::Events::Connection.ApiKeyAuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the API key authorization parameters for the connection.", "properties": { - "ApiKeyName": "", - "ApiKeyValue": "" + "ApiKeyName": "The name of the API key to use for authorization.", + "ApiKeyValue": "The value for the API key to use for authorization." } }, "AWS::Events::Connection.AuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the authorization parameters to use for the connection.", "properties": { - "ApiKeyAuthParameters": "", - "BasicAuthParameters": "", - "InvocationHttpParameters": "", - "OAuthParameters": "" + "ApiKeyAuthParameters": "The API Key parameters to use for authorization.", + "BasicAuthParameters": "The authorization parameters for Basic authorization.", + "InvocationHttpParameters": "Additional parameters for the connection that are passed through with every invocation to the HTTP endpoint.", + "OAuthParameters": "The OAuth parameters to use for authorization." } }, "AWS::Events::Connection.BasicAuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the Basic authorization parameters for the connection.", "properties": { - "Password": "", - "Username": "" + "Password": "The password associated with the user name to use for Basic authorization.", + "Username": "The user name to use for Basic authorization." } }, "AWS::Events::Connection.ClientParameters": { "attributes": {}, - "description": "", + "description": "Contains the OAuth authorization parameters to use for the connection.", "properties": { - "ClientID": "", - "ClientSecret": "" + "ClientID": "The client ID to use for OAuth authorization.", + "ClientSecret": "The client secret assciated with the client ID to use for OAuth authorization." } }, "AWS::Events::Connection.ConnectionHttpParameters": { @@ -16768,21 +16792,21 @@ }, "AWS::Events::Connection.OAuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the OAuth authorization parameters to use for the connection.", "properties": { - "AuthorizationEndpoint": "", - "ClientParameters": "", - "HttpMethod": "", - "OAuthHttpParameters": "" + "AuthorizationEndpoint": "The URL to the authorization endpoint when OAuth is specified as the authorization type.", + "ClientParameters": "A `CreateConnectionOAuthClientRequestParameters` object that contains the client parameters for OAuth authorization.", + "HttpMethod": "The method to use for the authorization request.", + "OAuthHttpParameters": "A `ConnectionHttpParameters` object that contains details about the additional parameters to use for the connection." } }, "AWS::Events::Connection.Parameter": { "attributes": {}, - "description": "", + "description": "Additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.", "properties": { - "IsValueSecret": "", - "Key": "", - "Value": "" + "IsValueSecret": "Specifies whether the value is secret.", + "Key": "The key for a query string parameter.", + "Value": "The value associated with the key for the query string parameter." } }, "AWS::Events::EventBus": { @@ -16796,15 +16820,15 @@ "properties": { "EventSourceName": "If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.", "Name": "The name of the new event bus.\n\nEvent bus names cannot contain the / character. You can't use the name `default` for a custom event bus, as this name is already used for your account's default event bus.\n\nIf this is a partner event bus, the name must exactly match the name of the partner event source that this event bus is matched to.", - "Tags": "" + "Tags": "Tags to associate with the event bus." } }, "AWS::Events::EventBus.TagEntry": { "attributes": {}, - "description": "", + "description": "A key-value pair associated with an AWS resource. In EventBridge, rules and event buses support tagging.", "properties": { - "Key": "", - "Value": "" + "Key": "A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.", + "Value": "The value for the specified tag key." } }, "AWS::Events::EventBusPolicy": { @@ -17947,7 +17971,7 @@ "properties": { "Name": "A descriptive label that is associated with a build. Build names do not need to be unique.", "OperatingSystem": "The operating system that the game server binaries are built to run on. This value determines the type of fleet resources that you can use for this build. If your game build contains multiple executables, they all must run on the same operating system. If an operating system is not specified when creating a build, Amazon GameLift uses the default value (WINDOWS_2012). This value cannot be changed later.", - "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon Web Services to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon Web Services will report a `SizeOnDisk` of 0.", + "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift will report a `SizeOnDisk` of 0.", "Version": "Version information that is associated with this build. Version strings do not need to be unique." } }, @@ -17958,7 +17982,7 @@ "Bucket": "An Amazon S3 bucket identifier. This is the name of the S3 bucket.\n\n> GameLift currently does not support uploading from Amazon S3 buckets with names that contain a dot (.).", "Key": "The name of the zip file that contains the build files or script files.", "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon Web Services to access the S3 bucket." + "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." } }, "AWS::GameLift::Fleet": { @@ -18066,7 +18090,7 @@ "LaunchTemplate": "The Amazon EC2 launch template that contains configuration settings and game server code to be deployed to all instances in the game server group. You can specify the template using either the template name or ID. For help with creating a launch template, see [Creating a Launch Template for an Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) in the *Amazon Elastic Compute Cloud Auto Scaling User Guide* . After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the AWS console or APIs.\n\n> If you specify network interfaces in your launch template, you must explicitly set the property `AssociatePublicIpAddress` to \"true\". If no network interface is specified in the launch template, GameLift FleetIQ uses your account's default VPC.", "MaxSize": "The maximum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, GameLift FleetIQ and EC2 do not scale up the group above this maximum. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the AWS console or APIs.", "MinSize": "The minimum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, GameLift FleetIQ and Amazon EC2 do not scale down the group below this minimum. In production, this value should be set to at least 1. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the AWS console or APIs.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon Web Services to access your Amazon EC2 Auto Scaling groups.", + "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access your Amazon EC2 Auto Scaling groups.", "Tags": "A list of labels to assign to the new game server group resource. Tags are developer-defined key-value pairs. Tagging AWS resources is useful for resource management, access management, and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags, respectively. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits.", "VpcSubnets": "A list of virtual private cloud (VPC) subnets to use with instances in the game server group. By default, all GameLift FleetIQ-supported Availability Zones are used. You can use this parameter to specify VPCs that you've set up. This property cannot be updated after the game server group is created, and the corresponding Auto Scaling group will always use the property value that is set with this request, even if the Auto Scaling group is updated directly." } @@ -18207,7 +18231,7 @@ "description": "The `AWS::GameLift::Script` resource creates a new script record for your Realtime Servers script. Realtime scripts are JavaScript that provide configuration settings and optional custom game logic for your game. The script is deployed when you create a Realtime Servers fleet to host your game sessions. Script logic is executed during an active game session.", "properties": { "Name": "A descriptive label that is associated with a script. Script names do not need to be unique.", - "StorageLocation": "The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon Web Services to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon Web Services uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the `ObjectVersion` parameter to specify an earlier version.", + "StorageLocation": "The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the `ObjectVersion` parameter to specify an earlier version.", "Tags": "A list of labels to assign to the new script resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits.", "Version": "The version that is associated with a build or script. Version strings do not need to be unique." } @@ -18218,8 +18242,8 @@ "properties": { "Bucket": "An Amazon S3 bucket identifier. This is the name of the S3 bucket.\n\n> GameLift currently does not support uploading from Amazon S3 buckets with names that contain a dot (.).", "Key": "The name of the zip file that contains the build files or script files.", - "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon Web Services uses this information when retrieving files from an S3 bucket that you own. Use this parameter to specify a specific version of the file. If not set, the latest version of the file is retrieved.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon Web Services to access the S3 bucket." + "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from an S3 bucket that you own. Use this parameter to specify a specific version of the file. If not set, the latest version of the file is retrieved.", + "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." } }, "AWS::GlobalAccelerator::Accelerator": { @@ -25389,7 +25413,7 @@ }, "AWS::Lambda::EventSourceMapping": { "attributes": { - "Id": "", + "Id": "The event source mapping's ID.", "Ref": "`Ref` returns the mapping's ID." }, "description": "The `AWS::Lambda::EventSourceMapping` resource creates a mapping between an event source and an AWS Lambda function. Lambda reads items from the event source and triggers the function.\n\nFor details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source.\n\n- [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping)\n- [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping)\n- [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource)\n- [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping)\n- [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html)\n- [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html)", @@ -25597,12 +25621,13 @@ }, "AWS::Lambda::Permission": { "attributes": {}, - "description": "The `AWS::Lambda::Permission` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.\n\nTo grant permission to another account, specify the account ID as the `Principal` . For AWS services, the principal is a domain-style identifier defined by the service, like `s3.amazonaws.com` or `sns.amazonaws.com` . For AWS services, you can also specify the ARN of the associated resource as the `SourceArn` . If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.\n\nThis resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html) .", + "description": "The `AWS::Lambda::Permission` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.\n\nTo grant permission to another account, specify the account ID as the `Principal` . To grant permission to an organization defined in AWS Organizations , specify the organization ID as the `PrincipalOrgID` . For AWS services, the principal is a domain-style identifier defined by the service, like `s3.amazonaws.com` or `sns.amazonaws.com` . For AWS services, you can also specify the ARN of the associated resource as the `SourceArn` . If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.\n\nThis resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html) .", "properties": { "Action": "The action that the principal can use on the function. For example, `lambda:InvokeFunction` or `lambda:GetFunction` .", "EventSourceToken": "For Alexa Smart Home functions, a token that must be supplied by the invoker.", "FunctionName": "The name of the Lambda function, version, or alias.\n\n**Name formats** - *Function name* - `my-function` (name-only), `my-function:v1` (with alias).\n- *Function ARN* - `arn:aws:lambda:us-west-2:123456789012:function:my-function` .\n- *Partial ARN* - `123456789012:function:my-function` .\n\nYou can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.", "Principal": "The AWS service or account that invokes the function. If you specify a service, use `SourceArn` or `SourceAccount` to limit who can invoke the function through that service.", + "PrincipalOrgID": "The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.", "SourceAccount": "For Amazon S3, the ID of the account that owns the resource. Use this together with `SourceArn` to ensure that the resource is owned by the specified account. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.", "SourceArn": "For AWS services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.\n\nNote that Lambda configures the comparison using the `StringLike` operator." } @@ -29732,6 +29757,14 @@ "UtcTimingUri": "Specifies the value attribute of the UTC timing field when utcTiming is set to HTTP-ISO or HTTP-HEAD." } }, + "AWS::MediaPackage::OriginEndpoint.EncryptionContractConfiguration": { + "attributes": {}, + "description": "", + "properties": { + "PresetSpeke20Audio": "", + "PresetSpeke20Video": "" + } + }, "AWS::MediaPackage::OriginEndpoint.HlsEncryption": { "attributes": {}, "description": "Holds encryption information so that access to the content can be controlled by a DRM solution.", @@ -29798,6 +29831,7 @@ "description": "Keyprovider settings for DRM.", "properties": { "CertificateArn": "The Amazon Resource Name (ARN) for the certificate that you imported to AWS Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", + "EncryptionContractConfiguration": "", "ResourceId": "Unique identifier for this endpoint, as it is configured in the key provider service.", "RoleArn": "The ARN for the IAM role that's granted by the key provider to provide access to the key provider API. This role must have a trust policy that allows AWS Elemental MediaPackage to assume the role, and it must have a sufficient permissions policy to allow access to the specific key retrieval URL. Valid format: arn:aws:iam::{accountID}:role/{name}", "SystemIds": "List of unique identifiers for the DRM systems to use, as defined in the CPIX specification.", @@ -33361,7 +33395,7 @@ "AllowMajorVersionUpgrade": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n\nConstraints: Major version upgrades must be allowed when specifying a value for the `EngineVersion` parameter that is a different major version than the DB instance's current version.", "AssociatedRoles": "The AWS Identity and Access Management (IAM) roles associated with the DB instance.", "AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.", - "AvailabilityZone": "The Availability Zone that the database instance will be created in.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's region.\n\nExample: `us-east-1d`\n\nConstraint: The AvailabilityZone parameter cannot be specified if the MultiAZ parameter is set to `true` . The specified Availability Zone must be in the same region as the current endpoint.", + "AvailabilityZone": "The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) .\n\n*Amazon Aurora*\n\nNot applicable. Availability Zones are managed by the DB cluster.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's AWS Region .\n\nExample: `us-east-1d`\n\nConstraint: The `AvailabilityZone` parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same AWS Region as the current endpoint.\n\n> If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.\n> \n> For more information about RDS on VMware, see the [RDS on VMware User Guide.](https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html)", "BackupRetentionPeriod": "The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.\n\n*Amazon Aurora*\n\nNot applicable. The retention period for automated backups is managed by the DB cluster.\n\nDefault: 1\n\nConstraints:\n\n- Must be a value from 0 to 35\n- Can't be set to 0 if the DB instance is a source to read replicas", "CACertificateIdentifier": "The identifier of the CA certificate for this DB instance.\n\n> Specifying or updating this property triggers a reboot. \n\nFor more information about CA certificate identifiers for RDS DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide* .\n\nFor more information about CA certificate identifiers for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide* .", "CharacterSetName": "For supported engines, indicates that the DB instance should be associated with the specified character set.\n\n*Amazon Aurora*\n\nNot applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html) .", @@ -33546,9 +33580,9 @@ "description": "The `Ingress` property type specifies an individual ingress rule within an `AWS::RDS::DBSecurityGroup` resource.", "properties": { "CIDRIP": "The IP range to authorize.", - "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSecurityGroupIngress": { @@ -33558,10 +33592,10 @@ "description": "The `AWS::RDS::DBSecurityGroupIngress` resource enables ingress to a DB security group using one of two forms of authorization. First, you can add EC2 or VPC security groups to the DB security group if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the Internet.\n\nThis type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .\n\nFor details about the settings for DB security group ingress, see [AuthorizeDBSecurityGroupIngress](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html) .", "properties": { "CIDRIP": "The IP range to authorize.", - "DBSecurityGroupName": "The name of the DB Security Group to add authorization to.", - "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "DBSecurityGroupName": "The name of the DB security group to add authorization to.", + "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSubnetGroup": { @@ -33570,9 +33604,9 @@ }, "description": "The `AWS::RDS::DBSubnetGroup` resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region.\n\nFor more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide* .", "properties": { - "DBSubnetGroupDescription": "The description for the DB Subnet Group.", + "DBSubnetGroupDescription": "The description for the DB subnet group.", "DBSubnetGroupName": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n\nExample: `mysubnetgroup`", - "SubnetIds": "The EC2 Subnet IDs for the DB Subnet Group.", + "SubnetIds": "The EC2 Subnet IDs for the DB subnet group.", "Tags": "Tags to assign to the DB subnet group." } }, @@ -33582,8 +33616,8 @@ }, "description": "The `AWS::RDS::EventSubscription` resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see [Using Amazon RDS Event Notification](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) in the *Amazon RDS User Guide* .", "properties": { - "Enabled": "A Boolean value; set to *true* to activate the subscription, set to *false* to create the subscription but not active it.", - "EventCategories": "A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the [Events](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) topic in the Amazon RDS User Guide or by using the *DescribeEventCategories* action.", + "Enabled": "A value that indicates whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active.", + "EventCategories": "A list of event categories for a particular source type ( `SourceType` ) that you want to subscribe to. You can see a list of the categories for a given source type in the \"Amazon RDS event categories and event messages\" section of the [*Amazon RDS User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) or the [*Amazon Aurora User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html) . You can also see this list by using the `DescribeEventCategories` operation.", "SnsTopicArn": "The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it.", "SourceIds": "The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.\n\nConstraints:\n\n- If a `SourceIds` value is supplied, `SourceType` must also be provided.\n- If the source type is a DB instance, a `DBInstanceIdentifier` value must be supplied.\n- If the source type is a DB cluster, a `DBClusterIdentifier` value must be supplied.\n- If the source type is a DB parameter group, a `DBParameterGroupName` value must be supplied.\n- If the source type is a DB security group, a `DBSecurityGroupName` value must be supplied.\n- If the source type is a DB snapshot, a `DBSnapshotIdentifier` value must be supplied.\n- If the source type is a DB cluster snapshot, a `DBClusterSnapshotIdentifier` value must be supplied.", "SourceType": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to `db-instance` . If this value isn't specified, all events are returned.\n\nValid values: `db-instance` | `db-cluster` | `db-parameter-group` | `db-security-group` | `db-snapshot` | `db-cluster-snapshot`" From dba96a9ec6193f630baf6c0d306def903024a56d Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Fri, 1 Apr 2022 09:32:02 -0400 Subject: [PATCH 32/59] feat(cfnspec): cloudformation spec v63.0.0 (#19679) --- packages/@aws-cdk/cfnspec/CHANGELOG.md | 64 +++++ packages/@aws-cdk/cfnspec/cfn.version | 2 +- .../000_cfn/000_official/000_AWS_ACMPCA.json | 2 +- .../000_cfn/000_official/000_AWS_APS.json | 2 +- .../000_official/000_AWS_AccessAnalyzer.json | 2 +- .../000_official/000_AWS_AmazonMQ.json | 2 +- .../000_cfn/000_official/000_AWS_Amplify.json | 2 +- .../000_AWS_AmplifyUIBuilder.json | 2 +- .../000_official/000_AWS_ApiGateway.json | 2 +- .../000_official/000_AWS_ApiGatewayV2.json | 2 +- .../000_official/000_AWS_AppConfig.json | 2 +- .../000_cfn/000_official/000_AWS_AppFlow.json | 2 +- .../000_official/000_AWS_AppIntegrations.json | 2 +- .../000_cfn/000_official/000_AWS_AppMesh.json | 2 +- .../000_official/000_AWS_AppRunner.json | 2 +- .../000_official/000_AWS_AppStream.json | 2 +- .../000_cfn/000_official/000_AWS_AppSync.json | 2 +- .../000_AWS_ApplicationAutoScaling.json | 2 +- .../000_AWS_ApplicationInsights.json | 2 +- .../000_cfn/000_official/000_AWS_Athena.json | 2 +- .../000_official/000_AWS_AuditManager.json | 2 +- .../000_official/000_AWS_AutoScaling.json | 2 +- .../000_AWS_AutoScalingPlans.json | 2 +- .../000_cfn/000_official/000_AWS_Backup.json | 2 +- .../000_cfn/000_official/000_AWS_Batch.json | 2 +- .../000_AWS_BillingConductor.json | 2 +- .../000_cfn/000_official/000_AWS_Budgets.json | 2 +- .../000_cfn/000_official/000_AWS_CE.json | 2 +- .../000_cfn/000_official/000_AWS_CUR.json | 2 +- .../000_official/000_AWS_Cassandra.json | 2 +- .../000_AWS_CertificateManager.json | 2 +- .../000_cfn/000_official/000_AWS_Chatbot.json | 2 +- .../000_cfn/000_official/000_AWS_Cloud9.json | 2 +- .../000_official/000_AWS_CloudFormation.json | 2 +- .../000_official/000_AWS_CloudFront.json | 2 +- .../000_official/000_AWS_CloudTrail.json | 2 +- .../000_official/000_AWS_CloudWatch.json | 2 +- .../000_official/000_AWS_CodeArtifact.json | 2 +- .../000_official/000_AWS_CodeBuild.json | 2 +- .../000_official/000_AWS_CodeCommit.json | 2 +- .../000_official/000_AWS_CodeDeploy.json | 2 +- .../000_AWS_CodeGuruProfiler.json | 2 +- .../000_AWS_CodeGuruReviewer.json | 2 +- .../000_official/000_AWS_CodePipeline.json | 2 +- .../000_official/000_AWS_CodeStar.json | 2 +- .../000_AWS_CodeStarConnections.json | 2 +- .../000_AWS_CodeStarNotifications.json | 2 +- .../000_cfn/000_official/000_AWS_Cognito.json | 2 +- .../000_cfn/000_official/000_AWS_Config.json | 2 +- .../000_cfn/000_official/000_AWS_Connect.json | 2 +- .../000_AWS_CustomerProfiles.json | 2 +- .../000_cfn/000_official/000_AWS_DAX.json | 2 +- .../000_cfn/000_official/000_AWS_DLM.json | 2 +- .../000_cfn/000_official/000_AWS_DMS.json | 255 +++++++++++++++++- .../000_official/000_AWS_DataBrew.json | 2 +- .../000_official/000_AWS_DataPipeline.json | 2 +- .../000_official/000_AWS_DataSync.json | 2 +- .../000_official/000_AWS_Detective.json | 2 +- .../000_official/000_AWS_DevOpsGuru.json | 2 +- .../000_AWS_DirectoryService.json | 2 +- .../000_cfn/000_official/000_AWS_DocDB.json | 2 +- .../000_official/000_AWS_DynamoDB.json | 2 +- .../000_cfn/000_official/000_AWS_EC2.json | 2 +- .../000_cfn/000_official/000_AWS_ECR.json | 2 +- .../000_cfn/000_official/000_AWS_ECS.json | 2 +- .../000_cfn/000_official/000_AWS_EFS.json | 2 +- .../000_cfn/000_official/000_AWS_EKS.json | 15 +- .../000_cfn/000_official/000_AWS_EMR.json | 2 +- .../000_official/000_AWS_EMRContainers.json | 2 +- .../000_official/000_AWS_ElastiCache.json | 2 +- .../000_AWS_ElasticBeanstalk.json | 2 +- .../000_AWS_ElasticLoadBalancing.json | 2 +- .../000_AWS_ElasticLoadBalancingV2.json | 2 +- .../000_official/000_AWS_Elasticsearch.json | 2 +- .../000_official/000_AWS_EventSchemas.json | 2 +- .../000_cfn/000_official/000_AWS_Events.json | 133 ++++++++- .../000_official/000_AWS_Evidently.json | 2 +- .../000_cfn/000_official/000_AWS_FIS.json | 2 +- .../000_cfn/000_official/000_AWS_FMS.json | 2 +- .../000_cfn/000_official/000_AWS_FSx.json | 4 +- .../000_official/000_AWS_FinSpace.json | 2 +- .../000_official/000_AWS_Forecast.json | 2 +- .../000_official/000_AWS_FraudDetector.json | 2 +- .../000_official/000_AWS_GameLift.json | 2 +- .../000_AWS_GlobalAccelerator.json | 2 +- .../000_cfn/000_official/000_AWS_Glue.json | 2 +- .../000_official/000_AWS_Greengrass.json | 2 +- .../000_official/000_AWS_GreengrassV2.json | 2 +- .../000_official/000_AWS_GroundStation.json | 2 +- .../000_official/000_AWS_GuardDuty.json | 2 +- .../000_official/000_AWS_HealthLake.json | 2 +- .../000_cfn/000_official/000_AWS_IAM.json | 2 +- .../000_cfn/000_official/000_AWS_IVS.json | 2 +- .../000_official/000_AWS_ImageBuilder.json | 2 +- .../000_official/000_AWS_Inspector.json | 2 +- .../000_official/000_AWS_InspectorV2.json | 2 +- .../000_cfn/000_official/000_AWS_IoT.json | 2 +- .../000_official/000_AWS_IoT1Click.json | 2 +- .../000_official/000_AWS_IoTAnalytics.json | 2 +- .../000_AWS_IoTCoreDeviceAdvisor.json | 2 +- .../000_official/000_AWS_IoTEvents.json | 2 +- .../000_official/000_AWS_IoTFleetHub.json | 2 +- .../000_official/000_AWS_IoTSiteWise.json | 2 +- .../000_official/000_AWS_IoTThingsGraph.json | 2 +- .../000_official/000_AWS_IoTWireless.json | 2 +- .../000_cfn/000_official/000_AWS_KMS.json | 2 +- .../000_official/000_AWS_KafkaConnect.json | 2 +- .../000_cfn/000_official/000_AWS_Kendra.json | 2 +- .../000_cfn/000_official/000_AWS_Kinesis.json | 2 +- .../000_AWS_KinesisAnalytics.json | 2 +- .../000_AWS_KinesisAnalyticsV2.json | 2 +- .../000_official/000_AWS_KinesisFirehose.json | 2 +- .../000_official/000_AWS_KinesisVideo.json | 2 +- .../000_official/000_AWS_LakeFormation.json | 2 +- .../000_cfn/000_official/000_AWS_Lambda.json | 2 +- .../000_cfn/000_official/000_AWS_Lex.json | 2 +- .../000_official/000_AWS_LicenseManager.json | 2 +- .../000_official/000_AWS_Lightsail.json | 2 +- .../000_official/000_AWS_Location.json | 2 +- .../000_cfn/000_official/000_AWS_Logs.json | 2 +- .../000_AWS_LookoutEquipment.json | 2 +- .../000_official/000_AWS_LookoutMetrics.json | 2 +- .../000_official/000_AWS_LookoutVision.json | 2 +- .../000_cfn/000_official/000_AWS_MSK.json | 2 +- .../000_cfn/000_official/000_AWS_MWAA.json | 2 +- .../000_cfn/000_official/000_AWS_Macie.json | 2 +- .../000_AWS_ManagedBlockchain.json | 2 +- .../000_official/000_AWS_MediaConnect.json | 2 +- .../000_official/000_AWS_MediaConvert.json | 2 +- .../000_official/000_AWS_MediaLive.json | 2 +- .../000_official/000_AWS_MediaPackage.json | 2 +- .../000_official/000_AWS_MediaStore.json | 2 +- .../000_official/000_AWS_MemoryDB.json | 2 +- .../000_cfn/000_official/000_AWS_Neptune.json | 2 +- .../000_official/000_AWS_NetworkFirewall.json | 2 +- .../000_official/000_AWS_NetworkManager.json | 2 +- .../000_official/000_AWS_NimbleStudio.json | 2 +- .../000_AWS_OpenSearchService.json | 2 +- .../000_official/000_AWS_OpsWorks.json | 2 +- .../000_official/000_AWS_OpsWorksCM.json | 2 +- .../000_official/000_AWS_Panorama.json | 2 +- .../000_official/000_AWS_Personalize.json | 2 +- .../000_official/000_AWS_Pinpoint.json | 2 +- .../000_official/000_AWS_PinpointEmail.json | 2 +- .../000_cfn/000_official/000_AWS_QLDB.json | 2 +- .../000_official/000_AWS_QuickSight.json | 2 +- .../000_cfn/000_official/000_AWS_RAM.json | 2 +- .../000_cfn/000_official/000_AWS_RDS.json | 2 +- .../000_cfn/000_official/000_AWS_RUM.json | 2 +- .../000_official/000_AWS_Redshift.json | 2 +- .../000_official/000_AWS_RefactorSpaces.json | 2 +- .../000_official/000_AWS_Rekognition.json | 2 +- .../000_official/000_AWS_ResilienceHub.json | 2 +- .../000_official/000_AWS_ResourceGroups.json | 2 +- .../000_official/000_AWS_RoboMaker.json | 2 +- .../000_cfn/000_official/000_AWS_Route53.json | 2 +- .../000_AWS_Route53RecoveryControl.json | 2 +- .../000_AWS_Route53RecoveryReadiness.json | 2 +- .../000_official/000_AWS_Route53Resolver.json | 2 +- .../000_cfn/000_official/000_AWS_S3.json | 2 +- .../000_official/000_AWS_S3ObjectLambda.json | 2 +- .../000_official/000_AWS_S3Outposts.json | 2 +- .../000_cfn/000_official/000_AWS_SDB.json | 2 +- .../000_cfn/000_official/000_AWS_SES.json | 2 +- .../000_cfn/000_official/000_AWS_SNS.json | 2 +- .../000_cfn/000_official/000_AWS_SQS.json | 2 +- .../000_cfn/000_official/000_AWS_SSM.json | 2 +- .../000_official/000_AWS_SSMContacts.json | 2 +- .../000_official/000_AWS_SSMIncidents.json | 2 +- .../000_cfn/000_official/000_AWS_SSO.json | 2 +- .../000_official/000_AWS_SageMaker.json | 2 +- .../000_official/000_AWS_SecretsManager.json | 2 +- .../000_official/000_AWS_SecurityHub.json | 2 +- .../000_official/000_AWS_ServiceCatalog.json | 2 +- .../000_AWS_ServiceCatalogAppRegistry.json | 2 +- .../000_AWS_ServiceDiscovery.json | 2 +- .../000_cfn/000_official/000_AWS_Signer.json | 2 +- .../000_official/000_AWS_StepFunctions.json | 2 +- .../000_official/000_AWS_Synthetics.json | 2 +- .../000_official/000_AWS_Timestream.json | 2 +- .../000_official/000_AWS_Transfer.json | 2 +- .../000_cfn/000_official/000_AWS_WAF.json | 2 +- .../000_official/000_AWS_WAFRegional.json | 2 +- .../000_cfn/000_official/000_AWS_WAFv2.json | 2 +- .../000_cfn/000_official/000_AWS_Wisdom.json | 2 +- .../000_official/000_AWS_WorkSpaces.json | 2 +- .../000_cfn/000_official/000_AWS_XRay.json | 2 +- .../000_cfn/000_official/000_Alexa_ASK.json | 2 +- .../000_cfn/000_official/000_Tag.json | 2 +- .../000_cfn/000_official/001_Version.json | 2 +- 190 files changed, 650 insertions(+), 191 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/CHANGELOG.md b/packages/@aws-cdk/cfnspec/CHANGELOG.md index 6fd6a19ec06f5..b747e37831ee9 100644 --- a/packages/@aws-cdk/cfnspec/CHANGELOG.md +++ b/packages/@aws-cdk/cfnspec/CHANGELOG.md @@ -1,3 +1,67 @@ +# CloudFormation Resource Specification v63.0.0 + +## New Resource Types + +* AWS::Events::Endpoint + +## Attribute Changes + + +## Property Changes + + +## Property Type Changes + +* AWS::EKS::Cluster.Provider (__added__) +* AWS::DMS::Endpoint.OracleSettings AccessAlternateDirectly (__added__) +* AWS::DMS::Endpoint.OracleSettings AddSupplementalLogging (__added__) +* AWS::DMS::Endpoint.OracleSettings AdditionalArchivedLogDestId (__added__) +* AWS::DMS::Endpoint.OracleSettings AllowSelectNestedTables (__added__) +* AWS::DMS::Endpoint.OracleSettings ArchivedLogDestId (__added__) +* AWS::DMS::Endpoint.OracleSettings ArchivedLogsOnly (__added__) +* AWS::DMS::Endpoint.OracleSettings AsmPassword (__added__) +* AWS::DMS::Endpoint.OracleSettings AsmServer (__added__) +* AWS::DMS::Endpoint.OracleSettings AsmUser (__added__) +* AWS::DMS::Endpoint.OracleSettings CharLengthSemantics (__added__) +* AWS::DMS::Endpoint.OracleSettings DirectPathNoLog (__added__) +* AWS::DMS::Endpoint.OracleSettings DirectPathParallelLoad (__added__) +* AWS::DMS::Endpoint.OracleSettings EnableHomogenousTablespace (__added__) +* AWS::DMS::Endpoint.OracleSettings ExtraArchivedLogDestIds (__added__) +* AWS::DMS::Endpoint.OracleSettings FailTasksOnLobTruncation (__added__) +* AWS::DMS::Endpoint.OracleSettings NumberDatatypeScale (__added__) +* AWS::DMS::Endpoint.OracleSettings OraclePathPrefix (__added__) +* AWS::DMS::Endpoint.OracleSettings ParallelAsmReadThreads (__added__) +* AWS::DMS::Endpoint.OracleSettings ReadAheadBlocks (__added__) +* AWS::DMS::Endpoint.OracleSettings ReadTableSpaceName (__added__) +* AWS::DMS::Endpoint.OracleSettings ReplacePathPrefix (__added__) +* AWS::DMS::Endpoint.OracleSettings RetryInterval (__added__) +* AWS::DMS::Endpoint.OracleSettings SecurityDbEncryption (__added__) +* AWS::DMS::Endpoint.OracleSettings SecurityDbEncryptionName (__added__) +* AWS::DMS::Endpoint.OracleSettings SpatialDataOptionToGeoJsonFunctionName (__added__) +* AWS::DMS::Endpoint.OracleSettings StandbyDelayTime (__added__) +* AWS::DMS::Endpoint.OracleSettings UseAlternateFolderForOnline (__added__) +* AWS::DMS::Endpoint.OracleSettings UseBFile (__added__) +* AWS::DMS::Endpoint.OracleSettings UseDirectPathFullLoad (__added__) +* AWS::DMS::Endpoint.OracleSettings UseLogminerReader (__added__) +* AWS::DMS::Endpoint.OracleSettings UsePathPrefix (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings AfterConnectScript (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings CaptureDdls (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings DdlArtifactsSchema (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings ExecuteTimeout (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings FailTasksOnLobTruncation (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings HeartbeatEnable (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings HeartbeatFrequency (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings HeartbeatSchema (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings MaxFileSize (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings PluginName (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings SlotName (__added__) +* AWS::EKS::Cluster.EncryptionConfig Provider.PrimitiveType (__deleted__) +* AWS::EKS::Cluster.EncryptionConfig Provider.Type (__added__) +* AWS::FSx::FileSystem.OntapConfiguration ThroughputCapacity.UpdateType (__changed__) + * Old: Immutable + * New: Mutable + + # CloudFormation Resource Specification v62.0.0 ## New Resource Types diff --git a/packages/@aws-cdk/cfnspec/cfn.version b/packages/@aws-cdk/cfnspec/cfn.version index 8f7cbd8b05c11..4996915d8b08d 100644 --- a/packages/@aws-cdk/cfnspec/cfn.version +++ b/packages/@aws-cdk/cfnspec/cfn.version @@ -1 +1 @@ -62.0.0 +63.0.0 diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json index 76317d0a1eea5..b033bc7ae6183 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ACMPCA::Certificate.ApiPassthrough": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-apipassthrough.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json index 2b9e7b271d126..345e00a8170ae 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::APS::RuleGroupsNamespace": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json index 6e462f6110cc0..4a2e025992e5c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AccessAnalyzer::Analyzer.ArchiveRule": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-archiverule.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json index 1346343237282..64ffdeeb2af10 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AmazonMQ::Broker.ConfigurationId": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-amazonmq-broker-configurationid.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json index 3f22bd6fb2197..a3caf1c4afa24 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Amplify::App.AutoBranchCreationConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-amplify-app-autobranchcreationconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json index 66fa567ac8f81..085ee4d064cdb 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AmplifyUIBuilder::Component.ActionParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-amplifyuibuilder-component-actionparameters.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json index 9b91495c0562b..0962d73bcc4f4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ApiGateway::ApiKey.StageKey": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-apikey-stagekey.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json index ce52ae104e29f..03680b804b33d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ApiGatewayV2::Api.BodyS3Location": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json index 361a9d7d3c818..0848c0a8cd190 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AppConfig::Application.Tags": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appconfig-application-tags.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json index 6f240908c69f8..f616702f3dc44 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AppFlow::ConnectorProfile.AmplitudeConnectorProfileCredentials": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appflow-connectorprofile-amplitudeconnectorprofilecredentials.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json index 03e94bc384fac..c6bac0940c593 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AppIntegrations::DataIntegration.ScheduleConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appintegrations-dataintegration-scheduleconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json index 4d10869895be8..d43ea6e409a90 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AppMesh::GatewayRoute.GatewayRouteHostnameMatch": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-gatewayroute-gatewayroutehostnamematch.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json index cb4b9b032c6a5..2f1d30240179b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AppRunner::Service.AuthenticationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apprunner-service-authenticationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json index abf8603f1c8a2..886285a698840 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AppStream::AppBlock.S3Location": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appstream-appblock-s3location.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json index 0d48328fafbcc..b38c0e11bd5d0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AppSync::DataSource.AuthorizationConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-authorizationconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json index 6b783d17ad9d6..b6fccca5e211d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ApplicationAutoScaling::ScalableTarget.ScalableTargetAction": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalabletarget-scalabletargetaction.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json index 79405cf27def4..a0ed3e7418a38 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ApplicationInsights::Application.Alarm": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationinsights-application-alarm.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json index ad20cc5b38181..54a739440eeaf 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Athena::WorkGroup.EncryptionConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-encryptionconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json index 1cd0aaa2b4cba..09adfc3c0473d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AuditManager::Assessment.AWSAccount": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-auditmanager-assessment-awsaccount.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json index 7444f1351643d..a5629d1accfed 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AutoScaling::AutoScalingGroup.AcceleratorCountRequest": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-acceleratorcountrequest.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json index 370e90b31650d..2113a1a253f68 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::AutoScalingPlans::ScalingPlan.ApplicationSource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscalingplans-scalingplan-applicationsource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json index 293257d7bbc6a..1a3c5cee08c69 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Backup::BackupPlan.AdvancedBackupSettingResourceType": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-backup-backupplan-advancedbackupsettingresourcetype.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json index 24078d5eacedc..19c02020dfdf3 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Batch::ComputeEnvironment.ComputeResources": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-computeenvironment-computeresources.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json index 80a756f6d9a2c..22a1229f7eb8c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::BillingConductor::BillingGroup.AccountGrouping": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-billingconductor-billinggroup-accountgrouping.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json index f34a65e4c0867..57935026a5a7e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Budgets::Budget.BudgetData": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-budgets-budget-budgetdata.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json index 6580dd1621100..d9d758a25a11e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CE::AnomalySubscription.Subscriber": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ce-anomalysubscription-subscriber.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json index 8a351a0396b83..6abcca3fffaf0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CUR::ReportDefinition": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json index 28fd524f70e6c..060778c079167 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Cassandra::Table.BillingMode": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cassandra-table-billingmode.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json index c1a95b5fefbd1..580a19dafcc72 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CertificateManager::Account.ExpiryEventsConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-account-expiryeventsconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json index 794d021976812..cb050366b77ba 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Chatbot::SlackChannelConfiguration": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json index 5c24f8d93de7a..f2542d84f5997 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Cloud9::EnvironmentEC2.Repository": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloud9-environmentec2-repository.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json index edcd2c7e5dbdc..3a263b19ca4c9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CloudFormation::HookVersion.LoggingConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-hookversion-loggingconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json index 25fb68fcaa39f..e5dbe282db52a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CloudFront::CachePolicy.CachePolicyConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json index 0b4a350d5338d..290fa810dba1e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CloudTrail::Trail.DataResource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudtrail-trail-dataresource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json index 2701350772f79..77fe5a7862b53 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CloudWatch::Alarm.Dimension": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-dimension.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json index 3579558192d45..a4ea7e6eb337d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CodeArtifact::Domain": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json index 399e9f1cf84e7..556961ac79d6f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CodeBuild::Project.Artifacts": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-artifacts.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json index 06599a720ed62..8260e1947a89b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CodeCommit::Repository.Code": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codecommit-repository-code.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json index ccd78fd04514d..76d77ff7ab364 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHosts": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentconfig-minimumhealthyhosts.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json index 47a53e3d951a5..5e171d55ae49e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CodeGuruProfiler::ProfilingGroup.Channel": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codeguruprofiler-profilinggroup-channel.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json index 1eb469e8d43b6..338d30d5a3e03 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CodeGuruReviewer::RepositoryAssociation": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json index 34854e1f5929c..b417227ce6cbf 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CodePipeline::CustomActionType.ArtifactDetails": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-customactiontype-artifactdetails.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json index ff55293cd2f65..48ba7f64eb956 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CodeStar::GitHubRepository.Code": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codestar-githubrepository-code.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json index 1cb961d7c1c2c..dfcf29f736b11 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CodeStarConnections::Connection": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json index c9986ae3f028a..80e10035b9dab 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CodeStarNotifications::NotificationRule.Target": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codestarnotifications-notificationrule-target.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json index 27efac0ea696c..62334d481c916 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Cognito::IdentityPool.CognitoIdentityProvider": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json index 3c6a54684a0b9..52c9f9df4421d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Config::ConfigRule.Scope": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json index 1e9d3c2ddd409..be0595e15612c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Connect::HoursOfOperation.HoursOfOperationConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-connect-hoursofoperation-hoursofoperationconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json index 0f2b10fd0389a..8fc5346ffe95d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::CustomerProfiles::Integration.ConnectorOperator": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-customerprofiles-integration-connectoroperator.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json index 235e5572d7403..20fe6cb4a5550 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DAX::Cluster.SSESpecification": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json index b4b642e1d4f9a..be0b30b14966b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DLM::LifecyclePolicy.Action": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dlm-lifecyclepolicy-action.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json index 357934de20f64..298afcbdcf139 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DMS::Endpoint.DocDbSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html", @@ -479,6 +479,139 @@ "AWS::DMS::Endpoint.OracleSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html", "Properties": { + "AccessAlternateDirectly": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-accessalternatedirectly", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "AddSupplementalLogging": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-addsupplementallogging", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "AdditionalArchivedLogDestId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-additionalarchivedlogdestid", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "AllowSelectNestedTables": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-allowselectnestedtables", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "ArchivedLogDestId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-archivedlogdestid", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "ArchivedLogsOnly": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-archivedlogsonly", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "AsmPassword": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-asmpassword", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "AsmServer": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-asmserver", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "AsmUser": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-asmuser", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "CharLengthSemantics": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-charlengthsemantics", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "DirectPathNoLog": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-directpathnolog", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "DirectPathParallelLoad": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-directpathparallelload", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "EnableHomogenousTablespace": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-enablehomogenoustablespace", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "ExtraArchivedLogDestIds": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-extraarchivedlogdestids", + "PrimitiveItemType": "Integer", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + }, + "FailTasksOnLobTruncation": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-failtasksonlobtruncation", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "NumberDatatypeScale": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-numberdatatypescale", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "OraclePathPrefix": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-oraclepathprefix", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "ParallelAsmReadThreads": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-parallelasmreadthreads", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "ReadAheadBlocks": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-readaheadblocks", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "ReadTableSpaceName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-readtablespacename", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "ReplacePathPrefix": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-replacepathprefix", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "RetryInterval": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-retryinterval", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, "SecretsManagerAccessRoleArn": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-secretsmanageraccessrolearn", "PrimitiveType": "String", @@ -502,12 +635,126 @@ "PrimitiveType": "String", "Required": false, "UpdateType": "Mutable" + }, + "SecurityDbEncryption": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-securitydbencryption", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "SecurityDbEncryptionName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-securitydbencryptionname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "SpatialDataOptionToGeoJsonFunctionName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-spatialdataoptiontogeojsonfunctionname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "StandbyDelayTime": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-standbydelaytime", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "UseAlternateFolderForOnline": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usealternatefolderforonline", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UseBFile": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usebfile", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UseDirectPathFullLoad": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usedirectpathfullload", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UseLogminerReader": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-uselogminerreader", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UsePathPrefix": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usepathprefix", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" } } }, "AWS::DMS::Endpoint.PostgreSqlSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html", "Properties": { + "AfterConnectScript": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-afterconnectscript", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "CaptureDdls": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-captureddls", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "DdlArtifactsSchema": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-ddlartifactsschema", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "ExecuteTimeout": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-executetimeout", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "FailTasksOnLobTruncation": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-failtasksonlobtruncation", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "HeartbeatEnable": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-heartbeatenable", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "HeartbeatFrequency": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-heartbeatfrequency", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "HeartbeatSchema": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-heartbeatschema", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "MaxFileSize": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-maxfilesize", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "PluginName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-pluginname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, "SecretsManagerAccessRoleArn": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-secretsmanageraccessrolearn", "PrimitiveType": "String", @@ -519,6 +766,12 @@ "PrimitiveType": "String", "Required": false, "UpdateType": "Mutable" + }, + "SlotName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-slotname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" } } }, diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json index 9e211746a1002..1c021687aca13 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DataBrew::Dataset.CsvOptions": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-databrew-dataset-csvoptions.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json index 08c0b91c1a9b5..19c4f56205b74 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DataPipeline::Pipeline.Field": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-datapipeline-pipeline-pipelineobjects-fields.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json index 6814c2f59d551..3f386f46b470f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DataSync::LocationEFS.Ec2Config": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-datasync-locationefs-ec2config.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json index aadbfcb5da29e..56faa21c1f5ff 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Detective::Graph": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json index 3ff862dcd90e1..b04e08d8b5059 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DevOpsGuru::NotificationChannel.NotificationChannelConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-devopsguru-notificationchannel-notificationchannelconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json index 8176716fdfebc..c2309f8f4123f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DirectoryService::MicrosoftAD.VpcSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-directoryservice-microsoftad-vpcsettings.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json index 1859ee015f0a9..abc912f5069d8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::DocDB::DBCluster": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json index 8310e71d5bcd4..c882966d612f2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::DynamoDB::GlobalTable.AttributeDefinition": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-attributedefinition.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json index add912221c1d1..19a3690b1dd86 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::EC2::CapacityReservation.TagSpecification": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-capacityreservation-tagspecification.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json index b4dbc946f2272..d114ab2f2e0c9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ECR::ReplicationConfiguration.ReplicationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json index 16b5685a9268a..a81c9475fea5e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ECS::CapacityProvider.AutoScalingGroupProvider": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-autoscalinggroupprovider.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json index 5743efb5a34eb..6bc4e1afe0bb9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::EFS::AccessPoint.AccessPointTag": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-accesspointtag.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json index feb909598c490..dbc2097adfc33 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::EKS::Cluster.ClusterLogging": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-clusterlogging.html", @@ -18,8 +18,8 @@ "Properties": { "Provider": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider", - "PrimitiveType": "Json", "Required": false, + "Type": "Provider", "UpdateType": "Immutable" }, "Resources": { @@ -76,6 +76,17 @@ } } }, + "AWS::EKS::Cluster.Provider": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html", + "Properties": { + "KeyArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + } + } + }, "AWS::EKS::Cluster.ResourcesVpcConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html", "Properties": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json index 7ba86fe7a46b9..42cff4d5e283b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::EMR::Cluster.Application": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticmapreduce-cluster-application.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json index 7d233bd95ccd6..77c008b27de65 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::EMRContainers::VirtualCluster.ContainerInfo": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-emrcontainers-virtualcluster-containerinfo.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json index 007147c8d8854..7929087d41af9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ElastiCache::CacheCluster.CloudWatchLogsDestinationDetails": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cachecluster-cloudwatchlogsdestinationdetails.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json index ae516f1ac53db..079e26a29c9a4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ElasticBeanstalk::Application.ApplicationResourceLifecycleConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticbeanstalk-application-applicationresourcelifecycleconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json index bb6cc2dce74a5..810a4710cd6e7 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ElasticLoadBalancing::LoadBalancer.AccessLoggingPolicy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-accessloggingpolicy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json index 6e5f45f6304b4..78b47b93a29b1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ElasticLoadBalancingV2::Listener.Action": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json index c60d403cdec7f..429e5004fdc1f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Elasticsearch::Domain.AdvancedSecurityOptionsInput": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-advancedsecurityoptionsinput.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json index 4c209deab4b5f..c87162e72349c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::EventSchemas::Discoverer.TagsEntry": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eventschemas-discoverer-tagsentry.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json index d9bf0d2663bef..f51270d548153 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Events::Connection.ApiKeyAuthParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-connection-apikeyauthparameters.html", @@ -159,6 +159,78 @@ } } }, + "AWS::Events::Endpoint.EndpointEventBus": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-endpointeventbus.html", + "Properties": { + "EventBusArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-endpointeventbus.html#cfn-events-endpoint-endpointeventbus-eventbusarn", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + } + } + }, + "AWS::Events::Endpoint.FailoverConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-failoverconfig.html", + "Properties": { + "Primary": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-failoverconfig.html#cfn-events-endpoint-failoverconfig-primary", + "Required": true, + "Type": "Primary", + "UpdateType": "Mutable" + }, + "Secondary": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-failoverconfig.html#cfn-events-endpoint-failoverconfig-secondary", + "Required": true, + "Type": "Secondary", + "UpdateType": "Mutable" + } + } + }, + "AWS::Events::Endpoint.Primary": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-primary.html", + "Properties": { + "HealthCheck": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-primary.html#cfn-events-endpoint-primary-healthcheck", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + } + } + }, + "AWS::Events::Endpoint.ReplicationConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-replicationconfig.html", + "Properties": { + "State": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-replicationconfig.html#cfn-events-endpoint-replicationconfig-state", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + } + } + }, + "AWS::Events::Endpoint.RoutingConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-routingconfig.html", + "Properties": { + "FailoverConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-routingconfig.html#cfn-events-endpoint-routingconfig-failoverconfig", + "Required": true, + "Type": "FailoverConfig", + "UpdateType": "Mutable" + } + } + }, + "AWS::Events::Endpoint.Secondary": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-secondary.html", + "Properties": { + "Route": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-endpoint-secondary.html#cfn-events-endpoint-secondary-route", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + } + } + }, "AWS::Events::EventBus.TagEntry": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-eventbus-tagentry.html", "Properties": { @@ -889,6 +961,65 @@ } } }, + "AWS::Events::Endpoint": { + "Attributes": { + "Arn": { + "PrimitiveType": "String" + }, + "EndpointId": { + "PrimitiveType": "String" + }, + "EndpointUrl": { + "PrimitiveType": "String" + }, + "State": { + "PrimitiveType": "String" + }, + "StateReason": { + "PrimitiveType": "String" + } + }, + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html", + "Properties": { + "Description": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html#cfn-events-endpoint-description", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "EventBuses": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html#cfn-events-endpoint-eventbuses", + "ItemType": "EndpointEventBus", + "Required": true, + "Type": "List", + "UpdateType": "Mutable" + }, + "Name": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html#cfn-events-endpoint-name", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "ReplicationConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html#cfn-events-endpoint-replicationconfig", + "Required": false, + "Type": "ReplicationConfig", + "UpdateType": "Mutable" + }, + "RoleArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html#cfn-events-endpoint-rolearn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "RoutingConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html#cfn-events-endpoint-routingconfig", + "Required": true, + "Type": "RoutingConfig", + "UpdateType": "Mutable" + } + } + }, "AWS::Events::EventBus": { "Attributes": { "Arn": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json index 93da0b6ed6a2a..c2fdca3ab9cb9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Evidently::Experiment.MetricGoalObject": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-evidently-experiment-metricgoalobject.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json index 6aeb599eefd2f..bf9ce1ae522fa 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::FIS::ExperimentTemplate.ExperimentTemplateAction": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fis-experimenttemplate-experimenttemplateaction.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json index 46aa360260463..3114630804a11 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::FMS::Policy.IEMap": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json index 74c31ec547be8..bde338ca7a8e4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::FSx::FileSystem.AuditLogConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-windowsconfiguration-auditlogconfiguration.html", @@ -204,7 +204,7 @@ "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-ontapconfiguration.html#cfn-fsx-filesystem-ontapconfiguration-throughputcapacity", "PrimitiveType": "Integer", "Required": false, - "UpdateType": "Immutable" + "UpdateType": "Mutable" }, "WeeklyMaintenanceStartTime": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-ontapconfiguration.html#cfn-fsx-filesystem-ontapconfiguration-weeklymaintenancestarttime", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json index a77e993af024a..a2f269fd8fce0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::FinSpace::Environment.FederationParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-finspace-environment-federationparameters.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json index 88b70dfde00bc..31407eaf099ba 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Forecast::Dataset": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json index 9771bb30f675c..6f4d2104133d2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::FraudDetector::Detector.EntityType": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-frauddetector-detector-entitytype.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json index 3a2796ee65ff6..504ff43141e69 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::GameLift::Alias.RoutingStrategy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-gamelift-alias-routingstrategy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json index b40343a251538..1fb823c95b44d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::GlobalAccelerator::EndpointGroup.EndpointConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-endpointgroup-endpointconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json index cedab3e5a2544..103dea2806424 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Glue::Classifier.CsvClassifier": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-classifier-csvclassifier.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json index 2029c87073c9f..303af9b2c092f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Greengrass::ConnectorDefinition.Connector": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connector.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json index fbe11510b5b49..313fffb330f30 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::GreengrassV2::ComponentVersion.ComponentDependencyRequirement": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrassv2-componentversion-componentdependencyrequirement.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json index 70f7db435f582..b4c0926ac8d28 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::GroundStation::Config.AntennaDownlinkConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-groundstation-config-antennadownlinkconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json index 61ef6e697381f..d74c32954160a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::GuardDuty::Detector.CFNDataSourceConfigurations": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json index 48894bc8e9b9f..c072c6f19428c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::HealthLake::FHIRDatastore.KmsEncryptionConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-kmsencryptionconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json index 31d55f180aa2b..354c362069643 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IAM::Group.Policy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json index db96adf0a36da..0e0404faad6cd 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IVS::RecordingConfiguration.DestinationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-destinationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json index 0fa14609abab2..bccb786b6df38 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ImageBuilder::ContainerRecipe.ComponentConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-containerrecipe-componentconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json index 342159403846e..526c74df8789a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Inspector::AssessmentTarget": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json index e2c7c28637957..6a3b91d0479e1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::InspectorV2::Filter.DateFilter": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-inspectorv2-filter-datefilter.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json index 1b55d59949fa5..f93d27fbed810 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IoT::AccountAuditConfiguration.AuditCheckConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json index 0b45647d8018c..4c1f5388369e8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IoT1Click::Project.DeviceTemplate": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot1click-project-devicetemplate.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json index 32ef1ef900e3d..3341cd450c829 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IoTAnalytics::Channel.ChannelStorage": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotanalytics-channel-channelstorage.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json index 1b16fabbc6771..6fc630923689e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::IoTCoreDeviceAdvisor::SuiteDefinition": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json index f5c8a01e395e5..a21d0122e65d7 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IoTEvents::AlarmModel.AcknowledgeFlow": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotevents-alarmmodel-acknowledgeflow.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json index d8eb0c0f67d43..43a2f1661cd3a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::IoTFleetHub::Application": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json index 89fb4b81f7b87..7917bba0188ce 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IoTSiteWise::AccessPolicy.AccessPolicyIdentity": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-accesspolicy-accesspolicyidentity.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json index bb44f337a5d65..4e265da545b49 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IoTThingsGraph::FlowTemplate.DefinitionDocument": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotthingsgraph-flowtemplate-definitiondocument.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json index 3a1bc624604a4..92180804b90e1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::IoTWireless::DeviceProfile.LoRaWANDeviceProfile": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotwireless-deviceprofile-lorawandeviceprofile.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json index 9a8c5dc81c899..eb47b0525e215 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::KMS::Alias": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json index 4bd53485ff89c..bdcf318e037bb 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::KafkaConnect::Connector.ApacheKafkaCluster": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kafkaconnect-connector-apachekafkacluster.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json index 844f658a4d28d..7c678c0d37222 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Kendra::DataSource.AccessControlListConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kendra-datasource-accesscontrollistconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json index 506527f7e582f..7da4b0e7bea92 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Kinesis::Stream.StreamEncryption": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesis-stream-streamencryption.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json index 274721e096413..5fbe33a6c048d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::KinesisAnalytics::Application.CSVMappingParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisanalytics-application-csvmappingparameters.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json index 0f953718f8b0b..3e03c8937df85 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::KinesisAnalyticsV2::Application.ApplicationCodeConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisanalyticsv2-application-applicationcodeconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json index e834216437405..1f44ffbf8162f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::KinesisFirehose::DeliveryStream.AmazonopensearchserviceBufferingHints": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-amazonopensearchservicebufferinghints.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json index b033fa1c1dce9..4a01a19f8eb75 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::KinesisVideo::SignalingChannel": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json index 97be64ac2ae10..40ef79a1ec3d0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::LakeFormation::DataLakeSettings.Admins": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-datalakesettings-admins.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json index 8410ee175283e..3d60299491470 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Lambda::Alias.AliasRoutingConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-aliasroutingconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json index 5b84bddd31d68..664a5f51321d8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Lex::Bot.AdvancedRecognitionSetting": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lex-bot-advancedrecognitionsetting.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json index c5f86612ba7e2..a1ebf4db44f2a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::LicenseManager::License.BorrowConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-licensemanager-license-borrowconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json index b6e74e0dd10a2..086864a1dbe4f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Lightsail::Bucket.AccessRules": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lightsail-bucket-accessrules.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json index 56282c7b8294d..3584abb3172a2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Location::Map.MapConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-location-map-mapconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json index 614b08cff3161..d492b6ea7bc13 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Logs::MetricFilter.MetricTransformation": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json index 77cbcd73bea73..f1fd159c0be37 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::LookoutEquipment::InferenceScheduler": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json index 6b2d6aa000bd2..fea526a260b61 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::LookoutMetrics::Alert.Action": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lookoutmetrics-alert-action.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json index d654b1a1da791..c6239947a243b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::LookoutVision::Project": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json index 26816e3dc00d4..e752678307182 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MSK::Cluster.BrokerLogs": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-brokerlogs.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json index 6ad262d484bb8..ec0cf8b9eedf4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MWAA::Environment.LoggingConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mwaa-environment-loggingconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json index 7aeab3d3ab71a..c302ffdf0f991 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Macie::FindingsFilter.Criterion": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-macie-findingsfilter-criterion.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json index 214c7ce42f797..36bbecfb18aba 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ManagedBlockchain::Member.ApprovalThresholdPolicy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-managedblockchain-member-approvalthresholdpolicy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json index 87e04105a1976..8fb07f58b6cbc 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MediaConnect::Flow.Encryption": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flow-encryption.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json index e62127363e018..c992a2fed6a85 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MediaConvert::JobTemplate.AccelerationSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconvert-jobtemplate-accelerationsettings.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json index 432661c85d1e2..6251324e4c202 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MediaLive::Channel.AacSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-medialive-channel-aacsettings.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json index 0b7f7dffdca0a..8972d36294f2c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MediaPackage::Asset.EgressEndpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackage-asset-egressendpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json index 359c46a49c958..ed4a94cae2725 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MediaStore::Container.CorsRule": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediastore-container-corsrule.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json index 16e2ffd19738d..13b95fb51a74d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::MemoryDB::Cluster.Endpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-memorydb-cluster-endpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json index 510739261020b..7c6a1d0520a58 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Neptune::DBCluster.DBClusterRole": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-neptune-dbcluster-dbclusterrole.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json index 6104afc7f7f5b..f24c88ad6e2e8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::NetworkFirewall::Firewall.SubnetMapping": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-subnetmapping.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json index 01fd7e475bca6..cd3dbd142e6b5 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::NetworkManager::Device.Location": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkmanager-device-location.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json index c11221c00052d..c6e8bcc66a01a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::NimbleStudio::LaunchProfile.StreamConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-nimblestudio-launchprofile-streamconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json index 9b12f921347de..a04f0464ae6e1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::OpenSearchService::Domain.AdvancedSecurityOptionsInput": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json index d78c3537817ba..c172679b67252 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::OpsWorks::App.DataSource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworks-app-datasource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json index 86f16e562ee40..5bfd159e99cf4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::OpsWorksCM::Server.EngineAttribute": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworkscm-server-engineattribute.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json index 996210de5e2a8..b17d636387579 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Panorama::ApplicationInstance.ManifestOverridesPayload": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-panorama-applicationinstance-manifestoverridespayload.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json index 7338d9e5c2624..fd7699d1c49fe 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Personalize::Dataset.DatasetImportJob": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-personalize-dataset-datasetimportjob.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json index 745a5a954231c..2ff8175ae159c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Pinpoint::ApplicationSettings.CampaignHook": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pinpoint-applicationsettings-campaignhook.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json index cc8ec549f6c9d..11537b9ef643c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::PinpointEmail::ConfigurationSet.DeliveryOptions": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pinpointemail-configurationset-deliveryoptions.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json index c79dcca718bda..f055e8550286b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::QLDB::Stream.KinesisConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-qldb-stream-kinesisconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json index 27fbc41d6b7c1..5ff8bd9db3b61 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::QuickSight::Analysis.AnalysisError": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-quicksight-analysis-analysiserror.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json index a29931bfe0ea7..ad098ca364943 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::RAM::ResourceShare": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json index 8c736b53103db..3e5565aa69860 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::RDS::DBCluster.DBClusterRole": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-dbclusterrole.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json index 5bc6f30391434..16c86ef08f9f3 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::RUM::AppMonitor.AppMonitorConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rum-appmonitor-appmonitorconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json index 3629c5115177b..08491323f4be4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Redshift::Cluster.Endpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-redshift-cluster-endpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json index 244630b2a83fe..01d28a1638f77 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::RefactorSpaces::Application.ApiGatewayProxyInput": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-refactorspaces-application-apigatewayproxyinput.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json index 05a2634638b49..1d2268c7072ad 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Rekognition::Collection": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json index 6d89c6372e982..a8a47d0390652 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ResilienceHub::App.PhysicalResourceId": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resiliencehub-app-physicalresourceid.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json index dce994bb4dbb9..40f0b1d29c7e9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ResourceGroups::Group.ConfigurationItem": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resourcegroups-group-configurationitem.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json index e9030414622d4..9bd3b351c6e0a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::RoboMaker::RobotApplication.RobotSoftwareSuite": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-robomaker-robotapplication-robotsoftwaresuite.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json index cab6632eb5ebe..bba4894b5b5a7 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Route53::HealthCheck.HealthCheckTag": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-healthcheck-healthchecktag.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json index 7fa168c98f3d6..b1b6dc8f19b3d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Route53RecoveryControl::Cluster.ClusterEndpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53recoverycontrol-cluster-clusterendpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json index cff04ffe1db8e..f4db3f1155c53 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Route53RecoveryReadiness::ResourceSet.DNSTargetResource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53recoveryreadiness-resourceset-dnstargetresource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json index 167e2d7f6a071..7fc0859d7b610 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Route53Resolver::FirewallRuleGroup.FirewallRule": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json index 41ba5c107ed6b..9c6216514c986 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::S3::AccessPoint.PublicAccessBlockConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json index 5a159d6c3017d..598a53984ff44 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::S3ObjectLambda::AccessPoint.ObjectLambdaConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3objectlambda-accesspoint-objectlambdaconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json index 606d9937a6fe8..b5b81fd7b844a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::S3Outposts::AccessPoint.VpcConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3outposts-accesspoint-vpcconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json index fcca6d6b5c862..f736c01eba889 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::SDB::Domain": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json index 65b1f9060108b..11485a3c40645 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SES::ConfigurationSetEventDestination.CloudWatchDestination": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-configurationseteventdestination-cloudwatchdestination.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json index f1be4f95b6d34..346294b79b0b2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SNS::Topic.Subscription": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-subscription.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json index ad4aa5617c916..37bfe22adf62b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::SQS::Queue": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json index 52e3472b8283b..c6bcb086e45c9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SSM::Association.InstanceAssociationOutputLocation": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-association-instanceassociationoutputlocation.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json index 85b57e417440b..0e0e62fb99d58 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SSMContacts::Contact.ChannelTargetInfo": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssmcontacts-contact-channeltargetinfo.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json index ab44592fea2bf..505d09e85fc06 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SSMIncidents::ReplicationSet.RegionConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssmincidents-replicationset-regionconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json index 1d1440ab395a8..6837aad28c38e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SSO::InstanceAccessControlAttributeConfiguration.AccessControlAttribute": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json index 56ea6f7cfb860..331cd9acb2863 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SageMaker::App.ResourceSpec": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-app-resourcespec.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json index f244c0790c684..3acb7de28a8ab 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::SecretsManager::RotationSchedule.HostedRotationLambda": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-rotationschedule-hostedrotationlambda.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json index 0c2b4c4e27e19..c5d08691cb55d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::SecurityHub::Hub": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json index d8cfd9227d7c6..87b22c85c9b20 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ServiceCatalog::CloudFormationProduct.ProvisioningArtifactProperties": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-servicecatalog-cloudformationproduct-provisioningartifactproperties.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json index 27a603fcf7cb9..a4b35183b7de0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::ServiceCatalogAppRegistry::Application": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json index 6533cfd0ed89f..25810a304d5d2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::ServiceDiscovery::PrivateDnsNamespace.PrivateDnsPropertiesMutable": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-servicediscovery-privatednsnamespace-privatednspropertiesmutable.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json index ac65819177be2..15817ea33defb 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Signer::SigningProfile.SignatureValidityPeriod": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-signer-signingprofile-signaturevalidityperiod.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json index f837189a4079a..8b4cfa88e044b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::StepFunctions::Activity.TagsEntry": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stepfunctions-activity-tagsentry.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json index 8d2f18abd9309..fd02447e5fcaf 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Synthetics::Canary.ArtifactConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-artifactconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json index cb18ef5d2fa0d..37849fc955a30 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Timestream::ScheduledQuery.DimensionMapping": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-timestream-scheduledquery-dimensionmapping.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json index 2570ee33a06ce..dc59a76ec3e7d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Transfer::Server.EndpointDetails": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json index aef9d7abb75ec..3bd386347ef8b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::WAF::ByteMatchSet.ByteMatchTuple": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-bytematchset-bytematchtuples.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json index d6d436cdb9274..a6031abce2eaa 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::WAFRegional::ByteMatchSet.ByteMatchTuple": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-bytematchset-bytematchtuple.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json index cd2524b6eed39..29b6f9963fd31 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::WAFv2::LoggingConfiguration.FieldToMatch": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json index b100b5ba69b48..9ed69407430c7 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::Wisdom::Assistant.ServerSideEncryptionConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wisdom-assistant-serversideencryptionconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json index d1d1b380fd109..3bc6ca3937803 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::WorkSpaces::ConnectionAlias.ConnectionAliasAssociation": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-connectionalias-connectionaliasassociation.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json index cc356a17882c1..35b013ec61299 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "AWS::XRay::Group.InsightsConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-xray-group-insightsconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json index c3f50a0424edd..49a1ec4aa4f8d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "Alexa::ASK::Skill.AuthenticationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ask-skill-authenticationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json index 2218ba7d03d34..3486a9e1ca841 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "63.0.0", "PropertyTypes": { "Tag": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json index 0b72c26e9f22e..2cccd3695c2e4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json @@ -1,3 +1,3 @@ { - "ResourceSpecificationVersion": "62.0.0" + "ResourceSpecificationVersion": "63.0.0" } From d8e602b6c1b4cb8ca7038f4b21a7a7092ea8466d Mon Sep 17 00:00:00 2001 From: Yerzhan Mazhkenov <20302932+yerzhan7@users.noreply.github.com> Date: Fri, 1 Apr 2022 15:14:45 +0100 Subject: [PATCH 33/59] feat(s3): EventBridge bucket notifications (#18614) ## Duplicate of https://github.com/aws/aws-cdk/pull/18150 ## ~~Blocked on Lambda runtime SDK update to Botocore >= v1.23.16 (Integration test currently fails as current version (v1.21.55) does not contain EventBridge configuration)~~ ## ~~Check latest version here: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html~~ ### **Description** Adds EventBridge bucket notification configuration. See https://aws.amazon.com/blogs/aws/new-use-amazon-s3-event-notifications-with-amazon-eventbridge/ ### **Implementation** - Added new Bucket property to enable this feature (`eventBridgeEnabled: true`) - Added EventBridge config to `S3BucketNotifications` Custom Resource - Added unit tests - Added integration test (currently fails, see below for more info) - Fixed dependent integration tests Closes #18076 ### **FAQ** 1. **Why not simply expose EventBridge Cfn property via S3 BucketProps?** Currently CDK manages `NotificationConfigurations `via CustomResource. If we were to expose that way, then e.g. SNS configuration would override EventBridge config. 2. **Why not create new `IBucketNotificationDestination` class for EventBridge?** We can, but there is no need. Usually we create a subclass to `IBucketNotificationDestination` in order to adjust resource permissions, however in this case there is no need to adjust permissions: [default EventBridge does not require any additional permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ev-permissions.html) unlike SQS/SNS/Lambda destinations. Additionally, enabling this feature via bucket props is much cleaner/simpler API than creating new dummy object of type `IBucketNotificationDestination` for customers. However, if you still think that we need to create new `IBucketNotificationDestination` subclass for EventBridge for consistency, let me know and I will refactor. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/integ.s3.expected.json | 4 +- .../test/integ.notifications.expected.json | 4 +- .../integ.bucket-notifications.expected.json | 6 +- .../test/lambda/integ.bucket-notifications.ts | 2 +- ...teg.sns-bucket-notifications.expected.json | 4 +- .../integ.bucket-notifications.expected.json | 4 +- packages/@aws-cdk/aws-s3/README.md | 15 ++ packages/@aws-cdk/aws-s3/lib/bucket.ts | 17 ++ .../notifications-resource/lambda/index.py | 103 ++++----- .../notifications-resource-handler.ts | 10 +- .../notifications-resource.ts | 10 + .../integ.bucket.notifications.expected.json | 101 +++++++++ .../aws-s3/test/integ.bucket.notifications.ts | 14 ++ .../@aws-cdk/aws-s3/test/notification.test.ts | 18 ++ .../test_index.py | 203 ++++++++++++++++++ 15 files changed, 452 insertions(+), 63 deletions(-) create mode 100644 packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.expected.json create mode 100644 packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.ts diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json index ff71167d19f9e..ab49b4587c182 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json @@ -177,7 +177,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -195,4 +195,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json index 472b3b55a72b7..ffab9e0aacf65 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json @@ -245,7 +245,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -344,4 +344,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json index 731effea95a53..8cc9c00a4fe29 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json @@ -114,7 +114,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyFunctionServiceRole3C357FF2" @@ -237,7 +237,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -255,4 +255,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts index c237b24e896e3..1493e29176362 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts +++ b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts @@ -12,7 +12,7 @@ const bucketA = new s3.Bucket(stack, 'MyBucket', { }); const fn = new lambda.Function(stack, 'MyFunction', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), }); diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json index 47f2a8ea6e0ce..fce3f59e27d78 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json @@ -195,7 +195,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -213,4 +213,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json index de109b272d9bb..1421e22410918 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json @@ -184,7 +184,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -376,4 +376,4 @@ } } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3/README.md b/packages/@aws-cdk/aws-s3/README.md index 47138a3d30ec6..26a62df2d9f41 100644 --- a/packages/@aws-cdk/aws-s3/README.md +++ b/packages/@aws-cdk/aws-s3/README.md @@ -279,6 +279,21 @@ const importedRole = iam.Role.fromRoleArn(this, 'role', 'arn:aws:iam::1234567890 [S3 Bucket Notifications]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html +### EventBridge notifications + +Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket. +Unlike other destinations, you don't need to select which event types you want to deliver. + +The following example will enable EventBridge notifications: + +```ts +const bucket = new s3.Bucket(this, 'MyEventBridgeBucket', { + eventBridgeEnabled: true, +}); +``` + +[S3 EventBridge notifications]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventBridge.html + ## Block Public Access Use `blockPublicAccess` to specify [block public access settings] on the bucket. diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index 321f65603c14c..4b299a1749f70 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -878,6 +878,10 @@ export abstract class BucketBase extends Resource implements IBucket { return this.addEventNotification(EventType.OBJECT_REMOVED, dest, ...filters); } + protected enableEventBridgeNotification() { + this.withNotifications(notifications => notifications.enableEventBridgeNotification()); + } + private get writeActions(): string[] { return [ ...perms.BUCKET_DELETE_ACTIONS, @@ -1354,6 +1358,13 @@ export interface BucketProps { */ readonly versioned?: boolean; + /** + * Whether this bucket should send notifications to Amazon EventBridge or not. + * + * @default false + */ + readonly eventBridgeEnabled?: boolean; + /** * Rules that define how Amazon S3 manages objects during their lifetime. * @@ -1642,6 +1653,7 @@ export class Bucket extends BucketBase { private accessControl?: BucketAccessControl; private readonly lifecycleRules: LifecycleRule[] = []; private readonly versioned?: boolean; + private readonly eventBridgeEnabled?: boolean; private readonly metrics: BucketMetrics[] = []; private readonly cors: CorsRule[] = []; private readonly inventories: Inventory[] = []; @@ -1683,6 +1695,7 @@ export class Bucket extends BucketBase { this.versioned = props.versioned; this.encryptionKey = encryptionKey; + this.eventBridgeEnabled = props.eventBridgeEnabled; this.bucketName = this.getResourceNameAttribute(resource.ref); this.bucketArn = this.getResourceArnAttribute(resource.attrArn, { @@ -1733,6 +1746,10 @@ export class Bucket extends BucketBase { this.enableAutoDeleteObjects(); } + + if (this.eventBridgeEnabled) { + this.enableEventBridgeNotification(); + } } /** diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py b/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py index 2551398d74958..12d584c290cc1 100644 --- a/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py +++ b/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py @@ -5,41 +5,40 @@ s3 = boto3.client("s3") +EVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration' + CONFIGURATION_TYPES = ["TopicConfigurations", "QueueConfigurations", "LambdaFunctionConfigurations"] def handler(event: dict, context): - response_status = "SUCCESS" - error_message = "" - try: - props = event["ResourceProperties"] - bucket = props["BucketName"] - notification_configuration = props["NotificationConfiguration"] - request_type = event["RequestType"] - managed = props.get('Managed', 'true').lower() == 'true' - stack_id = event['StackId'] - - if managed: - config = handle_managed(request_type, notification_configuration) - else: - config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration) - - put_bucket_notification_configuration(bucket, config) - except Exception as e: - logging.exception("Failed to put bucket notification configuration") - response_status = "FAILED" - error_message = f"Error: {str(e)}. " - finally: - submit_response(event, context, response_status, error_message) - + response_status = "SUCCESS" + error_message = "" + try: + props = event["ResourceProperties"] + bucket = props["BucketName"] + notification_configuration = props["NotificationConfiguration"] + request_type = event["RequestType"] + managed = props.get('Managed', 'true').lower() == 'true' + stack_id = event['StackId'] + + if managed: + config = handle_managed(request_type, notification_configuration) + else: + config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration) + + put_bucket_notification_configuration(bucket, config) + except Exception as e: + logging.exception("Failed to put bucket notification configuration") + response_status = "FAILED" + error_message = f"Error: {str(e)}. " + finally: + submit_response(event, context, response_status, error_message) def handle_managed(request_type, notification_configuration): if request_type == 'Delete': return {} return notification_configuration - def handle_unmanaged(bucket, stack_id, request_type, notification_configuration): - # find external notifications external_notifications = find_external_notifications(bucket, stack_id) @@ -57,8 +56,14 @@ def with_id(notification): external = external_notifications.get(t, []) incoming = [with_id(n) for n in notification_configuration.get(t, [])] notifications[t] = external + incoming - return notifications + # EventBridge configuration is a special case because it's just an empty object if it exists + if EVENTBRIDGE_CONFIGURATION in notification_configuration: + notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION] + elif EVENTBRIDGE_CONFIGURATION in external_notifications: + notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION] + + return notifications def find_external_notifications(bucket, stack_id): existing_notifications = get_bucket_notification_configuration(bucket) @@ -68,34 +73,36 @@ def find_external_notifications(bucket, stack_id): # so we can filter by it. external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f"{stack_id}-")] - return external_notifications + # always treat EventBridge configuration as an external config if it already exists + # as there is no way to determine whether it's managed by us or not + if EVENTBRIDGE_CONFIGURATION in existing_notifications: + external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION] + return external_notifications def get_bucket_notification_configuration(bucket): return s3.get_bucket_notification_configuration(Bucket=bucket) - def put_bucket_notification_configuration(bucket, notification_configuration): s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration) - def submit_response(event: dict, context, response_status: str, error_message: str): - response_body = json.dumps( - { - "Status": response_status, - "Reason": f"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}", - "PhysicalResourceId": event.get("PhysicalResourceId") or event["LogicalResourceId"], - "StackId": event["StackId"], - "RequestId": event["RequestId"], - "LogicalResourceId": event["LogicalResourceId"], - "NoEcho": False, - } - ).encode("utf-8") - headers = {"content-type": "", "content-length": str(len(response_body))} - try: - req = urllib.request.Request(url=event["ResponseURL"], headers=headers, data=response_body, method="PUT") - with urllib.request.urlopen(req) as response: - print(response.read().decode("utf-8")) - print("Status code: " + response.reason) - except Exception as e: - print("send(..) failed executing request.urlopen(..): " + str(e)) + response_body = json.dumps( + { + "Status": response_status, + "Reason": f"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}", + "PhysicalResourceId": event.get("PhysicalResourceId") or event["LogicalResourceId"], + "StackId": event["StackId"], + "RequestId": event["RequestId"], + "LogicalResourceId": event["LogicalResourceId"], + "NoEcho": False, + } + ).encode("utf-8") + headers = {"content-type": "", "content-length": str(len(response_body))} + try: + req = urllib.request.Request(url=event["ResponseURL"], headers=headers, data=response_body, method="PUT") + with urllib.request.urlopen(req) as response: + print(response.read().decode("utf-8")) + print("Status code: " + response.reason) + except Exception as e: + print("send(..) failed executing request.urlopen(..): " + str(e)) diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts index 76edb141a3cd0..a6ea51209bc83 100644 --- a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts +++ b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts @@ -86,15 +86,19 @@ export class NotificationsResourceHandler extends Construct { } const handlerSource = fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8'); - if (handlerSource.length > 4096) { - throw new Error(`Source of Notifications Resource Handler is too large (${handlerSource.length} > 4096)`); + + // Removing lines that starts with '#' (comment lines) in order to fit the 4096 limit + const handlerSourceWithoutComments = handlerSource.replace(/^ *#.*\n?/gm, ''); + + if (handlerSourceWithoutComments.length > 4096) { + throw new Error(`Source of Notifications Resource Handler is too large (${handlerSourceWithoutComments.length} > 4096)`); } const resource = new InLineLambda(this, 'Resource', { type: resourceType, properties: { Description: 'AWS CloudFormation handler for "Custom::S3BucketNotifications" resources (@aws-cdk/aws-s3)', - Code: { ZipFile: handlerSource }, + Code: { ZipFile: handlerSourceWithoutComments }, Handler: 'index.handler', Role: this.role.roleArn, Runtime: 'python3.7', diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts index 6bc50ec5b6064..6b1b240b776a0 100644 --- a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts +++ b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts @@ -36,6 +36,7 @@ interface NotificationsProps { * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html */ export class BucketNotifications extends Construct { + private eventBridgeEnabled = false; private readonly lambdaNotifications = new Array(); private readonly queueNotifications = new Array(); private readonly topicNotifications = new Array(); @@ -94,8 +95,14 @@ export class BucketNotifications extends Construct { } } + public enableEventBridgeNotification() { + this.createResourceOnce(); + this.eventBridgeEnabled = true; + } + private renderNotificationConfiguration(): NotificationConfiguration { return { + EventBridgeConfiguration: this.eventBridgeEnabled ? {} : undefined, LambdaFunctionConfigurations: this.lambdaNotifications.length > 0 ? this.lambdaNotifications : undefined, QueueConfigurations: this.queueNotifications.length > 0 ? this.queueNotifications : undefined, TopicConfigurations: this.topicNotifications.length > 0 ? this.topicNotifications : undefined, @@ -176,6 +183,7 @@ function renderFilters(filters?: NotificationKeyFilter[]): Filter | undefined { } interface NotificationConfiguration { + EventBridgeConfiguration?: EventBridgeConfiguration; LambdaFunctionConfigurations?: LambdaFunctionConfiguration[]; QueueConfigurations?: QueueConfiguration[]; TopicConfigurations?: TopicConfiguration[]; @@ -187,6 +195,8 @@ interface CommonConfiguration { Filter?: Filter } +interface EventBridgeConfiguration { } + interface LambdaFunctionConfiguration extends CommonConfiguration { LambdaFunctionArn: string; } diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.expected.json new file mode 100644 index 0000000000000..7ef3ed3ba4d10 --- /dev/null +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.expected.json @@ -0,0 +1,101 @@ +{ + "Resources": { + "MyEventBridgeBucketNotifications19C0453F": { + "Type": "Custom::S3BucketNotifications", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691", + "Arn" + ] + }, + "BucketName": { + "Ref": "MyEventBridgeBucket1ABD5C2A" + }, + "NotificationConfiguration": { + "EventBridgeConfiguration": {} + }, + "Managed": true + } + }, + "MyEventBridgeBucket1ABD5C2A": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:PutBucketNotification", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", + "Roles": [ + { + "Ref": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" + } + ] + } + }, + "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", + "Code": { + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", + "Arn" + ] + }, + "Runtime": "python3.7", + "Timeout": 300 + }, + "DependsOn": [ + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" + ] + } + } +} diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.ts b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.ts new file mode 100644 index 0000000000000..3180b491f6250 --- /dev/null +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.ts @@ -0,0 +1,14 @@ +#!/usr/bin/env node +import * as cdk from '@aws-cdk/core'; +import * as s3 from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-s3-notifications'); + +new s3.Bucket(stack, 'MyEventBridgeBucket', { + eventBridgeEnabled: true, + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +app.synth(); diff --git a/packages/@aws-cdk/aws-s3/test/notification.test.ts b/packages/@aws-cdk/aws-s3/test/notification.test.ts index 411852018d081..a32b6c8c0eab9 100644 --- a/packages/@aws-cdk/aws-s3/test/notification.test.ts +++ b/packages/@aws-cdk/aws-s3/test/notification.test.ts @@ -146,4 +146,22 @@ describe('notification', () => { }), }, { suffix: '.png' }, { suffix: '.zip' })).toThrow(/suffix rule/); }); + + test('EventBridge notification custom resource', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new s3.Bucket(stack, 'MyBucket', { + eventBridgeEnabled: true, + }); + + // THEN + Template.fromStack(stack).resourceCountIs('AWS::S3::Bucket', 1); + Template.fromStack(stack).hasResourceProperties('Custom::S3BucketNotifications', { + NotificationConfiguration: { + EventBridgeConfiguration: {}, + }, + }); + }); }); diff --git a/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py b/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py index 9127677b02675..ff79da80ef669 100644 --- a/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py +++ b/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py @@ -19,6 +19,8 @@ ) sys.exit(1) +EVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration' + CONFIGURATION_TYPES = ["TopicConfigurations", "QueueConfigurations", "LambdaFunctionConfigurations"] @@ -33,6 +35,16 @@ def make_event(request_type: str, managed: bool): }, } +def make_event_with_eventbridge(request_type: str, managed: bool): + return { + "StackId": "StackId", + "RequestType": request_type, + "ResourceProperties": { + "Managed": str(managed), + "BucketName": "BucketName", + "NotificationConfiguration": make_notification_configuration_with_eventbridge(), + }, + } def make_notification_configuration(id_prefix: str = None): def make_id(): @@ -43,6 +55,11 @@ def make_id(): config[t] = [{"Id": make_id()}] return config +def make_notification_configuration_with_eventbridge(id_prefix: str = None): + return {**make_notification_configuration(id_prefix), **make_eventbridge_configuration()} + +def make_eventbridge_configuration(): + return { EVENTBRIDGE_CONFIGURATION: {} } def make_empty_notification_configuration(): config = {} @@ -50,11 +67,21 @@ def make_empty_notification_configuration(): config[t] = [] return config +def make_empty_notification_configuration_with_eventbridge(): + return {**make_empty_notification_configuration(), **make_eventbridge_configuration()} + def merge_notification_configurations(conf1: Dict, conf2: Dict): notifications = {} for t in CONFIGURATION_TYPES: notifications[t] = conf1.get(t, []) + conf2.get(t, []) + + if EVENTBRIDGE_CONFIGURATION in conf1: + notifications[EVENTBRIDGE_CONFIGURATION] = conf1[EVENTBRIDGE_CONFIGURATION] + + if EVENTBRIDGE_CONFIGURATION in conf2: + notifications[EVENTBRIDGE_CONFIGURATION] = conf2[EVENTBRIDGE_CONFIGURATION] + return notifications @@ -113,6 +140,22 @@ def test_create(self, _, get: MagicMock, put: MagicMock): event["ResourceProperties"]["NotificationConfiguration"], ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_create_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + get.return_value = {} + + event = make_event_with_eventbridge("Create", False) + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + event["ResourceProperties"]["NotificationConfiguration"], + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -131,6 +174,46 @@ def test_update(self, _, get: MagicMock, put: MagicMock): event["ResourceProperties"]["NotificationConfiguration"], ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Update", False) + + # simulate a previous create operation + current_notifications = make_notification_configuration(f"{event['StackId']}-") + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + event["ResourceProperties"]["NotificationConfiguration"], + ) + + + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_with_existing_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event("Update", False) + + # simulate a previous create operation + current_notifications = make_notification_configuration_with_eventbridge(f"{event['StackId']}-") + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + make_eventbridge_configuration(), + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -149,6 +232,24 @@ def test_delete(self, _, get: MagicMock, put: MagicMock): make_empty_notification_configuration(), ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_delete_with_eventbridge_should_not_remove_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Delete", False) + + # simulate a previous create operation + current_notifications = make_notification_configuration_with_eventbridge(f"{event['StackId']}-") + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + make_empty_notification_configuration_with_eventbridge(), + ) + class UnmanagedDirtyBucketTest(unittest.TestCase): @patch("index.put_bucket_notification_configuration") @@ -172,6 +273,48 @@ def test_create(self, _, get: MagicMock, put: MagicMock): ), ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_create_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Create", False) + + # simulate external notifications + current_notifications = make_notification_configuration() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_create_with_existing_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event("Create", False) + + # simulate external notifications + current_notifications = make_notification_configuration_with_eventbridge() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -193,6 +336,48 @@ def test_update(self, _, get: MagicMock, put: MagicMock): ), ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Update", False) + + # simulate external notifications + current_notifications = make_notification_configuration() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_without_eventbridge_should_not_remove_existing_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event("Update", False) + + # simulate external notifications + current_notifications = make_notification_configuration_with_eventbridge() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -211,6 +396,24 @@ def test_delete(self, _, get: MagicMock, put: MagicMock): current_notifications, ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_delete_with_eventbridge_should_not_remove_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Delete", False) + + # simulate external notifications + current_notifications = make_notification_configuration_with_eventbridge() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + current_notifications, + ) + class CfnResponsesTest(unittest.TestCase): @patch("index.put_bucket_notification_configuration") From fd63ca3995fb74b563a348589adf5fb06b4ef771 Mon Sep 17 00:00:00 2001 From: Pat Myron Date: Fri, 1 Apr 2022 07:56:34 -0700 Subject: [PATCH 34/59] fix(core): reduce CFN template indent size to save bytes (#19656) also: https://github.com/aws/serverless-application-model/pull/2368, https://github.com/cloudtools/troposphere/pull/2028 https://github.com/aws/aws-cdk/issues/18694 https://github.com/aws/aws-cdk/pull/18886 [CloudFormation templates can currently only be 1MB](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html) Simply reducing indentation from 2 to 1 should remove ~1/4 of the template file size for everyone by default while still preserving indentation formatting. Beyond improving the default, those wishing to reduce readability for further reduced file size could opt into using something like [`jq`](https://stedolan.github.io/jq/) on their own for now ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/core/lib/stack.ts | 2 +- .../pipelines/test/blueprint/stack-deployment.test.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/core/lib/stack.ts b/packages/@aws-cdk/core/lib/stack.ts index d6278d05834e3..4960991a08b26 100644 --- a/packages/@aws-cdk/core/lib/stack.ts +++ b/packages/@aws-cdk/core/lib/stack.ts @@ -793,7 +793,7 @@ export class Stack extends CoreConstruct implements ITaggable { Annotations.of(this).addInfo(`Number of resources: ${numberOfResources} is approaching allowed maximum of ${this.maxResources}`); } } - fs.writeFileSync(outPath, JSON.stringify(template, undefined, 2)); + fs.writeFileSync(outPath, JSON.stringify(template, undefined, 1)); for (const ctx of this._missingContext) { if (lookupRoleArn != null) { diff --git a/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts b/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts index 5c6de962beec0..005b49586b500 100644 --- a/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts +++ b/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts @@ -31,7 +31,7 @@ describe('templateUrl', () => { const sd = StageDeployment.fromStage(stage); // THEN - expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-us-east-1.s3.us-east-1.amazonaws.com/93ae4de94f81d0905c37db64b7304f5d65233ca4d9581d3a32215743c9bb92dd.json'); + expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-us-east-1.s3.us-east-1.amazonaws.com/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json'); }); test('without region', () => { @@ -43,7 +43,7 @@ describe('templateUrl', () => { const sd = StageDeployment.fromStage(stage); // THEN - expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-.s3.amazonaws.com/$%7BAWS::Region%7D/93ae4de94f81d0905c37db64b7304f5d65233ca4d9581d3a32215743c9bb92dd.json'); + expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-.s3.amazonaws.com/$%7BAWS::Region%7D/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json'); }); }); From 34e31b90c8cdd51b8af61f352aa0ab7a0332ed4c Mon Sep 17 00:00:00 2001 From: CommanderRoot Date: Fri, 1 Apr 2022 17:40:31 +0200 Subject: [PATCH 35/59] chore: replace deprecated String.substr() with String.slice() (#19572) [String.prototype.substr()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substr) is deprecated so we replace it with [String.prototype.slice()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/slice) which works similarily but isn't deprecated. .substr() probably isn't going away anytime soon but the change is trivial so it doesn't hurt to do it. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/assertions/lib/private/cyclic.ts | 2 +- packages/@aws-cdk/aws-apigateway/lib/resource.ts | 6 +++--- packages/@aws-cdk/aws-apigateway/lib/util.ts | 4 ++-- .../dns_validated_certificate_handler/lib/index.js | 2 +- .../aws-cloudfront/lib/origin-access-identity.ts | 2 +- packages/@aws-cdk/aws-cloudfront/lib/origin.ts | 2 +- .../@aws-cdk/aws-cloudfront/lib/web-distribution.ts | 2 +- packages/@aws-cdk/aws-codebuild/lib/project.ts | 2 +- packages/@aws-cdk/aws-cognito/lib/user-pool.ts | 2 +- packages/@aws-cdk/aws-ec2/lib/cfn-init.ts | 2 +- packages/@aws-cdk/aws-ec2/lib/instance.ts | 2 +- .../aws-eks/lib/cluster-resource-handler/cluster.ts | 3 ++- .../aws-eks/lib/cluster-resource-handler/fargate.ts | 3 ++- .../aws-route53-patterns/lib/website-redirect.ts | 2 +- .../aws-s3-deployment/lib/bucket-deployment.ts | 2 +- packages/@aws-cdk/aws-secretsmanager/lib/secret.ts | 4 ++-- .../lib/emr/emr-create-cluster.ts | 6 +++--- packages/@aws-cdk/cfnspec/build-tools/patch-set.ts | 2 +- packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts | 2 +- packages/@aws-cdk/cloudformation-diff/lib/format.ts | 2 +- .../@aws-cdk/cloudformation-diff/lib/iam/statement.ts | 2 +- packages/@aws-cdk/core/lib/cfn-element.ts | 2 +- packages/@aws-cdk/core/lib/cfn-parse.ts | 4 ++-- packages/@aws-cdk/core/lib/cfn-resource.ts | 2 +- packages/@aws-cdk/core/lib/custom-resource.ts | 4 ++-- packages/@aws-cdk/core/lib/private/region-lookup.ts | 2 +- packages/@aws-cdk/core/lib/runtime.ts | 4 ++-- packages/@aws-cdk/core/test/resource.test.ts | 2 +- .../integration-test-fixtures/s3-file-handler/index.ts | 2 +- .../pipelines/lib/codepipeline/artifact-map.ts | 4 ++-- .../lib/codepipeline/private/codebuild-factory.ts | 2 +- .../pipelines/lib/helpers-internal/pipeline-graph.ts | 2 +- packages/@aws-cdk/pipelines/lib/legacy/stage.ts | 2 +- packages/@aws-cdk/pipelines/lib/private/identifiers.ts | 4 ++-- packages/aws-cdk-migration/lib/rewrite.ts | 2 +- .../lib/api/evaluate-cloudformation-template.ts | 2 +- packages/aws-cdk/lib/api/hotswap/common.ts | 2 +- .../api/util/cloudformation/stack-activity-monitor.ts | 10 +++++----- packages/aws-cdk/lib/commands/doctor.ts | 2 +- packages/aws-cdk/lib/settings.ts | 2 +- packages/aws-cdk/test/bockfs.ts | 2 +- .../cli-regression-patches/v1.64.0/cdk-helpers.js | 2 +- .../cli-regression-patches/v1.64.1/cdk-helpers.js | 2 +- .../cli-regression-patches/v1.67.0/cdk-helpers.js | 2 +- packages/aws-cdk/test/integ/helpers/cdk.ts | 2 +- packages/awslint/lib/linter.ts | 2 +- packages/awslint/lib/rules/cfn-resource.ts | 2 +- packages/cdk-assets/test/bockfs.ts | 2 +- tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts | 4 ++-- tools/@aws-cdk/cdk-release/lib/conventional-commits.ts | 2 +- tools/@aws-cdk/cfn2ts/lib/genspec.ts | 6 +++--- tools/@aws-cdk/prlint/lint.ts | 2 +- tools/@aws-cdk/ubergen/bin/ubergen.ts | 4 ++-- 53 files changed, 74 insertions(+), 72 deletions(-) diff --git a/packages/@aws-cdk/assertions/lib/private/cyclic.ts b/packages/@aws-cdk/assertions/lib/private/cyclic.ts index 85aa0cbf07147..5f9a36da5278c 100644 --- a/packages/@aws-cdk/assertions/lib/private/cyclic.ts +++ b/packages/@aws-cdk/assertions/lib/private/cyclic.ts @@ -139,7 +139,7 @@ function analyzeSubPattern(pattern: string): SubFragment[] { } if (start < pattern.length - 1) { - ret.push({ type: 'literal', content: pattern.substr(start) }); + ret.push({ type: 'literal', content: pattern.slice(start) }); } return ret; diff --git a/packages/@aws-cdk/aws-apigateway/lib/resource.ts b/packages/@aws-cdk/aws-apigateway/lib/resource.ts index f843ee1b5e25a..cd0b2c38cc008 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/resource.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/resource.ts @@ -348,7 +348,7 @@ export abstract class ResourceBase extends ResourceConstruct implements IResourc } // trim trailing "/" - return this.resourceForPath(path.substr(1)); + return this.resourceForPath(path.slice(1)); } const parts = path.split('/'); @@ -544,11 +544,11 @@ export class ProxyResource extends Resource { function validateResourcePathPart(part: string) { // strip {} which indicate this is a parameter if (part.startsWith('{') && part.endsWith('}')) { - part = part.substr(1, part.length - 2); + part = part.slice(1, -1); // proxy resources are allowed to end with a '+' if (part.endsWith('+')) { - part = part.substr(0, part.length - 1); + part = part.slice(0, -1); } } diff --git a/packages/@aws-cdk/aws-apigateway/lib/util.ts b/packages/@aws-cdk/aws-apigateway/lib/util.ts index a97f89882fe04..e5df3afa246af 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/util.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/util.ts @@ -16,7 +16,7 @@ export function parseMethodOptionsPath(originalPath: string): { resourcePath: st throw new Error(`Method options path must start with '/': ${originalPath}`); } - const path = originalPath.substr(1); // trim trailing '/' + const path = originalPath.slice(1); // trim trailing '/' const components = path.split('/'); @@ -60,7 +60,7 @@ export function parseAwsApiCall(path?: string, action?: string, actionParams?: { if (action) { if (actionParams) { - action += '&' + formatUrl({ query: actionParams }).substr(1); + action += '&' + formatUrl({ query: actionParams }).slice(1); } return { diff --git a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js index 672b5762dbc15..fea57736fb531 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js +++ b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js @@ -92,7 +92,7 @@ const requestCertificate = async function (requestId, domainName, subjectAlterna const reqCertResponse = await acm.requestCertificate({ DomainName: domainName, SubjectAlternativeNames: subjectAlternativeNames, - IdempotencyToken: crypto.createHash('sha256').update(requestId).digest('hex').substr(0, 32), + IdempotencyToken: crypto.createHash('sha256').update(requestId).digest('hex').slice(0, 32), ValidationMethod: 'DNS' }).promise(); diff --git a/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts b/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts index c8a9b2b17ec82..a6323d27a452f 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts @@ -108,7 +108,7 @@ export class OriginAccessIdentity extends OriginAccessIdentityBase implements IO super(scope, id); // Comment has a max length of 128. - const comment = (props?.comment ?? 'Allows CloudFront to reach the bucket').substr(0, 128); + const comment = (props?.comment ?? 'Allows CloudFront to reach the bucket').slice(0, 128); this.resource = new CfnCloudFrontOriginAccessIdentity(this, 'Resource', { cloudFrontOriginAccessIdentityConfig: { comment }, }); diff --git a/packages/@aws-cdk/aws-cloudfront/lib/origin.ts b/packages/@aws-cdk/aws-cloudfront/lib/origin.ts index 0b7ab7796b97f..12672e5406abb 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/origin.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/origin.ts @@ -182,7 +182,7 @@ export abstract class OriginBase implements IOrigin { if (originPath === undefined) { return undefined; } let path = originPath; if (!path.startsWith('/')) { path = '/' + path; } - if (path.endsWith('/')) { path = path.substr(0, path.length - 1); } + if (path.endsWith('/')) { path = path.slice(0, -1); } return path; } diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts index 5b4e785cc21a7..2fb0d5d958dc0 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts @@ -815,7 +815,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu // Comments have an undocumented limit of 128 characters const trimmedComment = props.comment && props.comment.length > 128 - ? `${props.comment.substr(0, 128 - 3)}...` + ? `${props.comment.slice(0, 128 - 3)}...` : props.comment; let distributionConfig: CfnDistribution.DistributionConfigProperty = { diff --git a/packages/@aws-cdk/aws-codebuild/lib/project.ts b/packages/@aws-cdk/aws-codebuild/lib/project.ts index e3ea5ac394f4c..b026f9e842007 100644 --- a/packages/@aws-cdk/aws-codebuild/lib/project.ts +++ b/packages/@aws-cdk/aws-codebuild/lib/project.ts @@ -862,7 +862,7 @@ export class Project extends ProjectBase { // If the parameter name starts with / the resource name is not separated with a double '/' // arn:aws:ssm:region:1111111111:parameter/PARAM_NAME resourceName: envVariableValue.startsWith('/') - ? envVariableValue.substr(1) + ? envVariableValue.slice(1) : envVariableValue, })); } diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts index 21a41f4c8721c..bb300d14ed213 100644 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts +++ b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts @@ -1055,7 +1055,7 @@ export class UserPool extends UserPoolBase { return undefined; } - const smsRoleExternalId = Names.uniqueId(this).substr(0, 1223); // sts:ExternalId max length of 1224 + const smsRoleExternalId = Names.uniqueId(this).slice(0, 1223); // sts:ExternalId max length of 1224 const smsRole = props.smsRole ?? new Role(this, 'smsRole', { assumedBy: new ServicePrincipal('cognito-idp.amazonaws.com', { conditions: { diff --git a/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts b/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts index 860e37001dd68..9832c83cdc4ac 100644 --- a/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts +++ b/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts @@ -111,7 +111,7 @@ export class CloudFormationInit { // as well as include any asset hashes provided so the fingerprint is accurate. const resolvedConfig = attachedResource.stack.resolve(bindResult.configData); const fingerprintInput = { config: resolvedConfig, assetHash: bindResult.assetHash }; - const fingerprint = contentHash(JSON.stringify(fingerprintInput)).substr(0, 16); + const fingerprint = contentHash(JSON.stringify(fingerprintInput)).slice(0, 16); attachOptions.instanceRole.addToPrincipalPolicy(new iam.PolicyStatement({ actions: ['cloudformation:DescribeStackResource', 'cloudformation:SignalResource'], diff --git a/packages/@aws-cdk/aws-ec2/lib/instance.ts b/packages/@aws-cdk/aws-ec2/lib/instance.ts index 213b1ef0e4629..8537ae0c32c51 100644 --- a/packages/@aws-cdk/aws-ec2/lib/instance.ts +++ b/packages/@aws-cdk/aws-ec2/lib/instance.ts @@ -430,7 +430,7 @@ export class Instance extends Resource implements IInstance { } finally { recursing = false; } - const digest = md5.digest('hex').substr(0, 16); + const digest = md5.digest('hex').slice(0, 16); return `${originalLogicalId}${digest}`; }, })); diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts index 0ad46af16eaef..0177a7e21b695 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts @@ -265,7 +265,8 @@ export class ClusterResourceHandler extends ResourceHandler { private generateClusterName() { const suffix = this.requestId.replace(/-/g, ''); // 32 chars - const prefix = this.logicalResourceId.substr(0, MAX_CLUSTER_NAME_LEN - suffix.length - 1); + const offset = MAX_CLUSTER_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); return `${prefix}-${suffix}`; } } diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts index a7900ad8caf72..b708690efd6d9 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts @@ -75,7 +75,8 @@ export class FargateProfileResourceHandler extends ResourceHandler { */ private generateProfileName() { const suffix = this.requestId.replace(/-/g, ''); // 32 chars - const prefix = this.logicalResourceId.substr(0, MAX_NAME_LEN - suffix.length - 1); + const offset = MAX_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); return `${prefix}-${suffix}`; } diff --git a/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts b/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts index 06e53777cd277..a591c24ad36a3 100644 --- a/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts +++ b/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts @@ -101,7 +101,7 @@ export class HttpsRedirect extends CoreConstruct { }); domainNames.forEach((domainName) => { - const hash = crypto.createHash('md5').update(domainName).digest('hex').substr(0, 6); + const hash = crypto.createHash('md5').update(domainName).digest('hex').slice(0, 6); const aliasProps = { recordName: domainName, zone: props.zone, diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts index 31a7ec92e2db5..542fdffb6b7b7 100644 --- a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts @@ -357,7 +357,7 @@ export class BucketDeployment extends CoreConstruct { let prefix: string = props.destinationKeyPrefix ? `:${props.destinationKeyPrefix}` : ''; - prefix += `:${this.cr.node.addr.substr(-8)}`; + prefix += `:${this.cr.node.addr.slice(-8)}`; const tagKey = CUSTOM_RESOURCE_OWNER_TAG + prefix; // destinationKeyPrefix can be 104 characters before we hit diff --git a/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts b/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts index 81e8fa2f4ca81..c57da9f85bc5c 100644 --- a/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts +++ b/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts @@ -851,8 +851,8 @@ function parseSecretName(construct: IConstruct, secretArn: string) { // Secret resource names are in the format `${secretName}-${6-character SecretsManager suffix}` // If there is no hyphen (or 6-character suffix) assume no suffix was provided, and return the whole name. const lastHyphenIndex = resourceName.lastIndexOf('-'); - const hasSecretsSuffix = lastHyphenIndex !== -1 && resourceName.substr(lastHyphenIndex + 1).length === 6; - return hasSecretsSuffix ? resourceName.substr(0, lastHyphenIndex) : resourceName; + const hasSecretsSuffix = lastHyphenIndex !== -1 && resourceName.slice(lastHyphenIndex + 1).length === 6; + return hasSecretsSuffix ? resourceName.slice(0, lastHyphenIndex) : resourceName; } throw new Error('invalid ARN format; no secret name provided'); } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts index e223988059c52..73c10a442b87e 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts @@ -211,7 +211,7 @@ export class EmrCreateCluster extends sfn.TaskStateBase { throw new Error(`Step concurrency level must be in range [1, 256], but got ${this.props.stepConcurrencyLevel}.`); } if (this.props.releaseLabel && this.props.stepConcurrencyLevel !== 1) { - const [major, minor] = this.props.releaseLabel.substr(4).split('.'); + const [major, minor] = this.props.releaseLabel.slice(4).split('.'); if (Number(major) < 5 || (Number(major) === 5 && Number(minor) < 28)) { throw new Error(`Step concurrency is only supported in EMR release version 5.28.0 and above but got ${this.props.releaseLabel}.`); } @@ -391,8 +391,8 @@ export class EmrCreateCluster extends sfn.TaskStateBase { * @see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-components.html */ private validateReleaseLabel(releaseLabel: string): string { - const prefix = releaseLabel.substr(0, 4); - const versions = releaseLabel.substr(4).split('.'); + const prefix = releaseLabel.slice(0, 4); + const versions = releaseLabel.slice(4).split('.'); if (prefix !== 'emr-' || versions.length !== 3 || versions.some((e) => isNotANumber(e))) { throw new Error(`The release label must be in the format 'emr-x.x.x' but got ${releaseLabel}`); } diff --git a/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts b/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts index 03d7438aa3d63..fede9f82de0dd 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts @@ -228,7 +228,7 @@ function findPatches(data: any, patchSource: any): Patch[] { throw new Error(`adjustPath: expected string, got ${JSON.stringify(originalPath)}`); } if (originalPath.startsWith('$/')) { - return originalPath.substr(1); + return originalPath.slice(1); } return jsonPath.map(p => `/${p}`).join('') + originalPath; } diff --git a/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts b/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts index 6b5a0d6d466f9..86fb8a6145f21 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts @@ -197,7 +197,7 @@ async function main() { function isSuffix(key: string, suffix: string) { const index = key.indexOf(suffix); - return index === -1 ? undefined : key.substr(0, index); + return index === -1 ? undefined : key.slice(0, index); } function suffixKeys(suffix: string, xs: Record): Record { diff --git a/packages/@aws-cdk/cloudformation-diff/lib/format.ts b/packages/@aws-cdk/cloudformation-diff/lib/format.ts index 3dee563f8cf36..ff8915dbd069a 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/format.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/format.ts @@ -340,7 +340,7 @@ class Formatter { */ function normalizePath(p: string) { if (p.startsWith('/')) { - p = p.substr(1); + p = p.slice(1); } let parts = p.split('/'); diff --git a/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts b/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts index 7f83a5561bc76..f491d8638ea13 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts @@ -324,5 +324,5 @@ export function renderCondition(condition: any): string { // We can make it more compact without losing information by getting rid of the outermost braces // and the indentation. const lines = jsonRepresentation.split('\n'); - return lines.slice(1, lines.length - 1).map(s => s.substr(2)).join('\n'); + return lines.slice(1, lines.length - 1).map(s => s.slice(2)).join('\n'); } diff --git a/packages/@aws-cdk/core/lib/cfn-element.ts b/packages/@aws-cdk/core/lib/cfn-element.ts index 5e2cf1602c614..9bb08746c4a47 100644 --- a/packages/@aws-cdk/core/lib/cfn-element.ts +++ b/packages/@aws-cdk/core/lib/cfn-element.ts @@ -159,7 +159,7 @@ export abstract class CfnRefElement extends CfnElement { function notTooLong(x: string) { if (x.length < 100) { return x; } - return x.substr(0, 47) + '...' + x.substr(x.length - 47); + return x.slice(0, 47) + '...' + x.slice(-47); } import { CfnReference } from './private/cfn-reference'; diff --git a/packages/@aws-cdk/core/lib/cfn-parse.ts b/packages/@aws-cdk/core/lib/cfn-parse.ts index e57bf28e785f3..28391d8916028 100644 --- a/packages/@aws-cdk/core/lib/cfn-parse.ts +++ b/packages/@aws-cdk/core/lib/cfn-parse.ts @@ -537,8 +537,8 @@ export class CfnParser { if (dotIndex === -1) { throw new Error(`Short-form Fn::GetAtt must contain a '.' in its string argument, got: '${value}'`); } - logicalId = value.substr(0, dotIndex); - attributeName = value.substr(dotIndex + 1); // the +1 is to skip the actual '.' + logicalId = value.slice(0, dotIndex); + attributeName = value.slice(dotIndex + 1); // the +1 is to skip the actual '.' stringForm = true; } else { // ...or a 2-element list diff --git a/packages/@aws-cdk/core/lib/cfn-resource.ts b/packages/@aws-cdk/core/lib/cfn-resource.ts index d1f6c3d65ffbb..c09ac87674aad 100644 --- a/packages/@aws-cdk/core/lib/cfn-resource.ts +++ b/packages/@aws-cdk/core/lib/cfn-resource.ts @@ -361,7 +361,7 @@ export class CfnResource extends CfnRefElement { const trace = this.creationStack; if (trace) { const creationStack = ['--- resource created at ---', ...trace].join('\n at '); - const problemTrace = e.stack.substr(e.stack.indexOf(e.message) + e.message.length); + const problemTrace = e.stack.slice(e.stack.indexOf(e.message) + e.message.length); e.stack = `${e.message}\n ${creationStack}\n --- problem discovered at ---${problemTrace}`; } diff --git a/packages/@aws-cdk/core/lib/custom-resource.ts b/packages/@aws-cdk/core/lib/custom-resource.ts index a466b600fa386..fcbc96c95b6d6 100644 --- a/packages/@aws-cdk/core/lib/custom-resource.ts +++ b/packages/@aws-cdk/core/lib/custom-resource.ts @@ -186,7 +186,7 @@ export class CustomResource extends Resource { function uppercaseProperties(props: { [key: string]: any }) { const ret: { [key: string]: any } = {}; Object.keys(props).forEach(key => { - const upper = key.substr(0, 1).toUpperCase() + key.substr(1); + const upper = key.slice(0, 1).toUpperCase() + key.slice(1); ret[upper] = props[key]; }); return ret; @@ -201,7 +201,7 @@ function renderResourceType(resourceType?: string) { throw new Error(`Custom resource type must begin with "Custom::" (${resourceType})`); } - const typeName = resourceType.substr(resourceType.indexOf('::') + 2); + const typeName = resourceType.slice(resourceType.indexOf('::') + 2); if (typeName.length > 60) { throw new Error(`Custom resource type length > 60 (${resourceType})`); } diff --git a/packages/@aws-cdk/core/lib/private/region-lookup.ts b/packages/@aws-cdk/core/lib/private/region-lookup.ts index 226df28d7f444..d81facdac0d12 100644 --- a/packages/@aws-cdk/core/lib/private/region-lookup.ts +++ b/packages/@aws-cdk/core/lib/private/region-lookup.ts @@ -44,7 +44,7 @@ export function deployTimeLookup(stack: Stack, factName: string, lookupMap: Reco } function ucfirst(x: string) { - return `${x.substr(0, 1).toUpperCase()}${x.substr(1)}`; + return `${x.slice(0, 1).toUpperCase()}${x.slice(1)}`; } /** diff --git a/packages/@aws-cdk/core/lib/runtime.ts b/packages/@aws-cdk/core/lib/runtime.ts index ee65443b294cc..84edb8f6e5728 100644 --- a/packages/@aws-cdk/core/lib/runtime.ts +++ b/packages/@aws-cdk/core/lib/runtime.ts @@ -137,7 +137,7 @@ export class ValidationResult { if (!this.isSuccess) { let message = this.errorTree(); // The first letter will be lowercase, so uppercase it for a nicer error message - message = message.substr(0, 1).toUpperCase() + message.substr(1); + message = message.slice(0, 1).toUpperCase() + message.slice(1); throw new CfnSynthesisError(message); } } @@ -382,7 +382,7 @@ function isCloudFormationIntrinsic(x: any) { const keys = Object.keys(x); if (keys.length !== 1) { return false; } - return keys[0] === 'Ref' || keys[0].substr(0, 4) === 'Fn::'; + return keys[0] === 'Ref' || keys[0].slice(0, 4) === 'Fn::'; } /** diff --git a/packages/@aws-cdk/core/test/resource.test.ts b/packages/@aws-cdk/core/test/resource.test.ts index f7773fdb4540b..8ae0c7a1c0270 100644 --- a/packages/@aws-cdk/core/test/resource.test.ts +++ b/packages/@aws-cdk/core/test/resource.test.ts @@ -915,7 +915,7 @@ class Counter extends CfnResource { } function withoutHash(logId: string) { - return logId.substr(0, logId.length - 8); + return logId.slice(0, -8); } class CustomizableResource extends CfnResource { diff --git a/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts b/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts index 0e52b4ad66e3f..de12c193aa637 100644 --- a/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts +++ b/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts @@ -28,7 +28,7 @@ export async function putObject(event: AWSCDKAsyncCustomResource.OnEventRequest) // trim trailing `/` if (objectKey.startsWith('/')) { - objectKey = objectKey.substr(1); + objectKey = objectKey.slice(1); } const publicRead = event.ResourceProperties[api.PROP_PUBLIC] || false; diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts index 2d3383bb469bf..5379811427286 100644 --- a/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts +++ b/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts @@ -55,8 +55,8 @@ function sanitizeArtifactName(x: string): string { const maxLength = 100; // Max length of 100 is imposed by CodePipeline library if (sani.length > maxLength) { - const fingerprint = crypto.createHash('sha256').update(sani).digest('hex').substr(0, 8); - sani = sani.substr(0, maxLength - fingerprint.length) + fingerprint; + const fingerprint = crypto.createHash('sha256').update(sani).digest('hex').slice(0, 8); + sani = sani.slice(0, maxLength - fingerprint.length) + fingerprint; } return sani; diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts index 84a0cf934a4ca..3103586f71546 100644 --- a/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts +++ b/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts @@ -504,7 +504,7 @@ function filterBuildSpecCommands(buildSpec: codebuild.BuildSpec, osType: ec2.Ope function extractTag(x: any): [string | undefined, any] { if (typeof x !== 'string') { return [undefined, x]; } for (const tag of [winTag, linuxTag]) { - if (x.startsWith(tag)) { return [tag, x.substr(tag.length)]; } + if (x.startsWith(tag)) { return [tag, x.slice(tag.length)]; } } return [undefined, x]; } diff --git a/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts b/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts index 738576017afb9..e26058b724b62 100644 --- a/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts +++ b/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts @@ -342,5 +342,5 @@ export type AGraphNode = GraphNode; export type AGraph = Graph; function stripPrefix(s: string, prefix: string) { - return s.startsWith(prefix) ? s.substr(prefix.length) : s; + return s.startsWith(prefix) ? s.slice(prefix.length) : s; } \ No newline at end of file diff --git a/packages/@aws-cdk/pipelines/lib/legacy/stage.ts b/packages/@aws-cdk/pipelines/lib/legacy/stage.ts index c054e9a0592fb..c74f792f48e71 100644 --- a/packages/@aws-cdk/pipelines/lib/legacy/stage.ts +++ b/packages/@aws-cdk/pipelines/lib/legacy/stage.ts @@ -445,7 +445,7 @@ export class StackOutput { } function stripPrefix(s: string, prefix: string) { - return s.startsWith(prefix) ? s.substr(prefix.length) : s; + return s.startsWith(prefix) ? s.slice(prefix.length) : s; } function isAssetManifest(s: cxapi.CloudArtifact): s is cxapi.AssetManifestArtifact { diff --git a/packages/@aws-cdk/pipelines/lib/private/identifiers.ts b/packages/@aws-cdk/pipelines/lib/private/identifiers.ts index cb2bf85c6d9a9..7de1d3ef0744e 100644 --- a/packages/@aws-cdk/pipelines/lib/private/identifiers.ts +++ b/packages/@aws-cdk/pipelines/lib/private/identifiers.ts @@ -54,8 +54,8 @@ function sanitizeName(x: string): string { */ export function limitIdentifierLength(s: string, n: number): string { if (s.length <= n) { return s; } - const h = hash(s).substr(0, 8); + const h = hash(s).slice(0, 8); const mid = Math.floor((n - h.length) / 2); - return s.substr(0, mid) + h + s.substr(s.length - mid); + return s.slice(0, mid) + h + s.slice(-mid); } diff --git a/packages/aws-cdk-migration/lib/rewrite.ts b/packages/aws-cdk-migration/lib/rewrite.ts index 8f875f932249b..9d3e414587d15 100644 --- a/packages/aws-cdk-migration/lib/rewrite.ts +++ b/packages/aws-cdk-migration/lib/rewrite.ts @@ -410,7 +410,7 @@ function updatedExternalLocation( return customModulePath; } - if (options.rewriteCfnImports && modulePath.endsWith(`${options.packageUnscopedName?.substr('aws-'.length)}.generated`)) { + if (options.rewriteCfnImports && modulePath.endsWith(`${options.packageUnscopedName?.slice('aws-'.length)}.generated`)) { return `${libName}/${options.packageUnscopedName}`; } diff --git a/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts b/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts index 534066445cc0b..f4a2576cee55e 100644 --- a/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts +++ b/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts @@ -408,7 +408,7 @@ async function asyncGlobalReplace(str: string, regex: RegExp, cb: (x: string) => start = regex.lastIndex; } - ret.push(str.substr(start)); + ret.push(str.slice(start)); return ret.join(''); } diff --git a/packages/aws-cdk/lib/api/hotswap/common.ts b/packages/aws-cdk/lib/api/hotswap/common.ts index 1a06a8934c6ee..03f78df4ddac6 100644 --- a/packages/aws-cdk/lib/api/hotswap/common.ts +++ b/packages/aws-cdk/lib/api/hotswap/common.ts @@ -86,5 +86,5 @@ export function transformObjectKeys(val: any, transform: (str: string) => string * This function lower cases the first character of the string provided. */ export function lowerCaseFirstCharacter(str: string): string { - return str.length > 0 ? `${str[0].toLowerCase()}${str.substr(1)}` : str; + return str.length > 0 ? `${str[0].toLowerCase()}${str.slice(1)}` : str; } diff --git a/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts b/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts index 40bcdf78c0dd0..748de9b664610 100644 --- a/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts +++ b/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts @@ -290,7 +290,7 @@ export class StackActivityMonitor { // remove "/" prefix if (path.startsWith(this.stackName + '/')) { - path = path.substr(this.stackName.length + 1); + path = path.slice(this.stackName.length + 1); } return path; } @@ -527,7 +527,7 @@ export class HistoryActivityPrinter extends ActivityPrinterBase { e.StackName, (progress !== false ? `${this.progress()} | ` : ''), new Date(e.Timestamp).toLocaleTimeString(), - color(padRight(STATUS_WIDTH, (e.ResourceStatus || '').substr(0, STATUS_WIDTH))), // pad left and trim + color(padRight(STATUS_WIDTH, (e.ResourceStatus || '').slice(0, STATUS_WIDTH))), // pad left and trim padRight(this.props.resourceTypeColumnWidth, e.ResourceType || ''), color(chalk.bold(resourceName)), logicalId, @@ -623,7 +623,7 @@ export class CurrentActivityPrinter extends ActivityPrinterBase { return util.format('%s | %s | %s | %s%s', padLeft(TIMESTAMP_WIDTH, new Date(res.event.Timestamp).toLocaleTimeString()), - color(padRight(STATUS_WIDTH, (res.event.ResourceStatus || '').substr(0, STATUS_WIDTH))), + color(padRight(STATUS_WIDTH, (res.event.ResourceStatus || '').slice(0, STATUS_WIDTH))), padRight(this.props.resourceTypeColumnWidth, res.event.ResourceType || ''), color(chalk.bold(shorten(40, resourceName))), this.failureReasonOnNextLine(res)); @@ -652,7 +652,7 @@ export class CurrentActivityPrinter extends ActivityPrinterBase { lines.push(util.format(chalk.red('%s | %s | %s | %s%s') + '\n', padLeft(TIMESTAMP_WIDTH, new Date(failure.event.Timestamp).toLocaleTimeString()), - padRight(STATUS_WIDTH, (failure.event.ResourceStatus || '').substr(0, STATUS_WIDTH)), + padRight(STATUS_WIDTH, (failure.event.ResourceStatus || '').slice(0, STATUS_WIDTH)), padRight(this.props.resourceTypeColumnWidth, failure.event.ResourceType || ''), shorten(40, failure.event.LogicalResourceId ?? ''), this.failureReasonOnNextLine(failure))); @@ -744,7 +744,7 @@ function colorFromStatusActivity(status?: string) { function shorten(maxWidth: number, p: string) { if (p.length <= maxWidth) { return p; } const half = Math.floor((maxWidth - 3) / 2); - return p.substr(0, half) + '...' + p.substr(p.length - half); + return p.slice(0, half) + '...' + p.slice(-half); } const TIMESTAMP_WIDTH = 12; diff --git a/packages/aws-cdk/lib/commands/doctor.ts b/packages/aws-cdk/lib/commands/doctor.ts index 00f88f4dfd7c1..e1942bbd06b2b 100644 --- a/packages/aws-cdk/lib/commands/doctor.ts +++ b/packages/aws-cdk/lib/commands/doctor.ts @@ -62,7 +62,7 @@ function displayCdkEnvironmentVariables() { } function anonymizeAwsVariable(name: string, value: string) { - if (name === 'AWS_ACCESS_KEY_ID') { return value.substr(0, 4) + ''; } // Show ASIA/AKIA key type, but hide identifier + if (name === 'AWS_ACCESS_KEY_ID') { return value.slice(0, 4) + ''; } // Show ASIA/AKIA key type, but hide identifier if (name === 'AWS_SECRET_ACCESS_KEY' || name === 'AWS_SESSION_TOKEN' || name === 'AWS_SECURITY_TOKEN') { return ''; } return value; } diff --git a/packages/aws-cdk/lib/settings.ts b/packages/aws-cdk/lib/settings.ts index 7a213111f6c9f..adb467e49b798 100644 --- a/packages/aws-cdk/lib/settings.ts +++ b/packages/aws-cdk/lib/settings.ts @@ -443,7 +443,7 @@ export class Settings { function expandHomeDir(x: string) { if (x.startsWith('~')) { - return fs_path.join(os.homedir(), x.substr(1)); + return fs_path.join(os.homedir(), x.slice(1)); } return x; } diff --git a/packages/aws-cdk/test/bockfs.ts b/packages/aws-cdk/test/bockfs.ts index 47f96f3af6f33..72aa13109183c 100644 --- a/packages/aws-cdk/test/bockfs.ts +++ b/packages/aws-cdk/test/bockfs.ts @@ -36,7 +36,7 @@ namespace bockfs { * Turn a fake path into a real path */ export function path(fakePath: string) { - if (fakePath.startsWith('/')) { fakePath = fakePath.substr(1); } // Force path to be non-absolute + if (fakePath.startsWith('/')) { fakePath = fakePath.slice(1); } // Force path to be non-absolute return path_.join(bockFsRoot, fakePath); } diff --git a/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.0/cdk-helpers.js b/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.0/cdk-helpers.js index da45aebb27469..d30e4db9615b2 100644 --- a/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.0/cdk-helpers.js +++ b/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.0/cdk-helpers.js @@ -96,7 +96,7 @@ constructor(integTestDir, stackNamePrefix, output, aws) { this.stackNamePrefix = stackNamePrefix; this.output = output; this.aws = aws; - this.qualifier = randomString().substr(0, 10); + this.qualifier = randomString().slice(0, 10); this.bucketsToDelete = new Array(); } log(s) { diff --git a/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.1/cdk-helpers.js b/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.1/cdk-helpers.js index ef82e3d3edace..43bd06245e447 100644 --- a/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.1/cdk-helpers.js +++ b/packages/aws-cdk/test/integ/cli-regression-patches/v1.64.1/cdk-helpers.js @@ -97,7 +97,7 @@ class TestFixture { this.stackNamePrefix = stackNamePrefix; this.output = output; this.aws = aws; - this.qualifier = randomString().substr(0, 10); + this.qualifier = randomString().slice(0, 10); this.bucketsToDelete = new Array(); } log(s) { diff --git a/packages/aws-cdk/test/integ/cli-regression-patches/v1.67.0/cdk-helpers.js b/packages/aws-cdk/test/integ/cli-regression-patches/v1.67.0/cdk-helpers.js index 7bb7790818e40..308e45722d7a7 100644 --- a/packages/aws-cdk/test/integ/cli-regression-patches/v1.67.0/cdk-helpers.js +++ b/packages/aws-cdk/test/integ/cli-regression-patches/v1.67.0/cdk-helpers.js @@ -104,7 +104,7 @@ class TestFixture { this.stackNamePrefix = stackNamePrefix; this.output = output; this.aws = aws; - this.qualifier = randomString().substr(0, 10); + this.qualifier = randomString().slice(0, 10); this.bucketsToDelete = new Array(); } log(s) { diff --git a/packages/aws-cdk/test/integ/helpers/cdk.ts b/packages/aws-cdk/test/integ/helpers/cdk.ts index 75787ab7b747c..72dd0299f66ab 100644 --- a/packages/aws-cdk/test/integ/helpers/cdk.ts +++ b/packages/aws-cdk/test/integ/helpers/cdk.ts @@ -297,7 +297,7 @@ export interface CdkModernBootstrapCommandOptions extends CommonCdkBootstrapComm } export class TestFixture { - public readonly qualifier = randomString().substr(0, 10); + public readonly qualifier = randomString().slice(0, 10); private readonly bucketsToDelete = new Array(); constructor( diff --git a/packages/awslint/lib/linter.ts b/packages/awslint/lib/linter.ts index bfefd370b6175..e96f735a30174 100644 --- a/packages/awslint/lib/linter.ts +++ b/packages/awslint/lib/linter.ts @@ -253,7 +253,7 @@ export class Evaluation { function matchPattern(s: string, pattern: string) { if (pattern.endsWith('*')) { - const prefix = pattern.substr(0, pattern.length - 1); + const prefix = pattern.slice(0, -1); return s.startsWith(prefix); } else { return s === pattern; diff --git a/packages/awslint/lib/rules/cfn-resource.ts b/packages/awslint/lib/rules/cfn-resource.ts index 536d53cb4c766..ea35c94feb6cb 100644 --- a/packages/awslint/lib/rules/cfn-resource.ts +++ b/packages/awslint/lib/rules/cfn-resource.ts @@ -52,7 +52,7 @@ export class CfnResourceReflection { constructor(cls: reflect.ClassType) { this.classType = cls; - this.basename = cls.name.substr('Cfn'.length); + this.basename = cls.name.slice('Cfn'.length); // HACK: extract full CFN name from initializer docs const initializerDoc = (cls.initializer && cls.initializer.docs.docs.summary) || ''; diff --git a/packages/cdk-assets/test/bockfs.ts b/packages/cdk-assets/test/bockfs.ts index 7f01d5f8fd1e9..ffdc43aa9b6fa 100644 --- a/packages/cdk-assets/test/bockfs.ts +++ b/packages/cdk-assets/test/bockfs.ts @@ -20,7 +20,7 @@ namespace bockfs { } export function path(x: string) { - if (x.startsWith('/')) { x = x.substr(1); } // Force path to be non-absolute + if (x.startsWith('/')) { x = x.slice(1); } // Force path to be non-absolute return path_.join(bockFsRoot, x); } diff --git a/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts b/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts index 8c40f6a55dd22..cc7aa78f2ad81 100644 --- a/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts +++ b/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts @@ -59,7 +59,7 @@ export class IntegrationTests { for (const file of files) { const fullPath = path.join(dir, file); const statf = await fs.stat(fullPath); - if (statf.isFile()) { ret.push(fullPath.substr(rootDir.length + 1)); } + if (statf.isFile()) { ret.push(fullPath.slice(rootDir.length + 1)); } if (statf.isDirectory()) { await recurse(path.join(fullPath)); } } } @@ -81,7 +81,7 @@ export class IntegrationTest { private readonly sourceFilePath: string; constructor(private readonly directory: string, public readonly name: string) { - const baseName = this.name.endsWith('.js') ? this.name.substr(0, this.name.length - 3) : this.name; + const baseName = this.name.endsWith('.js') ? this.name.slice(0, -3) : this.name; this.expectedFileName = baseName + '.expected.json'; this.expectedFilePath = path.join(this.directory, this.expectedFileName); this.sourceFilePath = path.join(this.directory, this.name); diff --git a/tools/@aws-cdk/cdk-release/lib/conventional-commits.ts b/tools/@aws-cdk/cdk-release/lib/conventional-commits.ts index 56355edc7ac62..ff0cec1b17dbe 100644 --- a/tools/@aws-cdk/cdk-release/lib/conventional-commits.ts +++ b/tools/@aws-cdk/cdk-release/lib/conventional-commits.ts @@ -135,7 +135,7 @@ function createScopeVariations(names: string[]) { // also include in the scopes variants without the prefix, // and without the '-' in the prefix // (so, 's3' and 'awss3') - pkgName.substr('aws-'.length), + pkgName.slice('aws-'.length), pkgName.replace(/^aws-/, 'aws'), ] : [] diff --git a/tools/@aws-cdk/cfn2ts/lib/genspec.ts b/tools/@aws-cdk/cfn2ts/lib/genspec.ts index b4283aac0ebb4..f14c44d96426b 100644 --- a/tools/@aws-cdk/cfn2ts/lib/genspec.ts +++ b/tools/@aws-cdk/cfn2ts/lib/genspec.ts @@ -241,7 +241,7 @@ export function cloudFormationToScriptName(name: string): string { for (const suffix of Object.keys(suffixes)) { if (name.endsWith(suffix)) { - return ret.substr(0, ret.length - suffix.length) + suffixes[suffix]; + return ret.slice(0, -suffix.length) + suffixes[suffix]; } } @@ -271,7 +271,7 @@ export function isPrimitive(type: CodeName): boolean { function specTypeToCodeType(resourceContext: CodeName, type: string): CodeName { if (type.endsWith('[]')) { - const itemType = specTypeToCodeType(resourceContext, type.substr(0, type.length - 2)); + const itemType = specTypeToCodeType(resourceContext, type.slice(0, -2)); return CodeName.forPrimitive(`${itemType.className}[]`); } if (schema.isPrimitiveType(type)) { @@ -357,7 +357,7 @@ export function typeDispatch(resourceContext: CodeName, spec: schema.Property if (schema.isMapOfListsOfPrimitivesProperty(spec)) { // remove the '[]' from the type const baseType = itemTypes[0].className; - const itemType = CodeName.forPrimitive(baseType.substr(0, baseType.length - 2)); + const itemType = CodeName.forPrimitive(baseType.slice(0, -2)); return visitor.visitMapOfLists(itemType); } if (itemTypes.length > 1) { diff --git a/tools/@aws-cdk/prlint/lint.ts b/tools/@aws-cdk/prlint/lint.ts index 67584d09ca916..848ac621b9882 100755 --- a/tools/@aws-cdk/prlint/lint.ts +++ b/tools/@aws-cdk/prlint/lint.ts @@ -112,7 +112,7 @@ function validateBreakingChangeFormat(title: string, body: string) { if (!m[0].startsWith('BREAKING CHANGE: ')) { throw new LinterError(`Breaking changes should be indicated by starting a line with 'BREAKING CHANGE: ', variations are not allowed. (found: '${m[0]}')`); } - if (m[0].substr('BREAKING CHANGE:'.length).trim().length === 0) { + if (m[0].slice('BREAKING CHANGE:'.length).trim().length === 0) { throw new LinterError("The description of the first breaking change should immediately follow the 'BREAKING CHANGE: ' clause"); } const titleRe = /^[a-z]+\([0-9a-z-_]+\)/; diff --git a/tools/@aws-cdk/ubergen/bin/ubergen.ts b/tools/@aws-cdk/ubergen/bin/ubergen.ts index 9f03c222a99dd..d48276a260b2c 100644 --- a/tools/@aws-cdk/ubergen/bin/ubergen.ts +++ b/tools/@aws-cdk/ubergen/bin/ubergen.ts @@ -149,7 +149,7 @@ async function findLibrariesToPackage(uberPackageJson: PackageJson): Promise Date: Fri, 1 Apr 2022 12:24:40 -0400 Subject: [PATCH 36/59] chore(aws-docdb): fix broken integration tests (#19687) Need to specify the engine version, otherwise the latest is used (4.0.0) which is not compatible with the parameter group version ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-docdb/test/integ.cluster.expected.json | 13 +++++++------ packages/@aws-cdk/aws-docdb/test/integ.cluster.ts | 1 + 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json b/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json index 1b661827dd1ec..f6a4f710d71a1 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -274,11 +274,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -463,20 +463,21 @@ "DatabaseB269D8BB": { "Type": "AWS::DocDB::DBCluster", "Properties": { - "MasterUsername": "docdb", - "MasterUserPassword": "7959866cacc02c2d243ecfe177464fe6", "DBClusterParameterGroupName": { "Ref": "ParamsA8366201" }, "DBSubnetGroupName": { "Ref": "DatabaseSubnets56F17B9A" }, + "EngineVersion": "3.6.0", "KmsKeyId": { "Fn::GetAtt": [ "DbSecurity381C2C15", "Arn" ] }, + "MasterUsername": "docdb", + "MasterUserPassword": "7959866cacc02c2d243ecfe177464fe6", "StorageEncrypted": true, "VpcSecurityGroupIds": [ { diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts b/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts index 084502d0dae65..f3d988e51c601 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts @@ -31,6 +31,7 @@ class TestStack extends cdk.Stack { }); const cluster = new DatabaseCluster(this, 'Database', { + engineVersion: '3.6.0', masterUser: { username: 'docdb', password: cdk.SecretValue.plainText('7959866cacc02c2d243ecfe177464fe6'), From 9457471f92ec11074166bb12fc12edd86c475261 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Fri, 1 Apr 2022 13:07:02 -0400 Subject: [PATCH 37/59] chore(ecs-patterns): fix broken integration tests (#19689) ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...ocessing-fargate-service-public.expected.json | 16 ++++++++-------- ...eg.queue-processing-fargate-service-public.ts | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json index 66c9a16e4a4e4..4994e6d9b015c 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.32.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "VPCPublicSubnet3Subnet631C5E25": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -309,11 +309,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.96.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -371,11 +371,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -433,11 +433,11 @@ "VPCPrivateSubnet3Subnet3EDCD457": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.160.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -609,8 +609,8 @@ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ], - "Interval": 720, - "Retries": 34, + "Interval": 5, + "Retries": 10, "Timeout": 5 }, "Image": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts index 4877a7d211747..495e738d63c38 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts @@ -16,8 +16,8 @@ new QueueProcessingFargateService(stack, 'PublicQueueService', { assignPublicIp: true, healthCheck: { command: ['CMD-SHELL', 'curl -f http://localhost/ || exit 1'], - interval: Duration.minutes(12), - retries: 34, + interval: Duration.seconds(5), + retries: 10, }, }); From 89d471dca4570fa0c0718e8ee56821fe136243fd Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Fri, 1 Apr 2022 13:49:14 -0400 Subject: [PATCH 38/59] chore(aws-cognito): fix broken integration tests (#19684) ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...integ.user-pool-client-explicit-props.expected.json | 10 ++++++++++ .../test/integ.user-pool-client-explicit-props.ts | 6 +++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json index c2c5b4d18b269..33d544ca1751a 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json @@ -20,6 +20,16 @@ }, "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", + "Schema": [ + { + "AttributeDataType": "String", + "Name": "attribute_one" + }, + { + "AttributeDataType": "String", + "Name": "attribute_two" + } + ], "SmsVerificationMessage": "The verification code to your new account is {####}", "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts index d8a058a86d9c8..6f71e03dbed6e 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts @@ -1,11 +1,15 @@ import { App, RemovalPolicy, Stack } from '@aws-cdk/core'; -import { OAuthScope, UserPool, ClientAttributes } from '../lib'; +import { OAuthScope, UserPool, ClientAttributes, StringAttribute } from '../lib'; const app = new App(); const stack = new Stack(app, 'integ-user-pool-client-explicit-props'); const userpool = new UserPool(stack, 'myuserpool', { removalPolicy: RemovalPolicy.DESTROY, + customAttributes: { + attribute_one: new StringAttribute(), + attribute_two: new StringAttribute(), + }, }); userpool.addClient('myuserpoolclient', { From e04b1d71b8150fccd69d01ef0b7bdb100c146675 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Fri, 1 Apr 2022 14:32:22 -0400 Subject: [PATCH 39/59] chore(codepipeline-actions): integ tests should be env agnostic (#19682) Updated the stacksets integration test to be environment agnostic. This allows us to deploy the integration test to different regions/accounts without the template changing ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ.stacksets.expected.json | 218 +++++++++++++++++- .../test/cloudformation/integ.stacksets.ts | 10 +- 2 files changed, 216 insertions(+), 12 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json index e57101d8a4892..2623f0aae9246 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json @@ -2,9 +2,177 @@ "Resources": { "ArtifactBucket7410C9EF": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "ArtifactBucketPolicy4B4B7752": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "ArtifactBucket7410C9EF" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "ArtifactBucket7410C9EF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ArtifactBucket7410C9EF", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "ArtifactBucketAutoDeleteObjectsCustomResource0BB47FD6": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "ArtifactBucket7410C9EF" + } + }, + "DependsOn": [ + "ArtifactBucketPolicy4B4B7752" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "ArtifactBucket7410C9EF" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineRoleD68726F7": { "Type": "AWS::IAM::Role", "Properties": { @@ -263,7 +431,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -408,7 +580,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -442,7 +618,15 @@ { "Ref": "AWS::Partition" }, - ":cloudformation:test-region:12345678:stackset/TestStackSet:*" + ":cloudformation:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":stackset/TestStackSet:*" ] ] } @@ -584,7 +768,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -618,7 +806,15 @@ { "Ref": "AWS::Partition" }, - ":cloudformation:test-region:12345678:stackset/TestStackSet:*" + ":cloudformation:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":stackset/TestStackSet:*" ] ] } @@ -636,6 +832,18 @@ } }, "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, "AssetParameters5bcf205623ea5b34a1944fea4c9982e835555e710235ae6f60172097737302e2S3Bucket3C8B9651": { "Type": "String", "Description": "S3 bucket for asset \"5bcf205623ea5b34a1944fea4c9982e835555e710235ae6f60172097737302e2\"" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts index bc41e86474584..f3b1b1f5c34dd 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts @@ -24,12 +24,13 @@ import { Construct } from 'constructs'; import * as cpactions from '../../lib'; export class StackSetPipelineStack extends Stack { - constructor(scope: Construct, id: string, props: StackProps) { + constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); const pipeline = new codepipeline.Pipeline(this, 'Pipeline', { artifactBucket: new s3.Bucket(this, 'ArtifactBucket', { removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, }), }); @@ -75,9 +76,4 @@ export class StackSetPipelineStack extends Stack { } const app = new App(); -new StackSetPipelineStack(app, 'StackSetPipelineStack', { - env: { - region: process.env.CDK_DEFAULT_REGION, - account: process.env.CDK_DEFAULT_ACCOUNT, - }, -}); +new StackSetPipelineStack(app, 'StackSetPipelineStack'); From 097fe19c1ffbaf2554b9c81ea6fa10b61e1c45bd Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Fri, 1 Apr 2022 15:15:51 -0400 Subject: [PATCH 40/59] chore(aws-ec2): fix broken integration tests (#19690) Couple of fixes: - `integ.instance-init`: Create a new VPC instead of performing a lookup in order to make the stack env agnostic - `integ.vpc-endpoint-service`: Moved this test to the elasticloadbalancingv2 package since for the test to actually do anything it needs to create NLBs. - `integ.vpc-endpoint-service-cn`: Removed this test since it is the same as the above test except for creating it in china - `integ.vpc-flow-logs`: Added `autoDeleteObjects` so that the stack can be deleted. Also added the bucket policy to the bucket to avoid some race conditions when the stack tries to delete the bucket while AWS is attempting to add this policy to the bucket. - `integ.vpn-pre-shared-key-token`: The purpose of this test seemed to be validating that a token can be used so I changed this to just use `Lazy`. Also, that property does not support SSM Secure references. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/integ.instance-init.expected.json | 542 ++++++++++++++- .../aws-ec2/test/integ.instance-init.ts | 9 +- ...nteg.vpc-endpoint-service-cn.expected.json | 35 - .../test/integ.vpc-endpoint-service-cn.ts | 46 -- .../integ.vpc-endpoint-service.expected.json | 64 -- .../test/integ.vpc-flow-logs.expected.json | 340 +++++++++- .../aws-ec2/test/integ.vpc-flow-logs.ts | 39 +- ...teg.vpn-pre-shared-key-token.expected.json | 32 +- .../test/integ.vpn-pre-shared-key-token.ts | 2 +- .../integ.vpc-endpoint-service.expected.json | 630 ++++++++++++++++++ .../test/integ.vpc-endpoint-service.ts | 27 +- 11 files changed, 1540 insertions(+), 226 deletions(-) delete mode 100644 packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.expected.json delete mode 100644 packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.ts delete mode 100644 packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.expected.json create mode 100644 packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.expected.json rename packages/@aws-cdk/{aws-ec2 => aws-elasticloadbalancingv2}/test/integ.vpc-endpoint-service.ts (66%) diff --git a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json index e287246eda0a7..576efc96d2057 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json @@ -1,5 +1,519 @@ { "Resources": { + "IntegInitVpc0D4FCCB3": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc" + } + ] + } + }, + "IntegInitVpcPublicSubnet1Subnet41A6F6D4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet1RouteTable837CD5FB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet1RouteTableAssociation00D33741": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet1RouteTable837CD5FB" + }, + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet1Subnet41A6F6D4" + } + } + }, + "IntegInitVpcPublicSubnet1DefaultRoute5BB90E8C": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet1RouteTable837CD5FB" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + }, + "DependsOn": [ + "IntegInitVpcVPCGW85EDC292" + ] + }, + "IntegInitVpcPublicSubnet1EIP46FCC3D6": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet1NATGateway46F32F7F": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet1Subnet41A6F6D4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "IntegInitVpcPublicSubnet1EIP46FCC3D6", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet2Subnet9A384F16": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet2RouteTableF7E8F920": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet2RouteTableAssociationB816F9F3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet2RouteTableF7E8F920" + }, + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet2Subnet9A384F16" + } + } + }, + "IntegInitVpcPublicSubnet2DefaultRoute2393995F": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet2RouteTableF7E8F920" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + }, + "DependsOn": [ + "IntegInitVpcVPCGW85EDC292" + ] + }, + "IntegInitVpcPublicSubnet2EIP553B40DC": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet2NATGateway9CCB4A9C": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet2Subnet9A384F16" + }, + "AllocationId": { + "Fn::GetAtt": [ + "IntegInitVpcPublicSubnet2EIP553B40DC", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet3Subnet30A34DA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPublicSubnet3RouteTable53FB2E26": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPublicSubnet3RouteTableAssociation73A6B648": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet3RouteTable53FB2E26" + }, + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet3Subnet30A34DA1" + } + } + }, + "IntegInitVpcPublicSubnet3DefaultRoute3781AD26": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet3RouteTable53FB2E26" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + }, + "DependsOn": [ + "IntegInitVpcVPCGW85EDC292" + ] + }, + "IntegInitVpcPublicSubnet3EIP59DDAB7B": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPublicSubnet3NATGatewayA7A986C7": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet3Subnet30A34DA1" + }, + "AllocationId": { + "Fn::GetAtt": [ + "IntegInitVpcPublicSubnet3EIP59DDAB7B", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPrivateSubnet1Subnet259B51C1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet1" + } + ] + } + }, + "IntegInitVpcPrivateSubnet1RouteTableCB37994B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet1" + } + ] + } + }, + "IntegInitVpcPrivateSubnet1RouteTableAssociation067DEF9D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet1RouteTableCB37994B" + }, + "SubnetId": { + "Ref": "IntegInitVpcPrivateSubnet1Subnet259B51C1" + } + } + }, + "IntegInitVpcPrivateSubnet1DefaultRoute654ACECF": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet1RouteTableCB37994B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "IntegInitVpcPublicSubnet1NATGateway46F32F7F" + } + } + }, + "IntegInitVpcPrivateSubnet2Subnet1643B059": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet2" + } + ] + } + }, + "IntegInitVpcPrivateSubnet2RouteTable030EC93B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet2" + } + ] + } + }, + "IntegInitVpcPrivateSubnet2RouteTableAssociation6B52BD72": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet2RouteTable030EC93B" + }, + "SubnetId": { + "Ref": "IntegInitVpcPrivateSubnet2Subnet1643B059" + } + } + }, + "IntegInitVpcPrivateSubnet2DefaultRoute6A10B6EA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet2RouteTable030EC93B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "IntegInitVpcPublicSubnet2NATGateway9CCB4A9C" + } + } + }, + "IntegInitVpcPrivateSubnet3Subnet2FEDC394": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet3" + } + ] + } + }, + "IntegInitVpcPrivateSubnet3RouteTable276D284C": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet3" + } + ] + } + }, + "IntegInitVpcPrivateSubnet3RouteTableAssociation2706BC76": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet3RouteTable276D284C" + }, + "SubnetId": { + "Ref": "IntegInitVpcPrivateSubnet3Subnet2FEDC394" + } + } + }, + "IntegInitVpcPrivateSubnet3DefaultRoute932A56DC": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet3RouteTable276D284C" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "IntegInitVpcPublicSubnet3NATGatewayA7A986C7" + } + } + }, + "IntegInitVpcIGWF019AC85": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc" + } + ] + } + }, + "IntegInitVpcVPCGW85EDC292": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "InternetGatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + } + }, "Instance2InstanceSecurityGroupC6129B1D": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -17,7 +531,9 @@ "Value": "integ-init/Instance2" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + } } }, "Instance2InstanceRole03DD7CB2": { @@ -130,10 +646,10 @@ ] } }, - "Instance255F352654dd5de862574bd14": { + "Instance255F352651ad64873f230a4d2": { "Type": "AWS::EC2::Instance", "Properties": { - "AvailabilityZone": "us-east-1a", + "AvailabilityZone": "test-region-1a", "IamInstanceProfile": { "Ref": "Instance2InstanceProfile582F915C" }, @@ -149,7 +665,9 @@ ] } ], - "SubnetId": "subnet-e19455ca", + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet1Subnet41A6F6D4" + }, "Tags": [ { "Key": "Name", @@ -161,7 +679,7 @@ "Fn::Join": [ "", [ - "#!/bin/bash\n# fingerprint: 336ad3625c000098\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", + "#!/bin/bash\n# fingerprint: 8ef54c03058b2a11\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", { "Ref": "AWS::Region" }, @@ -169,7 +687,7 @@ { "Ref": "AWS::StackName" }, - " --resource Instance255F352654dd5de862574bd14 -c default\n /opt/aws/bin/cfn-signal -e $? --region ", + " --resource Instance255F352651ad64873f230a4d2 -c default\n /opt/aws/bin/cfn-signal -e $? --region ", { "Ref": "AWS::Region" }, @@ -177,7 +695,7 @@ { "Ref": "AWS::StackName" }, - " --resource Instance255F352654dd5de862574bd14\n cat /var/log/cfn-init.log >&2\n)" + " --resource Instance255F352651ad64873f230a4d2\n cat /var/log/cfn-init.log >&2\n)" ] ] } @@ -230,7 +748,11 @@ "Fn::Join": [ "", [ - "https://s3.test-region.", + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, @@ -276,7 +798,9 @@ "Ref": "AWS::StackId" }, "stackName": "integ-init", - "region": "test-region" + "region": { + "Ref": "AWS::Region" + } }, "mode": "000644", "owner": "root", diff --git a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts index c7c5204fe6e21..2f133693e1165 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts +++ b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts @@ -5,14 +5,9 @@ import * as cdk from '@aws-cdk/core'; import * as ec2 from '../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'integ-init', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); +const stack = new cdk.Stack(app, 'integ-init'); -const vpc = ec2.Vpc.fromLookup(stack, 'VPC', { isDefault: true }); +const vpc = new ec2.Vpc(stack, 'IntegInitVpc'); const tmpDir = fs.mkdtempSync('/tmp/cfn-init-test'); fs.writeFileSync(path.resolve(tmpDir, 'testFile'), 'Hello World!\n'); diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.expected.json deleted file mode 100644 index 99a898633a82f..0000000000000 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.expected.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "Resources": { - "MyCnVpcEndpointService7463420F": { - "Type": "AWS::EC2::VPCEndpointService", - "Properties": { - "NetworkLoadBalancerArns": [ - "arn:aws-cn:elasticloadbalancing:cn-north-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a" - ], - "AcceptanceRequired": false - } - } - }, - "Outputs": { - "MyCnVpcEndpointServiceServiceName": { - "Description": "Give this to service consumers so they can connect via VPC Endpoint", - "Value": { - "Fn::Join": [ - ".", - [ - "cn.com.amazonaws.vpce", - { - "Ref": "AWS::Region" - }, - { - "Ref": "MyCnVpcEndpointService7463420F" - } - ] - ] - }, - "Export": { - "Name": "ServiceName" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.ts deleted file mode 100644 index 3b67c986477c7..0000000000000 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.ts +++ /dev/null @@ -1,46 +0,0 @@ -import * as cdk from '@aws-cdk/core'; -import * as ec2 from '../lib'; - -const app = new cdk.App(); - -/** - * A load balancer that can host a VPC Endpoint Service - */ -class DummyEndpointLoadBalacer implements ec2.IVpcEndpointServiceLoadBalancer { - /** - * The ARN of the load balancer that hosts the VPC Endpoint Service - */ - public readonly loadBalancerArn: string; - constructor(arn: string) { - this.loadBalancerArn = arn; - } -} - -class CnVpcEndpointServiceStack extends cdk.Stack { - constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { - super(scope, id, props); - - const nlb = new DummyEndpointLoadBalacer( - 'arn:aws-cn:elasticloadbalancing:cn-north-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'); - - const service1 = new ec2.VpcEndpointService(this, 'MyCnVpcEndpointService', { - vpcEndpointServiceLoadBalancers: [nlb], - acceptanceRequired: false, - }); - - new cdk.CfnOutput(this, 'MyCnVpcEndpointServiceServiceName', { - exportName: 'ServiceName', - value: service1.vpcEndpointServiceName, - description: 'Give this to service consumers so they can connect via VPC Endpoint', - }); - - } -} - -new CnVpcEndpointServiceStack(app, 'aws-cdk-ec2-cn-vpc-endpoint-service', { - env: { - account: '123456789012', - region: 'cn-north-1', - }, -}); -app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.expected.json deleted file mode 100644 index 48b0f9d07d40e..0000000000000 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.expected.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "Resources": { - "MyVpcEndpointServiceWithNoPrincipals9B24276E": { - "Type": "AWS::EC2::VPCEndpointService", - "Properties": { - "NetworkLoadBalancerArns": [ - "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a" - ], - "AcceptanceRequired": false - } - }, - "MyVpcEndpointServiceWithPrincipals41EE2DF2": { - "Type": "AWS::EC2::VPCEndpointService", - "Properties": { - "NetworkLoadBalancerArns": [ - "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/1jd81k39sa421ffs" - ], - "AcceptanceRequired": false - } - }, - "MyVpcEndpointServiceWithPrincipalsPermissions29F9BD5A": { - "Type": "AWS::EC2::VPCEndpointServicePermissions", - "Properties": { - "ServiceId": { - "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" - }, - "AllowedPrincipals": [ - "arn:aws:iam::123456789012:root" - ] - } - } - }, - "Outputs": { - "MyVpcEndpointServiceWithNoPrincipalsServiceName": { - "Description": "Give this to service consumers so they can connect via VPC Endpoint", - "Value": { - "Fn::Join": [ - ".", - [ - "com.amazonaws.vpce", - { - "Ref": "AWS::Region" - }, - { - "Ref": "MyVpcEndpointServiceWithNoPrincipals9B24276E" - } - ] - ] - }, - "Export": { - "Name": "ServiceName" - } - }, - "MyVpcEndpointServiceWithPrincipalsEndpointServiceId": { - "Description": "Reference this service from other stacks", - "Value": { - "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" - }, - "Export": { - "Name": "EndpointServiceId" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json index 24d55d814adad..9d43a7553f127 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json @@ -10,7 +10,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -35,7 +35,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -49,7 +49,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -87,7 +87,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -107,7 +107,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.32.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -132,7 +132,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -146,7 +146,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -184,7 +184,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -204,7 +204,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -212,11 +212,11 @@ "VPCPublicSubnet3Subnet631C5E25": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -229,7 +229,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -243,7 +243,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -281,7 +281,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -301,7 +301,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -309,11 +309,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.96.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -326,7 +326,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet1" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet1" } ] } @@ -340,7 +340,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet1" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet1" } ] } @@ -371,11 +371,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -388,7 +388,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet2" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet2" } ] } @@ -402,7 +402,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet2" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet2" } ] } @@ -433,11 +433,11 @@ "VPCPrivateSubnet3Subnet3EDCD457": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.160.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -450,7 +450,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet3" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet3" } ] } @@ -464,7 +464,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet3" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet3" } ] } @@ -498,7 +498,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -520,7 +520,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] }, @@ -545,7 +545,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -576,7 +576,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -668,8 +668,290 @@ }, "Bucket83908E77": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" + }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control", + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + }, + "ArnLike": { + "aws:SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": [ + "s3:GetBucketAcl", + "s3:ListBucket" + ], + "Condition": { + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + }, + "ArnLike": { + "aws:SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts index c9b87c51bf7fd..6ce95c09bb662 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts @@ -1,4 +1,5 @@ /// !cdk-integ * +import { PolicyStatement, Effect, ServicePrincipal } from '@aws-cdk/aws-iam'; import * as s3 from '@aws-cdk/aws-s3'; import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core'; import { FlowLog, FlowLogDestination, FlowLogResourceType, Vpc } from '../lib'; @@ -21,7 +22,43 @@ class TestStack extends Stack { const bucket = new s3.Bucket(this, 'Bucket', { removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, }); + bucket.addToResourcePolicy(new PolicyStatement({ + effect: Effect.ALLOW, + principals: [new ServicePrincipal('delivery.logs.amazonaws.com')], + actions: ['s3:PutObject'], + resources: [bucket.arnForObjects(`AWSLogs/${this.account}/*`)], + conditions: { + StringEquals: { + 's3:x-amz-acl': 'bucket-owner-full-control', + 'aws:SourceAccount': this.account, + }, + ArnLike: { + 'aws:SourceArn': this.formatArn({ + service: 'logs', + resource: '*', + }), + }, + }, + })); + bucket.addToResourcePolicy(new PolicyStatement({ + effect: Effect.ALLOW, + principals: [new ServicePrincipal('delivery.logs.amazonaws.com')], + actions: ['s3:GetBucketAcl', 's3:ListBucket'], + resources: [bucket.bucketArn], + conditions: { + StringEquals: { + 'aws:SourceAccount': this.account, + }, + ArnLike: { + 'aws:SourceArn': this.formatArn({ + service: 'logs', + resource: '*', + }), + }, + }, + })); vpc.addFlowLog('FlowLogsS3KeyPrefix', { destination: FlowLogDestination.toS3(bucket, 'prefix/'), @@ -29,6 +66,6 @@ class TestStack extends Stack { } } -new TestStack(app, 'TestStack'); +new TestStack(app, 'FlowLogsTestStack'); app.synth(); diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json index e35654d4ac5ac..7895454898cbc 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json @@ -18,11 +18,11 @@ "MyVpcPublicSubnet1SubnetF6608456": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.0.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.10.0.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -95,15 +95,15 @@ "MyVpcPublicSubnet1NATGatewayAD3400C1": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVpcPublicSubnet1SubnetF6608456" + }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet1EIP096967CB", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVpcPublicSubnet1SubnetF6608456" - }, "Tags": [ { "Key": "Name", @@ -115,11 +115,11 @@ "MyVpcPublicSubnet2Subnet492B6BFB": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.32.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.10.32.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -192,15 +192,15 @@ "MyVpcPublicSubnet2NATGateway91BFBEC9": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" + }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet2EIP8CCBA239", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" - }, "Tags": [ { "Key": "Name", @@ -212,11 +212,11 @@ "MyVpcPublicSubnet3Subnet57EEE236": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.64.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.10.64.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -289,15 +289,15 @@ "MyVpcPublicSubnet3NATGatewayD4B50EBE": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVpcPublicSubnet3Subnet57EEE236" + }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet3EIPC5ACADAB", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVpcPublicSubnet3Subnet57EEE236" - }, "Tags": [ { "Key": "Name", @@ -309,11 +309,11 @@ "MyVpcPrivateSubnet1Subnet5057CF7E": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.96.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.10.96.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -371,11 +371,11 @@ "MyVpcPrivateSubnet2Subnet0040C983": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.128.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.10.128.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -433,11 +433,11 @@ "MyVpcPrivateSubnet3Subnet772D6AD7": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.160.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.10.160.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -592,7 +592,7 @@ }, "VpnTunnelOptionsSpecifications": [ { - "PreSharedKey": "{{resolve:ssm-secure:ssm-pw:1}}" + "PreSharedKey": "ssmpwaaa" } ] } diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts index fb5bb45119b08..a4747938c57e8 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts @@ -11,7 +11,7 @@ const vpc = new ec2.Vpc(stack, 'MyVpc', { ip: '52.85.255.164', tunnelOptions: [ { - preSharedKey: cdk.SecretValue.ssmSecure('ssm-pw', '1').toString(), + preSharedKey: cdk.Lazy.string({ produce: () => 'ssmpwaaa' }), }, ], }, diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.expected.json new file mode 100644 index 0000000000000..18a3482e70715 --- /dev/null +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.expected.json @@ -0,0 +1,630 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet3Subnet631C5E25": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPublicSubnet3RouteTable98AE0E14": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPublicSubnet3RouteTableAssociation427FE0C6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet3RouteTable98AE0E14" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + } + } + }, + "VPCPublicSubnet3DefaultRouteA0D29D46": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet3RouteTable98AE0E14" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet3EIPAD4BC883": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPublicSubnet3NATGatewayD3048F5C": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet3EIPAD4BC883", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + } + } + }, + "VPCPrivateSubnet3Subnet3EDCD457": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet3" + } + ] + } + }, + "VPCPrivateSubnet3RouteTable192186F8": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet3" + } + ] + } + }, + "VPCPrivateSubnet3RouteTableAssociationC28D144E": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet3RouteTable192186F8" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet3Subnet3EDCD457" + } + } + }, + "VPCPrivateSubnet3DefaultRoute27F311AE": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet3RouteTable192186F8" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet3NATGatewayD3048F5C" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "NLBNoPrincipals25B7CFB1": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internal", + "Subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + }, + { + "Ref": "VPCPrivateSubnet3Subnet3EDCD457" + } + ], + "Type": "network" + } + }, + "MyVpcEndpointServiceWithNoPrincipals9B24276E": { + "Type": "AWS::EC2::VPCEndpointService", + "Properties": { + "AcceptanceRequired": false, + "NetworkLoadBalancerArns": [ + { + "Ref": "NLBNoPrincipals25B7CFB1" + } + ] + } + }, + "NLBWithPrincipals912E28FF": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internal", + "Subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + }, + { + "Ref": "VPCPrivateSubnet3Subnet3EDCD457" + } + ], + "Type": "network" + } + }, + "MyVpcEndpointServiceWithPrincipals41EE2DF2": { + "Type": "AWS::EC2::VPCEndpointService", + "Properties": { + "AcceptanceRequired": false, + "NetworkLoadBalancerArns": [ + { + "Ref": "NLBWithPrincipals912E28FF" + } + ] + } + }, + "MyVpcEndpointServiceWithPrincipalsPermissions29F9BD5A": { + "Type": "AWS::EC2::VPCEndpointServicePermissions", + "Properties": { + "ServiceId": { + "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" + }, + "AllowedPrincipals": [ + "arn:aws:iam::123456789012:root" + ] + } + } + }, + "Outputs": { + "MyVpcEndpointServiceWithNoPrincipalsServiceName": { + "Description": "Give this to service consumers so they can connect via VPC Endpoint", + "Value": { + "Fn::Join": [ + ".", + [ + "com.amazonaws.vpce", + { + "Ref": "AWS::Region" + }, + { + "Ref": "MyVpcEndpointServiceWithNoPrincipals9B24276E" + } + ] + ] + }, + "Export": { + "Name": "ServiceName" + } + }, + "MyVpcEndpointServiceWithPrincipalsEndpointServiceId": { + "Description": "Reference this service from other stacks", + "Value": { + "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" + }, + "Export": { + "Name": "EndpointServiceId" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.ts similarity index 66% rename from packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.ts rename to packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.ts index 01d22ea92c444..92a39f118637c 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.ts @@ -1,28 +1,18 @@ +import * as ec2 from '@aws-cdk/aws-ec2'; import { ArnPrincipal } from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; -import * as ec2 from '../lib'; +import * as elbv2 from '../lib'; const app = new cdk.App(); -/** - * A load balancer that can host a VPC Endpoint Service - */ -class DummyEndpointLoadBalacer implements ec2.IVpcEndpointServiceLoadBalancer { - /** - * The ARN of the load balancer that hosts the VPC Endpoint Service - */ - public readonly loadBalancerArn: string; - constructor(arn: string) { - this.loadBalancerArn = arn; - } -} - class VpcEndpointServiceStack extends cdk.Stack { constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { super(scope, id, props); - const nlbNoPrincipals = new DummyEndpointLoadBalacer( - 'arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'); + const vpc = new ec2.Vpc(this, 'VPC'); + const nlbNoPrincipals = new elbv2.NetworkLoadBalancer(this, 'NLBNoPrincipals', { + vpc, + }); const service1 = new ec2.VpcEndpointService(this, 'MyVpcEndpointServiceWithNoPrincipals', { vpcEndpointServiceLoadBalancers: [nlbNoPrincipals], @@ -30,8 +20,9 @@ class VpcEndpointServiceStack extends cdk.Stack { allowedPrincipals: [], }); - const nlbWithPrincipals = new DummyEndpointLoadBalacer( - 'arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/1jd81k39sa421ffs'); + const nlbWithPrincipals = new elbv2.NetworkLoadBalancer(this, 'NLBWithPrincipals', { + vpc, + }); const principalArn = new ArnPrincipal('arn:aws:iam::123456789012:root'); const service2 = new ec2.VpcEndpointService(this, 'MyVpcEndpointServiceWithPrincipals', { From 7f26fad5241756cdb6b15c9fb20995a96bba71f2 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 1 Apr 2022 21:58:37 +0200 Subject: [PATCH 41/59] fix(core): `Fn.select` incorrectly short-circuits complex expressions (#19680) In CloudFormation, it is possible to do the following: ``` 'Fn::Select': - 0 - - { 'Fn::If': ['Cond1', 'Value1', { Ref: 'AWS::NoValue' } } - { 'Fn::If': ['Cond2', 'Value2', { Ref: 'AWS::NoValue' } } - { 'Fn::If': ['Cond3', 'Value3', { Ref: 'AWS::NoValue' } } ``` Because the `AWS::NoValue`s will disappear from the array, this will evaluate to the first condition that is true. CDK is unlikely to generate expressions like this, but people may have written this in CloudFormation templates. The eager short-circuiting behavior of `Fn.select` was breaking the roundtrippability of this template's condition cascade through `cloudformation-include`, by unconditionally picking out the first element from the array. We can't get rid of the short-circuiting completely (as bunch of templates and tests may already depend on it), but we can catch this happening and guard against it, by not short-circuiting if we can't look into all values. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../fn-select-with-novalue.json | 23 +++++++++++++++++++ .../test/valid-templates.test.ts | 8 +++++++ packages/@aws-cdk/core/lib/cfn-fn.ts | 2 +- packages/@aws-cdk/core/test/fn.test.ts | 18 ++++++++++++++- 4 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 packages/@aws-cdk/cloudformation-include/test/test-templates/fn-select-with-novalue.json diff --git a/packages/@aws-cdk/cloudformation-include/test/test-templates/fn-select-with-novalue.json b/packages/@aws-cdk/cloudformation-include/test/test-templates/fn-select-with-novalue.json new file mode 100644 index 0000000000000..861387e330ee7 --- /dev/null +++ b/packages/@aws-cdk/cloudformation-include/test/test-templates/fn-select-with-novalue.json @@ -0,0 +1,23 @@ +{ + "Parameters": { + "DoIt": { + "Type": "String" + } + }, + "Conditions": { + "MyCondition": { + "Fn::Equals": [{ "Ref": "DoIt" }, "Yes"] + } + }, + "Resources": { + "Bucket": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketName": { "Fn::Select": [0, [ + { "Fn::If": ["MyCondition", "doing-it", { "Ref": "AWS::NoValue" }] }, + "not-doingit" + ]]} + } + } + } +} diff --git a/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts b/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts index 65cd7e981cc81..eec714ac5d7d6 100644 --- a/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts +++ b/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts @@ -1081,6 +1081,14 @@ describe('CDK Include', () => { loadTestFileToJsObject('properties-not-in-cfn-spec.json'), ); }); + + test('roundtrip a fn-select with a fn-if/ref-novalue in it', () => { + includeTestTemplate(stack, 'fn-select-with-novalue.json'); + + Template.fromStack(stack).templateMatches( + loadTestFileToJsObject('fn-select-with-novalue.json'), + ); + }); }); interface IncludeTestTemplateProps { diff --git a/packages/@aws-cdk/core/lib/cfn-fn.ts b/packages/@aws-cdk/core/lib/cfn-fn.ts index 3ef1c265654bd..673784e0e2a5b 100644 --- a/packages/@aws-cdk/core/lib/cfn-fn.ts +++ b/packages/@aws-cdk/core/lib/cfn-fn.ts @@ -127,7 +127,7 @@ export class Fn { * @returns a token represented as a string */ public static select(index: number, array: string[]): string { - if (!Token.isUnresolved(array)) { + if (!Token.isUnresolved(index) && !Token.isUnresolved(array) && !array.some(Token.isUnresolved)) { return array[index]; } diff --git a/packages/@aws-cdk/core/test/fn.test.ts b/packages/@aws-cdk/core/test/fn.test.ts index 221a7b6e811a1..343c3e0ea0422 100644 --- a/packages/@aws-cdk/core/test/fn.test.ts +++ b/packages/@aws-cdk/core/test/fn.test.ts @@ -1,6 +1,6 @@ import * as fc from 'fast-check'; import * as _ from 'lodash'; -import { App, CfnOutput, Fn, Stack, Token } from '../lib'; +import { App, Aws, CfnOutput, Fn, Stack, Token } from '../lib'; import { Intrinsic } from '../lib/private/intrinsic'; function asyncTest(cb: () => Promise): () => void { @@ -27,8 +27,24 @@ describe('fn', () => { describe('eager resolution for non-tokens', () => { test('Fn.select', () => { expect(Fn.select(2, ['hello', 'you', 'dude'])).toEqual('dude'); + }); + + test('Fn.select does not short-circuit if there are tokens in the array', () => { + const stack = new Stack(); + expect(stack.resolve(Fn.select(2, [ + Fn.conditionIf('xyz', 'yep', Aws.NO_VALUE).toString(), + 'you', + 'dude', + ]))).toEqual({ + 'Fn::Select': [2, [ + { 'Fn::If': ['xyz', 'yep', { Ref: 'AWS::NoValue' }] }, + 'you', + 'dude', + ]], + }); }); + test('Fn.split', () => { expect(Fn.split(':', 'hello:world:yeah')).toEqual(['hello', 'world', 'yeah']); From 77a5fa1f0ecc2dcaa270212c8d61479f9a1c8ccd Mon Sep 17 00:00:00 2001 From: Peter Woodworth <44349620+peterwoodworth@users.noreply.github.com> Date: Fri, 1 Apr 2022 14:01:44 -0700 Subject: [PATCH 42/59] chore: use pat token for pr triage (#19727) ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/workflows/issue-label-assign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index b38072a275697..e581de6146a03 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -48,7 +48,7 @@ jobs: steps: - uses: aws-github-ops/aws-issue-triage-manager@main with: - github-token: "${{ secrets.GITHUB_TOKEN }}" + github-token: "${{ secrets.PROJEN_GITHUB_TOKEN }}" target: "pull-requests" area-is-keyword: true default-area: > From 91850423db97e7fa244d125a115477fa007a12a0 Mon Sep 17 00:00:00 2001 From: Mina Asham Date: Sat, 2 Apr 2022 01:14:41 +0100 Subject: [PATCH 43/59] fix(codedeploy): add name validation for Application, Deployment Group and Deployment Configuration (#19473) - Naming rules from: https://docs.aws.amazon.com/codedeploy/latest/userguide/limits.html ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](../CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](../CONTRIBUTING.md/#adding-new-unconventional-dependencies) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-codedeploy/lib/ecs/application.ts | 6 ++++- .../aws-codedeploy/lib/lambda/application.ts | 6 ++++- .../lib/lambda/custom-deployment-config.ts | 6 ++++- .../lib/lambda/deployment-group.ts | 6 ++++- .../aws-codedeploy/lib/server/application.ts | 6 ++++- .../lib/server/deployment-config.ts | 6 ++++- .../lib/server/deployment-group.ts | 6 ++++- packages/@aws-cdk/aws-codedeploy/lib/utils.ts | 17 +++++++++++- .../test/ecs/application.test.ts | 20 ++++++++++++++ .../test/lambda/application.test.ts | 20 ++++++++++++++ .../lambda/custom-deployment-config.test.ts | 26 +++++++++++++++++++ .../test/lambda/deployment-group.test.ts | 24 +++++++++++++++++ .../test/server/deployment-config.test.ts | 22 ++++++++++++++++ .../test/server/deployment-group.test.ts | 21 +++++++++++++++ 14 files changed, 184 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts index dc136abb87ee4..77ef2af9c416c 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts @@ -1,7 +1,7 @@ import { ArnFormat, IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnApplication } from '../codedeploy.generated'; -import { arnForApplication } from '../utils'; +import { arnForApplication, validateName } from '../utils'; /** * Represents a reference to a CodeDeploy Application deploying to Amazon ECS. @@ -77,4 +77,8 @@ export class EcsApplication extends Resource implements IEcsApplication { arnFormat: ArnFormat.COLON_RESOURCE_NAME, }); } + + protected validate(): string[] { + return validateName('Application', this.physicalName); + } } diff --git a/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts b/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts index 03449cf00b229..321fb50ca0689 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts @@ -1,7 +1,7 @@ import { ArnFormat, IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnApplication } from '../codedeploy.generated'; -import { arnForApplication } from '../utils'; +import { arnForApplication, validateName } from '../utils'; /** * Represents a reference to a CodeDeploy Application deploying to AWS Lambda. @@ -77,4 +77,8 @@ export class LambdaApplication extends Resource implements ILambdaApplication { arnFormat: ArnFormat.COLON_RESOURCE_NAME, }); } + + protected validate(): string[] { + return validateName('Application', this.physicalName); + } } diff --git a/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts b/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts index 55077fe93f273..85d20d77d942a 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts @@ -1,7 +1,7 @@ import { Duration, Names, Resource } from '@aws-cdk/core'; import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from '@aws-cdk/custom-resources'; import { Construct } from 'constructs'; -import { arnForDeploymentConfig } from '../utils'; +import { arnForDeploymentConfig, validateName } from '../utils'; import { ILambdaDeploymentConfig } from './deployment-config'; /** @@ -143,6 +143,10 @@ export class CustomLambdaDeploymentConfig extends Resource implements ILambdaDep }); } + protected validate(): string[] { + return validateName('Deployment config', this.deploymentConfigName); + } + // Validate the inputs. The percentage/interval limits come from CodeDeploy private validateParameters(props: CustomLambdaDeploymentConfigProps): void { if ( !(1 <= props.percentage && props.percentage <= 99) ) { diff --git a/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts index 2449ff87f31fd..3f009d93a9477 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts @@ -5,7 +5,7 @@ import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnDeploymentGroup } from '../codedeploy.generated'; import { AutoRollbackConfig } from '../rollback-config'; -import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration } from '../utils'; +import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration, validateName } from '../utils'; import { ILambdaApplication, LambdaApplication } from './application'; import { ILambdaDeploymentConfig, LambdaDeploymentConfig } from './deployment-config'; @@ -254,6 +254,10 @@ export class LambdaDeploymentGroup extends cdk.Resource implements ILambdaDeploy actions: ['codedeploy:PutLifecycleEventHookExecutionStatus'], }); } + + protected validate(): string[] { + return validateName('Deployment group', this.physicalName); + } } /** diff --git a/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts b/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts index b6f7324ef5985..fd596ca3bb0fb 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts @@ -1,7 +1,7 @@ import { ArnFormat, IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnApplication } from '../codedeploy.generated'; -import { arnForApplication } from '../utils'; +import { arnForApplication, validateName } from '../utils'; /** * Represents a reference to a CodeDeploy Application deploying to EC2/on-premise instances. @@ -78,4 +78,8 @@ export class ServerApplication extends Resource implements IServerApplication { arnFormat: ArnFormat.COLON_RESOURCE_NAME, }); } + + protected validate(): string[] { + return validateName('Application', this.physicalName); + } } diff --git a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts index 058fad91341ad..18239217472c1 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts @@ -1,7 +1,7 @@ import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnDeploymentConfig } from '../codedeploy.generated'; -import { arnForDeploymentConfig } from '../utils'; +import { arnForDeploymentConfig, validateName } from '../utils'; /** * The Deployment Configuration of an EC2/on-premise Deployment Group. @@ -119,6 +119,10 @@ export class ServerDeploymentConfig extends cdk.Resource implements IServerDeplo this.deploymentConfigName = resource.ref; this.deploymentConfigArn = arnForDeploymentConfig(this.deploymentConfigName); } + + protected validate(): string[] { + return validateName('Deployment config', this.physicalName); + } } function deploymentConfig(name: string): IServerDeploymentConfig { diff --git a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts index f4f3cad0774cc..59ec7afa65170 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts @@ -8,7 +8,7 @@ import { ArnFormat } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnDeploymentGroup } from '../codedeploy.generated'; import { AutoRollbackConfig } from '../rollback-config'; -import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration } from '../utils'; +import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration, validateName } from '../utils'; import { IServerApplication, ServerApplication } from './application'; import { IServerDeploymentConfig, ServerDeploymentConfig } from './deployment-config'; import { LoadBalancer, LoadBalancerGeneration } from './load-balancer'; @@ -341,6 +341,10 @@ export class ServerDeploymentGroup extends ServerDeploymentGroupBase { return this._autoScalingGroups.slice(); } + protected validate(): string[] { + return validateName('Deployment group', this.physicalName); + } + private addCodeDeployAgentInstallUserData(asg: autoscaling.IAutoScalingGroup): void { if (!this.installAgent) { return; diff --git a/packages/@aws-cdk/aws-codedeploy/lib/utils.ts b/packages/@aws-cdk/aws-codedeploy/lib/utils.ts index 7bdf6bc9162da..6c5381b0de96b 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/utils.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/utils.ts @@ -1,5 +1,5 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; -import { Aws } from '@aws-cdk/core'; +import { Aws, Token } from '@aws-cdk/core'; import { CfnDeploymentGroup } from './codedeploy.generated'; import { AutoRollbackConfig } from './rollback-config'; @@ -65,3 +65,18 @@ CfnDeploymentGroup.AutoRollbackConfigurationProperty | undefined { } : undefined; } + +export function validateName(type: 'Application' | 'Deployment group' | 'Deployment config', name: string): string[] { + const ret = []; + + if (!Token.isUnresolved(name) && name !== undefined) { + if (name.length > 100) { + ret.push(`${type} name: "${name}" can be a max of 100 characters.`); + } + if (!/^[a-z0-9._+=,@-]+$/i.test(name)) { + ret.push(`${type} name: "${name}" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).`); + } + } + + return ret; +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts index ec130559aaff8..a5661c3538f14 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts @@ -23,4 +23,24 @@ describe('CodeDeploy ECS Application', () => { ComputePlatform: 'ECS', }); }); + + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.EcsApplication(stack, 'MyApp', { + applicationName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Application name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.EcsApplication(stack, 'MyApp', { + applicationName: 'my name', + }); + + expect(() => app.synth()).toThrow('Application name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); }); diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts index 6ccbd816935ba..4b870c53c0e1d 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts @@ -21,4 +21,24 @@ describe('CodeDeploy Lambda Application', () => { ComputePlatform: 'Lambda', }); }); + + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.LambdaApplication(stack, 'MyApp', { + applicationName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Application name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.LambdaApplication(stack, 'MyApp', { + applicationName: 'my name', + }); + + expect(() => app.synth()).toThrow('Application name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); }); diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts index 7755402502857..618479726a3f2 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts @@ -97,6 +97,32 @@ test('custom resource created with specific name', () => { }); }); +test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stackWithApp = new cdk.Stack(app); + new codedeploy.CustomLambdaDeploymentConfig(stackWithApp, 'CustomConfig', { + type: codedeploy.CustomLambdaDeploymentConfigType.CANARY, + interval: cdk.Duration.minutes(1), + percentage: 5, + deploymentConfigName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment config name: "${'a'.repeat(101)}" can be a max of 100 characters.`); +}); + +test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stackWithApp = new cdk.Stack(app); + new codedeploy.CustomLambdaDeploymentConfig(stackWithApp, 'CustomConfig', { + type: codedeploy.CustomLambdaDeploymentConfigType.CANARY, + interval: cdk.Duration.minutes(1), + percentage: 5, + deploymentConfigName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment config name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); +}); + test('can create linear custom config', () => { // WHEN const config = new codedeploy.CustomLambdaDeploymentConfig(stack, 'CustomConfig', { diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts index c6ecfde1ae2de..396f61a3999ae 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts @@ -132,6 +132,30 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { }); }); + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + const alias = mockAlias(stack); + new codedeploy.LambdaDeploymentGroup(stack, 'MyDG', { + alias, + deploymentGroupName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment group name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + const alias = mockAlias(stack); + new codedeploy.LambdaDeploymentGroup(stack, 'MyDG', { + alias, + deploymentGroupName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment group name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); + test('can be created with explicit role', () => { const stack = new cdk.Stack(); const application = new codedeploy.LambdaApplication(stack, 'MyApp'); diff --git a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts index 52652e8024b28..8523518c68a34 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts @@ -42,4 +42,26 @@ describe('CodeDeploy DeploymentConfig', () => { expect(deploymentConfig).not.toEqual(undefined); }); + + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentConfig(stack, 'DeploymentConfig', { + minimumHealthyHosts: codedeploy.MinimumHealthyHosts.percentage(75), + deploymentConfigName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment config name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentConfig(stack, 'DeploymentConfig', { + minimumHealthyHosts: codedeploy.MinimumHealthyHosts.percentage(75), + deploymentConfigName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment config name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); }); diff --git a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts index 43acaadc3e7fc..c01a8ae8ef34d 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts @@ -437,4 +437,25 @@ describe('CodeDeploy Server Deployment Group', () => { }); }); + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentGroup(stack, 'MyDG', { + deploymentGroupName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment group name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentGroup(stack, 'MyDG', { + + deploymentGroupName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment group name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); + }); From 7c752e066082749a3083fa1dae2b8fc4a5774940 Mon Sep 17 00:00:00 2001 From: Peter Woodworth <44349620+peterwoodworth@users.noreply.github.com> Date: Fri, 1 Apr 2022 18:00:29 -0700 Subject: [PATCH 44/59] chore: don't run triage action on PR source (#19731) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit currently failing on the source run. This is unnecessary to have anyway (goofed up and got source and target mixed up initially on the first commit 🙈) ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/workflows/issue-label-assign.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index e581de6146a03..723dcca374661 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -2,8 +2,6 @@ name: "Set Issue Label and Assignee" on: issues: types: [opened, edited] - pull_request: - types: [opened] pull_request_target: types: [opened] From 7e9a43dcad55645a8e816e39af54feeb04d7a8cf Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Sat, 2 Apr 2022 10:14:42 -0700 Subject: [PATCH 45/59] fix(codedeploy): the Service Principal is wrong in isolated regions (#19729) Turns out, the Service Principal for CodeDeploy in the isolated regions is not regional like in all other regions, but rather universal (`codedeploy.amazonaws.com`). Fixes #19399 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/lambda/deployment-group.test.ts | 27 ++++++++++++++++++- packages/@aws-cdk/aws-iam/lib/principals.ts | 10 ++----- .../@aws-cdk/region-info/lib/aws-entities.ts | 11 -------- packages/@aws-cdk/region-info/lib/default.ts | 11 ++++---- packages/@aws-cdk/region-info/lib/fact.ts | 2 +- .../__snapshots__/region-info.test.js.snap | 6 ++--- 6 files changed, 38 insertions(+), 29 deletions(-) diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts index 396f61a3999ae..5dbd5c98258ab 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts @@ -115,7 +115,6 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { }); }); - test('can be created with explicit name', () => { const stack = new cdk.Stack(); const application = new codedeploy.LambdaApplication(stack, 'MyApp'); @@ -589,6 +588,32 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { }, }); }); + + test('uses the correct Service Principal in the us-isob-east-1 region', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'CodeDeployLambdaStack', { + env: { region: 'us-isob-east-1' }, + }); + const alias = mockAlias(stack); + new codedeploy.LambdaDeploymentGroup(stack, 'MyDG', { + alias, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'codedeploy.amazonaws.com', + }, + }, + ], + Version: '2012-10-17', + }, + }); + }); }); describe('imported with fromLambdaDeploymentGroupAttributes', () => { diff --git a/packages/@aws-cdk/aws-iam/lib/principals.ts b/packages/@aws-cdk/aws-iam/lib/principals.ts index aecd493192142..a52e8d1e0dda2 100644 --- a/packages/@aws-cdk/aws-iam/lib/principals.ts +++ b/packages/@aws-cdk/aws-iam/lib/principals.ts @@ -767,14 +767,8 @@ class ServicePrincipalToken implements cdk.IResolvable { public resolve(ctx: cdk.IResolveContext) { if (this.opts.region) { // Special case, handle it separately to not break legacy behavior. - return ( - RegionInfo.get(this.opts.region).servicePrincipal(this.service) ?? - Default.servicePrincipal( - this.service, - this.opts.region, - cdk.Aws.URL_SUFFIX, - ) - ); + return RegionInfo.get(this.opts.region).servicePrincipal(this.service) ?? + Default.servicePrincipal(this.service, this.opts.region, cdk.Aws.URL_SUFFIX); } const stack = cdk.Stack.of(ctx.scope); diff --git a/packages/@aws-cdk/region-info/lib/aws-entities.ts b/packages/@aws-cdk/region-info/lib/aws-entities.ts index 9c14e89605607..0c28399449434 100644 --- a/packages/@aws-cdk/region-info/lib/aws-entities.ts +++ b/packages/@aws-cdk/region-info/lib/aws-entities.ts @@ -133,14 +133,3 @@ export function partitionInformation(region: string): Region { } return PARTITION_MAP.default; } - -/** - * Build a lookup map for all regions - */ -export function generateRegionMap(cb: (region: string) => string): Record { - const ret: Record = {}; - for (const region of AWS_REGIONS) { - ret[region] = cb(region); - } - return ret; -} diff --git a/packages/@aws-cdk/region-info/lib/default.ts b/packages/@aws-cdk/region-info/lib/default.ts index e306bd8c1fc25..c4e02d42bca3d 100644 --- a/packages/@aws-cdk/region-info/lib/default.ts +++ b/packages/@aws-cdk/region-info/lib/default.ts @@ -35,10 +35,10 @@ export class Default { } function determineConfiguration(service: string): (service: string, region: string, urlSuffix: string) => string { - function universal(s: string) { return `${s}.amazonaws.com`; }; - function partitional(s: string, _: string, u: string) { return `${s}.${u}`; }; - function regional(s: string, r: string) { return `${s}.${r}.amazonaws.com`; }; - function regionalPartitional(s: string, r: string, u: string) { return `${s}.${r}.${u}`; }; + function universal(s: string) { return `${s}.amazonaws.com`; } + function partitional(s: string, _: string, u: string) { return `${s}.${u}`; } + function regional(s: string, r: string) { return `${s}.${r}.amazonaws.com`; } + function regionalPartitional(s: string, r: string, u: string) { return `${s}.${r}.${u}`; } // Exceptions for Service Principals in us-iso-* const US_ISO_EXCEPTIONS = new Set([ @@ -91,7 +91,8 @@ export class Default { case 'codedeploy': return region.startsWith('cn-') ? regionalPartitional - : regional; + // ...except in the isolated regions, where it's universal + : (region.startsWith('us-iso') ? universal : regional); // Services with a regional AND partitional principal case 'logs': diff --git a/packages/@aws-cdk/region-info/lib/fact.ts b/packages/@aws-cdk/region-info/lib/fact.ts index 9c2831f67d2c6..583a4ac68450f 100644 --- a/packages/@aws-cdk/region-info/lib/fact.ts +++ b/packages/@aws-cdk/region-info/lib/fact.ts @@ -182,7 +182,7 @@ export class FactName { * The `.amazonaws.com` and `.amazonaws.com.cn` domains are stripped from service names, so they are * canonicalized in that respect. */ - public static servicePrincipal(service: string) { + public static servicePrincipal(service: string): string { return `service-principal:${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}`; } } diff --git a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap index 678a65fb4ccc3..5a3c0e2683c2c 100644 --- a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap +++ b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap @@ -795,7 +795,7 @@ Object { "servicePrincipals": Object { "application-autoscaling": "application-autoscaling.amazonaws.com", "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-iso-east-1.amazonaws.com", + "codedeploy": "codedeploy.amazonaws.com", "ec2": "ec2.c2s.ic.gov", "events": "events.amazonaws.com", "lambda": "lambda.amazonaws.com", @@ -826,7 +826,7 @@ Object { "servicePrincipals": Object { "application-autoscaling": "application-autoscaling.amazonaws.com", "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-iso-west-1.amazonaws.com", + "codedeploy": "codedeploy.amazonaws.com", "ec2": "ec2.c2s.ic.gov", "events": "events.amazonaws.com", "lambda": "lambda.amazonaws.com", @@ -857,7 +857,7 @@ Object { "servicePrincipals": Object { "application-autoscaling": "application-autoscaling.amazonaws.com", "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-isob-east-1.amazonaws.com", + "codedeploy": "codedeploy.amazonaws.com", "ec2": "ec2.sc2s.sgov.gov", "events": "events.amazonaws.com", "lambda": "lambda.amazonaws.com", From 1ffd45e5aa179aef0622902306701a526f6dfa6c Mon Sep 17 00:00:00 2001 From: Peter Woodworth <44349620+peterwoodworth@users.noreply.github.com> Date: Sat, 2 Apr 2022 10:58:05 -0700 Subject: [PATCH 46/59] feat(core): throw error when stack name exceeds max length (#19725) https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/core/lib/stack.ts | 3 +++ packages/@aws-cdk/core/test/stack.test.ts | 13 +++++++++++++ .../test/codepipeline/codebuild-step.test.ts | 4 ++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/core/lib/stack.ts b/packages/@aws-cdk/core/lib/stack.ts index 4960991a08b26..91410813fa176 100644 --- a/packages/@aws-cdk/core/lib/stack.ts +++ b/packages/@aws-cdk/core/lib/stack.ts @@ -371,6 +371,9 @@ export class Stack extends CoreConstruct implements ITaggable { } this._stackName = props.stackName ?? this.generateStackName(); + if (this._stackName.length > 128) { + throw new Error(`Stack name must be <= 128 characters. Stack name: '${this._stackName}'`); + } this.tags = new TagManager(TagType.KEY_VALUE, 'aws:cdk:stack', props.tags); if (!VALID_STACK_NAME_REGEX.test(this.stackName)) { diff --git a/packages/@aws-cdk/core/test/stack.test.ts b/packages/@aws-cdk/core/test/stack.test.ts index e41796bccb624..d55352601503b 100644 --- a/packages/@aws-cdk/core/test/stack.test.ts +++ b/packages/@aws-cdk/core/test/stack.test.ts @@ -20,6 +20,19 @@ describe('stack', () => { expect(toCloudFormation(stack)).toEqual({ }); }); + test('stack name cannot exceed 128 characters', () => { + // GIVEN + const app = new App({}); + const reallyLongStackName = 'LookAtMyReallyLongStackNameThisStackNameIsLongerThan128CharactersThatIsNutsIDontThinkThereIsEnoughAWSAvailableToLetEveryoneHaveStackNamesThisLong'; + + // THEN + expect(() => { + new Stack(app, 'MyStack', { + stackName: reallyLongStackName, + }); + }).toThrow(`Stack name must be <= 128 characters. Stack name: '${reallyLongStackName}'`); + }); + test('stack objects have some template-level propeties, such as Description, Version, Transform', () => { const stack = new Stack(); stack.templateOptions.templateFormatVersion = 'MyTemplateVersion'; diff --git a/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts b/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts index 5b9538a5a4d00..a48b41ce1d6c6 100644 --- a/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts +++ b/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts @@ -125,8 +125,8 @@ test('timeout from defaults can be overridden', () => { test('envFromOutputs works even with very long stage and stack names', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const myApp = new AppWithOutput(app, 'Alpha'.repeat(20), { - stackId: 'Stack'.repeat(20), + const myApp = new AppWithOutput(app, 'Alpha'.repeat(10), { + stackId: 'Stack'.repeat(10), }); pipeline.addStage(myApp, { From 5fadacc57edc3fab9e4402532510649263e13ed4 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Sat, 2 Apr 2022 14:42:19 -0400 Subject: [PATCH 47/59] chore(s3-objectlambda): fix broken integration tests (#19697) ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-s3objectlambda/test/integ.s3objectlambda.expected.json | 2 -- .../@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts | 2 -- 2 files changed, 4 deletions(-) diff --git a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json index c53bfb57cd719..c134a1411a2cc 100644 --- a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json +++ b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json @@ -160,7 +160,6 @@ "MyObjectLambda17554FEF4": { "Type": "AWS::S3ObjectLambda::AccessPoint", "Properties": { - "Name": "obj-lambda-1", "ObjectLambdaConfiguration": { "AllowedFeatures": [ "GetObject-PartNumber" @@ -203,7 +202,6 @@ "MyObjectLambda2CCBCAAF7": { "Type": "AWS::S3ObjectLambda::AccessPoint", "Properties": { - "Name": "obj-lambda-1", "ObjectLambdaConfiguration": { "AllowedFeatures": [ "GetObject-Range" diff --git a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts index e840de6367479..79173d72d19c5 100644 --- a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts +++ b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts @@ -23,7 +23,6 @@ class TestStack extends cdk.Stack { new AccessPoint(this, 'MyObjectLambda1', { bucket, handler: handler1, - accessPointName: 'obj-lambda-1', cloudWatchMetricsEnabled: true, supportsGetObjectPartNumber: true, }); @@ -31,7 +30,6 @@ class TestStack extends cdk.Stack { new AccessPoint(this, 'MyObjectLambda2', { bucket, handler: handler2, - accessPointName: 'obj-lambda-1', supportsGetObjectRange: true, payload: { foo: 10 }, }); From a298297fabea536d4b2be9dda421c90d3dbd83c9 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Sat, 2 Apr 2022 15:27:53 -0400 Subject: [PATCH 48/59] chore(lambda-event-sources): fix broken integ tests (#19694) ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/integ.dynamodb.expected.json | 6 +- .../test/integ.kinesis.expected.json | 2 +- .../test/integ.s3.expected.json | 194 +++++++++++++++++- .../aws-lambda-event-sources/test/integ.s3.ts | 1 + .../test/integ.sns.expected.json | 2 +- .../test/integ.sqs.expected.json | 2 +- .../test/test-function.ts | 2 +- 7 files changed, 196 insertions(+), 13 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json index 0f3557acedc33..2e84eb9884d4c 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json @@ -79,7 +79,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRoleDefaultPolicy17A19BFA", @@ -99,8 +99,8 @@ "StreamArn" ] }, - "TumblingWindowInSeconds": 60, - "StartingPosition": "TRIM_HORIZON" + "StartingPosition": "TRIM_HORIZON", + "TumblingWindowInSeconds": 60 } }, "TD925BC7E": { diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json index 5f104978fe1a5..06b0531faf617 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json @@ -78,7 +78,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRoleDefaultPolicy17A19BFA", diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json index ab49b4587c182..5732fcfcbaf98 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json @@ -44,12 +44,95 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRole3AC82EE1" ] }, + "B08E7C7AF": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BPolicy3F02723E": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "B08E7C7AF" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "B08E7C7AF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "B08E7C7AF", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BAutoDeleteObjectsCustomResource6224D839": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "B08E7C7AF" + } + }, + "DependsOn": [ + "BPolicy3F02723E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "BNotificationsEB8DA980": { "Type": "Custom::S3BucketNotifications", "Properties": { @@ -93,11 +176,6 @@ "BAllowBucketNotificationsTolambdaeventsources3F741608059EF9F709" ] }, - "B08E7C7AF": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "BAllowBucketNotificationsTolambdaeventsources3F741608059EF9F709": { "Type": "AWS::Lambda::Permission", "Properties": { @@ -120,6 +198,96 @@ } } }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "B08E7C7AF" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": { "Type": "AWS::IAM::Role", "Properties": { @@ -194,5 +362,19 @@ "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" ] } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + } } } diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts index 549ad9963d8cc..1e1d7f30bec7e 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts @@ -10,6 +10,7 @@ class S3EventSourceTest extends cdk.Stack { const fn = new TestFunction(this, 'F'); const bucket = new s3.Bucket(this, 'B', { removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, }); fn.addEventSource(new S3EventSource(bucket, { diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json index 9a9c44e67d95f..9d9c012de88e1 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRole3AC82EE1" diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json index 7ae40ae9f962c..8b5379b239c98 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json @@ -76,7 +76,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRoleDefaultPolicy17A19BFA", diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts index f5ef254ed6eb2..594ac9b8a76c4 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts @@ -6,7 +6,7 @@ export class TestFunction extends lambda.Function { super(scope, id, { handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); } } From 2d80813e9793314cc6790d33cf8e2611509f74e7 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Sat, 2 Apr 2022 16:13:03 -0400 Subject: [PATCH 49/59] chore(elbv2): fix broken integration tests (#19693) Target group was being created before the subnet so the IP address had not been allocated. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/integ.alb.dualstack.expected.json | 46 +++++++++++++--- .../test/integ.alb.dualstack.ts | 46 ++++++++-------- .../test/integ.alb.expected.json | 54 ++++++++++++++----- .../test/integ.alb.ts | 8 ++- .../test/integ.alb2.expected.json | 40 +++++++++++--- .../test/integ.alb2.ts | 5 ++ 6 files changed, 151 insertions(+), 48 deletions(-) diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json index 780859bd7f314..7e04edcb3bfbf 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "Ipv6CidrBlock": { "Fn::Select": [ 0, @@ -152,11 +152,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "Ipv6CidrBlock": { "Fn::Select": [ 1, @@ -286,11 +286,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -348,11 +348,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -537,14 +537,30 @@ ], "Targets": [ { - "Id": "10.0.128.4" + "Id": "10.0.128.6" } ], "TargetType": "ip", "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1IPv6DefaultFD18367E", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2IPv6DefaultDD0476C2", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetGroupA75CCCD9": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", @@ -566,7 +582,23 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1IPv6DefaultFD18367E", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2IPv6DefaultDD0476C2", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetRule91FA260F": { "Type": "AWS::ElasticLoadBalancingV2::ListenerRule", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts index c0db7655b9d86..3fee5de86af5f 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts @@ -42,6 +42,29 @@ const internetGateway = valueOrDie( new Error('Couldnt find an internet gateway'), ); + +const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { + vpc, + ipAddressType: elbv2.IpAddressType.DUAL_STACK, + internetFacing: true, +}); + +const listener = lb.addListener('Listener', { + port: 80, +}); + +const group1 = listener.addTargets('Target', { + port: 80, + targets: [new elbv2.IpTarget('10.0.128.6')], +}); + +const group2 = listener.addTargets('ConditionalTarget', { + priority: 10, + hostHeader: 'example.com', + port: 80, + targets: [new elbv2.IpTarget('10.0.128.5')], +}); + vpc.publicSubnets.forEach((subnet, idx) => { // Add a default ipv6 route to the subnet's route table. const unboxedSubnet = subnet as ec2.Subnet; @@ -71,28 +94,9 @@ vpc.publicSubnets.forEach((subnet, idx) => { // The subnet depends on the ipv6 cidr being allocated. cfnSubnet.addDependsOn(ipv6Block); -}); -const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { - vpc, - ipAddressType: elbv2.IpAddressType.DUAL_STACK, - internetFacing: true, -}); - -const listener = lb.addListener('Listener', { - port: 80, -}); - -const group1 = listener.addTargets('Target', { - port: 80, - targets: [new elbv2.IpTarget('10.0.128.4')], -}); - -const group2 = listener.addTargets('ConditionalTarget', { - priority: 10, - hostHeader: 'example.com', - port: 80, - targets: [new elbv2.IpTarget('10.0.128.5')], + group1.node.addDependency(subnet); + group2.node.addDependency(subnet); }); listener.addAction('action1', { diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json index 56acbde9bb1f1..92cf1bc173cd3 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -212,11 +212,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -274,11 +274,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -454,14 +454,28 @@ ], "Targets": [ { - "Id": "10.0.128.4" + "Id": "10.0.128.6" } ], "TargetType": "ip", "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetGroupA75CCCD9": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", @@ -499,7 +513,21 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetRule91FA260F": { "Type": "AWS::ElasticLoadBalancingV2::ListenerRule", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts index 8643f7b4c1f69..ea17101adc678 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts @@ -21,7 +21,7 @@ const listener = lb.addListener('Listener', { const group1 = listener.addTargets('Target', { port: 80, - targets: [new elbv2.IpTarget('10.0.128.4')], + targets: [new elbv2.IpTarget('10.0.128.6')], stickinessCookieDuration: cdk.Duration.minutes(5), }); @@ -35,6 +35,7 @@ const group2 = listener.addTargets('ConditionalTarget', { slowStart: cdk.Duration.minutes(1), }); + group1.metricTargetResponseTime().createAlarm(stack, 'ResponseTimeHigh1', { threshold: 5, evaluationPeriods: 2, @@ -45,4 +46,9 @@ group2.metricTargetResponseTime().createAlarm(stack, 'ResponseTimeHigh2', { evaluationPeriods: 2, }); +vpc.publicSubnets.forEach(subnet => { + group2.node.addDependency(subnet); + group1.node.addDependency(subnet); +}); + app.synth(); diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json index 9aa4015d15f18..7a66a180ad66b 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -274,11 +274,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -453,7 +453,21 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetGroupA75CCCD9": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", @@ -475,7 +489,21 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetRule91FA260F": { "Type": "AWS::ElasticLoadBalancingV2::ListenerRule", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts index 6f00b7b7b87c9..af5e95258f8d1 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts @@ -49,4 +49,9 @@ group2.metricTargetResponseTime().createAlarm(stack, 'ResponseTimeHigh2', { evaluationPeriods: 2, }); +vpc.publicSubnets.forEach(subnet => { + group2.node.addDependency(subnet); + group1.node.addDependency(subnet); +}); + app.synth(); From 2df6daba2a88c6abaf32f2d16d366d35c305ed45 Mon Sep 17 00:00:00 2001 From: Madeline Kusters <80541297+madeline-k@users.noreply.github.com> Date: Sat, 2 Apr 2022 13:59:05 -0700 Subject: [PATCH 50/59] chore: pull integ test images from ECR public gallery instead of dockerhub (#19674) Dockerhub has pretty low rate limits for docker pull, and sometimes our integration tests fail because we exceed the limit. Switching to pull images from ECR public gallery instead. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/asset-docker-fixture/Dockerfile | 2 +- .../aws-codebuild/test/demo-image/Dockerfile | 2 +- .../test/integ.docker-asset.lit.expected.json | 2 +- .../test/allow-listed-image/Dockerfile | 2 +- .../demo-image-custom-docker-file/Dockerfile | 2 +- .../Dockerfile.Custom | 2 +- .../aws-ecr-assets/test/demo-image/Dockerfile | 2 +- .../test/dockerignore-image/Dockerfile | 2 +- .../aws-ecr-assets/test/image-asset.test.ts | 57 +++++++++---------- .../test/integ.assets-docker.expected.json | 2 +- .../integ.nested-stacks-docker.expected.json | 18 +++--- .../test/demo-image/Dockerfile | 2 +- .../fargate/integ.asset-image.expected.json | 2 +- ...e-processing-fargate-service.expected.json | 2 +- ...ing-fargate-service-isolated.expected.json | 2 +- ...ssing-fargate-service-public.expected.json | 16 +++--- ...queue-processing-fargate-service-public.ts | 2 +- ...e-processing-fargate-service.expected.json | 2 +- ...g.scheduled-fargate-task.lit.expected.json | 2 +- .../test/sqs-reader/Dockerfile | 2 +- .../aws-ecs/test/container-definition.test.ts | 12 ++-- .../aws-ecs/test/demo-image/Dockerfile | 2 +- .../test/ec2/ec2-task-definition.test.ts | 2 +- .../test/ecs/eventhandler-image/Dockerfile | 2 +- .../integ.event-ec2-task.lit.expected.json | 2 +- .../integ.event-fargate-task.expected.json | 2 +- .../test/alpine-markdown/Dockerfile | 2 +- .../test/batch/batchjob-image/Dockerfile | 2 +- .../batch/integ.run-batch-job.expected.json | 2 +- .../test/batch/integ.submit-job.expected.json | 2 +- .../test/ecs/eventhandler-image/Dockerfile | 2 +- .../test/ecs/integ.ec2-run-task.expected.json | 2 +- .../test/ecs/integ.ec2-task.expected.json | 2 +- .../ecs/integ.fargate-run-task.expected.json | 2 +- .../test/ecs/integ.fargate-task.expected.json | 2 +- .../asset-manifest/docker-asset/Dockerfile | 2 +- .../fixtures/assets/docker-asset/Dockerfile | 2 +- .../test/integ/cli/app/docker/Dockerfile | 2 +- .../integ/cli/app/docker/Dockerfile.Custom | 2 +- 39 files changed, 84 insertions(+), 89 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile b/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile index 67fd379018917..931518298c332 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile +++ b/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile @@ -1 +1 @@ -FROM alpine +FROM public.ecr.aws/docker/library/alpine:latest diff --git a/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json index d3c45a9bee054..e11ff97797ce9 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json @@ -146,7 +146,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:4af07cfea2e112710555eb86325bfd4d7d4b97e4fa9f1bf6c053c72f992c7fe5" + "/aws-cdk/assets:73ee9c3cafd103104e2a42ee76961a90a2410d0dcad42110343c5fd85ad6db78" ] ] }, diff --git a/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom +++ b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts b/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts index 7640557032510..002e000c89ef2 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts +++ b/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts @@ -10,7 +10,7 @@ import { DockerImageAsset, NetworkMode } from '../lib'; /* eslint-disable quote-props */ -const DEMO_IMAGE_ASSET_HASH = '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48'; +const DEMO_IMAGE_ASSET_HASH = '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14'; const flags = { [cxapi.DOCKER_IGNORE_SUPPORT]: true }; @@ -29,11 +29,11 @@ describe('image asset', () => { expect(artifact.assets).toEqual([ { repositoryName: 'aws-cdk/assets', - imageTag: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - id: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + imageTag: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + id: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', packaging: 'container-image', - path: 'asset.8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - sourceHash: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + path: 'asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + sourceHash: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', }, ]); @@ -89,29 +89,24 @@ describe('image asset', () => { expect(artifact.template).toEqual({}); expect(artifact.assets).toEqual([ { - 'buildArgs': { - 'a': 'b', - }, - repositoryName: 'aws-cdk/assets', - imageTag: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - id: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + buildArgs: { 'a': 'b' }, + id: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + imageTag: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', packaging: 'container-image', - path: 'asset.8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - sourceHash: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + path: 'asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + repositoryName: 'aws-cdk/assets', + sourceHash: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', }, { - 'buildArgs': { - 'a': 'b', - }, - 'id': 'd4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', - 'imageTag': 'd4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', - 'packaging': 'container-image', - 'path': 'asset.d4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', - 'repositoryName': 'aws-cdk/assets', - 'sourceHash': 'd4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', + buildArgs: { 'a': 'b' }, + id: '7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', + imageTag: '7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', + packaging: 'container-image', + path: 'asset.7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', + repositoryName: 'aws-cdk/assets', + sourceHash: '7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', }, ]); - }); testFutureBehavior('with target', flags, App, (app) => { @@ -355,12 +350,12 @@ describe('image asset', () => { const asset5 = new DockerImageAsset(stack, 'Asset5', { directory, file: 'Dockerfile.Custom', target: 'NonDefaultTarget' }); const asset6 = new DockerImageAsset(stack, 'Asset6', { directory, extraHash: 'random-extra' }); - expect(asset1.assetHash).toEqual('365b5d951fc5f725f78093a07e3e1cc7819b4cbe582ca71a4c344752c23bf409'); - expect(asset2.assetHash).toEqual('9560a36f786f317c5e1abb986b58269b2453ed1cab16c36fd9b76646c837078c'); - expect(asset3.assetHash).toEqual('4f4e16f5b0cfab21be4298a04b20f62f63cd91a649ef4620d6d3c948d29f3cb4'); - expect(asset4.assetHash).toEqual('72b961f96e358b8dad935719cfc2704c3d14a46434871825ac81e3b94caa4853'); - expect(asset5.assetHash).toEqual('c23d34b3a1dac5a80c42e8fa6c88a0ac697eb709a6f36ebdb6e36ee8c75edc75'); - expect(asset6.assetHash).toEqual('7e950a9b08c58d371c1658e04d377c0ec59d89a47fc245a86a50525b36a8949b'); + expect(asset1.assetHash).toEqual('13248c55633f3b198a628bb2ea4663cb5226f8b2801051bd0c725950266fd590'); + expect(asset2.assetHash).toEqual('36bf205fb9adc5e45ba1c8d534158a0aed96d190eff433af1d90f3b94f96e751'); + expect(asset3.assetHash).toEqual('4c85bd70e73117b7129c2defbe6dc40a8a3872329f4ddca18d75afa671b38276'); + expect(asset4.assetHash).toEqual('8a91219a7bb0f58b3282dd84acbf4c03c49c765be54ffb7b125be6a50b6c5645'); + expect(asset5.assetHash).toEqual('c02bfba13b2e7e1ff5c778a76e10296b9e8d17f7f8252d097f4170ae04ce0eb4'); + expect(asset6.assetHash).toEqual('3528d6838647a5e9011b0f35aec514d03ad11af05a94653cdcf4dacdbb070a06'); }); @@ -371,8 +366,8 @@ describe('image asset', () => { const asset1 = new DockerImageAsset(stack, 'Asset1', { directory }); const asset2 = new DockerImageAsset(stack, 'Asset2', { directory, repositoryName: 'foo' }); - expect(asset1.assetHash).toEqual('b5d181eb114c889020f9d59961ac4ad5d65f49c571c0aafd5ce2be9464bc2d13'); - expect(asset2.assetHash).toEqual('0b48fa3f7f75365962e6e18f52608ec4e4451f8ecc0b58abdb063c5381569471'); + expect(asset1.assetHash).toEqual('91cd042be26211c28488a6994327fc579e75e355d9d3bf7043fa6a0bc8ad4265'); + expect(asset2.assetHash).toEqual('6a6cab989dda908fa3d132d58f402f714d79858f3c89473f2b050096954e6827'); }); }); diff --git a/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json b/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json index 3f6dd7b36d92e..854d6fab2364f 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json +++ b/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json @@ -70,7 +70,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48" + "/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" ] ] } diff --git a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json index 8860ef52935b1..793deb5240d59 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json +++ b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json @@ -17,7 +17,7 @@ }, "/", { - "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3Bucket74894234" + "Ref": "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3BucketAF5C36E5" }, "/", { @@ -27,7 +27,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856" + "Ref": "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3VersionKeyEB2E48FF" } ] } @@ -40,7 +40,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856" + "Ref": "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3VersionKeyEB2E48FF" } ] } @@ -55,17 +55,17 @@ } }, "Parameters": { - "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3Bucket74894234": { + "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3BucketAF5C36E5": { "Type": "String", - "Description": "S3 bucket for asset \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" + "Description": "S3 bucket for asset \"bd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297\"" }, - "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856": { + "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3VersionKeyEB2E48FF": { "Type": "String", - "Description": "S3 key for asset version \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" + "Description": "S3 key for asset version \"bd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297\"" }, - "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39ArtifactHash4D458F5E": { + "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297ArtifactHashA3886DE7": { "Type": "String", - "Description": "Artifact hash for asset \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" + "Description": "Artifact hash for asset \"bd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json index 01c7cb601a90c..23fcba8794ced 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json @@ -503,7 +503,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48" + "/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json index 8e44e25a0c5ac..bd451b2c94895 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json @@ -460,7 +460,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json index 07eefdc4a2629..b351c625b9a04 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json @@ -769,7 +769,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json index 4994e6d9b015c..be5262a5f25ce 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { + "CidrBlock": "10.0.0.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", - "CidrBlock": "10.0.0.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { + "CidrBlock": "10.0.32.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", - "CidrBlock": "10.0.32.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "VPCPublicSubnet3Subnet631C5E25": { "Type": "AWS::EC2::Subnet", "Properties": { + "CidrBlock": "10.0.64.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", - "CidrBlock": "10.0.64.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -309,11 +309,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { + "CidrBlock": "10.0.96.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", - "CidrBlock": "10.0.96.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -371,11 +371,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { + "CidrBlock": "10.0.128.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", - "CidrBlock": "10.0.128.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -433,11 +433,11 @@ "VPCPrivateSubnet3Subnet3EDCD457": { "Type": "AWS::EC2::Subnet", "Properties": { + "CidrBlock": "10.0.160.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", - "CidrBlock": "10.0.160.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -609,7 +609,7 @@ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ], - "Interval": 5, + "Interval": 6, "Retries": 10, "Timeout": 5 }, @@ -628,7 +628,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts index 495e738d63c38..bc3c9b621309e 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts @@ -16,7 +16,7 @@ new QueueProcessingFargateService(stack, 'PublicQueueService', { assignPublicIp: true, healthCheck: { command: ['CMD-SHELL', 'curl -f http://localhost/ || exit 1'], - interval: Duration.seconds(5), + interval: Duration.seconds(6), retries: 10, }, }); diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json index 1eab7f10bddc6..9746768edf9fe 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json @@ -460,7 +460,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json index 5110af7cc54eb..f0540fcb9044b 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json @@ -293,7 +293,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48" + "/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile b/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile index e6618640549e2..919fabfc3f637 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile +++ b/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 RUN pip3 install boto3 diff --git a/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts index 1aed207c1cdd5..0c428cb23ab84 100644 --- a/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts @@ -1999,7 +1999,7 @@ describe('container definition', () => { { Ref: 'AWS::Region' }, '.', { Ref: 'AWS::URLSuffix' }, - '/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + '/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', ], ], }, @@ -2055,11 +2055,11 @@ describe('container definition', () => { const asm = app.synth(); expect(asm.getStackArtifact(stack.artifactId).assets[0]).toEqual({ repositoryName: 'aws-cdk/assets', - imageTag: '9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', - id: '9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', + imageTag: '8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', + id: '8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', packaging: 'container-image', - path: 'asset.9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', - sourceHash: '9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', + path: 'asset.8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', + sourceHash: '8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', target: 'build-target', file: 'index.py', }); @@ -2078,7 +2078,7 @@ describe('container definition', () => { // THEN expect(stack.resolve(container.imageName)).toEqual({ - 'Fn::Sub': '${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:baa2d6eb2a17c75424df631c8c70ff39f2d5f3bee8b9e1a109ee24ca17300540', + 'Fn::Sub': '${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:aba53d5f05c76afcd7e420dc8cd283ddc31657866bb4ba4ce221e13d8128d92c', }); }); }); diff --git a/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts index 77b1607c13432..fd134d64bbfe6 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts @@ -748,7 +748,7 @@ describe('ec2 task definition', () => { { Ref: 'AWS::URLSuffix', }, - '/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + '/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', ], ], }, diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile b/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json index 444eaab9f6152..a1423b9e05d3a 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json @@ -698,7 +698,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json index 9cd668c41aa03..bcfc4ef7fb064 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json @@ -237,7 +237,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/aws-s3-assets/test/alpine-markdown/Dockerfile b/packages/@aws-cdk/aws-s3-assets/test/alpine-markdown/Dockerfile index fa7a67678bae9..d0ec147b4a786 100644 --- a/packages/@aws-cdk/aws-s3-assets/test/alpine-markdown/Dockerfile +++ b/packages/@aws-cdk/aws-s3-assets/test/alpine-markdown/Dockerfile @@ -1,3 +1,3 @@ -FROM alpine +FROM public.ecr.aws/docker/library/alpine:latest RUN apk add markdown diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json index 94145f863083d..aff74626991ab 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json @@ -869,7 +869,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3691f011ed75cf0fd05152b8fae3d684323da3da9eaf3be68cba18cb9def2562" + "/aws-cdk/assets:8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b" ] ] }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json index 7f48977f12e6c..a722fd182008c 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json @@ -869,7 +869,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3691f011ed75cf0fd05152b8fae3d684323da3da9eaf3be68cba18cb9def2562" + "/aws-cdk/assets:8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b" ] ] }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json index 4dcc2e6776cca..2beaafbdd6e2a 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json @@ -485,7 +485,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json index 558b81faa2897..ed5ada51c4bfa 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json @@ -485,7 +485,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json index ca30cca5b1beb..7cfb1aba285c3 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json @@ -34,7 +34,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json index d6e61df69d806..4c53cf87e2386 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json @@ -34,7 +34,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile b/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile index ceaf18ac05257..9b247ee4463fa 100644 --- a/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile +++ b/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile @@ -1 +1 @@ -FROM ubuntu +FROM public.ecr.aws/docker/library/ubuntu:latest diff --git a/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile b/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile index ceaf18ac05257..9b247ee4463fa 100644 --- a/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile +++ b/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile @@ -1 +1 @@ -FROM ubuntu +FROM public.ecr.aws/docker/library/ubuntu:latest diff --git a/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile b/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile index 2f54902fde481..a7e84d32f529d 100644 --- a/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile +++ b/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile @@ -1,2 +1,2 @@ -FROM alpine +FROM public.ecr.aws/docker/library/alpine:latest diff --git a/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile.Custom b/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile.Custom index 2f54902fde481..a7e84d32f529d 100644 --- a/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile.Custom +++ b/packages/aws-cdk/test/integ/cli/app/docker/Dockerfile.Custom @@ -1,2 +1,2 @@ -FROM alpine +FROM public.ecr.aws/docker/library/alpine:latest From 7fa3bf2e385451171fcaeda388a93602cb12f4d8 Mon Sep 17 00:00:00 2001 From: Neta Nir Date: Sun, 3 Apr 2022 03:51:51 -0700 Subject: [PATCH 51/59] fix(cloudwatch): automatic metric math label cannot be suppressed (#17639) According to CloudWatch [docs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html): > For the Label column of the expression, enter a name that describes what the expression is calculating. If the result of an expression is an array of time series, each of those time series is displayed on the graph with a separate line, with different colors. Immediately under the graph is a legend for each line in the graph. For a single expression that produces multiple time series, the legend captions for those time series are in the format Expression-Label Metric-Label. For example, if the graph includes a metric with a label of Errors and an expression FILL(METRICS(), 0) that has a label of Filled With 0:, one line in the legend would be Filled With 0: Errors. **To have the legend show only the original metric labels, set Expression-Label to be empty.** In the current implementation, if the label is left empty, the expression string is used, which makes the graph cumbersome. In multi widget dashboards where real estate is scarce, it becomes a real issue. See my cats widget before the fix: Screen Shot 2021-11-22 at 5 17 35 PM My cats widget after the fix: Screen Shot 2021-11-22 at 5 20 34 PM ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-cloudwatch/README.md | 37 ++++++++++++++++++- .../@aws-cdk/aws-cloudwatch/lib/metric.ts | 35 +++++++++++++++++- .../aws-cloudwatch/lib/private/rendering.ts | 14 +++++-- .../aws-cloudwatch/test/metric-math.test.ts | 21 +++++++++++ 4 files changed, 100 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudwatch/README.md b/packages/@aws-cdk/aws-cloudwatch/README.md index 8404c6ce9ad7a..af3aaf7c5a765 100644 --- a/packages/@aws-cdk/aws-cloudwatch/README.md +++ b/packages/@aws-cdk/aws-cloudwatch/README.md @@ -104,7 +104,13 @@ graph showing the Average statistic with an aggregation period of 5 minutes: ```ts const cpuUtilization = new cloudwatch.MathExpression({ - expression: "SEARCH('{AWS/EC2,InstanceId} MetricName=\"CPUUtilization\"', 'Average', 300)" + expression: "SEARCH('{AWS/EC2,InstanceId} MetricName=\"CPUUtilization\"', 'Average', 300)", + + // Specifying '' as the label suppresses the default behavior + // of using the expression as metric label. This is especially appropriate + // when using expressions that return multiple time series (like SEARCH() + // or METRICS()), to show the labels of the retrieved metrics only. + label: '', }); ``` @@ -157,6 +163,33 @@ useful when embedding them in graphs, see below). > happen to know the Metric you want to alarm on makes sense as a rate > (`Average`) you can always choose to change the statistic. +### Labels + +Metric labels are displayed in the legend of graphs that include the metrics. + +You can use [dynamic labels](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html) +to show summary information about the displayed time series +in the legend. For example, if you use: + +```ts +declare const fn: lambda.Function; + +const minuteErrorRate = fn.metricErrors({ + statistic: 'sum', + period: Duration.hours(1), + + // Show the maximum hourly error count in the legend + label: '[max: ${MAX}] Lambda failure rate', +}); +``` + +As the metric label, the maximum value in the visible range will +be shown next to the time series name in the graph's legend. + +If the metric is a math expression producing more than one time series, the +maximum will be individually calculated and shown for each time series produce +by the math expression. + ## Alarms Alarms can be created on metrics in one of two ways. Either create an `Alarm` @@ -308,7 +341,7 @@ dashboard.addWidgets(new cloudwatch.GraphWidget({ right: [errorCountMetric.with({ statistic: "average", label: "Error rate", - color: cloudwatch.Color.GREEN + color: cloudwatch.Color.GREEN, })] })); ``` diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts b/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts index 03d9e4fe5ca7d..28868b33d9883 100644 --- a/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts +++ b/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts @@ -75,6 +75,18 @@ export interface CommonMetricOptions { /** * Label for this metric when added to a Graph in a Dashboard + * + * You can use [dynamic labels](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html) + * to show summary information about the entire displayed time series + * in the legend. For example, if you use: + * + * ``` + * [max: ${MAX}] MyMetric + * ``` + * + * As the metric label, the maximum value in the visible range will + * be shown next to the time series name in the graph's legend. + * * @default - No label */ readonly label?: string; @@ -127,7 +139,28 @@ export interface MetricOptions extends CommonMetricOptions { */ export interface MathExpressionOptions { /** - * Label for this metric when added to a Graph in a Dashboard + * Label for this expression when added to a Graph in a Dashboard + * + * If this expression evaluates to more than one time series (for + * example, through the use of `METRICS()` or `SEARCH()` expressions), + * each time series will appear in the graph using a combination of the + * expression label and the individual metric label. Specify the empty + * string (`''`) to suppress the expression label and only keep the + * metric label. + * + * You can use [dynamic labels](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html) + * to show summary information about the displayed time series + * in the legend. For example, if you use: + * + * ``` + * [max: ${MAX}] MyMetric + * ``` + * + * As the metric label, the maximum value in the visible range will + * be shown next to the time series name in the graph's legend. If the + * math expression produces more than one time series, the maximum + * will be shown for each individual time series produce by this + * math expression. * * @default - Expression value is used as label */ diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts b/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts index 9223695a96c67..13a6440f8946c 100644 --- a/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts +++ b/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts @@ -66,11 +66,17 @@ function metricGraphJson(metric: IMetric, yAxis?: string, id?: string) { if (yAxis !== 'left') { options.yAxis = yAxis; } if (id) { options.id = id; } - // If math expressions don't have a label (or an ID), they'll render with an unelegant - // autogenerated id ("metric_alias0"). Our ids may in the future also be autogenerated, - // so if an ME doesn't have a label, use its toString() as the label (renders the expression). if (options.visible !== false && options.expression && !options.label) { - options.label = metric.toString(); + // Label may be '' or undefined. + // + // If undefined, we'll render the expression as the label, to suppress + // the default behavior of CW where it would render the metric + // id as label, which we (inelegantly) generate to be something like "metric_alias0". + // + // For array expressions (returning more than 1 TS) users may sometimes want to + // suppress the label completely. For those cases, we'll accept the empty string, + // and not render a label at all. + options.label = options.label === '' ? undefined : metric.toString(); } const renderedOpts = dropUndefined(options); diff --git a/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts b/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts index 5f244f3b11352..d4220f83d1b50 100644 --- a/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts +++ b/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts @@ -145,6 +145,27 @@ describe('Metric Math', () => { ]); + }); + + test('passing an empty string as the label of a MathExpressions does not emit a label', () => { + const graph = new GraphWidget({ + left: [ + new MathExpression({ + expression: 'a + e', + label: '', + usingMetrics: { + a, + }, + }), + ], + }); + + graphMetricsAre(graph, [ + [{ expression: 'a + e' }], + ['Test', 'ACount', { visible: false, id: 'a' }], + ]); + + }); test('can reuse identifiers in MathExpressions if metrics are the same', () => { From 7379c1bc238705a7080da149b4f1e0868bbfa9cf Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 4 Apr 2022 05:45:10 -0400 Subject: [PATCH 52/59] docs(cfnspec): update CloudFormation documentation (#19744) --- .../spec-source/cfn-docs/cfn-docs.json | 192 ++++++++++++++++-- 1 file changed, 171 insertions(+), 21 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 7579ea5532a2f..62df3180e2be1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -10127,18 +10127,60 @@ "attributes": {}, "description": "Provides information that defines an Oracle endpoint. This information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.ConnectionAttrib) and [Extra connection attributes when using Oracle as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Oracle.html#CHAP_Target.Oracle.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .", "properties": { + "AccessAlternateDirectly": "Set this attribute to `false` in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This tells the DMS instance to not access redo logs through any specified path prefix replacement using direct file access.", + "AddSupplementalLogging": "Set this attribute to set up table-level supplemental logging for the Oracle database. This attribute enables PRIMARY KEY supplemental logging on all tables selected for a migration task.\n\nIf you use this option, you still need to enable database-level supplemental logging.", + "AdditionalArchivedLogDestId": "Set this attribute with `ArchivedLogDestId` in a primary/ standby setup. This attribute is useful in the case of a switchover. In this case, AWS DMS needs to know which destination to get archive redo logs from to read changes. This need arises because the previous primary instance is now a standby instance after switchover.\n\nAlthough AWS DMS supports the use of the Oracle `RESETLOGS` option to open the database, never use `RESETLOGS` unless necessary. For additional information about `RESETLOGS` , see [RMAN Data Repair Concepts](https://docs.aws.amazon.com/https://docs.oracle.com/en/database/oracle/oracle-database/19/bradv/rman-data-repair-concepts.html#GUID-1805CCF7-4AF2-482D-B65A-998192F89C2B) in the *Oracle Database Backup and Recovery User's Guide* .", + "AllowSelectNestedTables": "Set this attribute to `true` to enable replication of Oracle tables containing columns that are nested tables or defined types.", + "ArchivedLogDestId": "Specifies the ID of the destination for the archived redo logs. This value should be the same as a number in the dest_id column of the v$archived_log view. If you work with an additional redo log destination, use the `AdditionalArchivedLogDestId` option to specify the additional destination ID. Doing this improves performance by ensuring that the correct logs are accessed from the outset.", + "ArchivedLogsOnly": "When this field is set to `Y` , AWS DMS only accesses the archived redo logs. If the archived redo logs are stored on Oracle ASM only, the AWS DMS user account needs to be granted ASM privileges.", + "AsmPassword": "For an Oracle source endpoint, your Oracle Automatic Storage Management (ASM) password. You can set this value from the `*asm_user_password*` value. You set this value as part of the comma-separated value that you set to the `Password` request parameter when you create the endpoint to access transaction logs using Binary Reader. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "AsmServer": "For an Oracle source endpoint, your ASM server address. You can set this value from the `asm_server` value. You set `asm_server` as part of the extra connection attribute string to access an Oracle server with Binary Reader that uses ASM. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "AsmUser": "For an Oracle source endpoint, your ASM user name. You can set this value from the `asm_user` value. You set `asm_user` as part of the extra connection attribute string to access an Oracle server with Binary Reader that uses ASM. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "CharLengthSemantics": "Specifies whether the length of a character column is in bytes or in characters. To indicate that the character column length is in characters, set this attribute to `CHAR` . Otherwise, the character column length is in bytes.\n\nExample: `charLengthSemantics=CHAR;`", + "DirectPathNoLog": "When set to `true` , this attribute helps to increase the commit rate on the Oracle target database by writing directly to tables and not writing a trail to database logs.", + "DirectPathParallelLoad": "When set to `true` , this attribute specifies a parallel load when `useDirectPathFullLoad` is set to `Y` . This attribute also only applies when you use the AWS DMS parallel load feature. Note that the target table cannot have any constraints or indexes.", + "EnableHomogenousTablespace": "Set this attribute to enable homogenous tablespace replication and create existing tables or indexes under the same tablespace on the target.", + "ExtraArchivedLogDestIds": "Specifies the IDs of one more destinations for one or more archived redo logs. These IDs are the values of the `dest_id` column in the `v$archived_log` view. Use this setting with the `archivedLogDestId` extra connection attribute in a primary-to-single setup or a primary-to-multiple-standby setup.\n\nThis setting is useful in a switchover when you use an Oracle Data Guard database as a source. In this case, AWS DMS needs information about what destination to get archive redo logs from to read changes. AWS DMS needs this because after the switchover the previous primary is a standby instance. For example, in a primary-to-single standby setup you might apply the following settings.\n\n`archivedLogDestId=1; ExtraArchivedLogDestIds=[2]`\n\nIn a primary-to-multiple-standby setup, you might apply the following settings.\n\n`archivedLogDestId=1; ExtraArchivedLogDestIds=[2,3,4]`\n\nAlthough AWS DMS supports the use of the Oracle `RESETLOGS` option to open the database, never use `RESETLOGS` unless it's necessary. For more information about `RESETLOGS` , see [RMAN Data Repair Concepts](https://docs.aws.amazon.com/https://docs.oracle.com/en/database/oracle/oracle-database/19/bradv/rman-data-repair-concepts.html#GUID-1805CCF7-4AF2-482D-B65A-998192F89C2B) in the *Oracle Database Backup and Recovery User's Guide* .", + "FailTasksOnLobTruncation": "When set to `true` , this attribute causes a task to fail if the actual size of an LOB column is greater than the specified `LobMaxSize` .\n\nIf a task is set to limited LOB mode and this option is set to `true` , the task fails instead of truncating the LOB data.", + "NumberDatatypeScale": "Specifies the number scale. You can select a scale up to 38, or you can select FLOAT. By default, the NUMBER data type is converted to precision 38, scale 10.\n\nExample: `numberDataTypeScale=12`", + "OraclePathPrefix": "Set this string attribute to the required value in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This value specifies the default Oracle root used to access the redo logs.", + "ParallelAsmReadThreads": "Set this attribute to change the number of threads that DMS configures to perform a change data capture (CDC) load using Oracle Automatic Storage Management (ASM). You can specify an integer value between 2 (the default) and 8 (the maximum). Use this attribute together with the `readAheadBlocks` attribute.", + "ReadAheadBlocks": "Set this attribute to change the number of read-ahead blocks that DMS configures to perform a change data capture (CDC) load using Oracle Automatic Storage Management (ASM). You can specify an integer value between 1000 (the default) and 200,000 (the maximum).", + "ReadTableSpaceName": "When set to `true` , this attribute supports tablespace replication.", + "ReplacePathPrefix": "Set this attribute to true in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This setting tells DMS instance to replace the default Oracle root with the specified `usePathPrefix` setting to access the redo logs.", + "RetryInterval": "Specifies the number of seconds that the system waits before resending a query.\n\nExample: `retryInterval=6;`", "SecretsManagerAccessRoleArn": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` . The role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value of the AWS Secrets Manager secret that allows access to the Oracle endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerSecretId` . Or you can specify clear-text values for `UserName` , `Password` , `ServerName` , and `Port` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerSecret` , the corresponding `SecretsManagerAccessRoleArn` , and the `SecretsManagerSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", "SecretsManagerOracleAsmAccessRoleArn": "Required only if your Oracle endpoint uses Advanced Storage Manager (ASM). The full ARN of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the `SecretsManagerOracleAsmSecret` . This `SecretsManagerOracleAsmSecret` has the secret value that allows access to the Oracle ASM of the endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerOracleAsmSecretId` . Or you can specify clear-text values for `AsmUserName` , `AsmPassword` , and `AsmServerName` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerOracleAsmSecret` , the corresponding `SecretsManagerOracleAsmAccessRoleArn` , and the `SecretsManagerOracleAsmSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", "SecretsManagerOracleAsmSecretId": "Required only if your Oracle endpoint uses Advanced Storage Manager (ASM). The full ARN, partial ARN, or display name of the `SecretsManagerOracleAsmSecret` that contains the Oracle ASM connection details for the Oracle endpoint.", - "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the Oracle endpoint connection details." + "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the Oracle endpoint connection details.", + "SecurityDbEncryption": "For an Oracle source endpoint, the transparent data encryption (TDE) password required by AWM DMS to access Oracle redo logs encrypted by TDE using Binary Reader. It is also the `*TDE_Password*` part of the comma-separated value you set to the `Password` request parameter when you create the endpoint. The `SecurityDbEncryptian` setting is related to this `SecurityDbEncryptionName` setting. For more information, see [Supported encryption methods for using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Encryption) in the *AWS Database Migration Service User Guide* .", + "SecurityDbEncryptionName": "For an Oracle source endpoint, the name of a key used for the transparent data encryption (TDE) of the columns and tablespaces in an Oracle source database that is encrypted using TDE. The key value is the value of the `SecurityDbEncryption` setting. For more information on setting the key name value of `SecurityDbEncryptionName` , see the information and example for setting the `securityDbEncryptionName` extra connection attribute in [Supported encryption methods for using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Encryption) in the *AWS Database Migration Service User Guide* .", + "SpatialDataOptionToGeoJsonFunctionName": "Use this attribute to convert `SDO_GEOMETRY` to `GEOJSON` format. By default, DMS calls the `SDO2GEOJSON` custom function if present and accessible. Or you can create your own custom function that mimics the operation of `SDOGEOJSON` and set `SpatialDataOptionToGeoJsonFunctionName` to call it instead.", + "StandbyDelayTime": "Use this attribute to specify a time in minutes for the delay in standby sync. If the source is an Oracle Active Data Guard standby database, use this attribute to specify the time lag between primary and standby databases.\n\nIn AWS DMS , you can create an Oracle CDC task that uses an Active Data Guard standby instance as a source for replicating ongoing changes. Doing this eliminates the need to connect to an active database that might be in production.", + "UseAlternateFolderForOnline": "Set this attribute to `true` in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This tells the DMS instance to use any specified prefix replacement to access all online redo logs.", + "UseBFile": "Set this attribute to Y to capture change data using the Binary Reader utility. Set `UseLogminerReader` to N to set this attribute to Y. To use Binary Reader with Amazon RDS for Oracle as the source, you set additional attributes. For more information about using this setting with Oracle Automatic Storage Management (ASM), see [Using Oracle LogMiner or AWS DMS Binary Reader for CDC](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC) .", + "UseDirectPathFullLoad": "Set this attribute to Y to have AWS DMS use a direct path full load. Specify this value to use the direct path protocol in the Oracle Call Interface (OCI). By using this OCI protocol, you can bulk-load Oracle target tables during a full load.", + "UseLogminerReader": "Set this attribute to Y to capture change data using the Oracle LogMiner utility (the default). Set this attribute to N if you want to access the redo logs as a binary file. When you set `UseLogminerReader` to N, also set `UseBfile` to Y. For more information on this setting and using Oracle ASM, see [Using Oracle LogMiner or AWS DMS Binary Reader for CDC](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC) in the *AWS DMS User Guide* .", + "UsePathPrefix": "Set this string attribute to the required value in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This value specifies the path prefix used to replace the default Oracle root to access the redo logs." } }, "AWS::DMS::Endpoint.PostgreSqlSettings": { "attributes": {}, "description": "Provides information that defines a PostgreSQL endpoint. This information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using PostgreSQL as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) and [Extra connection attributes when using PostgreSQL as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.PostgreSQL.html#CHAP_Target.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .", "properties": { + "AfterConnectScript": "For use with change data capture (CDC) only, this attribute has AWS DMS bypass foreign keys and user triggers to reduce the time it takes to bulk load data.\n\nExample: `afterConnectScript=SET session_replication_role='replica'`", + "CaptureDdls": "To capture DDL events, AWS DMS creates various artifacts in the PostgreSQL database when the task starts. You can later remove these artifacts.\n\nIf this value is set to `N` , you don't have to create tables or triggers on the source database.", + "DdlArtifactsSchema": "The schema in which the operational DDL database artifacts are created.\n\nExample: `ddlArtifactsSchema=xyzddlschema;`", + "ExecuteTimeout": "Sets the client statement timeout for the PostgreSQL instance, in seconds. The default value is 60 seconds.\n\nExample: `executeTimeout=100;`", + "FailTasksOnLobTruncation": "When set to `true` , this value causes a task to fail if the actual size of a LOB column is greater than the specified `LobMaxSize` .\n\nIf task is set to Limited LOB mode and this option is set to true, the task fails instead of truncating the LOB data.", + "HeartbeatEnable": "The write-ahead log (WAL) heartbeat feature mimics a dummy transaction. By doing this, it prevents idle logical replication slots from holding onto old WAL logs, which can result in storage full situations on the source. This heartbeat keeps `restart_lsn` moving and prevents storage full scenarios.", + "HeartbeatFrequency": "Sets the WAL heartbeat frequency (in minutes).", + "HeartbeatSchema": "Sets the schema in which the heartbeat artifacts are created.", + "MaxFileSize": "Specifies the maximum size (in KB) of any .csv file used to transfer data to PostgreSQL.\n\nExample: `maxFileSize=512`", + "PluginName": "Specifies the plugin to use to create a replication slot.", "SecretsManagerAccessRoleArn": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` . The role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value of the AWS Secrets Manager secret that allows access to the PostgreSQL endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerSecretId` . Or you can specify clear-text values for `UserName` , `Password` , `ServerName` , and `Port` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerSecret` , the corresponding `SecretsManagerAccessRoleArn` , and the `SecretsManagerSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", - "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the PostgreSQL endpoint connection details." + "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the PostgreSQL endpoint connection details.", + "SlotName": "Sets the name of a previously created logical replication slot for a change data capture (CDC) load of the PostgreSQL source instance.\n\nWhen used with the `CdcStartPosition` request parameter for the AWS DMS API , this attribute also makes it possible to use native CDC start points. DMS verifies that the specified logical replication slot exists before starting the CDC load task. It also verifies that the task was created with a valid setting of `CdcStartPosition` . If the specified slot doesn't exist or the task doesn't have a valid `CdcStartPosition` setting, DMS raises an error.\n\nFor more information about setting the `CdcStartPosition` request parameter, see [Determining a CDC native start point](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Task.CDC.html#CHAP_Task.CDC.StartPoint.Native) in the *AWS Database Migration Service User Guide* . For more information about using `CdcStartPosition` , see [CreateReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_CreateReplicationTask.html) , [StartReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_StartReplicationTask.html) , and [ModifyReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_ModifyReplicationTask.html) ." } }, "AWS::DMS::Endpoint.RedisSettings": { @@ -14777,6 +14819,13 @@ "Type": "The name of the log type." } }, + "AWS::EKS::Cluster.Provider": { + "attributes": {}, + "description": "Identifies the AWS Key Management Service ( AWS KMS ) key used to encrypt the secrets.", + "properties": { + "KeyArn": "Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key. For more information, see [Allowing Users in Other Accounts to Use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *AWS Key Management Service Developer Guide* ." + } + }, "AWS::EKS::Cluster.ResourcesVpcConfig": { "attributes": {}, "description": "An object representing the VPC configuration to use for an Amazon EKS cluster.\n\n> When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them:\n> \n> - `EndpointPublicAccess`\n> - `EndpointPrivateAccess`\n> - `PublicAccessCidrs`", @@ -16809,6 +16858,68 @@ "Value": "The value associated with the key for the query string parameter." } }, + "AWS::Events::Endpoint": { + "attributes": { + "Arn": "", + "EndpointId": "", + "EndpointUrl": "", + "Ref": "", + "State": "", + "StateReason": "" + }, + "description": "", + "properties": { + "Description": "", + "EventBuses": "", + "Name": "", + "ReplicationConfig": "", + "RoleArn": "", + "RoutingConfig": "" + } + }, + "AWS::Events::Endpoint.EndpointEventBus": { + "attributes": {}, + "description": "", + "properties": { + "EventBusArn": "" + } + }, + "AWS::Events::Endpoint.FailoverConfig": { + "attributes": {}, + "description": "", + "properties": { + "Primary": "", + "Secondary": "" + } + }, + "AWS::Events::Endpoint.Primary": { + "attributes": {}, + "description": "", + "properties": { + "HealthCheck": "" + } + }, + "AWS::Events::Endpoint.ReplicationConfig": { + "attributes": {}, + "description": "", + "properties": { + "State": "" + } + }, + "AWS::Events::Endpoint.RoutingConfig": { + "attributes": {}, + "description": "", + "properties": { + "FailoverConfig": "" + } + }, + "AWS::Events::Endpoint.Secondary": { + "attributes": {}, + "description": "", + "properties": { + "Route": "" + } + }, "AWS::Events::EventBus": { "attributes": { "Arn": "The ARN of the event bus, such as `arn:aws:events:us-east-2:123456789012:event-bus/aws.partner/PartnerName/acct1/repo1` .", @@ -20571,7 +20682,7 @@ }, "description": "Creates a new container recipe. Container recipes define how images are configured, tested, and assessed.", "properties": { - "Components": "Components for build and test that are included in the container recipe.", + "Components": "Build and test components that are included in the container recipe. Recipes require a minimum of one build component, and can have a maximum of 20 build and test components in any combination.", "ContainerType": "Specifies the type of container, such as Docker.", "Description": "The description of the container recipe.", "DockerfileTemplateData": "Dockerfiles are text documents that are used to build Docker containers, and ensure that they contain all of the elements required by the application running inside. The template data consists of contextual variables where Image Builder places build information or scripts, based on your container image recipe.", @@ -20754,7 +20865,7 @@ }, "AWS::ImageBuilder::ImageRecipe.AdditionalInstanceConfiguration": { "attributes": {}, - "description": "In addition to your infrastruction configuration, these settings provide an extra layer of control over your build instances. For instances where Image Builder installs the Systems Manager agent, you can choose whether to keep it for the AMI that you create. You can also specify commands to run on launch for all of your build instances.", + "description": "In addition to your infrastructure configuration, these settings provide an extra layer of control over your build instances. You can also specify commands to run on launch for all of your build instances.\n\nImage Builder does not automatically install the Systems Manager agent on Windows instances. If your base image includes the Systems Manager agent, then the AMI that you create will also include the agent. For Linux instances, if the base image does not already include the Systems Manager agent, Image Builder installs it. For Linux instances where Image Builder installs the Systems Manager agent, you can choose whether to keep it for the AMI that you create.", "properties": { "SystemsManagerAgent": "Contains settings for the Systems Manager agent on your build instance.", "UserDataOverride": "Use this property to provide commands or a command script to run when you launch your build instance.\n\nThe userDataOverride property replaces any commands that Image Builder might have added to ensure that Systems Manager is installed on your Linux build instance. If you override the user data, make sure that you add commands to install Systems Manager, if it is not pre-installed on your base image.\n\n> The user data is always base 64 encoded. For example, the following commands are encoded as `IyEvYmluL2Jhc2gKbWtkaXIgLXAgL3Zhci9iYi8KdG91Y2ggL3Zhci$` :\n> \n> *#!/bin/bash*\n> \n> mkdir -p /var/bb/\n> \n> touch /var" @@ -20834,7 +20945,7 @@ "attributes": {}, "description": "The instance metadata options that apply to the HTTP requests that pipeline builds use to launch EC2 build and test instances. For more information about instance metadata options, see [Configure the instance metadata options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html) in the **Amazon EC2 User Guide** for Linux instances, or [Configure the instance metadata options](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/configuring-instance-metadata-options.html) in the **Amazon EC2 Windows Guide** for Windows instances.", "properties": { - "HttpPutResponseHopLimit": "Limit the number of hops that an instance metadata request can traverse to reach its destination.", + "HttpPutResponseHopLimit": "Limit the number of hops that an instance metadata request can traverse to reach its destination. The default is one hop. However, if HTTP tokens are required, container image builds need a minimum of two hops.", "HttpTokens": "Indicates whether a signed token header is required for instance metadata retrieval requests. The values affect the response as follows:\n\n- *required* \u2013 When you retrieve the IAM role credentials, version 2.0 credentials are returned in all cases.\n- *optional* \u2013 You can include a signed token header in your request to retrieve instance metadata, or you can leave it out. If you include it, version 2.0 credentials are returned for the IAM role. Otherwise, version 1.0 credentials are returned.\n\nThe default setting is *optional* ." } }, @@ -23442,7 +23553,7 @@ "description": "The `AWS::KMS::Key` resource specifies a [symmetric or asymmetric](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in AWS Key Management Service ( AWS KMS ).\n\nYou can use the `AWS::KMS::Key` resource to specify a symmetric or asymmetric multi-Region primary key. To specify a replica key, use the [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource. For information about multi-Region keys, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou cannot use the `AWS::KMS::Key` resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) .\n\n> AWS KMS is replacing the term *customer master key (CMK)* with *AWS KMS key* and *KMS key* . The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. \n\nYou can use symmetric KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use symmetric KMS key to encrypt data stored in AWS services that are [integrated with AWS KMS](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration) . For more information, see [What is AWS Key Management Service ?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric `KeySpec` value and a `KeyUsage` value.\n\n> If you change the value of the `KeyUsage` , `KeySpec` , or `MultiRegion` property on an existing KMS key, the existing KMS key is [scheduled for deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) and a new KMS key is created with the specified value.\n> \n> While scheduled for deletion, the existing KMS key becomes unusable. If you don't [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the existing KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. \n\n*Regions*\n\nAWS KMS CloudFormation resources are supported in all Regions in which AWS CloudFormation is supported. However, in the (ap-southeast-3), you cannot use a CloudFormation template to create or manage asymmetric KMS keys or multi-Region KMS keys (primary or replica).", "properties": { "Description": "A description of the KMS key. Use a description that helps you to distinguish this KMS key from others in the account, such as its intended use.", - "EnableKeyRotation": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n\nAWS KMS does not support automatic key rotation on asymmetric KMS keys. For asymmetric KMS keys, omit the `EnableKeyRotation` property or set it to `false` .\n\nWhen you enable automatic rotation, AWS KMS automatically creates new key material for the KMS key 365 days after the enable (or reenable) date and every 365 days thereafter. AWS KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *AWS Key Management Service Developer Guide* .", + "EnableKeyRotation": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n\nAWS KMS supports automatic rotation only for symmetric KMS keys ( `KeySpec` = `SYMMETRIC_DEFAULT` ). Automatic key rotation is *not* supported for asymmetric KMS keys. For asymmetric KMS keys, omit the `EnableKeyRotation` property or set it to `false` .\n\nTo enable automatic key rotation of the key material for a multi-Region KMS key, set `EnableKeyRotation` to `true` on the primary key (created by using `AWS::KMS::Key` ). AWS KMS copies the rotation status to all replica keys when you create them. For details, see [Rotating multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate) in the *AWS Key Management Service Developer Guide* .\n\nWhen you enable automatic rotation, AWS KMS automatically creates new key material for the KMS key one year after the enable date and every year thereafter. AWS KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *AWS Key Management Service Developer Guide* .", "Enabled": "Specifies whether the KMS key is enabled. Disabled KMS keys cannot be used in cryptographic operations.\n\nWhen `Enabled` is `true` , the *key state* of the KMS key is `Enabled` . When `Enabled` is `false` , the key state of the KMS key is `Disabled` . The default value is `true` .\n\nThe actual key state of the KMS key might be affected by actions taken outside of CloudFormation, such as running the [EnableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html) , [DisableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html) , or [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operations.\n\nFor information about the key states of a KMS key, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *AWS Key Management Service Developer Guide* .", "KeyPolicy": "The key policy that authorizes use of the KMS key. The key policy must conform to the following rules.\n\n- The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section of the **AWS Key Management Service Developer Guide** .\n- Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS . When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS . For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *AWS Identity and Access Management User Guide* .\n- The key policy size limit is 32 kilobytes (32768 bytes).\n\nIf you are unsure of which policy to use, consider the *default key policy* . This is the key policy that AWS KMS applies to KMS keys that are created by using the CreateKey API with no specified key policy. It gives the AWS account that owns the key permission to perform all operations on the key. It also allows you write IAM policies to authorize access to the key. For details, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *AWS Key Management Service Developer Guide* .\n\n*Minimum* : `1`\n\n*Maximum* : `32768`", "KeySpec": "Specifies the type of KMS key to create. The default value, `SYMMETRIC_DEFAULT` , creates a KMS key with a 256-bit symmetric key for encryption and decryption. For help choosing a key spec for your KMS key, see [How to choose Your KMS key configuration](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in the *AWS Key Management Service Developer Guide* .\n\nThe `KeySpec` property determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that the KMS key supports. You can't change the `KeySpec` after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [kms:EncryptionAlgorithm](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm) or [kms:Signing Algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) in the *AWS Key Management Service Developer Guide* .\n\n> If you change the `KeySpec` of an existing KMS key, the existing KMS key is scheduled for deletion and a new KMS key is created with the specified `KeySpec` value. While the scheduled deletion is pending, you can't use the existing KMS key. Unless you [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. > [AWS services that are integrated with AWS KMS](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric KMS keys to protect your data. These services do not support asymmetric KMS keys. For help determining whether a KMS key is symmetric or asymmetric, see [Identifying Symmetric and Asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *AWS Key Management Service Developer Guide* . \n\nAWS KMS supports the following key specs for KMS keys:\n\n- Symmetric key (default)\n\n- `SYMMETRIC_DEFAULT` (AES-256-GCM)\n- Asymmetric RSA key pairs\n\n- `RSA_2048`\n- `RSA_3072`\n- `RSA_4096`\n- Asymmetric NIST-recommended elliptic curve key pairs\n\n- `ECC_NIST_P256` (secp256r1)\n- `ECC_NIST_P384` (secp384r1)\n- `ECC_NIST_P521` (secp521r1)\n- Other asymmetric elliptic curve key pairs\n\n- `ECC_SECG_P256K1` (secp256k1), commonly used for cryptocurrencies.", @@ -36626,8 +36737,8 @@ }, "AWS::SageMaker::App": { "attributes": { - "AppArn": "The Amazon Resource Name (ARN) of the App, such as `arn:aws:sagemaker:us-west-2:account-id:app/my-app-name` .", - "Ref": "`Ref` returns the App type, App name, domain ID, and user profile name." + "AppArn": "The Amazon Resource Name (ARN) of the app, such as `arn:aws:sagemaker:us-west-2:account-id:app/my-app-name` .", + "Ref": "`Ref` returns the app type, app name, Domain ID, and user profile name." }, "description": "Creates a running app for the specified UserProfile. Supported apps are `JupyterServer` and `KernelGateway` . This operation is automatically invoked by Amazon SageMaker Studio upon access to the associated Domain, and when new kernel configurations are selected by the user. A user may have multiple Apps active simultaneously.", "properties": { @@ -36886,23 +36997,26 @@ }, "AWS::SageMaker::Domain": { "attributes": { - "DomainArn": "The Amazon Resource Name (ARN) of the domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .", - "DomainId": "The domain ID.", + "DomainArn": "The Amazon Resource Name (ARN) of the Domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .", + "DomainId": "The Domain ID.", "HomeEfsFileSystemId": "The ID of the Amazon Elastic File System (EFS) managed by this Domain.", - "Ref": "`Ref` returns the domain ID, such as `d-xxxxxxxxxxxx` .", + "Ref": "`Ref` returns the Domain ID, such as `d-xxxxxxxxxxxx` .", + "SecurityGroupIdForDomainBoundary": "The ID of the security group that authorizes traffic between the `RSessionGateway` apps and the `RStudioServerPro` app.", "SingleSignOnManagedApplicationInstanceId": "The AWS SSO managed application instance ID.", - "Url": "The URL for the domain." + "Url": "The URL for the Domain." }, "description": "Creates a `Domain` used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.\n\n*EFS storage*\n\nWhen a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.\n\nSageMaker uses the AWS Key Management Service ( AWS KMS) to encrypt the EFS volume attached to the domain with an AWS managed key by default. For more control, you can specify a customer managed key. For more information, see [Protect Data at Rest Using Encryption](https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest.html) .\n\n*VPC configuration*\n\nAll SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you can specify the `AppNetworkAccessType` parameter. `AppNetworkAccessType` corresponds to the network access type that you choose when you onboard to Studio. The following options are available:\n\n- `PublicInternetOnly` - Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.\n- `VpcOnly` - All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway.\n\nWhen internet access is disabled, you won't be able to run a Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.\n\n> NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules in order to launch a SageMaker Studio app successfully. \n\nFor more information, see [Connect SageMaker Studio Notebooks to Resources in a VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html) .", "properties": { "AppNetworkAccessType": "Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly` .\n\n- `PublicInternetOnly` - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access\n- `VpcOnly` - All Studio traffic is through the specified VPC and subnets\n\n*Valid Values* : `PublicInternetOnly | VpcOnly`", - "AuthMode": "The mode of authentication that members use to access the domain.\n\n*Valid Values* : `SSO | IAM`", + "AppSecurityGroupManagement": "The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode. Required when `CreateDomain.AppNetworkAccessType` is `VpcOnly` and `DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn` is provided.", + "AuthMode": "The mode of authentication that members use to access the Domain.\n\n*Valid Values* : `SSO | IAM`", "DefaultUserSettings": "The default user settings.", "DomainName": "The domain name.", - "KmsKeyId": "SageMaker uses AWS KMS to encrypt the EFS volume attached to the domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK.\n\n*Length Constraints* : Maximum length of 2048.\n\n*Pattern* : `.*`", + "DomainSettings": "A collection of settings that apply to the `SageMaker Domain` . These settings are specified through the `CreateDomain` API call.", + "KmsKeyId": "SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK.\n\n*Length Constraints* : Maximum length of 2048.\n\n*Pattern* : `.*`", "SubnetIds": "The VPC subnets that Studio uses for communication.\n\n*Length Constraints* : Maximum length of 32.\n\n*Array members* : Minimum number of 1 item. Maximum number of 16 items.\n\n*Pattern* : `[-0-9a-zA-Z]+`", - "Tags": "Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.\n\nTags that you specify for the Domain are also added to all Apps that are launched in the Domain.\n\n*Array members* : Minimum number of 0 items. Maximum number of 50 items.", - "VpcId": "The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n\n*Length Constraints* : Maximum length of 32.\n\n*Pattern* : `[-0-9a-zA-Z]+`" + "Tags": "Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.\n\nTags that you specify for the Domain are also added to all apps that are launched in the Domain.\n\n*Array members* : Minimum number of 0 items. Maximum number of 50 items.", + "VpcId": "The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.\n\n*Length Constraints* : Maximum length of 32.\n\n*Pattern* : `[-0-9a-zA-Z]+`" } }, "AWS::SageMaker::Domain.CustomImage": { @@ -36914,6 +37028,14 @@ "ImageVersionNumber": "The version number of the CustomImage." } }, + "AWS::SageMaker::Domain.DomainSettings": { + "attributes": {}, + "description": "A collection of settings that apply to the `SageMaker Domain` . These settings are specified through the `CreateDomain` API call.", + "properties": { + "RStudioServerProDomainSettings": "A collection of settings that configure the `RStudioServerPro` Domain-level app.", + "SecurityGroupIds": "The security groups for the Amazon Virtual Private Cloud that the `Domain` uses for communication between Domain-level apps and user apps." + } + }, "AWS::SageMaker::Domain.JupyterServerAppSettings": { "attributes": {}, "description": "The JupyterServer app settings.", @@ -36929,6 +37051,24 @@ "DefaultResourceSpec": "The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app.\n\n> The Amazon SageMaker Studio UI does not use the default instance type value set here. The default instance type set here is used when Apps are created using the AWS Command Line Interface or AWS CloudFormation and the instance type parameter value is not passed." } }, + "AWS::SageMaker::Domain.RStudioServerProAppSettings": { + "attributes": {}, + "description": "A collection of settings that configure user interaction with the `RStudioServerPro` app. `RStudioServerProAppSettings` cannot be updated. The `RStudioServerPro` app must be deleted and a new one created to make any changes.", + "properties": { + "AccessStatus": "Indicates whether the current user has access to the `RStudioServerPro` app.", + "UserGroup": "The level of permissions that the user has within the `RStudioServerPro` app. This value defaults to `User`. The `Admin` value allows the user access to the RStudio Administrative Dashboard." + } + }, + "AWS::SageMaker::Domain.RStudioServerProDomainSettings": { + "attributes": {}, + "description": "A collection of settings that configure the `RStudioServerPro` Domain-level app.", + "properties": { + "DefaultResourceSpec": "A collection that defines the default `InstanceType` , `SageMakerImageArn` , and `SageMakerImageVersionArn` for the Domain.", + "DomainExecutionRoleArn": "The ARN of the execution role for the `RStudioServerPro` Domain-level app.", + "RStudioConnectUrl": "A URL pointing to an RStudio Connect server.", + "RStudioPackageManagerUrl": "A URL pointing to an RStudio Package Manager server." + } + }, "AWS::SageMaker::Domain.ResourceSpec": { "attributes": {}, "description": "Specifies the ARN's of a SageMaker image and SageMaker image version, and the instance type that the version runs on.", @@ -36954,6 +37094,7 @@ "ExecutionRole": "The execution role for the user.", "JupyterServerAppSettings": "The Jupyter server's app settings.", "KernelGatewayAppSettings": "The kernel gateway app settings.", + "RStudioServerProAppSettings": "A collection of settings that configure user interaction with the `RStudioServerPro` app.", "SecurityGroups": "The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n\nOptional when the `CreateDomain.AppNetworkAccessType` parameter is set to `PublicInternetOnly` .\n\nRequired when the `CreateDomain.AppNetworkAccessType` parameter is set to `VpcOnly` .\n\nAmazon SageMaker adds a security group to allow NFS traffic from SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.", "SharingSettings": "Specifies options for sharing SageMaker Studio notebooks." } @@ -37203,7 +37344,7 @@ "Environment": "The environment variables to set in the Docker container. Each key and value in the `Environment` string to string map can have length of up to 1024. We support up to 16 entries in the map.", "Image": "The path where inference code is stored. This can be either in Amazon EC2 Container Registry or in a Docker registry that is accessible from the same VPC that you configure for your endpoint. If you are using your own custom algorithm instead of an algorithm provided by SageMaker, the inference code must meet SageMaker requirements. SageMaker supports both `registry/repository[:tag]` and `registry/repository[@digest]` image path formats. For more information, see [Using Your Own Algorithms with Amazon SageMaker](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms.html)", "ImageConfig": "Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For information about storing containers in a private Docker registry, see [Use a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html)", - "InferenceSpecificationName": "The inference specification name in the model package version.", + "InferenceSpecificationName": "", "Mode": "Whether the container hosts a single model or multiple models.", "ModelDataUrl": "The S3 path where the model artifacts, which result from model training, are stored. This path must point to a single gzip compressed tar archive (.tar.gz suffix). The S3 path is required for SageMaker built-in algorithms, but not if you use your own algorithms. For more information on built-in algorithms, see [Common Parameters](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-algo-docker-registry-paths.html) .\n\n> The model artifacts must be in an S3 bucket that is in the same region as the model or endpoint you are creating. \n\nIf you provide a value for this parameter, SageMaker uses AWS Security Token Service to download model artifacts from the S3 path you provide. AWS STS is activated in your IAM user account by default. If you previously deactivated AWS STS for a region, you need to reactivate AWS STS for that region. For more information, see [Activating and Deactivating AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the *AWS Identity and Access Management User Guide* .\n\n> If you use a built-in algorithm to create a model, SageMaker requires that you provide a S3 path to the model artifacts in `ModelDataUrl` .", "ModelPackageName": "The name or Amazon Resource Name (ARN) of the model package to use to create the model.", @@ -37902,7 +38043,7 @@ }, "description": "The `AWS::SageMaker::Pipeline` resource creates shell scripts that run when you create and/or start a SageMaker Pipeline. For information about SageMaker Pipelines, see [SageMaker Pipelines](https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines.html) in the *Amazon SageMaker Developer Guide* .", "properties": { - "ParallelismConfiguration": "The parallelism configuration applied to the pipeline.", + "ParallelismConfiguration": "", "PipelineDefinition": "The definition of the pipeline. This can be either a JSON string or an Amazon S3 location.", "PipelineDescription": "The description of the pipeline.", "PipelineDisplayName": "The display name of the pipeline.", @@ -37929,7 +38070,7 @@ }, "AWS::SageMaker::UserProfile": { "attributes": { - "Ref": "`Ref` returns the domain ID and the user profile name, such as `d-xxxxxxxxxxxx` and `my-user-profile` , respectively.", + "Ref": "`Ref` returns the Domain ID and the user profile name, such as `d-xxxxxxxxxxxx` and `my-user-profile` , respectively.", "UserProfileArn": "The Amazon Resource Name (ARN) of the user profile, such as `arn:aws:sagemaker:us-west-2:account-id:user-profile/my-user-profile` ." }, "description": "Creates a user profile. A user profile represents a single user within a domain, and is the main way to reference a \"person\" for the purposes of sharing, reporting, and other user-oriented features. This entity is created when a user onboards to Amazon SageMaker Studio. If an administrator invites a person by email or imports them from SSO, a user profile is automatically created. A user profile is the primary holder of settings for an individual user and has a reference to the user's private Amazon Elastic File System (EFS) home directory.", @@ -37937,7 +38078,7 @@ "DomainId": "The domain ID.", "SingleSignOnUserIdentifier": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is SSO, this field is required. If the Domain's AuthMode is not SSO, this field cannot be specified.", "SingleSignOnUserValue": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is SSO, this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO, this field cannot be specified.", - "Tags": "An array of key-value pairs to apply to this resource.\n\nTags that you specify for the User Profile are also added to all Apps that the User Profile launches.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "Tags": "An array of key-value pairs to apply to this resource.\n\nTags that you specify for the User Profile are also added to all apps that the User Profile launches.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", "UserProfileName": "The user profile name.", "UserSettings": "A collection of settings that apply to users of Amazon SageMaker Studio." } @@ -37966,6 +38107,14 @@ "DefaultResourceSpec": "The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app.\n\n> The Amazon SageMaker Studio UI does not use the default instance type value set here. The default instance type set here is used when Apps are created using the AWS Command Line Interface or AWS CloudFormation and the instance type parameter value is not passed." } }, + "AWS::SageMaker::UserProfile.RStudioServerProAppSettings": { + "attributes": {}, + "description": "A collection of settings that configure user interaction with the `RStudioServerPro` app. `RStudioServerProAppSettings` cannot be updated. The `RStudioServerPro` app must be deleted and a new one created to make any changes.", + "properties": { + "AccessStatus": "Indicates whether the current user has access to the `RStudioServerPro` app.", + "UserGroup": "The level of permissions that the user has within the `RStudioServerPro` app. This value defaults to `User`. The `Admin` value allows the user access to the RStudio Administrative Dashboard." + } + }, "AWS::SageMaker::UserProfile.ResourceSpec": { "attributes": {}, "description": "Specifies the ARN's of a SageMaker image and SageMaker image version, and the instance type that the version runs on.", @@ -37991,6 +38140,7 @@ "ExecutionRole": "The execution role for the user.", "JupyterServerAppSettings": "The Jupyter server's app settings.", "KernelGatewayAppSettings": "The kernel gateway app settings.", + "RStudioServerProAppSettings": "A collection of settings that configure user interaction with the `RStudioServerPro` app.", "SecurityGroups": "The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n\nOptional when the `CreateDomain.AppNetworkAccessType` parameter is set to `PublicInternetOnly` .\n\nRequired when the `CreateDomain.AppNetworkAccessType` parameter is set to `VpcOnly` .\n\nAmazon SageMaker adds a security group to allow NFS traffic from SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.", "SharingSettings": "Specifies options for sharing SageMaker Studio notebooks." } @@ -39099,7 +39249,7 @@ "CustomStepDetails": "Details for a step that invokes a lambda function.\n\nConsists of the lambda function name, target, and timeout (in seconds).", "DeleteStepDetails": "Details for a step that deletes the file.", "TagStepDetails": "Details for a step that creates one or more tags.\n\nYou specify one or more tags: each tag contains a key/value pair.", - "Type": "Currently, the following step types are supported.\n\n- *Copy* : copy the file to another location\n- *Custom* : custom step with a lambda target\n- *Delete* : delete the file\n- *Tag* : add a tag to the file" + "Type": "Currently, the following step types are supported.\n\n- *COPY* : copy the file to another location\n- *CUSTOM* : custom step with a lambda target\n- *DELETE* : delete the file\n- *TAG* : add a tag to the file" } }, "AWS::WAF::ByteMatchSet": { From e219355e444f2797e190194edff3fb9e3029b107 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Apr 2022 10:48:47 +0000 Subject: [PATCH 53/59] chore(deps): Bump hmarr/auto-approve-action from 2.1.0 to 2.2.0 (#19746) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [hmarr/auto-approve-action](https://github.com/hmarr/auto-approve-action) from 2.1.0 to 2.2.0.
Release notes

Sourced from hmarr/auto-approve-action's releases.

v2.2.0

Full Changelog: https://github.com/hmarr/auto-approve-action/compare/v2.1.0...v2.2.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hmarr/auto-approve-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/auto-approve.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 1b957f3d539a8..9f9f4ea326ab3 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -12,6 +12,6 @@ jobs: permissions: pull-requests: write steps: - - uses: hmarr/auto-approve-action@v2.1.0 + - uses: hmarr/auto-approve-action@v2.2.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" From cf1c4a379f586f824ec051e54dbe605c7ef00ccc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Apr 2022 11:32:45 +0000 Subject: [PATCH 54/59] chore(deps): Bump awscli from 1.22.82 to 1.22.87 in /packages/@aws-cdk/lambda-layer-awscli (#19747) Bumps [awscli](https://github.com/aws/aws-cli) from 1.22.82 to 1.22.87.
Changelog

Sourced from awscli's changelog.

1.22.87

  • api-change:connect: This release updates these APIs: UpdateInstanceAttribute, DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the specified Amazon Connect instance.

1.22.86

  • api-change:databrew: This AWS Glue Databrew release adds feature to support ORC as an input format.
  • api-change:route53-recovery-cluster: This release adds a new API "ListRoutingControls" to list routing control states using the highly reliable Route 53 ARC data plane endpoints.
  • api-change:pinpoint-sms-voice-v2: Amazon Pinpoint now offers a version 2.0 suite of SMS and voice APIs, providing increased control over sending and configuration. This release is a new SDK for sending SMS and voice messages called PinpointSMSVoiceV2.
  • api-change:cloudcontrol: SDK release for Cloud Control API in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD
  • api-change:workspaces: Added APIs that allow you to customize the logo, login message, and help links in the WorkSpaces client login page. To learn more, visit https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
  • api-change:grafana: This release adds tagging support to the Managed Grafana service. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateWorkspace.
  • api-change:auditmanager: This release adds documentation updates for Audit Manager. The updates provide data deletion guidance when a customer deregisters Audit Manager or deregisters a delegated administrator.

1.22.85

  • api-change:iot-data: Update the default AWS IoT Core Data Plane endpoint from VeriSign signed to ATS signed. If you have firewalls with strict egress rules, configure the rules to grant you access to data-ats.iot.[region].amazonaws.com or data-ats.iot.[region].amazonaws.com.cn.
  • api-change:fms: AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models.
  • api-change:ec2: This release simplifies the auto-recovery configuration process enabling customers to set the recovery behavior to disabled or default
  • api-change:fsx: This release adds support for modifying throughput capacity for FSx for ONTAP file systems.
  • api-change:iot: Doc only update for IoT that fixes customer-reported issues.

1.22.84

  • api-change:organizations: This release provides the new CloseAccount API that enables principals in the management account to close any member account within an organization.

1.22.83

  • api-change:medialive: This release adds support for selecting a maintenance window.
  • api-change:acm-pca: Updating service name entities
Commits
  • af85c6e Merge branch 'release-1.22.87'
  • d727313 Bumping version to 1.22.87
  • 3cc1715 Update changelog based on model updates
  • 6ce979e feat: Standardize issue templates for discussions (#6838)
  • 9f7ada4 Merge branch 'release-1.22.86' into develop
  • 47ee70c Merge branch 'release-1.22.86'
  • 387c9b6 Bumping version to 1.22.86
  • 65e2c2d Update changelog based on model updates
  • 262cc99 Merge branch 'release-1.22.85' into develop
  • cb8d9be Merge branch 'release-1.22.85'
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.22.82&new-version=1.22.87)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt index 1137fa10c7c4b..27dc1d062cd83 100644 --- a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt +++ b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt @@ -1 +1 @@ -awscli==1.22.82 +awscli==1.22.87 From 5a54ff01cdd195a58ca446da21da3aaa1d4c2eec Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Mon, 4 Apr 2022 08:20:22 -0400 Subject: [PATCH 55/59] chore(aws-secretsmanager): fix broken integration tests (#19698) Feature flag must be set for the validation lambda function to work correctly ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-secretsmanager/test/integ.secret-name-parsed.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts index 801077c5c8494..e1cb05390d5a5 100644 --- a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts +++ b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts @@ -2,6 +2,8 @@ import * as path from 'path'; import * as cdk from '@aws-cdk/core'; import * as secretsmanager from '../lib'; +/// !cdk-integ Integ-SecretsManager-ParsedSecretName pragma:set-context:@aws-cdk/aws-secretsmanager:parseOwnedSecretName=true + /** * Creates several secrets, with varying names and IDs, with the parseOwnedSecretName feature flag set, * to verify the secretName returned by `Secret.secretName` matches the `Name` returned by `DescribeSecrets`. @@ -39,6 +41,9 @@ class SecretsManagerStack extends cdk.Stack { } const app = new cdk.App({ + context: { + '@aws-cdk/aws-secretsmanager:parseOwnedSecretName': true, + }, }); new SecretsManagerStack(app, 'Integ-SecretsManager-ParsedSecretName'); app.synth(); From 0afc32c01a5ead76204728a5db90ab43bd98a65a Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Mon, 4 Apr 2022 09:03:47 -0400 Subject: [PATCH 56/59] chore(sfn-tasks): fix broken integ tests (#19724) ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ.call-http-api.expected.json | 2 +- .../test/apigateway/integ.call-http-api.ts | 2 +- .../integ.call-rest-api.expected.json | 2 +- .../test/apigateway/integ.call-rest-api.ts | 2 +- .../test/ecs/integ.ec2-run-task.expected.json | 424 +++++++++++++++++- .../test/ecs/integ.ec2-run-task.ts | 13 +- .../test/ecs/integ.ec2-task.expected.json | 424 +++++++++++++++++- .../test/ecs/integ.ec2-task.ts | 13 +- .../ecs/integ.fargate-run-task.expected.json | 415 ++++++++++++++++- .../test/ecs/integ.fargate-run-task.ts | 14 +- .../test/ecs/integ.fargate-task.expected.json | 415 ++++++++++++++++- .../test/ecs/integ.fargate-task.ts | 14 +- .../test/lambda/integ.invoke.expected.json | 4 +- .../integ.invoke.payload.only.expected.json | 4 +- .../test/lambda/integ.invoke.payload.only.ts | 4 +- .../test/lambda/integ.invoke.ts | 4 +- .../lambda/integ.run-lambda.expected.json | 4 +- .../test/lambda/integ.run-lambda.ts | 4 +- 18 files changed, 1668 insertions(+), 96 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json index 37195febe4b9f..797702369a8cd 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json @@ -135,7 +135,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "HelloHandlerServiceRole11EF7C63" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts index aad59d754950d..0dd2837e82e3f 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts @@ -18,7 +18,7 @@ const stack = new cdk.Stack(app, 'CallHttpApiInteg'); const httpApi = new apigatewayv2.HttpApi(stack, 'MyHttpApi'); const handler = new lambda.Function(stack, 'HelloHandler', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: new lambda.InlineCode('exports.handler = async function(event, context) { return { statusCode: 200, body: "hello, world!" }; };'), }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json index 29b6885931a63..455d8d39bfd62 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json @@ -243,7 +243,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "HelloServiceRole1E55EA16" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts index 7cfe3c85ab12b..0117651011a38 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts @@ -17,7 +17,7 @@ const stack = new cdk.Stack(app, 'CallRestApiInteg'); const restApi = new apigateway.RestApi(stack, 'MyRestApi'); const hello = new apigateway.LambdaIntegration(new lambda.Function(stack, 'Hello', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: new lambda.InlineCode('exports.handler = async function(event, context) { return { statusCode: 200, body: "hello, world!" }; };'), })); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json index 2beaafbdd6e2a..5c8171c47d44c 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json @@ -3,6 +3,361 @@ "Ec2ClusterEE43E89D": { "Type": "AWS::ECS::Cluster" }, + "Ec2ClusterVpc568127F1": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1RouteTableAssociation9C78F646": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + } + } + }, + "Ec2ClusterVpcPublicSubnet1DefaultRouteC7FBE273": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + } + }, + "DependsOn": [ + "Ec2ClusterVpcVPCGW24F3B413" + ] + }, + "Ec2ClusterVpcPublicSubnet1EIPD4B5D142": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + "AllocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet1EIPD4B5D142", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2RouteTable44A09188": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2RouteTableAssociation7615C6B2": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } + } + }, + "Ec2ClusterVpcPublicSubnet2DefaultRouteEBA52256": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + } + }, + "DependsOn": [ + "Ec2ClusterVpcVPCGW24F3B413" + ] + }, + "Ec2ClusterVpcPublicSubnet2EIP921925E6": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + }, + "AllocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet2EIP921925E6", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet1RouteTableAssociation1043DBDA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E" + } + } + }, + "Ec2ClusterVpcPrivateSubnet1DefaultRouteD31A76F0": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet2RouteTableAssociation3AFD70F4": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2DefaultRoute22B3073E": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0" + } + } + }, + "Ec2ClusterVpcIGW605638EB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc" + } + ] + } + }, + "Ec2ClusterVpcVPCGW24F3B413": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "InternetGatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + } + } + }, "Ec2ClusterDefaultAutoScalingGroupInstanceSecurityGroup149B0A9E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -20,7 +375,9 @@ "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/DefaultAutoScalingGroup" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } } }, "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898": { @@ -178,9 +535,12 @@ } ], "VPCZoneIdentifier": [ - "subnet-e19455ca", - "subnet-e0c24797", - "subnet-ccd77395" + { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } ] }, "UpdatePolicy": { @@ -255,7 +615,15 @@ { "Ref": "AWS::Partition" }, - ":autoscaling:test-region:12345678:autoScalingGroup:*:autoScalingGroupName/", + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", { "Ref": "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0" } @@ -481,7 +849,14 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, @@ -496,7 +871,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -564,7 +941,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -607,7 +992,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -776,7 +1172,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts index acaf9436c26ea..c44d5429bb5b1 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts @@ -16,18 +16,9 @@ import * as tasks from '../../lib'; * -- aws stepfunctions describe-execution --execution-arn returns a status of `Succeeded` */ const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-ec2-integ', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-ec2-integ'); -const cluster = new ecs.Cluster(stack, 'Ec2Cluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'Ec2Cluster'); cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new ec2.InstanceType('t2.micro'), vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json index ed5ada51c4bfa..2b9c1c4701151 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json @@ -3,6 +3,361 @@ "FargateCluster7CCD5F93": { "Type": "AWS::ECS::Cluster" }, + "FargateClusterVpc377E8024": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1SubnetB9C24BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTable1D7FA747": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTableAssociation80F1442F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + } + } + }, + "FargateClusterVpcPublicSubnet1DefaultRoute80086690": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet1EIPF91909D0": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1NATGateway5202D86A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet1EIPF91909D0", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2Subnet24C0F9D8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTable1493C5D6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTableAssociation3EFA74DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } + } + }, + "FargateClusterVpcPublicSubnet2DefaultRoute8E847CD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet2EIPBBB24774": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet2EIPBBB24774", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1Subnet9127625F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTableAssociation78F6E213": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet1Subnet9127625F" + } + } + }, + "FargateClusterVpcPrivateSubnet1DefaultRoute0438DCBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet1NATGateway5202D86A" + } + } + }, + "FargateClusterVpcPrivateSubnet2Subnet307CEE57": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTableAssociation3A46964C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet2Subnet307CEE57" + } + } + }, + "FargateClusterVpcPrivateSubnet2DefaultRoute35FDD29D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2" + } + } + }, + "FargateClusterVpcIGW827638CB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcVPCGW38717255": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "InternetGatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + } + }, "FargateClusterDefaultAutoScalingGroupInstanceSecurityGroup42AF8A40": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -20,7 +375,9 @@ "Value": "aws-ecs-integ2/FargateCluster/DefaultAutoScalingGroup" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + } } }, "FargateClusterDefaultAutoScalingGroupInstanceRole0C1F7FF7": { @@ -178,9 +535,12 @@ } ], "VPCZoneIdentifier": [ - "subnet-e19455ca", - "subnet-e0c24797", - "subnet-ccd77395" + { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } ] }, "UpdatePolicy": { @@ -255,7 +615,15 @@ { "Ref": "AWS::Partition" }, - ":autoscaling:test-region:12345678:autoScalingGroup:*:autoScalingGroupName/", + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", { "Ref": "FargateClusterDefaultAutoScalingGroupASG36A4948F" } @@ -481,7 +849,14 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, @@ -496,7 +871,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -564,7 +941,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -607,7 +992,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -668,7 +1064,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts index 3a510c61bf659..e47524f326c2d 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts @@ -6,18 +6,9 @@ import * as cdk from '@aws-cdk/core'; import * as tasks from '../../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-integ2', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-ecs-integ2'); -const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'FargateCluster'); cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new ec2.InstanceType('t2.micro'), vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json index 7cfb1aba285c3..8976862fd9678 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json @@ -3,6 +3,361 @@ "FargateCluster7CCD5F93": { "Type": "AWS::ECS::Cluster" }, + "FargateClusterVpc377E8024": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1SubnetB9C24BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTable1D7FA747": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTableAssociation80F1442F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + } + } + }, + "FargateClusterVpcPublicSubnet1DefaultRoute80086690": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet1EIPF91909D0": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1NATGateway5202D86A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet1EIPF91909D0", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2Subnet24C0F9D8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTable1493C5D6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTableAssociation3EFA74DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } + } + }, + "FargateClusterVpcPublicSubnet2DefaultRoute8E847CD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet2EIPBBB24774": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet2EIPBBB24774", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1Subnet9127625F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTableAssociation78F6E213": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet1Subnet9127625F" + } + } + }, + "FargateClusterVpcPrivateSubnet1DefaultRoute0438DCBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet1NATGateway5202D86A" + } + } + }, + "FargateClusterVpcPrivateSubnet2Subnet307CEE57": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTableAssociation3A46964C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet2Subnet307CEE57" + } + } + }, + "FargateClusterVpcPrivateSubnet2DefaultRoute35FDD29D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2" + } + } + }, + "FargateClusterVpcIGW827638CB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcVPCGW38717255": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "InternetGatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + } + }, "TaskDefTaskRole1EDB4A67": { "Type": "AWS::IAM::Role", "Properties": { @@ -30,7 +385,14 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, @@ -45,7 +407,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -115,7 +479,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -160,7 +532,9 @@ "IpProtocol": "-1" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + } } }, "StateMachineRoleB840431D": { @@ -172,7 +546,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -341,7 +726,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } @@ -381,7 +774,15 @@ "Arn" ] }, - "\",\"TaskDefinition\":\"awssfntasksecsfargateintegTaskDefD0F4AD10\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"subnet-e19455ca\",\"subnet-e0c24797\",\"subnet-ccd77395\"],\"SecurityGroups\":[\"", + "\",\"TaskDefinition\":\"awssfntasksecsfargateintegTaskDefD0F4AD10\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"", + { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "\",\"", + { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "\"],\"SecurityGroups\":[\"", { "Fn::GetAtt": [ "FargateTaskSecurityGroup0BBB27CB", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts index c33a1f59ce90c..e490b69128ba8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts @@ -1,5 +1,4 @@ import * as path from 'path'; -import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecs from '@aws-cdk/aws-ecs'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import * as cdk from '@aws-cdk/core'; @@ -16,18 +15,9 @@ import * as tasks from '../../lib'; * -- aws stepfunctions describe-execution --execution-arn returns a status of `Succeeded` */ const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-fargate-integ', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-fargate-integ'); -const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'FargateCluster'); // Build task definition const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json index 4c53cf87e2386..3ea1f2bcb5a6d 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json @@ -3,6 +3,361 @@ "FargateCluster7CCD5F93": { "Type": "AWS::ECS::Cluster" }, + "FargateClusterVpc377E8024": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1SubnetB9C24BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTable1D7FA747": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTableAssociation80F1442F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + } + } + }, + "FargateClusterVpcPublicSubnet1DefaultRoute80086690": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet1EIPF91909D0": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1NATGateway5202D86A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet1EIPF91909D0", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2Subnet24C0F9D8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTable1493C5D6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTableAssociation3EFA74DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } + } + }, + "FargateClusterVpcPublicSubnet2DefaultRoute8E847CD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet2EIPBBB24774": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet2EIPBBB24774", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1Subnet9127625F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTableAssociation78F6E213": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet1Subnet9127625F" + } + } + }, + "FargateClusterVpcPrivateSubnet1DefaultRoute0438DCBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet1NATGateway5202D86A" + } + } + }, + "FargateClusterVpcPrivateSubnet2Subnet307CEE57": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTableAssociation3A46964C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet2Subnet307CEE57" + } + } + }, + "FargateClusterVpcPrivateSubnet2DefaultRoute35FDD29D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2" + } + } + }, + "FargateClusterVpcIGW827638CB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcVPCGW38717255": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "InternetGatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + } + }, "TaskDefTaskRole1EDB4A67": { "Type": "AWS::IAM::Role", "Properties": { @@ -30,7 +385,14 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, @@ -45,7 +407,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -115,7 +479,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -160,7 +532,9 @@ "IpProtocol": "-1" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + } } }, "StateMachineRoleB840431D": { @@ -172,7 +546,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -233,7 +618,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } @@ -273,7 +666,15 @@ { "Ref": "TaskDef54694570" }, - "\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"subnet-e19455ca\",\"subnet-e0c24797\",\"subnet-ccd77395\"],\"SecurityGroups\":[\"", + "\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"", + { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "\",\"", + { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "\"],\"SecurityGroups\":[\"", { "Fn::GetAtt": [ "FargateTaskSecurityGroup0BBB27CB", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts index 266946d85e899..d22f8964c12b1 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts @@ -1,23 +1,13 @@ import * as path from 'path'; -import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecs from '@aws-cdk/aws-ecs'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import * as cdk from '@aws-cdk/core'; import * as tasks from '../../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-integ2', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-ecs-integ2'); -const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'FargateCluster'); // Build task definition const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json index 06d010a158e56..08e8e50cc8ee7 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "submitJobLambdaServiceRole4D897ABD" @@ -94,7 +94,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "checkJobStateLambdaServiceRoleB8B57B65" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json index 0853de4a89c45..8bd6968f1ef99 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "submitJobLambdaServiceRole4D897ABD" @@ -94,7 +94,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "checkJobStateLambdaServiceRoleB8B57B65" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts index 711a5ceb458f6..88bd3830df602 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts @@ -25,7 +25,7 @@ const submitJobLambda = new Function(stack, 'submitJobLambda', { body: 'hello, world!' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); @@ -40,7 +40,7 @@ const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', { status: event.statusCode === '200' ? 'SUCCEEDED' : 'FAILED' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts index b7006b2ad33c4..8caa0b9e2032b 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts @@ -25,7 +25,7 @@ const submitJobLambda = new Function(stack, 'submitJobLambda', { body: 'hello, world!' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); @@ -40,7 +40,7 @@ const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', { status: event.statusCode === '200' ? 'SUCCEEDED' : 'FAILED' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json index 1023c2caf6167..30a7cac4f955a 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "submitJobLambdaServiceRole4D897ABD" @@ -94,7 +94,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "checkJobStateLambdaServiceRoleB8B57B65" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts index dcce6c0ed5d08..28b75282aeeb0 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts @@ -21,7 +21,7 @@ const submitJobLambda = new Function(stack, 'submitJobLambda', { body: 'hello, world!' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); @@ -36,7 +36,7 @@ const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', { status: event.statusCode === '200' ? 'SUCCEEDED' : 'FAILED' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); From c22aec35e3ae466e0dc811b9cbab4b34c9ac5d7d Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Mon, 4 Apr 2022 09:47:35 -0400 Subject: [PATCH 57/59] chore(pipelines): fix integration tests (#19723) This PR makes two types of updates to the integ tests 1. Make all stacks environment agnostic 2. Change the source to be S3 instead of GitHub ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ.pipeline-security.expected.json | 730 ++++++++++++++++-- .../pipelines/test/integ.pipeline-security.ts | 32 +- ...ne-with-assets-single-upload.expected.json | 534 ++++++++++++- ...nteg.pipeline-with-assets-single-upload.ts | 25 +- .../integ.pipeline-with-assets.expected.json | 538 ++++++++++++- .../test/integ.pipeline-with-assets.ts | 25 +- ...nteg.pipeline-with-variables.expected.json | 398 +++++++++- .../test/integ.pipeline-with-variables.ts | 22 +- .../test/integ.pipeline.expected.json | 506 +++++++++++- .../@aws-cdk/pipelines/test/integ.pipeline.ts | 27 +- 10 files changed, 2588 insertions(+), 249 deletions(-) diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json index 1d9619be9c0c9..ebb4a166033b5 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "TestPipelineArtifactsBucketEncryptionKey13258842": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -307,6 +474,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", + "Arn" + ] + }, { "Fn::GetAtt": [ "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", @@ -327,7 +500,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -359,23 +543,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -398,7 +587,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -497,7 +686,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -519,7 +719,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -546,7 +757,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -693,7 +915,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -715,7 +948,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -742,7 +986,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -766,7 +1021,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -788,7 +1054,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -815,7 +1092,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -839,7 +1127,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -861,7 +1160,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -888,7 +1198,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -965,7 +1286,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -987,7 +1319,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1014,7 +1357,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1038,7 +1392,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1060,7 +1425,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1087,7 +1463,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1126,6 +1513,133 @@ "TestPipelineRole63C35BBD" ] }, + "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "TestPipelineArtifactsBucket026AF2F9", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "TestPipelineArtifactsBucket026AF2F9", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestPipelineArtifactsBucketEncryptionKey13258842", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD", + "Roles": [ + { + "Ref": "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0" + } + ] + } + }, "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926": { "Type": "AWS::IAM::Role", "Properties": { @@ -1143,7 +1657,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1222,7 +1740,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" }, @@ -1238,7 +1764,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" } @@ -1264,7 +1798,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" }, @@ -1395,7 +1937,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1453,7 +1999,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1481,7 +2031,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1539,7 +2093,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1567,7 +2125,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1625,7 +2187,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1653,7 +2219,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1711,7 +2281,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1786,7 +2360,9 @@ "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region", + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, "S3Key": "6c6c8f170c2cc5c6e35d90fe172fbc17cae75777b84707d58332dee79f444404.zip" }, "Role": { @@ -1842,7 +2418,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" }, @@ -1858,7 +2442,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" } @@ -1884,7 +2476,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" }, @@ -2104,7 +2704,9 @@ "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region", + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, "S3Key": "6c6c8f170c2cc5c6e35d90fe172fbc17cae75777b84707d58332dee79f444404.zip" }, "Role": { @@ -2160,7 +2762,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" }, @@ -2176,7 +2786,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" } @@ -2202,7 +2820,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" }, diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts index a5d257b78523e..2bcf8654368c1 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts @@ -2,9 +2,10 @@ import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; import * as iam from '@aws-cdk/aws-iam'; +import * as s3 from '@aws-cdk/aws-s3'; import * as sns from '@aws-cdk/aws-sns'; import * as subscriptions from '@aws-cdk/aws-sns-subscriptions'; -import { App, SecretValue, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -12,7 +13,6 @@ class MyStage extends Stage { constructor(scope: Construct, id: string, props?: StageProps) { super(scope, id, props); const stack = new Stack(this, 'MyStack', { - env: props?.env, }); const topic = new sns.Topic(stack, 'Topic'); topic.grantPublish(new iam.AccountPrincipal(stack.account)); @@ -23,7 +23,6 @@ class MySafeStage extends Stage { constructor(scope: Construct, id: string, props?: StageProps) { super(scope, id, props); const stack = new Stack(this, 'MySafeStack', { - env: props?.env, }); new sns.Topic(stack, 'MySafeTopic'); } @@ -36,18 +35,20 @@ export class TestCdkStack extends Stack { // The code that defines your stack goes here const sourceArtifact = new codepipeline.Artifact(); const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'TestPipeline', { selfMutating: false, pipelineName: 'TestPipeline', cloudAssemblyArtifact, - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), synthAction: cdkp.SimpleSynthAction.standardYarnSynth({ sourceArtifact, @@ -74,28 +75,21 @@ export class TestCdkStack extends Stack { topic.addSubscription(new subscriptions.EmailSubscription('test@email.com')); unattachedStage.addApplication(new MyStage(this, 'SingleStage', { - env: { account: this.account, region: this.region }, }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); const stage1 = pipeline.addApplicationStage(new MyStage(this, 'PreProduction', { - env: { account: this.account, region: this.region }, }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); stage1.addApplication(new MySafeStage(this, 'SafeProduction', { - env: { account: this.account, region: this.region }, })); stage1.addApplication(new MySafeStage(this, 'DisableSecurityCheck', { - env: { account: this.account, region: this.region }, }), { confirmBroadeningPermissions: false }); const stage2 = pipeline.addApplicationStage(new MyStage(this, 'NoSecurityCheck', { - env: { account: this.account, region: this.region }, })); - stage2.addApplication(new MyStage(this, 'EnableSecurityCheck', { - env: { account: this.account, region: this.region }, - }), { confirmBroadeningPermissions: true }); + stage2.addApplication(new MyStage(this, 'EnableSecurityCheck', { }), { confirmBroadeningPermissions: true }); } } @@ -104,7 +98,5 @@ const app = new App({ '@aws-cdk/core:newStyleStackSynthesis': 'true', }, }); -new TestCdkStack(app, 'PipelineSecurityStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, -}); +new TestCdkStack(app, 'PipelineSecurityStack'); app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json index cd761893998ed..57ebcfe3c9483 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketEncryptionKeyF5BF0670": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -283,6 +450,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, { "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", @@ -297,7 +470,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -329,23 +513,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -368,7 +557,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -471,7 +660,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "UseSource", @@ -501,7 +690,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -523,7 +723,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -550,7 +761,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -582,6 +804,133 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKeyF5BF0670", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { "Type": "AWS::IAM::Role", "Properties": { @@ -599,7 +948,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -678,7 +1031,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -694,7 +1055,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -720,7 +1089,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -852,7 +1229,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -910,7 +1291,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -989,7 +1374,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1005,7 +1398,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" } @@ -1031,7 +1432,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1169,7 +1578,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1185,7 +1602,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" } @@ -1211,7 +1636,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1232,7 +1665,18 @@ } }, "Effect": "Allow", - "Resource": "arn:*:iam::12345678:role/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } }, { "Action": [ @@ -1350,7 +1794,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] }, @@ -1382,7 +1830,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/*" + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/*" ] ] } @@ -1404,7 +1860,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/*" + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/*" ] ] } @@ -1422,7 +1886,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } }, { diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts index e5461ebe6efe1..2dc718ca525a9 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts @@ -2,8 +2,9 @@ import * as path from 'path'; import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; +import * as s3 from '@aws-cdk/aws-s3'; import * as s3_assets from '@aws-cdk/aws-s3-assets'; -import { App, CfnResource, SecretValue, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import { App, CfnResource, RemovalPolicy, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -37,18 +38,20 @@ class CdkpipelinesDemoPipelineStack extends Stack { const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); const integTestArtifact = new codepipeline.Artifact('IntegTests'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { cloudAssemblyArtifact, singlePublisherPerType: true, // Where the source can be found - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), // How it will be built @@ -67,9 +70,7 @@ class CdkpipelinesDemoPipelineStack extends Stack { // This is where we add the application stages // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, - })); + const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); stage.addActions( new cdkp.ShellScriptAction({ actionName: 'UseSource', @@ -88,7 +89,5 @@ const app = new App({ '@aws-cdk/core:newStyleStackSynthesis': 'true', }, }); -new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, -}); +new CdkpipelinesDemoPipelineStack(app, 'PipelineStack'); app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json index 89fe06e7c3e32..32190a9c57562 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketEncryptionKeyF5BF0670": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -283,6 +450,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, { "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", @@ -297,7 +470,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -329,23 +513,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -368,7 +557,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -498,7 +687,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "UseSource", @@ -528,7 +717,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -550,7 +750,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -577,7 +788,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -609,6 +831,133 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKeyF5BF0670", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { "Type": "AWS::IAM::Role", "Properties": { @@ -626,7 +975,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -705,7 +1058,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -721,7 +1082,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -747,7 +1116,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -879,7 +1256,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -937,7 +1318,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1016,7 +1401,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1032,7 +1425,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" } @@ -1058,7 +1459,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1196,7 +1605,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1212,7 +1629,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" } @@ -1238,7 +1663,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1259,7 +1692,18 @@ } }, "Effect": "Allow", - "Resource": "arn:*:iam::12345678:role/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } }, { "Action": [ @@ -1377,7 +1821,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] }, @@ -1409,7 +1857,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/*" + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/*" ] ] } @@ -1431,7 +1887,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/*" + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/*" ] ] } @@ -1449,7 +1913,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } }, { @@ -1526,7 +1990,7 @@ ] }, "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5:12345678-test-region\\\"\"\n ]\n }\n }\n}", + "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5:current_account-current_region\\\"\"\n ]\n }\n }\n}", "Type": "CODEPIPELINE" }, "Cache": { @@ -1560,7 +2024,7 @@ ] }, "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e:12345678-test-region\\\"\"\n ]\n }\n }\n}", + "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e:current_account-current_region\\\"\"\n ]\n }\n }\n}", "Type": "CODEPIPELINE" }, "Cache": { diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts index 41b2e6ae0cdc2..c2c9d0a733df8 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts @@ -2,8 +2,9 @@ import * as path from 'path'; import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; +import * as s3 from '@aws-cdk/aws-s3'; import * as s3_assets from '@aws-cdk/aws-s3-assets'; -import { App, CfnResource, SecretValue, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import { App, CfnResource, RemovalPolicy, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -37,17 +38,19 @@ class CdkpipelinesDemoPipelineStack extends Stack { const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); const integTestArtifact = new codepipeline.Artifact('IntegTests'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { cloudAssemblyArtifact, // Where the source can be found - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), // How it will be built @@ -66,9 +69,7 @@ class CdkpipelinesDemoPipelineStack extends Stack { // This is where we add the application stages // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, - })); + const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); stage.addActions( new cdkp.ShellScriptAction({ actionName: 'UseSource', @@ -87,7 +88,5 @@ const app = new App({ '@aws-cdk/core:newStyleStackSynthesis': 'true', }, }); -new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, -}); +new CdkpipelinesDemoPipelineStack(app, 'PipelineStack'); app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json index 49ac746217192..8ac5312c4acbe 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketAEA9A052": { "Type": "AWS::S3::Bucket", "Properties": { @@ -149,6 +290,12 @@ "PipelineMyWaveProduceCodePipelineActionRoleE0DCE9D3", "Arn" ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] } ] } @@ -178,23 +325,30 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "cdklabs", - "Repo": "construct-hub-probe", - "Branch": "main", - "OAuthToken": "{{resolve:secretsmanager:github-token:SecretString:::}}", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" + }, + "Name": { + "Ref": "SourceBucketDDD2130A" }, - "Name": "cdklabs_construct-hub-probe", "OutputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -216,7 +370,7 @@ }, "InputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], "Name": "Synth", @@ -252,7 +406,7 @@ }, "InputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], "Name": "Produce", @@ -280,7 +434,7 @@ }, "InputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], "Name": "Consume", @@ -309,6 +463,118 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { "Type": "AWS::IAM::Role", "Properties": { @@ -347,7 +613,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -363,7 +637,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -389,7 +671,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -493,7 +783,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -572,7 +866,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveProduce884410D6" }, @@ -588,7 +890,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveProduce884410D6" } @@ -614,7 +924,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineMyWaveProduce884410D6" }, @@ -711,7 +1029,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -790,7 +1112,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" }, @@ -806,7 +1136,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" } @@ -832,7 +1170,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" }, @@ -929,7 +1275,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts index 2a2351375ef62..23c4db5195d93 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts @@ -1,7 +1,7 @@ // eslint-disable-next-line import/no-extraneous-dependencies /// !cdk-integ VariablePipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import { GitHubTrigger } from '@aws-cdk/aws-codepipeline-actions'; -import { App, Stack, StackProps } from '@aws-cdk/core'; +import * as s3 from '@aws-cdk/aws-s3'; +import { App, Stack, StackProps, RemovalPolicy } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as pipelines from '../lib'; @@ -9,11 +9,16 @@ class PipelineStack extends Stack { constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { - input: pipelines.CodePipelineSource.gitHub('cdklabs/construct-hub-probe', 'main', { - trigger: GitHubTrigger.POLL, - }), + input: pipelines.CodePipelineSource.s3(sourceBucket, 'key'), + // input: pipelines.CodePipelineSource.gitHub('cdklabs/construct-hub-probe', 'main', { + // trigger: GitHubTrigger.POLL, + // }), commands: ['mkdir cdk.out', 'touch cdk.out/dummy'], }), selfMutation: false, @@ -45,8 +50,5 @@ const app = new App({ }, }); -new PipelineStack(app, 'VariablePipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, -}); - -app.synth(); \ No newline at end of file +new PipelineStack(app, 'VariablePipelineStack'); +app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json index 4674a0e8891fa..55c602dc91d09 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketEncryptionKeyF5BF0670": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -277,6 +444,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, { "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", @@ -291,7 +464,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -323,23 +507,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -362,7 +551,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -433,7 +622,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "UseSource", @@ -463,7 +652,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -485,7 +685,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -512,7 +723,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -544,6 +766,133 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKeyF5BF0670", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { "Type": "AWS::IAM::Role", "Properties": { @@ -561,7 +910,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -640,7 +993,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -656,7 +1017,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -682,7 +1051,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -814,7 +1191,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -872,7 +1253,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -951,7 +1336,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -967,7 +1360,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" } @@ -993,7 +1394,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1131,7 +1540,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1147,7 +1564,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" } @@ -1173,7 +1598,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1194,7 +1627,18 @@ } }, "Effect": "Allow", - "Resource": "arn:*:iam::12345678:role/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } }, { "Action": [ diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline.ts index f263e65a7f09c..29963e50ebc3b 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline.ts @@ -1,7 +1,8 @@ /// !cdk-integ PipelineStack import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; -import { App, CfnResource, SecretValue, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import * as s3 from '@aws-cdk/aws-s3'; +import { App, CfnResource, RemovalPolicy, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -27,17 +28,19 @@ class CdkpipelinesDemoPipelineStack extends Stack { const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); const integTestArtifact = new codepipeline.Artifact('IntegTests'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { cloudAssemblyArtifact, // Where the source can be found - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), // How it will be built @@ -56,9 +59,7 @@ class CdkpipelinesDemoPipelineStack extends Stack { // This is where we add the application stages // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, - })); + const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); stage.addActions( new cdkp.ShellScriptAction({ actionName: 'UseSource', @@ -77,7 +78,5 @@ const app = new App({ '@aws-cdk/core:newStyleStackSynthesis': 'true', }, }); -new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, -}); -app.synth(); \ No newline at end of file +new CdkpipelinesDemoPipelineStack(app, 'PipelineStack'); +app.synth(); From 99e12b5e6520bdfb64724b409a8a0609f753ebc3 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Mon, 4 Apr 2022 10:30:24 -0400 Subject: [PATCH 58/59] chore(elbv2-targets): fix broken integration tests (#19696) I'll create a follow up issue for this. We should be adding this dependency automatically. Without this we get the error message "If the target type is ALB, the target must have at least one listener that matches the target group port or any specified port overrides" because the NLB target group is being created before the ALB listener ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/integ.alb-target.expected.json | 14 +++++++++----- .../test/integ.alb-target.ts | 3 ++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json index ff70395ffda8b..79e89e5a01081 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json @@ -18,11 +18,11 @@ "VpcPublicSubnet1Subnet5C2D37C4": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VpcPublicSubnet2Subnet691E08A3": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -180,11 +180,11 @@ "VpcPrivateSubnet1Subnet536B997A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -242,11 +242,11 @@ "VpcPrivateSubnet2Subnet3788AAA1": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -631,7 +631,11 @@ "VpcId": { "Ref": "Vpc8378EB38" } - } + }, + "DependsOn": [ + "ServiceLBPublicListenerECSGroup0CC8688C", + "ServiceLBPublicListener46709EAA" + ] } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts index 80a5e6880ffab..431258346c10b 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts @@ -32,13 +32,14 @@ class TestStack extends Stack { port: 80, }); - listener.addTargets('Targets', { + const target = listener.addTargets('Targets', { targets: [new targets.AlbTarget(svc.loadBalancer, 80)], port: 80, healthCheck: { protocol: elbv2.Protocol.HTTP, }, }); + target.node.addDependency(svc.listener); new CfnOutput(this, 'NlbEndpoint', { value: `http://${nlb.loadBalancerDnsName}` }); } From ce2b91b319da0221adffcdda54321b860db2a56d Mon Sep 17 00:00:00 2001 From: Peter Woodworth <44349620+peterwoodworth@users.noreply.github.com> Date: Mon, 4 Apr 2022 09:03:36 -0700 Subject: [PATCH 59/59] feat(synthetics): new puppeteer 3.5 runtime (#19673) closes #19634 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-synthetics/lib/runtime.ts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/packages/@aws-cdk/aws-synthetics/lib/runtime.ts b/packages/@aws-cdk/aws-synthetics/lib/runtime.ts index 10c7fb566a2e6..fa65d85219151 100644 --- a/packages/@aws-cdk/aws-synthetics/lib/runtime.ts +++ b/packages/@aws-cdk/aws-synthetics/lib/runtime.ts @@ -124,6 +124,16 @@ export class Runtime { */ public static readonly SYNTHETICS_NODEJS_PUPPETEER_3_4 = new Runtime('syn-nodejs-puppeteer-3.4', RuntimeFamily.NODEJS); + /** + * `syn-nodejs-puppeteer-3.5` includes the following: + * - Lambda runtime Node.js 14.x + * - Puppeteer-core version 10.1.0 + * - Chromium version 92.0.4512 + * + * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-3.5 + */ + public static readonly SYNTHETICS_NODEJS_PUPPETEER_3_5 = new Runtime('syn-nodejs-puppeteer-3.5', RuntimeFamily.NODEJS); + /** * `syn-python-selenium-1.0` includes the following: * - Lambda runtime Python 3.8