diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug-report.yml similarity index 56% rename from .github/ISSUE_TEMPLATE/bug.yml rename to .github/ISSUE_TEMPLATE/bug-report.yml index f77fa5beb193e..aa7f959e2ca80 100644 --- a/.github/ISSUE_TEMPLATE/bug.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -1,44 +1,64 @@ -name: Bug Report +--- +name: "🐛 Bug Report" description: Report a bug -title: "(module name): short issue description" +title: "(module name): (short issue description)" labels: [bug, needs-triage] +assignees: [] body: - type: textarea - id: problem + id: description attributes: - label: What is the problem? + label: Describe the bug + description: What is the problem? A clear and concise description of the bug. validations: required: true - - type: textarea - id: reproduction + id: expected attributes: - label: Reproduction Steps + label: Expected Behavior description: | - Minimal amount of code that causes the bug (if possible) or a reference. - - The code sample should be an SSCCE. See http://sscce.org/ for details. - In short, provide a code sample that we can copy/paste, run and reproduce. + What did you expect to happen? validations: required: true - - type: textarea - id: expected + id: current attributes: - label: What did you expect to happen? + label: Current Behavior description: | - What were you trying to achieve by performing the steps above? + What actually happened? + + Please include full errors, uncaught exceptions, stack traces, and relevant logs. + If service responses are relevant, please include wire logs. validations: required: true - - type: textarea - id: actual + id: reproduction attributes: - label: What actually happened? + label: Reproduction Steps description: | - What is the unexpected behavior you were seeing? If you got an error, paste it here. + Provide a self-contained, concise snippet of code that can be used to reproduce the issue. + For more complex issues provide a repo with the smallest sample that reproduces the bug. + + Avoid including business logic or unrelated code, it makes diagnosis more difficult. + The code sample should be an SSCCE. See http://sscce.org/ for details. In short, please provide a code sample that we can copy/paste, run and reproduce. validations: required: true + - type: textarea + id: solution + attributes: + label: Possible Solution + description: | + Suggest a fix/reason for the bug + validations: + required: false + - type: textarea + id: context + attributes: + label: Additional Information/Context + description: | + Anything else that might be relevant for troubleshooting this bug. Providing context helps us come up with a solution that is most useful in the real world. + validations: + required: false - type: input id: cdk-version @@ -99,10 +119,3 @@ body: e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, slack, etc validations: required: false - - - type: markdown - attributes: - value: | - --- - - This is :bug: Bug Report diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index ebbc970f83c09..b4c0c5049128b 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,5 +1,6 @@ +--- blank_issues_enabled: false contact_links: - - name: Stackoverflow - url: https://stackoverflow.com/questions/tagged/aws-cdk - about: Please ask and answer questions here. + - name: 💬 General Question + url: https://github.com/aws/aws-cdk/discussions/categories/q-a + about: Please ask and answer questions as a discussion thread \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/doc.yml b/.github/ISSUE_TEMPLATE/doc.yml deleted file mode 100644 index 974a752cac810..0000000000000 --- a/.github/ISSUE_TEMPLATE/doc.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Documentation Issue -description: Issue in the reference documentation or developer guide -title: "(module name): short issue description" -labels: [feature-request, documentation, needs-triage] -body: - - type: markdown - attributes: - value: | - Developer guide? Raise issue/pr here: https://github.com/awsdocs/aws-cdk-guide - - Want to help? Submit a pull request here: https://github.com/aws/aws-cdk - - - type: input - id: doc-link - attributes: - label: link to reference doc page - validations: - required: false - - - type: textarea - id: issue - attributes: - label: Describe your issue? - validations: - required: true - - - type: markdown - attributes: - value: | - --- - - This is a 📕 documentation issue diff --git a/.github/ISSUE_TEMPLATE/documentation.yml b/.github/ISSUE_TEMPLATE/documentation.yml new file mode 100644 index 0000000000000..c068514d136c5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/documentation.yml @@ -0,0 +1,23 @@ +--- +name: "📕 Documentation Issue" +description: Report an issue in the API Reference documentation or Developer Guide +title: "(short issue description)" +labels: [documentation, needs-triage] +assignees: [] +body: + - type: textarea + id: description + attributes: + label: Describe the issue + description: A clear and concise description of the issue. + validations: + required: true + + - type: textarea + id: links + attributes: + label: Links + description: | + Include links to affected documentation page(s). + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml index a16053f420a82..23c385d1ef6d1 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.yml +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -1,56 +1,59 @@ -name: Feature Request -description: Request a new feature -title: "(module name): short issue description" +--- +name: 🚀 Feature Request +description: Suggest an idea for this project +title: "(short issue description)" labels: [feature-request, needs-triage] +assignees: [] body: - type: textarea id: description attributes: - label: Description - description: Short description of the feature you are proposing. + label: Describe the feature + description: A clear and concise description of the feature you are proposing. validations: required: true - - type: textarea id: use-case attributes: label: Use Case description: | - Why do you need this feature? + Why do you need this feature? For example: "I'm always frustrated when..." validations: - required: true - + required: true - type: textarea id: solution attributes: label: Proposed Solution description: | - Please include prototype/workaround/sketch/reference implementation. + Suggest how to implement the addition or change. Please include prototype/workaround/sketch/reference implementation. validations: - required: true - + required: false - type: textarea id: other attributes: - label: Other information + label: Other Information description: | - e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, slack, etc + Any alternative solutions or features you considered, a more detailed explanation, stack traces, related issues, links for context, etc. validations: required: false - - type: checkboxes - id: acknowledgments + id: ack attributes: - label: Acknowledge + label: Acknowledgements options: - label: I may be able to implement this feature request required: false - label: This feature might incur a breaking change required: false - - - type: markdown + - type: input + id: sdk-version attributes: - value: | - --- - - This is a :rocket: Feature Request + label: CDK version used + validations: + required: true + - type: input + id: environment + attributes: + label: Environment details (OS name and version, etc.) + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/general-issue.yml b/.github/ISSUE_TEMPLATE/general-issue.yml deleted file mode 100644 index 61119a33a761c..0000000000000 --- a/.github/ISSUE_TEMPLATE/general-issue.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: General Issue -description: Create a new issue -title: "(module name): short issue description" -labels: [needs-triage, guidance] -body: - - type: markdown - attributes: - value: | - If there is an issue regarding developer guide, please create an issue [here](https://github.com/awsdocs/aws-cdk-guide/issues). - - - type: input - id: issue - attributes: - label: General Issue - description: | - For support questions, please first reference our [documentation](https://docs.aws.amazon.com/cdk/api/latest), then use [Stackoverflow](https://stackoverflow.com/questions/tagged/aws-cdk). This repository's issues are intended for feature requests and bug reports. - validations: - required: true - - - type: textarea - id: question - attributes: - label: The Question - description: | - Ask your question here. Include any details relevant. Make sure you are not falling prey to the [X/Y problem](http://xyproblem.info)! - validations: - required: true - - - type: input - id: cdk-version - attributes: - label: CDK CLI Version - description: Output of `cdk version` - validations: - required: true - - - type: input - id: framework-version - attributes: - label: Framework Version - validations: - required: false - - - type: input - id: node-version - attributes: - label: Node.js Version - validations: - required: false - - - type: input - id: operating-system - attributes: - label: OS - validations: - required: false - - - type: dropdown - id: language - attributes: - label: Language - multiple: true - options: - - Typescript - - Python - - .NET - - Java - - Go - validations: - required: true - - - type: input - id: language-version - attributes: - label: Language Version - description: E.g. TypeScript (3.8.3) | Java (8) | Python (3.7.3) - validations: - required: false - - - type: textarea - id: other - attributes: - label: Other information - description: | - e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, slack, etc - validations: - required: false diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 1b957f3d539a8..9f9f4ea326ab3 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -12,6 +12,6 @@ jobs: permissions: pull-requests: write steps: - - uses: hmarr/auto-approve-action@v2.1.0 + - uses: hmarr/auto-approve-action@v2.2.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index 14fe7ff0cde62..723dcca374661 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -2,10 +2,8 @@ name: "Set Issue Label and Assignee" on: issues: types: [opened, edited] - pull_request: - types: [opened, edited] pull_request_target: - types: [opened, edited] + types: [opened] jobs: issue-triage-manager: @@ -39,7 +37,7 @@ jobs: included-labels: "[guidance]" default-area: ${{ env.OSDS_DEVS }} parameters: > - [{"area":"guidance","keywords":["guidance"]}] + [{"area":"guidance","keywords":["guidancekeyword"]}] pr-triage-manager: permissions: issues: write @@ -48,12 +46,14 @@ jobs: steps: - uses: aws-github-ops/aws-issue-triage-manager@main with: - github-token: "${{ secrets.GITHUB_TOKEN }}" + github-token: "${{ secrets.PROJEN_GITHUB_TOKEN }}" target: "pull-requests" area-is-keyword: true - excluded-labels: "[contribution/core]" - parameters: ${{ env.AREA_PARAMS }} - affixes: ${{ env.AREA_AFFIXES }} + default-area: > + {"reviewers":{"teamReviewers":["aws-cdk-owners"]}} + parameters: > + [{"area":"pullrequests","keywords":["pullrequestkeyword"]}] + env: OSDS_DEVS: > diff --git a/CHANGELOG.md b/CHANGELOG.md index 1621fa309c36a..5c908f29e0c15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,30 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [1.151.0](https://github.com/aws/aws-cdk/compare/v1.150.0...v1.151.0) (2022-03-31) + + +### Features + +* **aws-ec2:** Enable/disable EC2 "Detailed Monitoring" ([#19437](https://github.com/aws/aws-cdk/issues/19437)) ([94f9d27](https://github.com/aws/aws-cdk/commit/94f9d27e626bced5fc68a6ebbd653fea21c6e21e)) +* **cognito:** configure SNS region for UserPool SMS messages ([#19519](https://github.com/aws/aws-cdk/issues/19519)) ([6eb775e](https://github.com/aws/aws-cdk/commit/6eb775e829d62913bff849d43ed7339f9910d8de)), closes [#19434](https://github.com/aws/aws-cdk/issues/19434) +* **core:** add size.isUnresolved ([#19569](https://github.com/aws/aws-cdk/issues/19569)) ([ed26731](https://github.com/aws/aws-cdk/commit/ed26731a0a6263482d76441fc06e9607963ac838)) +* **ecs-patterns:** PlacementStrategy and PlacementConstraint for many patterns ([#19612](https://github.com/aws/aws-cdk/issues/19612)) ([0096e67](https://github.com/aws/aws-cdk/commit/0096e672e02123a2ae4e094ba9bb11af3aef20b2)) +* **elbv2:** use `addAction()` on an imported application listener ([#19293](https://github.com/aws/aws-cdk/issues/19293)) ([18a6b0c](https://github.com/aws/aws-cdk/commit/18a6b0cecb5e8a419d09a1456953cb2f422a6d76)), closes [#10902](https://github.com/aws/aws-cdk/issues/10902) +* **kinesisanalytics-flink:** Add metrics to Flink applications ([#19599](https://github.com/aws/aws-cdk/issues/19599)) ([dab6aca](https://github.com/aws/aws-cdk/commit/dab6aca5005c8d6d180aada699a4cebc2ef5aefa)) +* **lambda:** warn if you use `function.grantInvoke` while also using `currentVersion` ([#19464](https://github.com/aws/aws-cdk/issues/19464)) ([fd1fff9](https://github.com/aws/aws-cdk/commit/fd1fff904a70d18dc9c7863aefc03b3ee44c2863)), closes [#19273](https://github.com/aws/aws-cdk/issues/19273) [#19318](https://github.com/aws/aws-cdk/issues/19318) + + +### Bug Fixes + +* **apigateway:** allow using GENERATE_IF_NEEDED for the physical name in LambdaRestApi ([#19638](https://github.com/aws/aws-cdk/issues/19638)) ([e817381](https://github.com/aws/aws-cdk/commit/e8173812aad5f482b1bfcc6737f63cfef0c4841c)), closes [#9374](https://github.com/aws/aws-cdk/issues/9374) +* **apigateway:** id in schema model maps to $id ([#15113](https://github.com/aws/aws-cdk/issues/15113)) ([ac5a345](https://github.com/aws/aws-cdk/commit/ac5a3458fe3687014166b20aefe30442867d162a)), closes [#14585](https://github.com/aws/aws-cdk/issues/14585) +* **aws-cognito:** Lambda::Permission of lambdaTrigger should have a SourceArn ([#19622](https://github.com/aws/aws-cdk/issues/19622)) ([c62eeb7](https://github.com/aws/aws-cdk/commit/c62eeb7162d85c8cb162f8c0ad4b93fb5bccf981)), closes [#19604](https://github.com/aws/aws-cdk/issues/19604) +* **docdb:** DB Instance ARN uses 'docdb' as the service component instead of 'rds' ([#19555](https://github.com/aws/aws-cdk/issues/19555)) ([6a63924](https://github.com/aws/aws-cdk/commit/6a63924c0b184342befd92903b8867e45b158252)), closes [#19554](https://github.com/aws/aws-cdk/issues/19554) +* **eks:** incorrect version of aws-node-termination-handler ([#19510](https://github.com/aws/aws-cdk/issues/19510)) ([9c712cc](https://github.com/aws/aws-cdk/commit/9c712cc457ccb80d7180fee67a101b76fc01d207)) +* **elbv2:** unable to add multiple certificates to NLB ([#19289](https://github.com/aws/aws-cdk/issues/19289)) ([e8142e9](https://github.com/aws/aws-cdk/commit/e8142e944ac5fae9948e5c010fe475806b83c94b)), closes [#13490](https://github.com/aws/aws-cdk/issues/13490) [#8918](https://github.com/aws/aws-cdk/issues/8918) [#15328](https://github.com/aws/aws-cdk/issues/15328) +* **rds:** `SnapshotCredentials.fromSecret()` takes a `Secret`, not `ISecret` ([#19639](https://github.com/aws/aws-cdk/issues/19639)) ([a74d82e](https://github.com/aws/aws-cdk/commit/a74d82e667ba3cfbb3341392f7c641b0e29d47f0)), closes [#19409](https://github.com/aws/aws-cdk/issues/19409) + ## [1.150.0](https://github.com/aws/aws-cdk/compare/v1.149.0...v1.150.0) (2022-03-26) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 243bfd95bb4fe..856478bd9304f 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.20.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.19.0-alpha.0...v2.20.0-alpha.0) (2022-04-07) + + +### Features + +* **synthetics:** new puppeteer 3.5 runtime ([#19673](https://github.com/aws/aws-cdk/issues/19673)) ([ce2b91b](https://github.com/aws/aws-cdk/commit/ce2b91b319da0221adffcdda54321b860db2a56d)), closes [#19634](https://github.com/aws/aws-cdk/issues/19634) + ## [2.19.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.18.0-alpha.0...v2.19.0-alpha.0) (2022-03-31) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 77778183bed5a..c6a905e5eec71 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,40 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.20.0](https://github.com/aws/aws-cdk/compare/v2.19.0...v2.20.0) (2022-04-07) + + +### Features + +* **cfnspec:** cloudformation spec v63.0.0 ([#19679](https://github.com/aws/aws-cdk/issues/19679)) ([dba96a9](https://github.com/aws/aws-cdk/commit/dba96a9ec6193f630baf6c0d306def903024a56d)) +* **cfnspec:** cloudformation spec v65.0.0 ([#19745](https://github.com/aws/aws-cdk/issues/19745)) ([796fc64](https://github.com/aws/aws-cdk/commit/796fc6401124c00b835cbb8679b47cd373811209)) +* **cli:** add --build option ([#19663](https://github.com/aws/aws-cdk/issues/19663)) ([eb9b8e2](https://github.com/aws/aws-cdk/commit/eb9b8e23906e2e1375f45f795d71b905bc0a52af)), closes [#19667](https://github.com/aws/aws-cdk/issues/19667) +* **cli:** preview of `cdk import` ([#17666](https://github.com/aws/aws-cdk/issues/17666)) ([4f12209](https://github.com/aws/aws-cdk/commit/4f122099e2d4a6b3bdf6edfb2e99986dd266a71e)) +* **core:** throw error when stack name exceeds max length ([#19725](https://github.com/aws/aws-cdk/issues/19725)) ([1ffd45e](https://github.com/aws/aws-cdk/commit/1ffd45e5aa179aef0622902306701a526f6dfa6c)) +* **eks:** add k8s v1.22 ([#19756](https://github.com/aws/aws-cdk/issues/19756)) ([9a518c5](https://github.com/aws/aws-cdk/commit/9a518c59f5fcb74dd73df1a91681039b6c150fec)) +* **opensearch:** Add latest Opensearch Version 1.2 ([#19749](https://github.com/aws/aws-cdk/issues/19749)) ([a2ac36e](https://github.com/aws/aws-cdk/commit/a2ac36e6dbe486aa87e46d17f5472d6af6c39397)) +* add new integration test runner ([#19754](https://github.com/aws/aws-cdk/issues/19754)) ([1b4d010](https://github.com/aws/aws-cdk/commit/1b4d010ed29cfb4a8f7f5a8ecc22c7c97bccde4e)) +* **eks:** alb-controller v2.4.1 ([#19653](https://github.com/aws/aws-cdk/issues/19653)) ([1ec08df](https://github.com/aws/aws-cdk/commit/1ec08dfc85122fc6f3d9e3c28abc7cd116f08d91)) +* **lambda:** add support for ephemeral storage ([#19552](https://github.com/aws/aws-cdk/issues/19552)) ([f1d9b6a](https://github.com/aws/aws-cdk/commit/f1d9b6aa39c10a85c61ab3aaceabac88789bd2cf)), closes [#19605](https://github.com/aws/aws-cdk/issues/19605) +* **s3:** EventBridge bucket notifications ([#18614](https://github.com/aws/aws-cdk/issues/18614)) ([d8e602b](https://github.com/aws/aws-cdk/commit/d8e602b6c1b4cb8ca7038f4b21a7a7092ea8466d)), closes [#18076](https://github.com/aws/aws-cdk/issues/18076) + + +### Bug Fixes + +* **aws_applicationautoscaling:** Add missing members to PredefinedMetric enum ([#18978](https://github.com/aws/aws-cdk/issues/18978)) ([75a6fa7](https://github.com/aws/aws-cdk/commit/75a6fa75d053fc1172e83b57a27e4b450bb79729)), closes [#18969](https://github.com/aws/aws-cdk/issues/18969) +* **cli:** apps with many resources scroll resource output offscreen ([#19742](https://github.com/aws/aws-cdk/issues/19742)) ([053d22c](https://github.com/aws/aws-cdk/commit/053d22cb77016e0e65157c8713fefedb3c0bf91b)), closes [#19160](https://github.com/aws/aws-cdk/issues/19160) +* **cli:** support attributes of DynamoDB Tables for hotswapping ([#19620](https://github.com/aws/aws-cdk/issues/19620)) ([2321ece](https://github.com/aws/aws-cdk/commit/2321eced6cc16925c6d50e35b140f9ad4008d758)), closes [#19421](https://github.com/aws/aws-cdk/issues/19421) +* **cloudwatch:** automatic metric math label cannot be suppressed ([#17639](https://github.com/aws/aws-cdk/issues/17639)) ([7fa3bf2](https://github.com/aws/aws-cdk/commit/7fa3bf2e385451171fcaeda388a93602cb12f4d8)) +* **codedeploy:** add name validation for Application, Deployment Group and Deployment Configuration ([#19473](https://github.com/aws/aws-cdk/issues/19473)) ([9185042](https://github.com/aws/aws-cdk/commit/91850423db97e7fa244d125a115477fa007a12a0)) +* **codedeploy:** the Service Principal is wrong in isolated regions ([#19729](https://github.com/aws/aws-cdk/issues/19729)) ([7e9a43d](https://github.com/aws/aws-cdk/commit/7e9a43dcad55645a8e816e39af54feeb04d7a8cf)), closes [#19399](https://github.com/aws/aws-cdk/issues/19399) +* **core:** `Fn.select` incorrectly short-circuits complex expressions ([#19680](https://github.com/aws/aws-cdk/issues/19680)) ([7f26fad](https://github.com/aws/aws-cdk/commit/7f26fad5241756cdb6b15c9fb20995a96bba71f2)) +* **core:** detect and resolve stringified number tokens ([#19578](https://github.com/aws/aws-cdk/issues/19578)) ([7d9ab2a](https://github.com/aws/aws-cdk/commit/7d9ab2a783d1d3ae4508760149dee7ac263fdd44)), closes [#19546](https://github.com/aws/aws-cdk/issues/19546) [#19550](https://github.com/aws/aws-cdk/issues/19550) +* **core:** reduce CFN template indent size to save bytes ([#19656](https://github.com/aws/aws-cdk/issues/19656)) ([fd63ca3](https://github.com/aws/aws-cdk/commit/fd63ca3995fb74b563a348589adf5fb06b4ef771)) +* **ecs:** 'desiredCount' and 'ephemeralStorageGiB' cannot be tokens ([#19453](https://github.com/aws/aws-cdk/issues/19453)) ([c852239](https://github.com/aws/aws-cdk/commit/c852239936b79581dbcf0dc8d56e3bb76a52e2dc)), closes [#16648](https://github.com/aws/aws-cdk/issues/16648) +* **ecs:** remove unnecessary error when adding volume to external task definition ([#19774](https://github.com/aws/aws-cdk/issues/19774)) ([5446ded](https://github.com/aws/aws-cdk/commit/5446ded3d858098655b6427c9fdea56e77e2c0cd)), closes [#19259](https://github.com/aws/aws-cdk/issues/19259) +* **iam:** policies aren't minimized as far as possible ([#19764](https://github.com/aws/aws-cdk/issues/19764)) ([876ed8a](https://github.com/aws/aws-cdk/commit/876ed8ad1726d6b77e7450eadbd1a4ded8236544)), closes [#19751](https://github.com/aws/aws-cdk/issues/19751) +* **logs:** Faulty Resource Policy Generated ([#19640](https://github.com/aws/aws-cdk/issues/19640)) ([1fdf122](https://github.com/aws/aws-cdk/commit/1fdf1223304e15d905723553a40640b8bcb0ec56)), closes [#17544](https://github.com/aws/aws-cdk/issues/17544) + ## [2.19.0](https://github.com/aws/aws-cdk/compare/v2.18.0...v2.19.0) (2022-03-31) diff --git a/README.md b/README.md index 7cc1f18f53adc..3c78123cc2795 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ For a detailed walkthrough, see the [tutorial](https://docs.aws.amazon.com/cdk/l Install or update the [AWS CDK CLI] from npm (requires [Node.js ≥ 14.15.0](https://nodejs.org/download/release/latest-v14.x/)). We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/) ```console -$ npm i -g aws-cdk +npm i -g aws-cdk ``` (See [Manual Installation](./MANUAL_INSTALLATION.md) for installing the CDK from a signed .zip file). @@ -87,9 +87,9 @@ $ npm i -g aws-cdk Initialize a project: ```console -$ mkdir hello-cdk -$ cd hello-cdk -$ cdk init sample-app --language=typescript +mkdir hello-cdk +cd hello-cdk +cdk init sample-app --language=typescript ``` This creates a sample project looking like this: @@ -113,7 +113,7 @@ export class HelloCdkStack extends cdk.Stack { Deploy this to your account: ```console -$ cdk deploy +cdk deploy ``` Use the `cdk` command-line toolkit to interact with your project: diff --git a/packages/@aws-cdk/assertions/lib/private/cyclic.ts b/packages/@aws-cdk/assertions/lib/private/cyclic.ts index 85aa0cbf07147..5f9a36da5278c 100644 --- a/packages/@aws-cdk/assertions/lib/private/cyclic.ts +++ b/packages/@aws-cdk/assertions/lib/private/cyclic.ts @@ -139,7 +139,7 @@ function analyzeSubPattern(pattern: string): SubFragment[] { } if (start < pattern.length - 1) { - ret.push({ type: 'literal', content: pattern.substr(start) }); + ret.push({ type: 'literal', content: pattern.slice(start) }); } return ret; diff --git a/packages/@aws-cdk/aws-apigateway/lib/resource.ts b/packages/@aws-cdk/aws-apigateway/lib/resource.ts index f843ee1b5e25a..cd0b2c38cc008 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/resource.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/resource.ts @@ -348,7 +348,7 @@ export abstract class ResourceBase extends ResourceConstruct implements IResourc } // trim trailing "/" - return this.resourceForPath(path.substr(1)); + return this.resourceForPath(path.slice(1)); } const parts = path.split('/'); @@ -544,11 +544,11 @@ export class ProxyResource extends Resource { function validateResourcePathPart(part: string) { // strip {} which indicate this is a parameter if (part.startsWith('{') && part.endsWith('}')) { - part = part.substr(1, part.length - 2); + part = part.slice(1, -1); // proxy resources are allowed to end with a '+' if (part.endsWith('+')) { - part = part.substr(0, part.length - 1); + part = part.slice(0, -1); } } diff --git a/packages/@aws-cdk/aws-apigateway/lib/util.ts b/packages/@aws-cdk/aws-apigateway/lib/util.ts index a97f89882fe04..e5df3afa246af 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/util.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/util.ts @@ -16,7 +16,7 @@ export function parseMethodOptionsPath(originalPath: string): { resourcePath: st throw new Error(`Method options path must start with '/': ${originalPath}`); } - const path = originalPath.substr(1); // trim trailing '/' + const path = originalPath.slice(1); // trim trailing '/' const components = path.split('/'); @@ -60,7 +60,7 @@ export function parseAwsApiCall(path?: string, action?: string, actionParams?: { if (action) { if (actionParams) { - action += '&' + formatUrl({ query: actionParams }).substr(1); + action += '&' + formatUrl({ query: actionParams }).slice(1); } return { diff --git a/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts b/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts index 9d7ad8939f382..5bb7214c4c350 100644 --- a/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts +++ b/packages/@aws-cdk/aws-applicationautoscaling/lib/target-tracking-scaling-policy.ts @@ -180,12 +180,31 @@ function renderCustomMetric(metric?: cloudwatch.IMetric): CfnScalingPolicy.Custo */ export enum PredefinedMetric { /** - * DYNAMODB_READ_CAPACITY_UTILIZATIO - * @see https://docs.aws.amazon.com/autoscaling/application/APIReference/API_PredefinedMetricSpecification.html + * Average percentage of instances in an AppStream fleet that are being used. + */ + APPSTREAM_AVERAGE_CAPACITY_UTILIZATION = 'AppStreamAverageCapacityUtilization', + /** + * Percentage of provisioned read capacity units utilized by a Keyspaces table. + */ + CASSANDRA_READ_CAPACITY_UTILIZATION = 'CassandraReadCapacityUtilization', + /** + * Percentage of provisioned write capacity units utilized by a Keyspaces table. + */ + CASSANDRA_WRITE_CAPACITY_UTILIZATION = 'CassandraWriteCapacityUtilization', + /** + * Percentage of provisioned inference units utilized by a Comprehend endpoint. + */ + COMPREHEND_INFERENCE_UTILIZATION = 'ComprehendInferenceUtilization', + /** + * Average CPU Utilization of read replica instances in a Neptune DB cluster. + */ + NEPTURE_READER_AVERAGE_CPU_UTILIZATION = 'NeptuneReaderAverageCPUUtilization', + /** + * Percentage of provisioned read capacity units consumed by a DynamoDB table. */ DYNAMODB_READ_CAPACITY_UTILIZATION = 'DynamoDBReadCapacityUtilization', /** - * DYNAMODB_WRITE_CAPACITY_UTILIZATION + * Percentage of provisioned write capacity units consumed by a DynamoDB table. * * Suffix `dummy` is necessary due to jsii bug (https://github.com/aws/jsii/issues/2782). * Duplicate values will be dropped, so this suffix is added as a workaround. diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.expected.json b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.expected.json new file mode 100644 index 0000000000000..f790c8ae78487 --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.expected.json @@ -0,0 +1,38 @@ +{ + "Resources": { + "Service1EDCC8134": { + "Type": "AWS::AppRunner::Service", + "Properties": { + "SourceConfiguration": { + "AuthenticationConfiguration": {}, + "ImageRepository": { + "ImageConfiguration": { + "Port": "8000" + }, + "ImageIdentifier": "public.ecr.aws/aws-containers/hello-app-runner:latest", + "ImageRepositoryType": "ECR_PUBLIC" + } + }, + "InstanceConfiguration": {} + } + } + }, + "Outputs": { + "URL1": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Fn::GetAtt": [ + "Service1EDCC8134", + "ServiceUrl" + ] + } + ] + ] + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.ts new file mode 100644 index 0000000000000..82d2c7c4794f1 --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr-public.ts @@ -0,0 +1,18 @@ +import * as cdk from '@aws-cdk/core'; +import { Service, Source } from '../lib'; + + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'integ-apprunner-ecr-public'); + +// Scenario 1: Create the service from ECR public +const service1 = new Service(stack, 'Service1', { + source: Source.fromEcrPublic({ + imageConfiguration: { + port: 8000, + }, + imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest', + }), +}); +new cdk.CfnOutput(stack, 'URL1', { value: `https://${service1.serviceUrl}` }); diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.expected.json similarity index 68% rename from packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json rename to packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.expected.json index 9ca183c3ca56a..107dc235584de 100644 --- a/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.expected.json @@ -1,22 +1,6 @@ { "Resources": { - "Service1EDCC8134": { - "Type": "AWS::AppRunner::Service", - "Properties": { - "SourceConfiguration": { - "AuthenticationConfiguration": {}, - "ImageRepository": { - "ImageConfiguration": { - "Port": "8000" - }, - "ImageIdentifier": "public.ecr.aws/aws-containers/hello-app-runner:latest", - "ImageRepositoryType": "ECR_PUBLIC" - } - }, - "InstanceConfiguration": {} - } - }, - "Service2AccessRole759CA73D": { + "Service3AccessRole3ACBAAA0": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -33,7 +17,7 @@ } } }, - "Service2AccessRoleDefaultPolicy08C28479": { + "Service3AccessRoleDefaultPolicy57B9744E": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -66,7 +50,7 @@ { "Ref": "AWS::AccountId" }, - ":repository/nginx" + ":repository/aws-cdk/assets" ] ] } @@ -74,29 +58,29 @@ ], "Version": "2012-10-17" }, - "PolicyName": "Service2AccessRoleDefaultPolicy08C28479", + "PolicyName": "Service3AccessRoleDefaultPolicy57B9744E", "Roles": [ { - "Ref": "Service2AccessRole759CA73D" + "Ref": "Service3AccessRole3ACBAAA0" } ] } }, - "Service2AB4D14D8": { + "Service342D067F2": { "Type": "AWS::AppRunner::Service", "Properties": { "SourceConfiguration": { "AuthenticationConfiguration": { "AccessRoleArn": { "Fn::GetAtt": [ - "Service2AccessRole759CA73D", + "Service3AccessRole3ACBAAA0", "Arn" ] } }, "ImageRepository": { "ImageConfiguration": { - "Port": "80" + "Port": "8000" }, "ImageIdentifier": { "Fn::Join": [ @@ -113,7 +97,7 @@ { "Ref": "AWS::URLSuffix" }, - "/nginx:latest" + "/aws-cdk/assets:77284835684772d19c95f4f5a37e7618d5f9efc40db9321d44ac039db457b967" ] ] }, @@ -123,7 +107,7 @@ "InstanceConfiguration": {} } }, - "Service3AccessRole3ACBAAA0": { + "Service2AccessRole759CA73D": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -140,7 +124,7 @@ } } }, - "Service3AccessRoleDefaultPolicy57B9744E": { + "Service2AccessRoleDefaultPolicy08C28479": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -181,29 +165,29 @@ ], "Version": "2012-10-17" }, - "PolicyName": "Service3AccessRoleDefaultPolicy57B9744E", + "PolicyName": "Service2AccessRoleDefaultPolicy08C28479", "Roles": [ { - "Ref": "Service3AccessRole3ACBAAA0" + "Ref": "Service2AccessRole759CA73D" } ] } }, - "Service342D067F2": { + "Service2AB4D14D8": { "Type": "AWS::AppRunner::Service", "Properties": { "SourceConfiguration": { "AuthenticationConfiguration": { "AccessRoleArn": { "Fn::GetAtt": [ - "Service3AccessRole3ACBAAA0", + "Service2AccessRole759CA73D", "Arn" ] } }, "ImageRepository": { "ImageConfiguration": { - "Port": "8000" + "Port": "80" }, "ImageIdentifier": { "Fn::Join": [ @@ -229,89 +213,9 @@ }, "InstanceConfiguration": {} } - }, - "Service429949929": { - "Type": "AWS::AppRunner::Service", - "Properties": { - "SourceConfiguration": { - "AuthenticationConfiguration": { - "ConnectionArn": "MOCK" - }, - "CodeRepository": { - "CodeConfiguration": { - "ConfigurationSource": "REPOSITORY" - }, - "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", - "SourceCodeVersion": { - "Type": "BRANCH", - "Value": "main" - } - } - }, - "InstanceConfiguration": {} - } - }, - "Service5AD92B5A5": { - "Type": "AWS::AppRunner::Service", - "Properties": { - "SourceConfiguration": { - "AuthenticationConfiguration": { - "ConnectionArn": "MOCK" - }, - "CodeRepository": { - "CodeConfiguration": { - "CodeConfigurationValues": { - "BuildCommand": "yum install -y pycairo && pip install -r requirements.txt", - "Port": "8000", - "Runtime": "PYTHON_3", - "StartCommand": "python app.py" - }, - "ConfigurationSource": "API" - }, - "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", - "SourceCodeVersion": { - "Type": "BRANCH", - "Value": "main" - } - } - }, - "InstanceConfiguration": {} - } } }, "Outputs": { - "URL1": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Fn::GetAtt": [ - "Service1EDCC8134", - "ServiceUrl" - ] - } - ] - ] - } - }, - "URL2": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Fn::GetAtt": [ - "Service2AB4D14D8", - "ServiceUrl" - ] - } - ] - ] - } - }, "URL3": { "Value": { "Fn::Join": [ @@ -328,23 +232,7 @@ ] } }, - "URL4": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Fn::GetAtt": [ - "Service429949929", - "ServiceUrl" - ] - } - ] - ] - } - }, - "URL5": { + "URL2": { "Value": { "Fn::Join": [ "", @@ -352,7 +240,7 @@ "https://", { "Fn::GetAtt": [ - "Service5AD92B5A5", + "Service2AB4D14D8", "ServiceUrl" ] } diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.ts new file mode 100644 index 0000000000000..347cdced6ef4b --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-ecr.ts @@ -0,0 +1,32 @@ +import * as path from 'path'; +import * as assets from '@aws-cdk/aws-ecr-assets'; +import * as cdk from '@aws-cdk/core'; +import { Service, Source } from '../lib'; + + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'integ-apprunner'); + + +// Scenario 3: Create the service from local code assets +const imageAsset = new assets.DockerImageAsset(stack, 'ImageAssets', { + directory: path.join(__dirname, './docker.assets'), +}); +const service3 = new Service(stack, 'Service3', { + source: Source.fromAsset({ + imageConfiguration: { port: 8000 }, + asset: imageAsset, + }), +}); +new cdk.CfnOutput(stack, 'URL3', { value: `https://${service3.serviceUrl}` }); + +// Scenario 2: Create the service from existing ECR repository +const service2 = new Service(stack, 'Service2', { + source: Source.fromEcr({ + imageConfiguration: { port: 80 }, + repository: imageAsset.repository, + tag: imageAsset.assetHash, + }), +}); +new cdk.CfnOutput(stack, 'URL2', { value: `https://${service2.serviceUrl}` }); diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-github.expected.json b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.expected.json new file mode 100644 index 0000000000000..a30841a30e91c --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.expected.json @@ -0,0 +1,86 @@ +{ + "Resources": { + "Service429949929": { + "Type": "AWS::AppRunner::Service", + "Properties": { + "SourceConfiguration": { + "AuthenticationConfiguration": { + "ConnectionArn": "MOCK" + }, + "CodeRepository": { + "CodeConfiguration": { + "ConfigurationSource": "REPOSITORY" + }, + "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", + "SourceCodeVersion": { + "Type": "BRANCH", + "Value": "main" + } + } + }, + "InstanceConfiguration": {} + } + }, + "Service5AD92B5A5": { + "Type": "AWS::AppRunner::Service", + "Properties": { + "SourceConfiguration": { + "AuthenticationConfiguration": { + "ConnectionArn": "MOCK" + }, + "CodeRepository": { + "CodeConfiguration": { + "CodeConfigurationValues": { + "BuildCommand": "yum install -y pycairo && pip install -r requirements.txt", + "Port": "8000", + "Runtime": "PYTHON_3", + "StartCommand": "python app.py" + }, + "ConfigurationSource": "API" + }, + "RepositoryUrl": "https://github.com/aws-containers/hello-app-runner", + "SourceCodeVersion": { + "Type": "BRANCH", + "Value": "main" + } + } + }, + "InstanceConfiguration": {} + } + } + }, + "Outputs": { + "URL4": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Fn::GetAtt": [ + "Service429949929", + "ServiceUrl" + ] + } + ] + ] + } + }, + "URL5": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Fn::GetAtt": [ + "Service5AD92B5A5", + "ServiceUrl" + ] + } + ] + ] + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service-github.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.ts new file mode 100644 index 0000000000000..8813865f04259 --- /dev/null +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service-github.ts @@ -0,0 +1,35 @@ +import * as cdk from '@aws-cdk/core'; +import { Service, Source, GitHubConnection, ConfigurationSourceType, Runtime } from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'integ-apprunner'); + +// Scenario 4: Create the service from Github. Make sure you specify a valid connection ARN. +const connectionArn = process.env.CONNECTION_ARN || 'MOCK'; +const service4 = new Service(stack, 'Service4', { + source: Source.fromGitHub({ + repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', + branch: 'main', + configurationSource: ConfigurationSourceType.REPOSITORY, + connection: GitHubConnection.fromConnectionArn(connectionArn), + }), +}); +new cdk.CfnOutput(stack, 'URL4', { value: `https://${service4.serviceUrl}` }); + +// Scenario 5: Create the service from Github with configuration values override. +const service5 = new Service(stack, 'Service5', { + source: Source.fromGitHub({ + repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', + branch: 'main', + configurationSource: ConfigurationSourceType.API, + codeConfigurationValues: { + runtime: Runtime.PYTHON_3, + port: '8000', + startCommand: 'python app.py', + buildCommand: 'yum install -y pycairo && pip install -r requirements.txt', + }, + connection: GitHubConnection.fromConnectionArn(connectionArn), + }), +}); +new cdk.CfnOutput(stack, 'URL5', { value: `https://${service5.serviceUrl}` }); diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service.ts b/packages/@aws-cdk/aws-apprunner/test/integ.service.ts deleted file mode 100644 index 2df2dab9301aa..0000000000000 --- a/packages/@aws-cdk/aws-apprunner/test/integ.service.ts +++ /dev/null @@ -1,71 +0,0 @@ -import * as path from 'path'; -import * as ecr from '@aws-cdk/aws-ecr'; -import * as assets from '@aws-cdk/aws-ecr-assets'; -import * as cdk from '@aws-cdk/core'; -import { Service, Source, GitHubConnection, ConfigurationSourceType, Runtime } from '../lib'; - - -const app = new cdk.App(); - -const stack = new cdk.Stack(app, 'integ-apprunner'); - -// Scenario 1: Create the service from ECR public -const service1 = new Service(stack, 'Service1', { - source: Source.fromEcrPublic({ - imageConfiguration: { - port: 8000, - }, - imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest', - }), -}); -new cdk.CfnOutput(stack, 'URL1', { value: `https://${service1.serviceUrl}` }); - -// Scenario 2: Create the service from existing ECR repository, make sure you have `nginx` ECR repo in your account. -const service2 = new Service(stack, 'Service2', { - source: Source.fromEcr({ - imageConfiguration: { port: 80 }, - repository: ecr.Repository.fromRepositoryName(stack, 'NginxRepository', 'nginx'), - }), -}); -new cdk.CfnOutput(stack, 'URL2', { value: `https://${service2.serviceUrl}` }); - -// Scenario 3: Create the service from local code assets -const imageAsset = new assets.DockerImageAsset(stack, 'ImageAssets', { - directory: path.join(__dirname, './docker.assets'), -}); -const service3 = new Service(stack, 'Service3', { - source: Source.fromAsset({ - imageConfiguration: { port: 8000 }, - asset: imageAsset, - }), -}); -new cdk.CfnOutput(stack, 'URL3', { value: `https://${service3.serviceUrl}` }); - -// Scenario 4: Create the service from Github. Make sure you specify a valid connection ARN. -const connectionArn = stack.node.tryGetContext('CONNECTION_ARN') || 'MOCK'; -const service4 = new Service(stack, 'Service4', { - source: Source.fromGitHub({ - repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', - branch: 'main', - configurationSource: ConfigurationSourceType.REPOSITORY, - connection: GitHubConnection.fromConnectionArn(connectionArn), - }), -}); -new cdk.CfnOutput(stack, 'URL4', { value: `https://${service4.serviceUrl}` }); - -// Scenario 5: Create the service from Github with configuration values override. -const service5 = new Service(stack, 'Service5', { - source: Source.fromGitHub({ - repositoryUrl: 'https://github.com/aws-containers/hello-app-runner', - branch: 'main', - configurationSource: ConfigurationSourceType.API, - codeConfigurationValues: { - runtime: Runtime.PYTHON_3, - port: '8000', - startCommand: 'python app.py', - buildCommand: 'yum install -y pycairo && pip install -r requirements.txt', - }, - connection: GitHubConnection.fromConnectionArn(connectionArn), - }), -}); -new cdk.CfnOutput(stack, 'URL5', { value: `https://${service5.serviceUrl}` }); diff --git a/packages/@aws-cdk/aws-appsync/README.md b/packages/@aws-cdk/aws-appsync/README.md index 721fa10390784..d7a54f9887cc7 100644 --- a/packages/@aws-cdk/aws-appsync/README.md +++ b/packages/@aws-cdk/aws-appsync/README.md @@ -252,7 +252,7 @@ import * as opensearch from '@aws-cdk/aws-opensearchservice'; const user = new iam.User(this, 'User'); const domain = new opensearch.Domain(this, 'Domain', { - version: opensearch.EngineVersion.OPENSEARCH_1_1, + version: opensearch.EngineVersion.OPENSEARCH_1_2, removalPolicy: RemovalPolicy.DESTROY, fineGrainedAccessControl: { masterUserArn: user.userArn }, encryptionAtRest: { enabled: true }, diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json index 1977b2d346896..803b2f0226d72 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json @@ -39,7 +39,7 @@ "EncryptionAtRestOptions": { "Enabled": true }, - "EngineVersion": "OpenSearch_1.1", + "EngineVersion": "OpenSearch_1.2", "LogPublishingOptions": {}, "NodeToNodeEncryptionOptions": { "Enabled": true diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.ts b/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.ts index e055bfe15c83b..cb96dee17e90f 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.ts +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.ts @@ -8,7 +8,7 @@ const app = new cdk.App(); const stack = new cdk.Stack(app, 'appsync-opensearch'); const user = new User(stack, 'User'); const domain = new opensearch.Domain(stack, 'Domain', { - version: opensearch.EngineVersion.OPENSEARCH_1_1, + version: opensearch.EngineVersion.OPENSEARCH_1_2, removalPolicy: cdk.RemovalPolicy.DESTROY, fineGrainedAccessControl: { masterUserArn: user.userArn, diff --git a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js index 672b5762dbc15..fea57736fb531 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js +++ b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js @@ -92,7 +92,7 @@ const requestCertificate = async function (requestId, domainName, subjectAlterna const reqCertResponse = await acm.requestCertificate({ DomainName: domainName, SubjectAlternativeNames: subjectAlternativeNames, - IdempotencyToken: crypto.createHash('sha256').update(requestId).digest('hex').substr(0, 32), + IdempotencyToken: crypto.createHash('sha256').update(requestId).digest('hex').slice(0, 32), ValidationMethod: 'DNS' }).promise(); diff --git a/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile b/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile index 67fd379018917..931518298c332 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile +++ b/packages/@aws-cdk/aws-cloudformation/test/asset-docker-fixture/Dockerfile @@ -1 +1 @@ -FROM alpine +FROM public.ecr.aws/docker/library/alpine:latest diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.ts b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.ts index d1373e8659838..d02ba67c5c47d 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.ts +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.ts @@ -41,7 +41,7 @@ class MyNestedStack extends NestedStack { if (props.subscriber) { new lambda.Function(this, 'fn', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, code: lambda.Code.fromInline('console.error("hi")'), handler: 'index.handler', environment: { diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.ts b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.ts index 26c40a3df4ad8..2a27565973b3e 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.ts +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.ts @@ -15,7 +15,7 @@ class MyNestedStack extends NestedStack { new lambda.Function(this, 'Handler', { code: lambda.Code.fromAsset(path.join(__dirname, 'asset-directory-fixture')), - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', }); } diff --git a/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts b/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts index c8a9b2b17ec82..a6323d27a452f 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/origin-access-identity.ts @@ -108,7 +108,7 @@ export class OriginAccessIdentity extends OriginAccessIdentityBase implements IO super(scope, id); // Comment has a max length of 128. - const comment = (props?.comment ?? 'Allows CloudFront to reach the bucket').substr(0, 128); + const comment = (props?.comment ?? 'Allows CloudFront to reach the bucket').slice(0, 128); this.resource = new CfnCloudFrontOriginAccessIdentity(this, 'Resource', { cloudFrontOriginAccessIdentityConfig: { comment }, }); diff --git a/packages/@aws-cdk/aws-cloudfront/lib/origin.ts b/packages/@aws-cdk/aws-cloudfront/lib/origin.ts index 210ffb87648f7..4d555375fd8b9 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/origin.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/origin.ts @@ -182,7 +182,7 @@ export abstract class OriginBase implements IOrigin { if (originPath === undefined) { return undefined; } let path = originPath; if (!path.startsWith('/')) { path = '/' + path; } - if (path.endsWith('/')) { path = path.substr(0, path.length - 1); } + if (path.endsWith('/')) { path = path.slice(0, -1); } return path; } diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts index 5b4e785cc21a7..2fb0d5d958dc0 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts @@ -815,7 +815,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu // Comments have an undocumented limit of 128 characters const trimmedComment = props.comment && props.comment.length > 128 - ? `${props.comment.substr(0, 128 - 3)}...` + ? `${props.comment.slice(0, 128 - 3)}...` : props.comment; let distributionConfig: CfnDistribution.DistributionConfigProperty = { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json index 9307879bca924..5fc5a888c4c11 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.expected.json @@ -1,9 +1,9 @@ { "Resources": { "Bucket83908E77": { - "DeletionPolicy": "Delete", + "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", - "Type": "AWS::S3::Bucket" + "DeletionPolicy": "Delete" }, "MyDistributionCFDistributionDE147309": { "Type": "AWS::CloudFront::Distribution", @@ -18,6 +18,7 @@ "GET", "HEAD" ], + "Compress": true, "ForwardedValues": { "Cookies": { "Forward": "none" @@ -25,8 +26,7 @@ "QueryString": false }, "TargetOriginId": "origin1", - "ViewerProtocolPolicy": "redirect-to-https", - "Compress": true + "ViewerProtocolPolicy": "redirect-to-https" }, "DefaultRootObject": "index.html", "Enabled": true, @@ -47,17 +47,20 @@ } ], "PriceClass": "PriceClass_100", - "ViewerCertificate": { - "CloudFrontDefaultCertificate": true - }, "Restrictions": { "GeoRestriction": { - "Locations": ["US", "UK"], + "Locations": [ + "US", + "GB" + ], "RestrictionType": "whitelist" } + }, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": true } } } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts index 7f90fff25740e..b89fee939cb4c 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-geo-restrictions.ts @@ -19,7 +19,7 @@ new cloudfront.CloudFrontWebDistribution(stack, 'MyDistribution', { behaviors: [{ isDefaultBehavior: true }], }, ], - geoRestriction: cloudfront.GeoRestriction.allowlist('US', 'UK'), + geoRestriction: cloudfront.GeoRestriction.allowlist('US', 'GB'), }); app.synth(); diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json index 8759a3b629e14..d8528288e52d0 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json @@ -52,7 +52,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaServiceRoleA8ED4D3B" diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts index 83eea22f40cef..6427b28195c51 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts @@ -14,7 +14,7 @@ const sourceBucket = new s3.Bucket(stack, 'Bucket', { const lambdaFunction = new lambda.Function(stack, 'Lambda', { code: lambda.Code.fromInline('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const lambdaVersion = new lambda.Version(stack, 'LambdaVersion', { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json index d87415745eed9..301d18dd22920 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json @@ -47,13 +47,13 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaServiceRoleA8ED4D3B" ] }, - "LambdaCurrentVersionDF706F6A25bf7d67df4eb614ea2e1ea69c8759b6": { + "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -72,7 +72,7 @@ { "EventType": "origin-request", "LambdaFunctionARN": { - "Ref": "LambdaCurrentVersionDF706F6A25bf7d67df4eb614ea2e1ea69c8759b6" + "Ref": "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d" } } ], diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts index b6da02f0fa860..c277e93f4a678 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.ts @@ -9,7 +9,7 @@ const stack = new cdk.Stack(app, 'integ-distribution-lambda', { env: { region: ' const lambdaFunction = new lambda.Function(stack, 'Lambda', { code: lambda.Code.fromInline('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); new cloudfront.Distribution(stack, 'Dist', { diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json index e115d5360fee6..f8a12f1430107 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json @@ -2,9 +2,177 @@ "Resources": { "Bucket83908E77": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "LambdaFunctionServiceRoleC555A460": { "Type": "AWS::IAM::Role", "Properties": { @@ -49,7 +217,7 @@ ] }, "Handler": "hello.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaFunctionServiceRoleC555A460" @@ -57,8 +225,16 @@ }, "S3486F821D": { "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "S3Policy2E4AA1D6": { "Type": "AWS::S3::BucketPolicy", @@ -68,6 +244,44 @@ }, "PolicyDocument": { "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, { "Action": "s3:GetBucketAcl", "Effect": "Allow", @@ -116,6 +330,25 @@ } } }, + "S3AutoDeleteObjectsCustomResource5A4102C9": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "S3486F821D" + } + }, + "DependsOn": [ + "S3Policy2E4AA1D6" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "Trail022F0CF2": { "Type": "AWS::CloudTrail::Trail", "Properties": { @@ -171,5 +404,19 @@ "S3Policy2E4AA1D6" ] } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts index aeb9139462bb5..1e399351646d1 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts @@ -8,9 +8,12 @@ import * as cloudtrail from '../lib'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-cloudtrail'); -const bucket = new s3.Bucket(stack, 'Bucket', { removalPolicy: cdk.RemovalPolicy.DESTROY }); +const bucket = new s3.Bucket(stack, 'Bucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, +}); const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'hello.handler', code: lambda.Code.fromInline('exports.handler = {}'), }); @@ -18,7 +21,11 @@ const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', { // using exctecy the same code as inside the cloudtrail class to produce the supplied bucket and policy const cloudTrailPrincipal = new iam.ServicePrincipal('cloudtrail.amazonaws.com'); -const Trailbucket = new s3.Bucket(stack, 'S3', { encryption: s3.BucketEncryption.UNENCRYPTED }); +const Trailbucket = new s3.Bucket(stack, 'S3', { + encryption: s3.BucketEncryption.UNENCRYPTED, + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, +}); Trailbucket.addToResourcePolicy(new iam.PolicyStatement({ resources: [Trailbucket.bucketArn], diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json index 90c9dd9724771..10acbfff90f7f 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json @@ -2,9 +2,177 @@ "Resources": { "Bucket83908E77": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "TopicBFC7AF6E": { "Type": "AWS::SNS::Topic" }, @@ -71,14 +239,14 @@ "Code": { "ZipFile": "exports.handler = {}" }, - "Handler": "hello.handler", "Role": { "Fn::GetAtt": [ "LambdaFunctionServiceRoleC555A460", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "hello.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaFunctionServiceRoleC555A460" @@ -240,5 +408,19 @@ "TrailS3PolicyE42170FE" ] } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts index 8aeb2aab84eae..8280f7f797a44 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.ts @@ -7,10 +7,13 @@ import * as cloudtrail from '../lib'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-cloudtrail'); -const bucket = new s3.Bucket(stack, 'Bucket', { removalPolicy: cdk.RemovalPolicy.DESTROY }); +const bucket = new s3.Bucket(stack, 'Bucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, +}); const topic = new sns.Topic(stack, 'Topic'); const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'hello.handler', code: lambda.Code.fromInline('exports.handler = {}'), }); diff --git a/packages/@aws-cdk/aws-cloudwatch/README.md b/packages/@aws-cdk/aws-cloudwatch/README.md index 8404c6ce9ad7a..af3aaf7c5a765 100644 --- a/packages/@aws-cdk/aws-cloudwatch/README.md +++ b/packages/@aws-cdk/aws-cloudwatch/README.md @@ -104,7 +104,13 @@ graph showing the Average statistic with an aggregation period of 5 minutes: ```ts const cpuUtilization = new cloudwatch.MathExpression({ - expression: "SEARCH('{AWS/EC2,InstanceId} MetricName=\"CPUUtilization\"', 'Average', 300)" + expression: "SEARCH('{AWS/EC2,InstanceId} MetricName=\"CPUUtilization\"', 'Average', 300)", + + // Specifying '' as the label suppresses the default behavior + // of using the expression as metric label. This is especially appropriate + // when using expressions that return multiple time series (like SEARCH() + // or METRICS()), to show the labels of the retrieved metrics only. + label: '', }); ``` @@ -157,6 +163,33 @@ useful when embedding them in graphs, see below). > happen to know the Metric you want to alarm on makes sense as a rate > (`Average`) you can always choose to change the statistic. +### Labels + +Metric labels are displayed in the legend of graphs that include the metrics. + +You can use [dynamic labels](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html) +to show summary information about the displayed time series +in the legend. For example, if you use: + +```ts +declare const fn: lambda.Function; + +const minuteErrorRate = fn.metricErrors({ + statistic: 'sum', + period: Duration.hours(1), + + // Show the maximum hourly error count in the legend + label: '[max: ${MAX}] Lambda failure rate', +}); +``` + +As the metric label, the maximum value in the visible range will +be shown next to the time series name in the graph's legend. + +If the metric is a math expression producing more than one time series, the +maximum will be individually calculated and shown for each time series produce +by the math expression. + ## Alarms Alarms can be created on metrics in one of two ways. Either create an `Alarm` @@ -308,7 +341,7 @@ dashboard.addWidgets(new cloudwatch.GraphWidget({ right: [errorCountMetric.with({ statistic: "average", label: "Error rate", - color: cloudwatch.Color.GREEN + color: cloudwatch.Color.GREEN, })] })); ``` diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts b/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts index b789bf9cd710f..700a4381557f0 100644 --- a/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts +++ b/packages/@aws-cdk/aws-cloudwatch/lib/metric.ts @@ -71,6 +71,18 @@ export interface CommonMetricOptions { /** * Label for this metric when added to a Graph in a Dashboard + * + * You can use [dynamic labels](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html) + * to show summary information about the entire displayed time series + * in the legend. For example, if you use: + * + * ``` + * [max: ${MAX}] MyMetric + * ``` + * + * As the metric label, the maximum value in the visible range will + * be shown next to the time series name in the graph's legend. + * * @default - No label */ readonly label?: string; @@ -123,7 +135,28 @@ export interface MetricOptions extends CommonMetricOptions { */ export interface MathExpressionOptions { /** - * Label for this metric when added to a Graph in a Dashboard + * Label for this expression when added to a Graph in a Dashboard + * + * If this expression evaluates to more than one time series (for + * example, through the use of `METRICS()` or `SEARCH()` expressions), + * each time series will appear in the graph using a combination of the + * expression label and the individual metric label. Specify the empty + * string (`''`) to suppress the expression label and only keep the + * metric label. + * + * You can use [dynamic labels](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html) + * to show summary information about the displayed time series + * in the legend. For example, if you use: + * + * ``` + * [max: ${MAX}] MyMetric + * ``` + * + * As the metric label, the maximum value in the visible range will + * be shown next to the time series name in the graph's legend. If the + * math expression produces more than one time series, the maximum + * will be shown for each individual time series produce by this + * math expression. * * @default - Expression value is used as label */ diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts b/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts index 9223695a96c67..13a6440f8946c 100644 --- a/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts +++ b/packages/@aws-cdk/aws-cloudwatch/lib/private/rendering.ts @@ -66,11 +66,17 @@ function metricGraphJson(metric: IMetric, yAxis?: string, id?: string) { if (yAxis !== 'left') { options.yAxis = yAxis; } if (id) { options.id = id; } - // If math expressions don't have a label (or an ID), they'll render with an unelegant - // autogenerated id ("metric_alias0"). Our ids may in the future also be autogenerated, - // so if an ME doesn't have a label, use its toString() as the label (renders the expression). if (options.visible !== false && options.expression && !options.label) { - options.label = metric.toString(); + // Label may be '' or undefined. + // + // If undefined, we'll render the expression as the label, to suppress + // the default behavior of CW where it would render the metric + // id as label, which we (inelegantly) generate to be something like "metric_alias0". + // + // For array expressions (returning more than 1 TS) users may sometimes want to + // suppress the label completely. For those cases, we'll accept the empty string, + // and not render a label at all. + options.label = options.label === '' ? undefined : metric.toString(); } const renderedOpts = dropUndefined(options); diff --git a/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts b/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts index 5f244f3b11352..d4220f83d1b50 100644 --- a/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts +++ b/packages/@aws-cdk/aws-cloudwatch/test/metric-math.test.ts @@ -145,6 +145,27 @@ describe('Metric Math', () => { ]); + }); + + test('passing an empty string as the label of a MathExpressions does not emit a label', () => { + const graph = new GraphWidget({ + left: [ + new MathExpression({ + expression: 'a + e', + label: '', + usingMetrics: { + a, + }, + }), + ], + }); + + graphMetricsAre(graph, [ + [{ expression: 'a + e' }], + ['Test', 'ACount', { visible: false, id: 'a' }], + ]); + + }); test('can reuse identifiers in MathExpressions if metrics are the same', () => { diff --git a/packages/@aws-cdk/aws-codebuild/lib/project.ts b/packages/@aws-cdk/aws-codebuild/lib/project.ts index 8cc6917dd78cd..85a25b5fda7fc 100644 --- a/packages/@aws-cdk/aws-codebuild/lib/project.ts +++ b/packages/@aws-cdk/aws-codebuild/lib/project.ts @@ -858,7 +858,7 @@ export class Project extends ProjectBase { // If the parameter name starts with / the resource name is not separated with a double '/' // arn:aws:ssm:region:1111111111:parameter/PARAM_NAME resourceName: envVariableValue.startsWith('/') - ? envVariableValue.substr(1) + ? envVariableValue.slice(1) : envVariableValue, })); } diff --git a/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-codebuild/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json index d3c45a9bee054..e11ff97797ce9 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json @@ -146,7 +146,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:4af07cfea2e112710555eb86325bfd4d7d4b97e4fa9f1bf6c053c72f992c7fe5" + "/aws-cdk/assets:73ee9c3cafd103104e2a42ee76961a90a2410d0dcad42110343c5fd85ad6db78" ] ] }, diff --git a/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts b/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts index dc136abb87ee4..289a6660c8c4f 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/ecs/application.ts @@ -1,7 +1,7 @@ import { ArnFormat, IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnApplication } from '../codedeploy.generated'; -import { arnForApplication } from '../utils'; +import { arnForApplication, validateName } from '../utils'; /** * Represents a reference to a CodeDeploy Application deploying to Amazon ECS. @@ -76,5 +76,7 @@ export class EcsApplication extends Resource implements IEcsApplication { resourceName: this.physicalName, arnFormat: ArnFormat.COLON_RESOURCE_NAME, }); + + this.node.addValidation({ validate: () => validateName('Application', this.physicalName) }); } } diff --git a/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts b/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts index 03449cf00b229..e0d27f8dabc34 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/lambda/application.ts @@ -1,7 +1,7 @@ import { ArnFormat, IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnApplication } from '../codedeploy.generated'; -import { arnForApplication } from '../utils'; +import { arnForApplication, validateName } from '../utils'; /** * Represents a reference to a CodeDeploy Application deploying to AWS Lambda. @@ -76,5 +76,7 @@ export class LambdaApplication extends Resource implements ILambdaApplication { resourceName: this.physicalName, arnFormat: ArnFormat.COLON_RESOURCE_NAME, }); + + this.node.addValidation({ validate: () => validateName('Application', this.physicalName) }); } } diff --git a/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts b/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts index 55077fe93f273..726a7781c2dd3 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/lambda/custom-deployment-config.ts @@ -1,7 +1,7 @@ import { Duration, Names, Resource } from '@aws-cdk/core'; import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from '@aws-cdk/custom-resources'; import { Construct } from 'constructs'; -import { arnForDeploymentConfig } from '../utils'; +import { arnForDeploymentConfig, validateName } from '../utils'; import { ILambdaDeploymentConfig } from './deployment-config'; /** @@ -141,6 +141,8 @@ export class CustomLambdaDeploymentConfig extends Resource implements ILambdaDep resources: AwsCustomResourcePolicy.ANY_RESOURCE, }), }); + + this.node.addValidation({ validate: () => validateName('Deployment config', this.deploymentConfigName) }); } // Validate the inputs. The percentage/interval limits come from CodeDeploy diff --git a/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts index 2449ff87f31fd..5968402efdd1f 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/lambda/deployment-group.ts @@ -5,7 +5,7 @@ import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnDeploymentGroup } from '../codedeploy.generated'; import { AutoRollbackConfig } from '../rollback-config'; -import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration } from '../utils'; +import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration, validateName } from '../utils'; import { ILambdaApplication, LambdaApplication } from './application'; import { ILambdaDeploymentConfig, LambdaDeploymentConfig } from './deployment-config'; @@ -203,6 +203,8 @@ export class LambdaDeploymentGroup extends cdk.Resource implements ILambdaDeploy if (this.deploymentConfig instanceof Construct) { this.node.addDependency(this.deploymentConfig); } + + this.node.addValidation({ validate: () => validateName('Deployment group', this.physicalName) }); } /** diff --git a/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts b/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts index b6f7324ef5985..a04d789fce566 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/server/application.ts @@ -1,7 +1,7 @@ import { ArnFormat, IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnApplication } from '../codedeploy.generated'; -import { arnForApplication } from '../utils'; +import { arnForApplication, validateName } from '../utils'; /** * Represents a reference to a CodeDeploy Application deploying to EC2/on-premise instances. @@ -77,5 +77,8 @@ export class ServerApplication extends Resource implements IServerApplication { resourceName: this.physicalName, arnFormat: ArnFormat.COLON_RESOURCE_NAME, }); + + this.node.addValidation({ validate: () => validateName('Application', this.physicalName) }); } + } diff --git a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts index 058fad91341ad..7ddb0ec1d37d9 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-config.ts @@ -1,7 +1,7 @@ import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnDeploymentConfig } from '../codedeploy.generated'; -import { arnForDeploymentConfig } from '../utils'; +import { arnForDeploymentConfig, validateName } from '../utils'; /** * The Deployment Configuration of an EC2/on-premise Deployment Group. @@ -118,6 +118,8 @@ export class ServerDeploymentConfig extends cdk.Resource implements IServerDeplo this.deploymentConfigName = resource.ref; this.deploymentConfigArn = arnForDeploymentConfig(this.deploymentConfigName); + + this.node.addValidation({ validate: () => validateName('Deployment config', this.physicalName) }); } } diff --git a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts index f4f3cad0774cc..afb6aee8545e0 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/server/deployment-group.ts @@ -8,7 +8,7 @@ import { ArnFormat } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnDeploymentGroup } from '../codedeploy.generated'; import { AutoRollbackConfig } from '../rollback-config'; -import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration } from '../utils'; +import { arnForDeploymentGroup, renderAlarmConfiguration, renderAutoRollbackConfiguration, validateName } from '../utils'; import { IServerApplication, ServerApplication } from './application'; import { IServerDeploymentConfig, ServerDeploymentConfig } from './deployment-config'; import { LoadBalancer, LoadBalancerGeneration } from './load-balancer'; @@ -314,6 +314,8 @@ export class ServerDeploymentGroup extends ServerDeploymentGroupBase { resourceName: `${this.application.applicationName}/${this.physicalName}`, arnFormat: ArnFormat.COLON_RESOURCE_NAME, }); + + this.node.addValidation({ validate: () => validateName('Deployment group', this.physicalName) }); } /** diff --git a/packages/@aws-cdk/aws-codedeploy/lib/utils.ts b/packages/@aws-cdk/aws-codedeploy/lib/utils.ts index 7bdf6bc9162da..6c5381b0de96b 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/utils.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/utils.ts @@ -1,5 +1,5 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; -import { Aws } from '@aws-cdk/core'; +import { Aws, Token } from '@aws-cdk/core'; import { CfnDeploymentGroup } from './codedeploy.generated'; import { AutoRollbackConfig } from './rollback-config'; @@ -65,3 +65,18 @@ CfnDeploymentGroup.AutoRollbackConfigurationProperty | undefined { } : undefined; } + +export function validateName(type: 'Application' | 'Deployment group' | 'Deployment config', name: string): string[] { + const ret = []; + + if (!Token.isUnresolved(name) && name !== undefined) { + if (name.length > 100) { + ret.push(`${type} name: "${name}" can be a max of 100 characters.`); + } + if (!/^[a-z0-9._+=,@-]+$/i.test(name)) { + ret.push(`${type} name: "${name}" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).`); + } + } + + return ret; +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts b/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts index ec130559aaff8..a5661c3538f14 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/ecs/application.test.ts @@ -23,4 +23,24 @@ describe('CodeDeploy ECS Application', () => { ComputePlatform: 'ECS', }); }); + + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.EcsApplication(stack, 'MyApp', { + applicationName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Application name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.EcsApplication(stack, 'MyApp', { + applicationName: 'my name', + }); + + expect(() => app.synth()).toThrow('Application name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); }); diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts index 6ccbd816935ba..4b870c53c0e1d 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/application.test.ts @@ -21,4 +21,24 @@ describe('CodeDeploy Lambda Application', () => { ComputePlatform: 'Lambda', }); }); + + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.LambdaApplication(stack, 'MyApp', { + applicationName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Application name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.LambdaApplication(stack, 'MyApp', { + applicationName: 'my name', + }); + + expect(() => app.synth()).toThrow('Application name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); }); diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts index 7755402502857..618479726a3f2 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/custom-deployment-config.test.ts @@ -97,6 +97,32 @@ test('custom resource created with specific name', () => { }); }); +test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stackWithApp = new cdk.Stack(app); + new codedeploy.CustomLambdaDeploymentConfig(stackWithApp, 'CustomConfig', { + type: codedeploy.CustomLambdaDeploymentConfigType.CANARY, + interval: cdk.Duration.minutes(1), + percentage: 5, + deploymentConfigName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment config name: "${'a'.repeat(101)}" can be a max of 100 characters.`); +}); + +test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stackWithApp = new cdk.Stack(app); + new codedeploy.CustomLambdaDeploymentConfig(stackWithApp, 'CustomConfig', { + type: codedeploy.CustomLambdaDeploymentConfigType.CANARY, + interval: cdk.Duration.minutes(1), + percentage: 5, + deploymentConfigName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment config name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); +}); + test('can create linear custom config', () => { // WHEN const config = new codedeploy.CustomLambdaDeploymentConfig(stack, 'CustomConfig', { diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts index c6ecfde1ae2de..5dbd5c98258ab 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.test.ts @@ -115,7 +115,6 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { }); }); - test('can be created with explicit name', () => { const stack = new cdk.Stack(); const application = new codedeploy.LambdaApplication(stack, 'MyApp'); @@ -132,6 +131,30 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { }); }); + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + const alias = mockAlias(stack); + new codedeploy.LambdaDeploymentGroup(stack, 'MyDG', { + alias, + deploymentGroupName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment group name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + const alias = mockAlias(stack); + new codedeploy.LambdaDeploymentGroup(stack, 'MyDG', { + alias, + deploymentGroupName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment group name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); + test('can be created with explicit role', () => { const stack = new cdk.Stack(); const application = new codedeploy.LambdaApplication(stack, 'MyApp'); @@ -565,6 +588,32 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { }, }); }); + + test('uses the correct Service Principal in the us-isob-east-1 region', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'CodeDeployLambdaStack', { + env: { region: 'us-isob-east-1' }, + }); + const alias = mockAlias(stack); + new codedeploy.LambdaDeploymentGroup(stack, 'MyDG', { + alias, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'codedeploy.amazonaws.com', + }, + }, + ], + Version: '2012-10-17', + }, + }); + }); }); describe('imported with fromLambdaDeploymentGroupAttributes', () => { diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json index e9b096abe09f9..1686127fc7771 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json @@ -79,13 +79,13 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "HandlerServiceRoleFCDC14AE" ] }, - "HandlerCurrentVersion93FB80BFb2de9794fd0f0df5e5c01c16ba4b05cf": { + "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -101,7 +101,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "HandlerCurrentVersion93FB80BFb2de9794fd0f0df5e5c01c16ba4b05cf", + "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6", "Version" ] }, @@ -250,7 +250,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "PreHookServiceRoleDefaultPolicy65358F76", @@ -383,7 +383,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "PostHookServiceRoleDefaultPolicy82AEE758", diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts index ced2c76f4d447..4464fd9fc9a21 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.ts @@ -11,7 +11,7 @@ const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-lambda'); const handler = new lambda.Function(stack, 'Handler', { code: lambda.Code.fromAsset(path.join(__dirname, 'handler')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const version = handler.currentVersion; const blueGreenAlias = new lambda.Alias(stack, 'Alias', { @@ -22,12 +22,12 @@ const blueGreenAlias = new lambda.Alias(stack, 'Alias', { const preHook = new lambda.Function(stack, 'PreHook', { code: lambda.Code.fromAsset(path.join(__dirname, 'preHook')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const postHook = new lambda.Function(stack, 'PostHook', { code: lambda.Code.fromAsset(path.join(__dirname, 'postHook')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); new codedeploy.LambdaDeploymentGroup(stack, 'BlueGreenDeployment', { diff --git a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts index 52652e8024b28..8523518c68a34 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-config.test.ts @@ -42,4 +42,26 @@ describe('CodeDeploy DeploymentConfig', () => { expect(deploymentConfig).not.toEqual(undefined); }); + + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentConfig(stack, 'DeploymentConfig', { + minimumHealthyHosts: codedeploy.MinimumHealthyHosts.percentage(75), + deploymentConfigName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment config name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentConfig(stack, 'DeploymentConfig', { + minimumHealthyHosts: codedeploy.MinimumHealthyHosts.percentage(75), + deploymentConfigName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment config name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); }); diff --git a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts index 43acaadc3e7fc..c01a8ae8ef34d 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts +++ b/packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts @@ -437,4 +437,25 @@ describe('CodeDeploy Server Deployment Group', () => { }); }); + test('fail with more than 100 characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentGroup(stack, 'MyDG', { + deploymentGroupName: 'a'.repeat(101), + }); + + expect(() => app.synth()).toThrow(`Deployment group name: "${'a'.repeat(101)}" can be a max of 100 characters.`); + }); + + test('fail with unallowed characters in name', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app); + new codedeploy.ServerDeploymentGroup(stack, 'MyDG', { + + deploymentGroupName: 'my name', + }); + + expect(() => app.synth()).toThrow('Deployment group name: "my name" can only contain letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), + (plus signs), = (equals signs), , (commas), @ (at signs), - (minus signs).'); + }); + }); diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json index e57101d8a4892..2623f0aae9246 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json @@ -2,9 +2,177 @@ "Resources": { "ArtifactBucket7410C9EF": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "ArtifactBucketPolicy4B4B7752": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "ArtifactBucket7410C9EF" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "ArtifactBucket7410C9EF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ArtifactBucket7410C9EF", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "ArtifactBucketAutoDeleteObjectsCustomResource0BB47FD6": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "ArtifactBucket7410C9EF" + } + }, + "DependsOn": [ + "ArtifactBucketPolicy4B4B7752" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "ArtifactBucket7410C9EF" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineRoleD68726F7": { "Type": "AWS::IAM::Role", "Properties": { @@ -263,7 +431,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -408,7 +580,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -442,7 +618,15 @@ { "Ref": "AWS::Partition" }, - ":cloudformation:test-region:12345678:stackset/TestStackSet:*" + ":cloudformation:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":stackset/TestStackSet:*" ] ] } @@ -584,7 +768,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -618,7 +806,15 @@ { "Ref": "AWS::Partition" }, - ":cloudformation:test-region:12345678:stackset/TestStackSet:*" + ":cloudformation:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":stackset/TestStackSet:*" ] ] } @@ -636,6 +832,18 @@ } }, "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, "AssetParameters5bcf205623ea5b34a1944fea4c9982e835555e710235ae6f60172097737302e2S3Bucket3C8B9651": { "Type": "String", "Description": "S3 bucket for asset \"5bcf205623ea5b34a1944fea4c9982e835555e710235ae6f60172097737302e2\"" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts index bc41e86474584..f3b1b1f5c34dd 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.ts @@ -24,12 +24,13 @@ import { Construct } from 'constructs'; import * as cpactions from '../../lib'; export class StackSetPipelineStack extends Stack { - constructor(scope: Construct, id: string, props: StackProps) { + constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); const pipeline = new codepipeline.Pipeline(this, 'Pipeline', { artifactBucket: new s3.Bucket(this, 'ArtifactBucket', { removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, }), }); @@ -75,9 +76,4 @@ export class StackSetPipelineStack extends Stack { } const app = new App(); -new StackSetPipelineStack(app, 'StackSetPipelineStack', { - env: { - region: process.env.CDK_DEFAULT_REGION, - account: process.env.CDK_DEFAULT_ACCOUNT, - }, -}); +new StackSetPipelineStack(app, 'StackSetPipelineStack'); diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.ts index 3f9a337333915..c8bf98cdf323a 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.ts @@ -14,7 +14,7 @@ const lambdaCode = lambda.Code.fromCfnParameters(); new lambda.Function(lambdaStack, 'Lambda', { code: lambdaCode, handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); // other resources that your Lambda needs, added to the lambdaStack... diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json index ad6afd39fa570..4cc240b809647 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json @@ -883,7 +883,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "LambdaFunServiceRoleDefaultPolicy217FED83", diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.ts index 5d8a0c0f914d2..460d0f79dc5ba 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.ts @@ -34,7 +34,7 @@ const lambdaFun = new lambda.Function(stack, 'LambdaFun', { }; `), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const lambdaStage = pipeline.addStage({ stageName: 'Lambda' }); lambdaStage.addAction(new cpactions.LambdaInvokeAction({ diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts index 21a41f4c8721c..bb300d14ed213 100644 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts +++ b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts @@ -1055,7 +1055,7 @@ export class UserPool extends UserPoolBase { return undefined; } - const smsRoleExternalId = Names.uniqueId(this).substr(0, 1223); // sts:ExternalId max length of 1224 + const smsRoleExternalId = Names.uniqueId(this).slice(0, 1223); // sts:ExternalId max length of 1224 const smsRole = props.smsRole ?? new Role(this, 'smsRole', { assumedBy: new ServicePrincipal('cognito-idp.amazonaws.com', { conditions: { diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json index c2c5b4d18b269..33d544ca1751a 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json @@ -20,6 +20,16 @@ }, "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", + "Schema": [ + { + "AttributeDataType": "String", + "Name": "attribute_one" + }, + { + "AttributeDataType": "String", + "Name": "attribute_two" + } + ], "SmsVerificationMessage": "The verification code to your new account is {####}", "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts index d8a058a86d9c8..6f71e03dbed6e 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts @@ -1,11 +1,15 @@ import { App, RemovalPolicy, Stack } from '@aws-cdk/core'; -import { OAuthScope, UserPool, ClientAttributes } from '../lib'; +import { OAuthScope, UserPool, ClientAttributes, StringAttribute } from '../lib'; const app = new App(); const stack = new Stack(app, 'integ-user-pool-client-explicit-props'); const userpool = new UserPool(stack, 'myuserpool', { removalPolicy: RemovalPolicy.DESTROY, + customAttributes: { + attribute_one: new StringAttribute(), + attribute_two: new StringAttribute(), + }, }); userpool.addClient('myuserpoolclient', { diff --git a/packages/@aws-cdk/aws-config/test/integ.rule.lit.expected.json b/packages/@aws-cdk/aws-config/test/integ.rule.lit.expected.json index 172382853b95f..bf5a4d7d5b949 100644 --- a/packages/@aws-cdk/aws-config/test/integ.rule.lit.expected.json +++ b/packages/@aws-cdk/aws-config/test/integ.rule.lit.expected.json @@ -49,14 +49,14 @@ "Code": { "ZipFile": "exports.handler = (event) => console.log(event);" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "CustomFunctionServiceRoleD3F73B79", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "CustomFunctionServiceRoleD3F73B79" @@ -224,4 +224,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/integ.rule.lit.ts b/packages/@aws-cdk/aws-config/test/integ.rule.lit.ts index 45fef0c54d4f2..a5d9c646d1d10 100644 --- a/packages/@aws-cdk/aws-config/test/integ.rule.lit.ts +++ b/packages/@aws-cdk/aws-config/test/integ.rule.lit.ts @@ -15,7 +15,7 @@ class ConfigStack extends cdk.Stack { const fn = new lambda.Function(this, 'CustomFunction', { code: lambda.AssetCode.fromInline('exports.handler = (event) => console.log(event);'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); new config.CustomRule(this, 'Custom', { diff --git a/packages/@aws-cdk/aws-config/test/integ.scoped-rule.expected.json b/packages/@aws-cdk/aws-config/test/integ.scoped-rule.expected.json index fced1ede4a8f5..7ca9e9ecf4f61 100644 --- a/packages/@aws-cdk/aws-config/test/integ.scoped-rule.expected.json +++ b/packages/@aws-cdk/aws-config/test/integ.scoped-rule.expected.json @@ -49,14 +49,14 @@ "Code": { "ZipFile": "exports.handler = (event) => console.log(event);" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "CustomFunctionServiceRoleD3F73B79", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "CustomFunctionServiceRoleD3F73B79" @@ -109,4 +109,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/integ.scoped-rule.ts b/packages/@aws-cdk/aws-config/test/integ.scoped-rule.ts index 1203e179e0c62..833794f336ad8 100644 --- a/packages/@aws-cdk/aws-config/test/integ.scoped-rule.ts +++ b/packages/@aws-cdk/aws-config/test/integ.scoped-rule.ts @@ -9,7 +9,7 @@ const stack = new cdk.Stack(app, 'aws-cdk-config-rule-scoped-integ'); const fn = new lambda.Function(stack, 'CustomFunction', { code: lambda.AssetCode.fromInline('exports.handler = (event) => console.log(event);'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); new config.CustomRule(stack, 'Custom', { diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json b/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json index 1b661827dd1ec..f6a4f710d71a1 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -274,11 +274,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -463,20 +463,21 @@ "DatabaseB269D8BB": { "Type": "AWS::DocDB::DBCluster", "Properties": { - "MasterUsername": "docdb", - "MasterUserPassword": "7959866cacc02c2d243ecfe177464fe6", "DBClusterParameterGroupName": { "Ref": "ParamsA8366201" }, "DBSubnetGroupName": { "Ref": "DatabaseSubnets56F17B9A" }, + "EngineVersion": "3.6.0", "KmsKeyId": { "Fn::GetAtt": [ "DbSecurity381C2C15", "Arn" ] }, + "MasterUsername": "docdb", + "MasterUserPassword": "7959866cacc02c2d243ecfe177464fe6", "StorageEncrypted": true, "VpcSecurityGroupIds": [ { diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts b/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts index 084502d0dae65..f3d988e51c601 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster.ts @@ -31,6 +31,7 @@ class TestStack extends cdk.Stack { }); const cluster = new DatabaseCluster(this, 'Database', { + engineVersion: '3.6.0', masterUser: { username: 'docdb', password: cdk.SecretValue.plainText('7959866cacc02c2d243ecfe177464fe6'), diff --git a/packages/@aws-cdk/aws-dynamodb/lib/table.ts b/packages/@aws-cdk/aws-dynamodb/lib/table.ts index 32010c0bb6b32..763a369ee897d 100644 --- a/packages/@aws-cdk/aws-dynamodb/lib/table.ts +++ b/packages/@aws-cdk/aws-dynamodb/lib/table.ts @@ -1179,7 +1179,7 @@ export class Table extends TableBase { attributeDefinitions: this.attributeDefinitions, globalSecondaryIndexes: Lazy.any({ produce: () => this.globalSecondaryIndexes }, { omitEmptyArray: true }), localSecondaryIndexes: Lazy.any({ produce: () => this.localSecondaryIndexes }, { omitEmptyArray: true }), - pointInTimeRecoverySpecification: props.pointInTimeRecovery ? { pointInTimeRecoveryEnabled: props.pointInTimeRecovery } : undefined, + pointInTimeRecoverySpecification: props.pointInTimeRecovery != null ? { pointInTimeRecoveryEnabled: props.pointInTimeRecovery } : undefined, billingMode: this.billingMode === BillingMode.PAY_PER_REQUEST ? this.billingMode : undefined, provisionedThroughput: this.billingMode === BillingMode.PAY_PER_REQUEST ? undefined : { readCapacityUnits: props.readCapacity || 5, diff --git a/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts b/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts index 35297a4e32b73..03a8529da30a8 100644 --- a/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts +++ b/packages/@aws-cdk/aws-ec2/lib/cfn-init.ts @@ -111,7 +111,7 @@ export class CloudFormationInit { // as well as include any asset hashes provided so the fingerprint is accurate. const resolvedConfig = attachedResource.stack.resolve(bindResult.configData); const fingerprintInput = { config: resolvedConfig, assetHash: bindResult.assetHash }; - const fingerprint = contentHash(JSON.stringify(fingerprintInput)).substr(0, 16); + const fingerprint = contentHash(JSON.stringify(fingerprintInput)).slice(0, 16); attachOptions.instanceRole.addToPrincipalPolicy(new iam.PolicyStatement({ actions: ['cloudformation:DescribeStackResource', 'cloudformation:SignalResource'], diff --git a/packages/@aws-cdk/aws-ec2/lib/instance.ts b/packages/@aws-cdk/aws-ec2/lib/instance.ts index 213b1ef0e4629..8537ae0c32c51 100644 --- a/packages/@aws-cdk/aws-ec2/lib/instance.ts +++ b/packages/@aws-cdk/aws-ec2/lib/instance.ts @@ -430,7 +430,7 @@ export class Instance extends Resource implements IInstance { } finally { recursing = false; } - const digest = md5.digest('hex').substr(0, 16); + const digest = md5.digest('hex').slice(0, 16); return `${originalLogicalId}${digest}`; }, })); diff --git a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json index e287246eda0a7..576efc96d2057 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json @@ -1,5 +1,519 @@ { "Resources": { + "IntegInitVpc0D4FCCB3": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc" + } + ] + } + }, + "IntegInitVpcPublicSubnet1Subnet41A6F6D4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet1RouteTable837CD5FB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet1RouteTableAssociation00D33741": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet1RouteTable837CD5FB" + }, + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet1Subnet41A6F6D4" + } + } + }, + "IntegInitVpcPublicSubnet1DefaultRoute5BB90E8C": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet1RouteTable837CD5FB" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + }, + "DependsOn": [ + "IntegInitVpcVPCGW85EDC292" + ] + }, + "IntegInitVpcPublicSubnet1EIP46FCC3D6": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet1NATGateway46F32F7F": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet1Subnet41A6F6D4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "IntegInitVpcPublicSubnet1EIP46FCC3D6", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet1" + } + ] + } + }, + "IntegInitVpcPublicSubnet2Subnet9A384F16": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet2RouteTableF7E8F920": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet2RouteTableAssociationB816F9F3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet2RouteTableF7E8F920" + }, + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet2Subnet9A384F16" + } + } + }, + "IntegInitVpcPublicSubnet2DefaultRoute2393995F": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet2RouteTableF7E8F920" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + }, + "DependsOn": [ + "IntegInitVpcVPCGW85EDC292" + ] + }, + "IntegInitVpcPublicSubnet2EIP553B40DC": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet2NATGateway9CCB4A9C": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet2Subnet9A384F16" + }, + "AllocationId": { + "Fn::GetAtt": [ + "IntegInitVpcPublicSubnet2EIP553B40DC", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet2" + } + ] + } + }, + "IntegInitVpcPublicSubnet3Subnet30A34DA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPublicSubnet3RouteTable53FB2E26": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPublicSubnet3RouteTableAssociation73A6B648": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet3RouteTable53FB2E26" + }, + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet3Subnet30A34DA1" + } + } + }, + "IntegInitVpcPublicSubnet3DefaultRoute3781AD26": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPublicSubnet3RouteTable53FB2E26" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + }, + "DependsOn": [ + "IntegInitVpcVPCGW85EDC292" + ] + }, + "IntegInitVpcPublicSubnet3EIP59DDAB7B": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPublicSubnet3NATGatewayA7A986C7": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet3Subnet30A34DA1" + }, + "AllocationId": { + "Fn::GetAtt": [ + "IntegInitVpcPublicSubnet3EIP59DDAB7B", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PublicSubnet3" + } + ] + } + }, + "IntegInitVpcPrivateSubnet1Subnet259B51C1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet1" + } + ] + } + }, + "IntegInitVpcPrivateSubnet1RouteTableCB37994B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet1" + } + ] + } + }, + "IntegInitVpcPrivateSubnet1RouteTableAssociation067DEF9D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet1RouteTableCB37994B" + }, + "SubnetId": { + "Ref": "IntegInitVpcPrivateSubnet1Subnet259B51C1" + } + } + }, + "IntegInitVpcPrivateSubnet1DefaultRoute654ACECF": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet1RouteTableCB37994B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "IntegInitVpcPublicSubnet1NATGateway46F32F7F" + } + } + }, + "IntegInitVpcPrivateSubnet2Subnet1643B059": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet2" + } + ] + } + }, + "IntegInitVpcPrivateSubnet2RouteTable030EC93B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet2" + } + ] + } + }, + "IntegInitVpcPrivateSubnet2RouteTableAssociation6B52BD72": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet2RouteTable030EC93B" + }, + "SubnetId": { + "Ref": "IntegInitVpcPrivateSubnet2Subnet1643B059" + } + } + }, + "IntegInitVpcPrivateSubnet2DefaultRoute6A10B6EA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet2RouteTable030EC93B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "IntegInitVpcPublicSubnet2NATGateway9CCB4A9C" + } + } + }, + "IntegInitVpcPrivateSubnet3Subnet2FEDC394": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet3" + } + ] + } + }, + "IntegInitVpcPrivateSubnet3RouteTable276D284C": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc/PrivateSubnet3" + } + ] + } + }, + "IntegInitVpcPrivateSubnet3RouteTableAssociation2706BC76": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet3RouteTable276D284C" + }, + "SubnetId": { + "Ref": "IntegInitVpcPrivateSubnet3Subnet2FEDC394" + } + } + }, + "IntegInitVpcPrivateSubnet3DefaultRoute932A56DC": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "IntegInitVpcPrivateSubnet3RouteTable276D284C" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "IntegInitVpcPublicSubnet3NATGatewayA7A986C7" + } + } + }, + "IntegInitVpcIGWF019AC85": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-init/IntegInitVpc" + } + ] + } + }, + "IntegInitVpcVPCGW85EDC292": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + }, + "InternetGatewayId": { + "Ref": "IntegInitVpcIGWF019AC85" + } + } + }, "Instance2InstanceSecurityGroupC6129B1D": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -17,7 +531,9 @@ "Value": "integ-init/Instance2" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "IntegInitVpc0D4FCCB3" + } } }, "Instance2InstanceRole03DD7CB2": { @@ -130,10 +646,10 @@ ] } }, - "Instance255F352654dd5de862574bd14": { + "Instance255F352651ad64873f230a4d2": { "Type": "AWS::EC2::Instance", "Properties": { - "AvailabilityZone": "us-east-1a", + "AvailabilityZone": "test-region-1a", "IamInstanceProfile": { "Ref": "Instance2InstanceProfile582F915C" }, @@ -149,7 +665,9 @@ ] } ], - "SubnetId": "subnet-e19455ca", + "SubnetId": { + "Ref": "IntegInitVpcPublicSubnet1Subnet41A6F6D4" + }, "Tags": [ { "Key": "Name", @@ -161,7 +679,7 @@ "Fn::Join": [ "", [ - "#!/bin/bash\n# fingerprint: 336ad3625c000098\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", + "#!/bin/bash\n# fingerprint: 8ef54c03058b2a11\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", { "Ref": "AWS::Region" }, @@ -169,7 +687,7 @@ { "Ref": "AWS::StackName" }, - " --resource Instance255F352654dd5de862574bd14 -c default\n /opt/aws/bin/cfn-signal -e $? --region ", + " --resource Instance255F352651ad64873f230a4d2 -c default\n /opt/aws/bin/cfn-signal -e $? --region ", { "Ref": "AWS::Region" }, @@ -177,7 +695,7 @@ { "Ref": "AWS::StackName" }, - " --resource Instance255F352654dd5de862574bd14\n cat /var/log/cfn-init.log >&2\n)" + " --resource Instance255F352651ad64873f230a4d2\n cat /var/log/cfn-init.log >&2\n)" ] ] } @@ -230,7 +748,11 @@ "Fn::Join": [ "", [ - "https://s3.test-region.", + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, @@ -276,7 +798,9 @@ "Ref": "AWS::StackId" }, "stackName": "integ-init", - "region": "test-region" + "region": { + "Ref": "AWS::Region" + } }, "mode": "000644", "owner": "root", diff --git a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts index c7c5204fe6e21..2f133693e1165 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts +++ b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.ts @@ -5,14 +5,9 @@ import * as cdk from '@aws-cdk/core'; import * as ec2 from '../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'integ-init', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); +const stack = new cdk.Stack(app, 'integ-init'); -const vpc = ec2.Vpc.fromLookup(stack, 'VPC', { isDefault: true }); +const vpc = new ec2.Vpc(stack, 'IntegInitVpc'); const tmpDir = fs.mkdtempSync('/tmp/cfn-init-test'); fs.writeFileSync(path.resolve(tmpDir, 'testFile'), 'Hello World!\n'); diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.expected.json deleted file mode 100644 index 99a898633a82f..0000000000000 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.expected.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "Resources": { - "MyCnVpcEndpointService7463420F": { - "Type": "AWS::EC2::VPCEndpointService", - "Properties": { - "NetworkLoadBalancerArns": [ - "arn:aws-cn:elasticloadbalancing:cn-north-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a" - ], - "AcceptanceRequired": false - } - } - }, - "Outputs": { - "MyCnVpcEndpointServiceServiceName": { - "Description": "Give this to service consumers so they can connect via VPC Endpoint", - "Value": { - "Fn::Join": [ - ".", - [ - "cn.com.amazonaws.vpce", - { - "Ref": "AWS::Region" - }, - { - "Ref": "MyCnVpcEndpointService7463420F" - } - ] - ] - }, - "Export": { - "Name": "ServiceName" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.ts deleted file mode 100644 index 3b67c986477c7..0000000000000 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service-cn.ts +++ /dev/null @@ -1,46 +0,0 @@ -import * as cdk from '@aws-cdk/core'; -import * as ec2 from '../lib'; - -const app = new cdk.App(); - -/** - * A load balancer that can host a VPC Endpoint Service - */ -class DummyEndpointLoadBalacer implements ec2.IVpcEndpointServiceLoadBalancer { - /** - * The ARN of the load balancer that hosts the VPC Endpoint Service - */ - public readonly loadBalancerArn: string; - constructor(arn: string) { - this.loadBalancerArn = arn; - } -} - -class CnVpcEndpointServiceStack extends cdk.Stack { - constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { - super(scope, id, props); - - const nlb = new DummyEndpointLoadBalacer( - 'arn:aws-cn:elasticloadbalancing:cn-north-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'); - - const service1 = new ec2.VpcEndpointService(this, 'MyCnVpcEndpointService', { - vpcEndpointServiceLoadBalancers: [nlb], - acceptanceRequired: false, - }); - - new cdk.CfnOutput(this, 'MyCnVpcEndpointServiceServiceName', { - exportName: 'ServiceName', - value: service1.vpcEndpointServiceName, - description: 'Give this to service consumers so they can connect via VPC Endpoint', - }); - - } -} - -new CnVpcEndpointServiceStack(app, 'aws-cdk-ec2-cn-vpc-endpoint-service', { - env: { - account: '123456789012', - region: 'cn-north-1', - }, -}); -app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.expected.json deleted file mode 100644 index 48b0f9d07d40e..0000000000000 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.expected.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "Resources": { - "MyVpcEndpointServiceWithNoPrincipals9B24276E": { - "Type": "AWS::EC2::VPCEndpointService", - "Properties": { - "NetworkLoadBalancerArns": [ - "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a" - ], - "AcceptanceRequired": false - } - }, - "MyVpcEndpointServiceWithPrincipals41EE2DF2": { - "Type": "AWS::EC2::VPCEndpointService", - "Properties": { - "NetworkLoadBalancerArns": [ - "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/1jd81k39sa421ffs" - ], - "AcceptanceRequired": false - } - }, - "MyVpcEndpointServiceWithPrincipalsPermissions29F9BD5A": { - "Type": "AWS::EC2::VPCEndpointServicePermissions", - "Properties": { - "ServiceId": { - "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" - }, - "AllowedPrincipals": [ - "arn:aws:iam::123456789012:root" - ] - } - } - }, - "Outputs": { - "MyVpcEndpointServiceWithNoPrincipalsServiceName": { - "Description": "Give this to service consumers so they can connect via VPC Endpoint", - "Value": { - "Fn::Join": [ - ".", - [ - "com.amazonaws.vpce", - { - "Ref": "AWS::Region" - }, - { - "Ref": "MyVpcEndpointServiceWithNoPrincipals9B24276E" - } - ] - ] - }, - "Export": { - "Name": "ServiceName" - } - }, - "MyVpcEndpointServiceWithPrincipalsEndpointServiceId": { - "Description": "Reference this service from other stacks", - "Value": { - "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" - }, - "Export": { - "Name": "EndpointServiceId" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json index 24d55d814adad..9d43a7553f127 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json @@ -10,7 +10,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -35,7 +35,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -49,7 +49,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -87,7 +87,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -107,7 +107,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet1" + "Value": "FlowLogsTestStack/VPC/PublicSubnet1" } ] } @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.32.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -132,7 +132,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -146,7 +146,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -184,7 +184,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -204,7 +204,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet2" + "Value": "FlowLogsTestStack/VPC/PublicSubnet2" } ] } @@ -212,11 +212,11 @@ "VPCPublicSubnet3Subnet631C5E25": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -229,7 +229,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -243,7 +243,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -281,7 +281,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -301,7 +301,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PublicSubnet3" + "Value": "FlowLogsTestStack/VPC/PublicSubnet3" } ] } @@ -309,11 +309,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.96.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -326,7 +326,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet1" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet1" } ] } @@ -340,7 +340,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet1" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet1" } ] } @@ -371,11 +371,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -388,7 +388,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet2" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet2" } ] } @@ -402,7 +402,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet2" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet2" } ] } @@ -433,11 +433,11 @@ "VPCPrivateSubnet3Subnet3EDCD457": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.160.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -450,7 +450,7 @@ }, { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet3" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet3" } ] } @@ -464,7 +464,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC/PrivateSubnet3" + "Value": "FlowLogsTestStack/VPC/PrivateSubnet3" } ] } @@ -498,7 +498,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -520,7 +520,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] }, @@ -545,7 +545,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -576,7 +576,7 @@ "Tags": [ { "Key": "Name", - "Value": "TestStack/VPC" + "Value": "FlowLogsTestStack/VPC" } ] } @@ -668,8 +668,290 @@ }, "Bucket83908E77": { "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" + }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control", + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + }, + "ArnLike": { + "aws:SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": [ + "s3:GetBucketAcl", + "s3:ListBucket" + ], + "Condition": { + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + }, + "ArnLike": { + "aws:SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts index c9b87c51bf7fd..6ce95c09bb662 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.ts @@ -1,4 +1,5 @@ /// !cdk-integ * +import { PolicyStatement, Effect, ServicePrincipal } from '@aws-cdk/aws-iam'; import * as s3 from '@aws-cdk/aws-s3'; import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core'; import { FlowLog, FlowLogDestination, FlowLogResourceType, Vpc } from '../lib'; @@ -21,7 +22,43 @@ class TestStack extends Stack { const bucket = new s3.Bucket(this, 'Bucket', { removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, }); + bucket.addToResourcePolicy(new PolicyStatement({ + effect: Effect.ALLOW, + principals: [new ServicePrincipal('delivery.logs.amazonaws.com')], + actions: ['s3:PutObject'], + resources: [bucket.arnForObjects(`AWSLogs/${this.account}/*`)], + conditions: { + StringEquals: { + 's3:x-amz-acl': 'bucket-owner-full-control', + 'aws:SourceAccount': this.account, + }, + ArnLike: { + 'aws:SourceArn': this.formatArn({ + service: 'logs', + resource: '*', + }), + }, + }, + })); + bucket.addToResourcePolicy(new PolicyStatement({ + effect: Effect.ALLOW, + principals: [new ServicePrincipal('delivery.logs.amazonaws.com')], + actions: ['s3:GetBucketAcl', 's3:ListBucket'], + resources: [bucket.bucketArn], + conditions: { + StringEquals: { + 'aws:SourceAccount': this.account, + }, + ArnLike: { + 'aws:SourceArn': this.formatArn({ + service: 'logs', + resource: '*', + }), + }, + }, + })); vpc.addFlowLog('FlowLogsS3KeyPrefix', { destination: FlowLogDestination.toS3(bucket, 'prefix/'), @@ -29,6 +66,6 @@ class TestStack extends Stack { } } -new TestStack(app, 'TestStack'); +new TestStack(app, 'FlowLogsTestStack'); app.synth(); diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json index e35654d4ac5ac..7895454898cbc 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.expected.json @@ -18,11 +18,11 @@ "MyVpcPublicSubnet1SubnetF6608456": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.0.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.10.0.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -95,15 +95,15 @@ "MyVpcPublicSubnet1NATGatewayAD3400C1": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVpcPublicSubnet1SubnetF6608456" + }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet1EIP096967CB", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVpcPublicSubnet1SubnetF6608456" - }, "Tags": [ { "Key": "Name", @@ -115,11 +115,11 @@ "MyVpcPublicSubnet2Subnet492B6BFB": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.32.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.10.32.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -192,15 +192,15 @@ "MyVpcPublicSubnet2NATGateway91BFBEC9": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" + }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet2EIP8CCBA239", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" - }, "Tags": [ { "Key": "Name", @@ -212,11 +212,11 @@ "MyVpcPublicSubnet3Subnet57EEE236": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.64.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.10.64.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -289,15 +289,15 @@ "MyVpcPublicSubnet3NATGatewayD4B50EBE": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVpcPublicSubnet3Subnet57EEE236" + }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet3EIPC5ACADAB", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVpcPublicSubnet3Subnet57EEE236" - }, "Tags": [ { "Key": "Name", @@ -309,11 +309,11 @@ "MyVpcPrivateSubnet1Subnet5057CF7E": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.96.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.10.96.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -371,11 +371,11 @@ "MyVpcPrivateSubnet2Subnet0040C983": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.128.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.10.128.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -433,11 +433,11 @@ "MyVpcPrivateSubnet3Subnet772D6AD7": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.10.160.0/19", "VpcId": { "Ref": "MyVpcF9F0CA6F" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.10.160.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -592,7 +592,7 @@ }, "VpnTunnelOptionsSpecifications": [ { - "PreSharedKey": "{{resolve:ssm-secure:ssm-pw:1}}" + "PreSharedKey": "ssmpwaaa" } ] } diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts index fb5bb45119b08..a4747938c57e8 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpn-pre-shared-key-token.ts @@ -11,7 +11,7 @@ const vpc = new ec2.Vpc(stack, 'MyVpc', { ip: '52.85.255.164', tunnelOptions: [ { - preSharedKey: cdk.SecretValue.ssmSecure('ssm-pw', '1').toString(), + preSharedKey: cdk.Lazy.string({ produce: () => 'ssmpwaaa' }), }, ], }, diff --git a/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/allow-listed-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom +++ b/packages/@aws-cdk/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile b/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecr-assets/test/dockerignore-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts b/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts index 2ecaddc826780..14ac458d8ce8e 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts +++ b/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts @@ -10,7 +10,7 @@ import { DockerImageAsset, NetworkMode } from '../lib'; /* eslint-disable quote-props */ -const DEMO_IMAGE_ASSET_HASH = '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48'; +const DEMO_IMAGE_ASSET_HASH = '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14'; const flags = { [cxapi.DOCKER_IGNORE_SUPPORT]: true }; @@ -37,11 +37,11 @@ describe('image asset', () => { expect(artifact.assets).toEqual([ { repositoryName: 'aws-cdk/assets', - imageTag: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - id: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + imageTag: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + id: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', packaging: 'container-image', - path: 'asset.8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - sourceHash: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + path: 'asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + sourceHash: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', }, ]); @@ -97,29 +97,24 @@ describe('image asset', () => { expect(artifact.template.Resources).toBeUndefined(); expect(artifact.assets).toEqual([ { - 'buildArgs': { - 'a': 'b', - }, - repositoryName: 'aws-cdk/assets', - imageTag: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - id: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + buildArgs: { 'a': 'b' }, + id: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + imageTag: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', packaging: 'container-image', - path: 'asset.8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', - sourceHash: '8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + path: 'asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', + repositoryName: 'aws-cdk/assets', + sourceHash: '0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', }, { - 'buildArgs': { - 'a': 'b', - }, - 'id': 'd4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', - 'imageTag': 'd4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', - 'packaging': 'container-image', - 'path': 'asset.d4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', - 'repositoryName': 'aws-cdk/assets', - 'sourceHash': 'd4bbfde4749763cef9707486f81ce1e95d25cedaf4cc34cfcdab7232ec1948ff', + buildArgs: { 'a': 'b' }, + id: '7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', + imageTag: '7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', + packaging: 'container-image', + path: 'asset.7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', + repositoryName: 'aws-cdk/assets', + sourceHash: '7f3aa0a36ecd282884e11463b3fde119d25d1ed424f934300f0c7b9cf6f63947', }, ]); - }); testLegacyBehavior('with target', App, (app) => { @@ -362,12 +357,12 @@ describe('image asset', () => { const asset5 = new DockerImageAsset(stack, 'Asset5', { directory, file: 'Dockerfile.Custom', target: 'NonDefaultTarget' }); const asset6 = new DockerImageAsset(stack, 'Asset6', { directory, extraHash: 'random-extra' }); - expect(asset1.assetHash).toEqual('365b5d951fc5f725f78093a07e3e1cc7819b4cbe582ca71a4c344752c23bf409'); - expect(asset2.assetHash).toEqual('9560a36f786f317c5e1abb986b58269b2453ed1cab16c36fd9b76646c837078c'); - expect(asset3.assetHash).toEqual('4f4e16f5b0cfab21be4298a04b20f62f63cd91a649ef4620d6d3c948d29f3cb4'); - expect(asset4.assetHash).toEqual('72b961f96e358b8dad935719cfc2704c3d14a46434871825ac81e3b94caa4853'); - expect(asset5.assetHash).toEqual('c23d34b3a1dac5a80c42e8fa6c88a0ac697eb709a6f36ebdb6e36ee8c75edc75'); - expect(asset6.assetHash).toEqual('7e950a9b08c58d371c1658e04d377c0ec59d89a47fc245a86a50525b36a8949b'); + expect(asset1.assetHash).toEqual('13248c55633f3b198a628bb2ea4663cb5226f8b2801051bd0c725950266fd590'); + expect(asset2.assetHash).toEqual('36bf205fb9adc5e45ba1c8d534158a0aed96d190eff433af1d90f3b94f96e751'); + expect(asset3.assetHash).toEqual('4c85bd70e73117b7129c2defbe6dc40a8a3872329f4ddca18d75afa671b38276'); + expect(asset4.assetHash).toEqual('8a91219a7bb0f58b3282dd84acbf4c03c49c765be54ffb7b125be6a50b6c5645'); + expect(asset5.assetHash).toEqual('c02bfba13b2e7e1ff5c778a76e10296b9e8d17f7f8252d097f4170ae04ce0eb4'); + expect(asset6.assetHash).toEqual('3528d6838647a5e9011b0f35aec514d03ad11af05a94653cdcf4dacdbb070a06'); }); @@ -378,8 +373,8 @@ describe('image asset', () => { const asset1 = new DockerImageAsset(stack, 'Asset1', { directory }); const asset2 = new DockerImageAsset(stack, 'Asset2', { directory, repositoryName: 'foo' }); - expect(asset1.assetHash).toEqual('365b5d951fc5f725f78093a07e3e1cc7819b4cbe582ca71a4c344752c23bf409'); - expect(asset2.assetHash).toEqual('313dd1f45a939b77fa8a4eb7780190aa7a20a40c95f503eca9e099186643d717'); + expect(asset1.assetHash).toEqual('13248c55633f3b198a628bb2ea4663cb5226f8b2801051bd0c725950266fd590'); + expect(asset2.assetHash).toEqual('b78978ca702a8eccd37804ce31d76cd83a695b557dbf95aeb109332ee8b1fd32'); }); }); diff --git a/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json b/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json index 3f6dd7b36d92e..854d6fab2364f 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json +++ b/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json @@ -70,7 +70,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48" + "/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" ] ] } diff --git a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json index 8860ef52935b1..793deb5240d59 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json +++ b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json @@ -17,7 +17,7 @@ }, "/", { - "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3Bucket74894234" + "Ref": "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3BucketAF5C36E5" }, "/", { @@ -27,7 +27,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856" + "Ref": "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3VersionKeyEB2E48FF" } ] } @@ -40,7 +40,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856" + "Ref": "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3VersionKeyEB2E48FF" } ] } @@ -55,17 +55,17 @@ } }, "Parameters": { - "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3Bucket74894234": { + "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3BucketAF5C36E5": { "Type": "String", - "Description": "S3 bucket for asset \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" + "Description": "S3 bucket for asset \"bd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297\"" }, - "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856": { + "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297S3VersionKeyEB2E48FF": { "Type": "String", - "Description": "S3 key for asset version \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" + "Description": "S3 key for asset version \"bd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297\"" }, - "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39ArtifactHash4D458F5E": { + "AssetParametersbd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297ArtifactHashA3886DE7": { "Type": "String", - "Description": "Artifact hash for asset \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" + "Description": "Artifact hash for asset \"bd34d9d2b847afabcea4ef507c1bdaabe8abdbb75c41b3db3609d371f8626297\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts b/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts index 8839b39a09369..947730fa64f1d 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts @@ -410,7 +410,7 @@ export abstract class ApplicationLoadBalancedServiceBase extends Construct { } this.cluster = props.cluster || this.getDefaultCluster(this, props.vpc); - if (props.desiredCount !== undefined && props.desiredCount < 1) { + if (props.desiredCount !== undefined && !cdk.Token.isUnresolved(props.desiredCount) && props.desiredCount < 1) { throw new Error('You must specify a desiredCount greater than 0'); } diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecs-patterns/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json index cfc30e97bc88d..fd16f2b4582a7 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json @@ -503,7 +503,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48" + "/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json index 8a13945ce2864..e3f48c0fe3f34 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json @@ -460,7 +460,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json index 063a1f2530a3a..570d98d1d29fb 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json @@ -769,7 +769,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json index a85b9aee24328..d96917f58f197 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json @@ -609,8 +609,8 @@ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ], - "Interval": 720, - "Retries": 34, + "Interval": 6, + "Retries": 10, "Timeout": 5 }, "Image": { @@ -628,7 +628,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts index 4877a7d211747..bc3c9b621309e 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.ts @@ -16,8 +16,8 @@ new QueueProcessingFargateService(stack, 'PublicQueueService', { assignPublicIp: true, healthCheck: { command: ['CMD-SHELL', 'curl -f http://localhost/ || exit 1'], - interval: Duration.minutes(12), - retries: 34, + interval: Duration.seconds(6), + retries: 10, }, }); diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json index 1eab7f10bddc6..9746768edf9fe 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json @@ -460,7 +460,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:d6b024485c22795b5f5379edcd5cd6485f5bec6eb80bd072b20526f8eb2e0c64" + "/aws-cdk/assets:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json index 5110af7cc54eb..f0540fcb9044b 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json @@ -293,7 +293,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48" + "/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14" ] ] }, diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts index 70763a1bc2277..a00b676894c83 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts @@ -1047,3 +1047,29 @@ test('test Network load balanced service with docker labels defined', () => { ], }); }); + +test('Passing in token for desiredCount will not throw error', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + const param = new cdk.CfnParameter(stack, 'prammm', { + type: 'Number', + default: 1, + }); + + // WHEN + const service = new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'Service', { + cluster, + taskImageOptions: { + image: ecs.ContainerImage.fromRegistry('/aws/aws-example-app'), + dockerLabels: { label1: 'labelValue1', label2: 'labelValue2' }, + }, + desiredCount: param.valueAsNumber, + }); + + // THEN + expect(() => { + service.internalDesiredCount; + }).toBeTruthy; +}); diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile b/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile index e6618640549e2..919fabfc3f637 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile +++ b/packages/@aws-cdk/aws-ecs-patterns/test/sqs-reader/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 RUN pip3 install boto3 diff --git a/packages/@aws-cdk/aws-ecs/lib/external/external-task-definition.ts b/packages/@aws-cdk/aws-ecs/lib/external/external-task-definition.ts index de9fa8b87e9dc..74be4e73ac2d4 100644 --- a/packages/@aws-cdk/aws-ecs/lib/external/external-task-definition.ts +++ b/packages/@aws-cdk/aws-ecs/lib/external/external-task-definition.ts @@ -8,7 +8,6 @@ import { ITaskDefinition, NetworkMode, TaskDefinition, - Volume, } from '../base/task-definition'; /** @@ -75,13 +74,6 @@ export class ExternalTaskDefinition extends TaskDefinition implements IExternalT }); } - /** - * Overridden method to throw error, as volumes are not supported for external task definitions - */ - public addVolume(_volume: Volume) { - throw new Error('External task definitions doesnt support volumes'); - } - /** * Overriden method to throw error as interface accelerators are not supported for external tasks */ diff --git a/packages/@aws-cdk/aws-ecs/lib/fargate/fargate-task-definition.ts b/packages/@aws-cdk/aws-ecs/lib/fargate/fargate-task-definition.ts index a1e957ed7a21c..c4e0831fbb4f7 100644 --- a/packages/@aws-cdk/aws-ecs/lib/fargate/fargate-task-definition.ts +++ b/packages/@aws-cdk/aws-ecs/lib/fargate/fargate-task-definition.ts @@ -1,4 +1,4 @@ -import { Tokenization } from '@aws-cdk/core'; +import { Tokenization, Token } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { ImportedTaskDefinition } from '../base/_imported-task-definition'; import { @@ -140,7 +140,8 @@ export class FargateTaskDefinition extends TaskDefinition implements IFargateTas networkMode: NetworkMode.AWS_VPC, }); - if (props.ephemeralStorageGiB && (props.ephemeralStorageGiB < 21 || props.ephemeralStorageGiB > 200)) { + // eslint-disable-next-line max-len + if (props.ephemeralStorageGiB && !Token.isUnresolved(props.ephemeralStorageGiB) && (props.ephemeralStorageGiB < 21 || props.ephemeralStorageGiB > 200)) { throw new Error('Ephemeral storage size must be between 21GiB and 200GiB'); } diff --git a/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts index 0c9f26ee41b68..1765d9a403466 100644 --- a/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts @@ -2012,7 +2012,7 @@ describe('container definition', () => { { Ref: 'AWS::Region' }, '.', { Ref: 'AWS::URLSuffix' }, - '/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + '/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', ], ], }, @@ -2068,11 +2068,11 @@ describe('container definition', () => { const asm = app.synth(); expect(asm.getStackArtifact(stack.artifactId).assets[0]).toEqual({ repositoryName: 'aws-cdk/assets', - imageTag: '9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', - id: '9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', + imageTag: '8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', + id: '8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', packaging: 'container-image', - path: 'asset.9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', - sourceHash: '9d913132f812bc1ad436aeb5a51f9216c5776b8079318c1883ad2f79f0ef1a4b', + path: 'asset.8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', + sourceHash: '8b0801d3f897d960240bf5bf3d5a3e367e50a17e04101717320bfd52ebc9d64a', target: 'build-target', file: 'index.py', }); @@ -2091,7 +2091,7 @@ describe('container definition', () => { // THEN expect(stack.resolve(container.imageName)).toEqual({ - 'Fn::Sub': '${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:baa2d6eb2a17c75424df631c8c70ff39f2d5f3bee8b9e1a109ee24ca17300540', + 'Fn::Sub': '${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:aba53d5f05c76afcd7e420dc8cd283ddc31657866bb4ba4ce221e13d8128d92c', }); }); }); diff --git a/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile b/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile +++ b/packages/@aws-cdk/aws-ecs/test/demo-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts index 66d491a103f7d..24a06ac3827a2 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts @@ -759,7 +759,7 @@ describe('ec2 task definition', () => { { Ref: 'AWS::URLSuffix', }, - '/aws-cdk/assets:8c1d9ca9f5d37b1c4870c13a9f855301bb42c1848dbcdd5edc8fe2c6c7261d48', + '/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14', ], ], }, diff --git a/packages/@aws-cdk/aws-ecs/test/external/external-task-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/external/external-task-definition.test.ts index ec751a43db843..ad72c33a055a6 100644 --- a/packages/@aws-cdk/aws-ecs/test/external/external-task-definition.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/external/external-task-definition.test.ts @@ -575,17 +575,30 @@ describe('external task definition', () => { Annotations.fromStack(stack).hasWarning('/Default/ExternalTaskDef/web', "Proper policies need to be attached before pulling from ECR repository, or use 'fromEcrRepository'."); }); - test('correctly sets volumes from', () => { + test('correctly sets volumes', () => { + // GIVEN const stack = new cdk.Stack(); const taskDefinition = new ecs.ExternalTaskDefinition(stack, 'ExternalTaskDef', {}); - // THEN - expect(() => taskDefinition.addVolume({ + // WHEN + taskDefinition.addVolume({ host: { sourcePath: '/tmp/cache', }, name: 'scratch', - })).toThrow('External task definitions doesnt support volumes' ); + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { + Volumes: [ + { + Host: { + SourcePath: '/tmp/cache', + }, + Name: 'scratch', + }, + ], + }); }); test('error when interferenceAccelerators set', () => { diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/fargate-task-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/fargate/fargate-task-definition.test.ts index e0b7afca3389f..e2eb71d53ceee 100644 --- a/packages/@aws-cdk/aws-ecs/test/fargate/fargate-task-definition.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/fargate/fargate-task-definition.test.ts @@ -251,6 +251,25 @@ describe('fargate task definition', () => { 'Add the \'taskRole\' in ImportedTaskDefinitionProps to instantiate ImportedTaskDefinition'); }); + test('Passing in token for ephemeral storage will not throw error', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const param = new cdk.CfnParameter(stack, 'prammm', { + type: 'Number', + default: 1, + }); + + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', { + ephemeralStorageGiB: param.valueAsNumber, + }); + + // THEN + expect(() => { + taskDefinition.ephemeralStorageGiB; + }).toBeTruthy; + }); test('runtime testing for windows container', () => { // GIVEN diff --git a/packages/@aws-cdk/aws-eks/README.md b/packages/@aws-cdk/aws-eks/README.md index 001a2cbb3022a..6701246c9b892 100644 --- a/packages/@aws-cdk/aws-eks/README.md +++ b/packages/@aws-cdk/aws-eks/README.md @@ -50,7 +50,7 @@ This example defines an Amazon EKS cluster with the following configuration: ```ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); // apply a kubernetes manifest to the cluster @@ -143,7 +143,7 @@ Creating a new cluster is done using the `Cluster` or `FargateCluster` construct ```ts new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); ``` @@ -151,7 +151,7 @@ You can also use `FargateCluster` to provision a cluster that uses only fargate ```ts new eks.FargateCluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); ``` @@ -175,7 +175,7 @@ At cluster instantiation time, you can customize the number of instances and the ```ts new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); @@ -187,7 +187,7 @@ Additional customizations are available post instantiation. To apply them, set t ```ts const cluster = new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, defaultCapacity: 0, }); @@ -345,7 +345,7 @@ The following code defines an Amazon EKS cluster with a default Fargate Profile ```ts const cluster = new eks.FargateCluster(this, 'MyCluster', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); ``` @@ -422,7 +422,7 @@ You can also configure the cluster to use an auto-scaling group as the default c ```ts const cluster = new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, defaultCapacityType: eks.DefaultCapacityType.EC2, }); ``` @@ -515,7 +515,7 @@ You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/ ```ts const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, endpointAccess: eks.EndpointAccess.PRIVATE, // No access outside of your VPC. }); ``` @@ -537,9 +537,9 @@ To deploy the controller on your EKS cluster, configure the `albController` prop ```ts new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); ``` @@ -577,7 +577,7 @@ You can specify the VPC of the cluster using the `vpc` and `vpcSubnets` properti declare const vpc: ec2.Vpc; new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }], }); @@ -624,7 +624,7 @@ You can configure the environment of the Cluster Handler functions by specifying ```ts declare const proxyInstanceSecurityGroup: ec2.SecurityGroup; const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, clusterHandlerEnvironment: { https_proxy: 'http://proxy.myproxy.com', }, @@ -662,7 +662,7 @@ You can configure the environment of this function by specifying it at cluster i ```ts const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com', }, @@ -706,7 +706,7 @@ const cluster1 = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, vpc, clusterName: 'cluster-name', - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); // or @@ -724,7 +724,7 @@ By default, the kubectl provider is configured with 1024MiB of memory. You can u ```ts new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4), - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); // or @@ -763,7 +763,7 @@ When you create a cluster, you can specify a `mastersRole`. The `Cluster` constr ```ts declare const role: iam.Role; new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, mastersRole: role, }); ``` @@ -791,7 +791,7 @@ You can use the `secretsEncryptionKey` to configure which key the cluster will u const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); ``` @@ -801,7 +801,7 @@ You can also use a similar configuration for running a cluster built using the F const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey, - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, }); ``` @@ -1076,7 +1076,7 @@ when a cluster is defined: ```ts new eks.Cluster(this, 'MyCluster', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, prune: false, }); ``` @@ -1417,7 +1417,7 @@ Kubernetes [endpoint access](#endpoint-access), you must also specify: ## Logging -EKS supports cluster logging for 5 different types of events: +EKS supports cluster logging for 5 different types of events: * API requests to the cluster. * Cluster access via the Kubernetes API. @@ -1431,7 +1431,7 @@ property. For example: ```ts const cluster = new eks.Cluster(this, 'Cluster', { // ... - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, clusterLogging: [ eks.ClusterLoggingTypes.API, eks.ClusterLoggingTypes.AUTHENTICATOR, diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json new file mode 100644 index 0000000000000..a8d47c8ba68c2 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json @@ -0,0 +1,219 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/alb-controller.ts b/packages/@aws-cdk/aws-eks/lib/alb-controller.ts index 8f6ff31ad5b12..5c0aa4b46779d 100644 --- a/packages/@aws-cdk/aws-eks/lib/alb-controller.ts +++ b/packages/@aws-cdk/aws-eks/lib/alb-controller.ts @@ -82,6 +82,11 @@ export class AlbControllerVersion { */ public static readonly V2_3_1 = new AlbControllerVersion('v2.3.1', false); + /** + * v2.4.1 + */ + public static readonly V2_4_1 = new AlbControllerVersion('v2.4.1', false); + /** * Specify a custom version. * Use this if the version you need is not available in one of the predefined versions. @@ -101,7 +106,7 @@ export class AlbControllerVersion { /** * Whether or not its a custom version. */ - public readonly custom: boolean) {} + public readonly custom: boolean) { } } /** diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts index 0ad46af16eaef..0177a7e21b695 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts @@ -265,7 +265,8 @@ export class ClusterResourceHandler extends ResourceHandler { private generateClusterName() { const suffix = this.requestId.replace(/-/g, ''); // 32 chars - const prefix = this.logicalResourceId.substr(0, MAX_CLUSTER_NAME_LEN - suffix.length - 1); + const offset = MAX_CLUSTER_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); return `${prefix}-${suffix}`; } } diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts index a7900ad8caf72..b708690efd6d9 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/fargate.ts @@ -75,7 +75,8 @@ export class FargateProfileResourceHandler extends ResourceHandler { */ private generateProfileName() { const suffix = this.requestId.replace(/-/g, ''); // 32 chars - const prefix = this.logicalResourceId.substr(0, MAX_NAME_LEN - suffix.length - 1); + const offset = MAX_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); return `${prefix}-${suffix}`; } diff --git a/packages/@aws-cdk/aws-eks/lib/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster.ts index e9c93f82712eb..cd4d7ef858e30 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster.ts @@ -792,6 +792,7 @@ export class KubernetesVersion { /** * Kubernetes version 1.18 + * @deprecated Use newer version of EKS */ public static readonly V1_18 = KubernetesVersion.of('1.18'); @@ -810,6 +811,11 @@ export class KubernetesVersion { */ public static readonly V1_21 = KubernetesVersion.of('1.21'); + /** + * Kubernetes version 1.22 + */ + public static readonly V1_22 = KubernetesVersion.of('1.22'); + /** * Custom cluster version * @param version custom version number diff --git a/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts b/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts index 66d2d3f0ff1fd..db5403acc4483 100644 --- a/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts +++ b/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts @@ -36,7 +36,7 @@ test('can configure a custom repository', () => { AlbController.create(stack, { cluster, - version: AlbControllerVersion.V2_3_1, + version: AlbControllerVersion.V2_4_1, repository: 'custom', }); @@ -53,7 +53,7 @@ test('can configure a custom repository', () => { { Ref: 'ClusterDefaultVpcFA9F2722', }, - '","image":{"repository":"custom","tag":"v2.3.1"}}', + '","image":{"repository":"custom","tag":"v2.4.1"}}', ], ], }, diff --git a/packages/@aws-cdk/aws-eks/test/cluster.test.ts b/packages/@aws-cdk/aws-eks/test/cluster.test.ts index c2a02c6f1e945..0660f1d363892 100644 --- a/packages/@aws-cdk/aws-eks/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks/test/cluster.test.ts @@ -17,7 +17,7 @@ import { testFixture, testFixtureNoVpc } from './util'; /* eslint-disable max-len */ -const CLUSTER_VERSION = eks.KubernetesVersion.V1_21; +const CLUSTER_VERSION = eks.KubernetesVersion.V1_22; describe('cluster', () => { @@ -27,7 +27,7 @@ describe('cluster', () => { const cluster = new eks.Cluster(stack, 'Cluster', { version: CLUSTER_VERSION, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); @@ -135,9 +135,9 @@ describe('cluster', () => { test('throws if selecting more than one subnet group', () => { expect(() => new eks.Cluster(stack, 'Cluster', { vpc: vpc, - vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }, { subnetType: ec2.SubnetType.PRIVATE }], + vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }, { subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }], defaultCapacity: 0, - version: eks.KubernetesVersion.V1_21, + version: CLUSTER_VERSION, })).toThrow(/cannot select multiple subnet groups/); @@ -149,7 +149,7 @@ describe('cluster', () => { vpc: vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], defaultCapacity: 0, - version: eks.KubernetesVersion.V1_21, + version: CLUSTER_VERSION, }); // THEN @@ -697,7 +697,7 @@ describe('cluster', () => { Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-Cluster', { Config: { roleArn: { 'Fn::GetAtt': ['ClusterRoleFA261979', 'Arn'] }, - version: '1.21', + version: '1.22', resourcesVpcConfig: { securityGroupIds: [{ 'Fn::GetAtt': ['ClusterControlPlaneSecurityGroupD274242C', 'GroupId'] }], subnetIds: [ @@ -1657,7 +1657,7 @@ describe('cluster', () => { const { app, stack } = testFixtureNoVpc(); // WHEN - new eks.EksOptimizedImage({ kubernetesVersion: '1.21' }).getImage(stack); + new eks.EksOptimizedImage({ kubernetesVersion: '1.22' }).getImage(stack); // THEN const assembly = app.synth(); @@ -1668,7 +1668,7 @@ describe('cluster', () => { )).toEqual(true); expect(Object.entries(parameters).some( ([k, v]) => k.startsWith('SsmParameterValueawsserviceeksoptimizedami') && - (v as any).Default.includes('/1.21/'), + (v as any).Default.includes('/1.22/'), )).toEqual(true); }); @@ -1806,7 +1806,7 @@ describe('cluster', () => { const { app, stack } = testFixtureNoVpc(); // WHEN - new BottleRocketImage({ kubernetesVersion: '1.21' }).getImage(stack); + new BottleRocketImage({ kubernetesVersion: '1.22' }).getImage(stack); // THEN const assembly = app.synth(); @@ -1817,7 +1817,7 @@ describe('cluster', () => { )).toEqual(true); expect(Object.entries(parameters).some( ([k, v]) => k.startsWith('SsmParameterValueawsservicebottlerocketaws') && - (v as any).Default.includes('/aws-k8s-1.21/'), + (v as any).Default.includes('/aws-k8s-1.22/'), )).toEqual(true); }); @@ -1838,7 +1838,7 @@ describe('cluster', () => { Config: { name: 'my-cluster-name', roleArn: { 'Fn::GetAtt': ['MyClusterRoleBA20FE72', 'Arn'] }, - version: '1.21', + version: '1.22', resourcesVpcConfig: { securityGroupIds: [ { 'Fn::GetAtt': ['MyClusterControlPlaneSecurityGroup6B658F79', 'GroupId'] }, @@ -2789,7 +2789,7 @@ describe('cluster', () => { natGateways: 1, subnetConfiguration: [ { - subnetType: ec2.SubnetType.PRIVATE, + subnetType: ec2.SubnetType.PRIVATE_WITH_NAT, name: 'Private1', }, { @@ -2848,7 +2848,7 @@ describe('cluster', () => { for (let i = 0; i < 20; i++) { subnetConfiguration.push({ - subnetType: ec2.SubnetType.PRIVATE, + subnetType: ec2.SubnetType.PRIVATE_WITH_NAT, name: `Private${i}`, }, ); @@ -2897,7 +2897,7 @@ describe('cluster', () => { for (let i = 0; i < 20; i++) { subnetConfiguration.push({ - subnetType: ec2.SubnetType.PRIVATE, + subnetType: ec2.SubnetType.PRIVATE_WITH_NAT, name: `Private${i}`, }, ); diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json index b8bc3541bb0cd..0cad0a02b111b 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json @@ -1615,7 +1615,7 @@ { "Ref": "Vpc8378EB38" }, - "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.3.1\"}}" + "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.4.1\"}}" ] ] }, diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts index 2fdd7ef81899b..c0f52416279b1 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts @@ -19,7 +19,7 @@ class EksClusterAlbControllerStack extends TestStack { vpc, version: eks.KubernetesVersion.V1_21, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 519b5c7ee8f03..f37e19cf79907 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -872,7 +872,7 @@ ] }, "Config": { - "version": "1.21", + "version": "1.22", "roleArn": { "Fn::GetAtt": [ "ClusterRoleFA261979", @@ -1593,7 +1593,7 @@ "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + "Ref": "SsmParameterValueawsserviceeksoptimizedami122amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" }, "InstanceType": "t2.medium", "IamInstanceProfile": { @@ -1918,7 +1918,7 @@ "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2arm64recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + "Ref": "SsmParameterValueawsserviceeksoptimizedami122amazonlinux2arm64recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" }, "InstanceType": "m6g.medium", "IamInstanceProfile": { @@ -2243,7 +2243,7 @@ "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "ImageId": { - "Ref": "SsmParameterValueawsservicebottlerocketawsk8s121x8664latestimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + "Ref": "SsmParameterValueawsservicebottlerocketawsk8s122x8664latestimageidC96584B6F00A464EAD1953AFF4B05118Parameter" }, "InstanceType": "t3.small", "IamInstanceProfile": { @@ -2568,7 +2568,7 @@ "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + "Ref": "SsmParameterValueawsserviceeksoptimizedami122amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" }, "InstanceType": "t3.large", "IamInstanceProfile": { @@ -3594,7 +3594,7 @@ "Properties": { "LaunchTemplateData": { "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + "Ref": "SsmParameterValueawsserviceeksoptimizedami122amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" }, "InstanceType": "t3.small", "UserData": { @@ -4039,17 +4039,17 @@ "Type": "String", "Description": "Artifact hash for asset \"fedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09\"" }, - "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { + "SsmParameterValueawsserviceeksoptimizedami122amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/eks/optimized-ami/1.21/amazon-linux-2/recommended/image_id" + "Default": "/aws/service/eks/optimized-ami/1.22/amazon-linux-2/recommended/image_id" }, - "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2arm64recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { + "SsmParameterValueawsserviceeksoptimizedami122amazonlinux2arm64recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/eks/optimized-ami/1.21/amazon-linux-2-arm64/recommended/image_id" + "Default": "/aws/service/eks/optimized-ami/1.22/amazon-linux-2-arm64/recommended/image_id" }, - "SsmParameterValueawsservicebottlerocketawsk8s121x8664latestimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { + "SsmParameterValueawsservicebottlerocketawsk8s122x8664latestimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/bottlerocket/aws-k8s-1.21/x86_64/latest/image_id" + "Default": "/aws/service/bottlerocket/aws-k8s-1.22/x86_64/latest/image_id" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts index 1ae9a97e5bb37..26171b8984449 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts @@ -36,7 +36,7 @@ class EksClusterStack extends TestStack { vpc: this.vpc, mastersRole, defaultCapacity: 2, - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_22, secretsEncryptionKey, tags: { foo: 'bar', @@ -206,7 +206,7 @@ class EksClusterStack extends TestStack { const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: new eks.EksOptimizedImage({ - kubernetesVersion: eks.KubernetesVersion.V1_21.version, + kubernetesVersion: eks.KubernetesVersion.V1_22.version, }).getImage(this).imageId, instanceType: new ec2.InstanceType('t3.small').toString(), userData: Fn.base64(userData.render()), diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json index ea0f68dd56ea8..7576e0c311ff5 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json @@ -1980,7 +1980,7 @@ { "Ref": "Vpc8378EB38" }, - "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.3.1\"}}" + "\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.4.1\"}}" ] ] }, diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts index 13057cdaadbfa..0ea30b491a9f8 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts @@ -16,7 +16,7 @@ class EksClusterInferenceStack extends TestStack { vpc, version: eks.KubernetesVersion.V1_21, albController: { - version: eks.AlbControllerVersion.V2_3_1, + version: eks.AlbControllerVersion.V2_4_1, }, }); diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json index 52646f224e4e3..1f74b62794c2c 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.expected.json @@ -18,11 +18,11 @@ "VpcPublicSubnet1Subnet5C2D37C4": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VpcPublicSubnet2Subnet691E08A3": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -180,11 +180,11 @@ "VpcPrivateSubnet1Subnet536B997A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -242,11 +242,11 @@ "VpcPrivateSubnet2Subnet3788AAA1": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "Vpc8378EB38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -631,7 +631,11 @@ "VpcId": { "Ref": "Vpc8378EB38" } - } + }, + "DependsOn": [ + "ServiceLBPublicListenerECSGroup0CC8688C", + "ServiceLBPublicListener46709EAA" + ] } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts index 80a5e6880ffab..431258346c10b 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/test/integ.alb-target.ts @@ -32,13 +32,14 @@ class TestStack extends Stack { port: 80, }); - listener.addTargets('Targets', { + const target = listener.addTargets('Targets', { targets: [new targets.AlbTarget(svc.loadBalancer, 80)], port: 80, healthCheck: { protocol: elbv2.Protocol.HTTP, }, }); + target.node.addDependency(svc.listener); new CfnOutput(this, 'NlbEndpoint', { value: `http://${nlb.loadBalancerDnsName}` }); } diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json index 780859bd7f314..7e04edcb3bfbf 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "Ipv6CidrBlock": { "Fn::Select": [ 0, @@ -152,11 +152,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "Ipv6CidrBlock": { "Fn::Select": [ 1, @@ -286,11 +286,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -348,11 +348,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -537,14 +537,30 @@ ], "Targets": [ { - "Id": "10.0.128.4" + "Id": "10.0.128.6" } ], "TargetType": "ip", "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1IPv6DefaultFD18367E", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2IPv6DefaultDD0476C2", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetGroupA75CCCD9": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", @@ -566,7 +582,23 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1IPv6DefaultFD18367E", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2IPv6DefaultDD0476C2", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetRule91FA260F": { "Type": "AWS::ElasticLoadBalancingV2::ListenerRule", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts index fa45ed6a3ca25..f19c0d7cbaa70 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts @@ -43,6 +43,29 @@ const internetGateway = valueOrDie( new Error('Couldnt find an internet gateway'), ); + +const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { + vpc, + ipAddressType: elbv2.IpAddressType.DUAL_STACK, + internetFacing: true, +}); + +const listener = lb.addListener('Listener', { + port: 80, +}); + +const group1 = listener.addTargets('Target', { + port: 80, + targets: [new elbv2.IpTarget('10.0.128.6')], +}); + +const group2 = listener.addTargets('ConditionalTarget', { + priority: 10, + hostHeader: 'example.com', + port: 80, + targets: [new elbv2.IpTarget('10.0.128.5')], +}); + vpc.publicSubnets.forEach((subnet, idx) => { // Add a default ipv6 route to the subnet's route table. const unboxedSubnet = subnet as ec2.Subnet; @@ -72,28 +95,9 @@ vpc.publicSubnets.forEach((subnet, idx) => { // The subnet depends on the ipv6 cidr being allocated. cfnSubnet.addDependsOn(ipv6Block); -}); -const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { - vpc, - ipAddressType: elbv2.IpAddressType.DUAL_STACK, - internetFacing: true, -}); - -const listener = lb.addListener('Listener', { - port: 80, -}); - -const group1 = listener.addTargets('Target', { - port: 80, - targets: [new elbv2.IpTarget('10.0.128.4')], -}); - -const group2 = listener.addTargets('ConditionalTarget', { - priority: 10, - hostHeader: 'example.com', - port: 80, - targets: [new elbv2.IpTarget('10.0.128.5')], + group1.node.addDependency(subnet); + group2.node.addDependency(subnet); }); listener.addAction('action1', { diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json index 56acbde9bb1f1..92cf1bc173cd3 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -212,11 +212,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -274,11 +274,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -454,14 +454,28 @@ ], "Targets": [ { - "Id": "10.0.128.4" + "Id": "10.0.128.6" } ], "TargetType": "ip", "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetGroupA75CCCD9": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", @@ -499,7 +513,21 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetRule91FA260F": { "Type": "AWS::ElasticLoadBalancingV2::ListenerRule", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts index 8643f7b4c1f69..ea17101adc678 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb.ts @@ -21,7 +21,7 @@ const listener = lb.addListener('Listener', { const group1 = listener.addTargets('Target', { port: 80, - targets: [new elbv2.IpTarget('10.0.128.4')], + targets: [new elbv2.IpTarget('10.0.128.6')], stickinessCookieDuration: cdk.Duration.minutes(5), }); @@ -35,6 +35,7 @@ const group2 = listener.addTargets('ConditionalTarget', { slowStart: cdk.Duration.minutes(1), }); + group1.metricTargetResponseTime().createAlarm(stack, 'ResponseTimeHigh1', { threshold: 5, evaluationPeriods: 2, @@ -45,4 +46,9 @@ group2.metricTargetResponseTime().createAlarm(stack, 'ResponseTimeHigh2', { evaluationPeriods: 2, }); +vpc.publicSubnets.forEach(subnet => { + group2.node.addDependency(subnet); + group1.node.addDependency(subnet); +}); + app.synth(); diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json index 9aa4015d15f18..7a66a180ad66b 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.expected.json @@ -18,11 +18,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -274,11 +274,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -453,7 +453,21 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetGroupA75CCCD9": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", @@ -475,7 +489,21 @@ "VpcId": { "Ref": "VPCB9E5F0B4" } - } + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1EIP6AD938E8", + "VPCPublicSubnet1NATGatewayE0556630", + "VPCPublicSubnet1RouteTableFEE4B781", + "VPCPublicSubnet1RouteTableAssociation0B0896DC", + "VPCPublicSubnet1SubnetB4246D30", + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2EIP4947BC00", + "VPCPublicSubnet2NATGateway3C070193", + "VPCPublicSubnet2RouteTable6F1A15F1", + "VPCPublicSubnet2RouteTableAssociation5A808732", + "VPCPublicSubnet2Subnet74179F39" + ] }, "LBListenerConditionalTargetRule91FA260F": { "Type": "AWS::ElasticLoadBalancingV2::ListenerRule", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts index 6f00b7b7b87c9..af5e95258f8d1 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.alb2.ts @@ -49,4 +49,9 @@ group2.metricTargetResponseTime().createAlarm(stack, 'ResponseTimeHigh2', { evaluationPeriods: 2, }); +vpc.publicSubnets.forEach(subnet => { + group2.node.addDependency(subnet); + group1.node.addDependency(subnet); +}); + app.synth(); diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.expected.json new file mode 100644 index 0000000000000..18a3482e70715 --- /dev/null +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.expected.json @@ -0,0 +1,630 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet3Subnet631C5E25": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPublicSubnet3RouteTable98AE0E14": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPublicSubnet3RouteTableAssociation427FE0C6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet3RouteTable98AE0E14" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + } + } + }, + "VPCPublicSubnet3DefaultRouteA0D29D46": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet3RouteTable98AE0E14" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet3EIPAD4BC883": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPublicSubnet3NATGatewayD3048F5C": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet3EIPAD4BC883", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PublicSubnet3" + } + ] + } + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + } + } + }, + "VPCPrivateSubnet3Subnet3EDCD457": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet3" + } + ] + } + }, + "VPCPrivateSubnet3RouteTable192186F8": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC/PrivateSubnet3" + } + ] + } + }, + "VPCPrivateSubnet3RouteTableAssociationC28D144E": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet3RouteTable192186F8" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet3Subnet3EDCD457" + } + } + }, + "VPCPrivateSubnet3DefaultRoute27F311AE": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet3RouteTable192186F8" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet3NATGatewayD3048F5C" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-vpc-endpoint-service/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "NLBNoPrincipals25B7CFB1": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internal", + "Subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + }, + { + "Ref": "VPCPrivateSubnet3Subnet3EDCD457" + } + ], + "Type": "network" + } + }, + "MyVpcEndpointServiceWithNoPrincipals9B24276E": { + "Type": "AWS::EC2::VPCEndpointService", + "Properties": { + "AcceptanceRequired": false, + "NetworkLoadBalancerArns": [ + { + "Ref": "NLBNoPrincipals25B7CFB1" + } + ] + } + }, + "NLBWithPrincipals912E28FF": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internal", + "Subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + }, + { + "Ref": "VPCPrivateSubnet3Subnet3EDCD457" + } + ], + "Type": "network" + } + }, + "MyVpcEndpointServiceWithPrincipals41EE2DF2": { + "Type": "AWS::EC2::VPCEndpointService", + "Properties": { + "AcceptanceRequired": false, + "NetworkLoadBalancerArns": [ + { + "Ref": "NLBWithPrincipals912E28FF" + } + ] + } + }, + "MyVpcEndpointServiceWithPrincipalsPermissions29F9BD5A": { + "Type": "AWS::EC2::VPCEndpointServicePermissions", + "Properties": { + "ServiceId": { + "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" + }, + "AllowedPrincipals": [ + "arn:aws:iam::123456789012:root" + ] + } + } + }, + "Outputs": { + "MyVpcEndpointServiceWithNoPrincipalsServiceName": { + "Description": "Give this to service consumers so they can connect via VPC Endpoint", + "Value": { + "Fn::Join": [ + ".", + [ + "com.amazonaws.vpce", + { + "Ref": "AWS::Region" + }, + { + "Ref": "MyVpcEndpointServiceWithNoPrincipals9B24276E" + } + ] + ] + }, + "Export": { + "Name": "ServiceName" + } + }, + "MyVpcEndpointServiceWithPrincipalsEndpointServiceId": { + "Description": "Reference this service from other stacks", + "Value": { + "Ref": "MyVpcEndpointServiceWithPrincipals41EE2DF2" + }, + "Export": { + "Name": "EndpointServiceId" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.ts similarity index 66% rename from packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.ts rename to packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.ts index 01d22ea92c444..92a39f118637c 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint-service.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/integ.vpc-endpoint-service.ts @@ -1,28 +1,18 @@ +import * as ec2 from '@aws-cdk/aws-ec2'; import { ArnPrincipal } from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; -import * as ec2 from '../lib'; +import * as elbv2 from '../lib'; const app = new cdk.App(); -/** - * A load balancer that can host a VPC Endpoint Service - */ -class DummyEndpointLoadBalacer implements ec2.IVpcEndpointServiceLoadBalancer { - /** - * The ARN of the load balancer that hosts the VPC Endpoint Service - */ - public readonly loadBalancerArn: string; - constructor(arn: string) { - this.loadBalancerArn = arn; - } -} - class VpcEndpointServiceStack extends cdk.Stack { constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { super(scope, id, props); - const nlbNoPrincipals = new DummyEndpointLoadBalacer( - 'arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'); + const vpc = new ec2.Vpc(this, 'VPC'); + const nlbNoPrincipals = new elbv2.NetworkLoadBalancer(this, 'NLBNoPrincipals', { + vpc, + }); const service1 = new ec2.VpcEndpointService(this, 'MyVpcEndpointServiceWithNoPrincipals', { vpcEndpointServiceLoadBalancers: [nlbNoPrincipals], @@ -30,8 +20,9 @@ class VpcEndpointServiceStack extends cdk.Stack { allowedPrincipals: [], }); - const nlbWithPrincipals = new DummyEndpointLoadBalacer( - 'arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/1jd81k39sa421ffs'); + const nlbWithPrincipals = new elbv2.NetworkLoadBalancer(this, 'NLBWithPrincipals', { + vpc, + }); const principalArn = new ArnPrincipal('arn:aws:iam::123456789012:root'); const service2 = new ec2.VpcEndpointService(this, 'MyVpcEndpointServiceWithPrincipals', { diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile b/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/eventhandler-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json index 444eaab9f6152..a1423b9e05d3a 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json @@ -698,7 +698,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json index 9cd668c41aa03..bcfc4ef7fb064 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json @@ -237,7 +237,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, diff --git a/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json b/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json index 32474ae439abf..e55c53c5d4048 100644 --- a/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyFuncServiceRole54065130" diff --git a/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.ts b/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.ts index 3991d56d9ef56..4741d35310dab 100644 --- a/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.ts +++ b/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.ts @@ -9,7 +9,7 @@ const app = new cdk.App(); const stack = new cdk.Stack(app, 'lambda-events'); const fn = new lambda.Function(stack, 'MyFunc', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), }); diff --git a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts index 5e3b7eaabfbc7..80ff191613e0e 100644 --- a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts +++ b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts @@ -70,6 +70,9 @@ export class PolicyStatement { private readonly condition: { [key: string]: any } = { }; private principalConditionsJson?: string; + // Hold on to those principals + private readonly _principals = new Array(); + constructor(props: PolicyStatementProps = {}) { // Validate actions for (const action of [...props.actions || [], ...props.notActions || []]) { @@ -145,6 +148,7 @@ export class PolicyStatement { * @param principals IAM principals that will be added */ public addPrincipals(...principals: IPrincipal[]) { + this._principals.push(...principals); if (Object.keys(principals).length > 0 && Object.keys(this.notPrincipal).length > 0) { throw new Error('Cannot add \'Principals\' to policy statement if \'NotPrincipals\' have been added'); } @@ -156,6 +160,15 @@ export class PolicyStatement { } } + /** + * Expose principals to allow their ARNs to be replaced by account ID strings + * in policy statements for resources policies that don't allow full account ARNs, + * such as AWS::Logs::ResourcePolicy. + */ + public get principals(): IPrincipal[] { + return [...this._principals]; + } + /** * Specify principals that is not allowed or denied access to the "NotPrincipal" section of * a policy statement. @@ -319,6 +332,25 @@ export class PolicyStatement { this.addCondition('StringEquals', { 'sts:ExternalId': accountId }); } + /** + * Create a new `PolicyStatement` with the same exact properties + * as this one, except for the overrides + */ + public copy(overrides: PolicyStatementProps = {}) { + return new PolicyStatement({ + sid: overrides.sid ?? this.sid, + effect: overrides.effect ?? this.effect, + actions: overrides.actions ?? this.action, + notActions: overrides.notActions ?? this.notAction, + + principals: overrides.principals, + notPrincipals: overrides.notPrincipals, + + resources: overrides.resources ?? this.resource, + notResources: overrides.notResources ?? this.notResource, + }); + } + /** * JSON-ify the policy statement * diff --git a/packages/@aws-cdk/aws-iam/lib/principals.ts b/packages/@aws-cdk/aws-iam/lib/principals.ts index 0c1e00bc287d0..6104a950584e3 100644 --- a/packages/@aws-cdk/aws-iam/lib/principals.ts +++ b/packages/@aws-cdk/aws-iam/lib/principals.ts @@ -768,14 +768,8 @@ class ServicePrincipalToken implements cdk.IResolvable { public resolve(ctx: cdk.IResolveContext) { if (this.opts.region) { // Special case, handle it separately to not break legacy behavior. - return ( - RegionInfo.get(this.opts.region).servicePrincipal(this.service) ?? - Default.servicePrincipal( - this.service, - this.opts.region, - cdk.Aws.URL_SUFFIX, - ) - ); + return RegionInfo.get(this.opts.region).servicePrincipal(this.service) ?? + Default.servicePrincipal(this.service, this.opts.region, cdk.Aws.URL_SUFFIX); } const stack = cdk.Stack.of(ctx.scope); diff --git a/packages/@aws-cdk/aws-iam/lib/private/merge-statements.ts b/packages/@aws-cdk/aws-iam/lib/private/merge-statements.ts index f7ef33b1ea026..c79ecd6a8a814 100644 --- a/packages/@aws-cdk/aws-iam/lib/private/merge-statements.ts +++ b/packages/@aws-cdk/aws-iam/lib/private/merge-statements.ts @@ -18,26 +18,33 @@ import { StatementSchema, normalizeStatement, IamValue } from './postprocess-pol export function mergeStatements(statements: StatementSchema[]): StatementSchema[] { const compStatements = statements.map(makeComparable); - let i = 0; - while (i < compStatements.length) { - let didMerge = false; - - for (let j = i + 1; j < compStatements.length; j++) { - const merged = tryMerge(compStatements[i], compStatements[j]); - if (merged) { - compStatements[i] = merged; - compStatements.splice(j, 1); - didMerge = true; - break; + // Keep trying until nothing changes anymore + while (onePass()) { /* again */ } + return compStatements.map(renderComparable); + + // Do one optimization pass, return 'true' if we merged anything + function onePass() { + let ret = false; + let i = 0; + while (i < compStatements.length) { + let didMerge = false; + + for (let j = i + 1; j < compStatements.length; j++) { + const merged = tryMerge(compStatements[i], compStatements[j]); + if (merged) { + compStatements[i] = merged; + compStatements.splice(j, 1); + ret = didMerge = true; + break; + } } - } - if (!didMerge) { - i++; + if (!didMerge) { + i++; + } } + return ret; } - - return compStatements.map(renderComparable); } /** diff --git a/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts b/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts index f3114955ecd61..061db0e134d02 100644 --- a/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts +++ b/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts @@ -441,6 +441,36 @@ test('fail merging typed and untyped principals', () => { ]); }); +test('keep merging even if it requires multiple passes', () => { + // [A, R1], [B, R1], [A, R2], [B, R2] + // -> [{A, B}, R1], [{A, B], R2] + // -> [{A, B}, {R1, R2}] + assertMerged([ + new iam.PolicyStatement({ + actions: ['service:A'], + resources: ['R1'], + }), + new iam.PolicyStatement({ + actions: ['service:B'], + resources: ['R1'], + }), + new iam.PolicyStatement({ + actions: ['service:A'], + resources: ['R2'], + }), + new iam.PolicyStatement({ + actions: ['service:B'], + resources: ['R2'], + }), + ], [ + { + Effect: 'Allow', + Action: ['service:A', 'service:B'], + Resource: ['R1', 'R2'], + }, + ]); +}); + function assertNoMerge(statements: iam.PolicyStatement[]) { const app = new App(); const stack = new Stack(app, 'Stack'); diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json index 16ab72abe7bb8..f750a8343398a 100644 --- a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json +++ b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json @@ -89,7 +89,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "SnsSqsServiceRoleDefaultPolicy82E7B09F", @@ -174,7 +174,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "OnSuccesServiceRole75E399CF" @@ -290,7 +290,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "EventBusLambdaServiceRoleDefaultPolicy5BB7FEB6", diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.ts b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.ts index d67957f7d28c9..e505b441c52c1 100644 --- a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.ts +++ b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.ts @@ -19,7 +19,7 @@ class TestStack extends Stack { const queue = new sqs.Queue(this, 'Queue'); const fn = new lambda.Function(this, 'SnsSqs', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = async (event) => { if (event === 'OK') return 'success'; @@ -32,7 +32,7 @@ class TestStack extends Stack { }); const onSuccessLambda = new lambda.Function(this, 'OnSucces', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = async (event) => { console.log(event); @@ -40,7 +40,7 @@ class TestStack extends Stack { }); new lambda.Function(this, 'EventBusLambda', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = async (event) => { if (event === 'OK') return 'success'; diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json b/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json index 5fc2d65b80387..756fe8577a9f1 100644 --- a/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json +++ b/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json @@ -84,7 +84,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FirstServiceRoleDefaultPolicyB5EF41C4", @@ -353,7 +353,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "SecondServiceRoleDefaultPolicyB593E14A", @@ -498,7 +498,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "ThirdServiceRole42701801" @@ -548,7 +548,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "ErrorServiceRoleCE484966" diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.ts b/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.ts index 546e238ed86f2..61eb686491112 100644 --- a/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.ts +++ b/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.ts @@ -20,7 +20,7 @@ class TestStack extends Stack { super(scope, id, props); const lambdaProps: lambda.FunctionProps = { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = async (event) => { console.log('Event: %j', event); diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json index 0f3557acedc33..2e84eb9884d4c 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.dynamodb.expected.json @@ -79,7 +79,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRoleDefaultPolicy17A19BFA", @@ -99,8 +99,8 @@ "StreamArn" ] }, - "TumblingWindowInSeconds": 60, - "StartingPosition": "TRIM_HORIZON" + "StartingPosition": "TRIM_HORIZON", + "TumblingWindowInSeconds": 60 } }, "TD925BC7E": { diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json index 5f104978fe1a5..06b0531faf617 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json @@ -78,7 +78,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRoleDefaultPolicy17A19BFA", diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json index 88559f3ad9675..79d75d7e46b3a 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json @@ -92,7 +92,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRoleDefaultPolicy17A19BFA", diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.ts index 73ed35b217b81..b909d213f0b8b 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.ts @@ -22,7 +22,7 @@ class KinesisWithDLQTest extends Stack { super(scope, id); const fn = new lambda.Function(this, 'F', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), }); diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json index ff71167d19f9e..5732fcfcbaf98 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json @@ -44,12 +44,95 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRole3AC82EE1" ] }, + "B08E7C7AF": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BPolicy3F02723E": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "B08E7C7AF" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "B08E7C7AF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "B08E7C7AF", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BAutoDeleteObjectsCustomResource6224D839": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "B08E7C7AF" + } + }, + "DependsOn": [ + "BPolicy3F02723E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "BNotificationsEB8DA980": { "Type": "Custom::S3BucketNotifications", "Properties": { @@ -93,11 +176,6 @@ "BAllowBucketNotificationsTolambdaeventsources3F741608059EF9F709" ] }, - "B08E7C7AF": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "BAllowBucketNotificationsTolambdaeventsources3F741608059EF9F709": { "Type": "AWS::Lambda::Permission", "Properties": { @@ -120,6 +198,96 @@ } } }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "B08E7C7AF" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": { "Type": "AWS::IAM::Role", "Properties": { @@ -177,7 +345,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -194,5 +362,19 @@ "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" ] } + }, + "Parameters": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { + "Type": "String", + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { + "Type": "String", + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + }, + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { + "Type": "String", + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" + } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts index 549ad9963d8cc..1e1d7f30bec7e 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.ts @@ -10,6 +10,7 @@ class S3EventSourceTest extends cdk.Stack { const fn = new TestFunction(this, 'F'); const bucket = new s3.Bucket(this, 'B', { removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, }); fn.addEventSource(new S3EventSource(bucket, { diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json index 9a9c44e67d95f..9d9c012de88e1 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sns.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRole3AC82EE1" diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json index 7ae40ae9f962c..8b5379b239c98 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json @@ -76,7 +76,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FServiceRoleDefaultPolicy17A19BFA", diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts index f5ef254ed6eb2..594ac9b8a76c4 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/test-function.ts @@ -6,7 +6,7 @@ export class TestFunction extends lambda.Function { super(scope, id, { handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); } } diff --git a/packages/@aws-cdk/aws-lambda/README.md b/packages/@aws-cdk/aws-lambda/README.md index 9c9182b174550..e5cc514c9d365 100644 --- a/packages/@aws-cdk/aws-lambda/README.md +++ b/packages/@aws-cdk/aws-lambda/README.md @@ -710,6 +710,24 @@ const fn = new lambda.Function(this, 'MyLambda', { }); ``` +## Ephemeral Storage + +You can configure ephemeral storage on a function to control the amount of storage it gets for reading +or writing data, allowing you to use AWS Lambda for ETL jobs, ML inference, or other data-intensive workloads. +The ephemeral storage will be accessible in the functions' `/tmp` directory. + +```ts +import { Size } from '@aws-cdk/core'; + +const fn = new lambda.Function(this, 'MyFunction', { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')), + ephemeralStorageSize: Size.mebibytes(1024), +}); +``` + +Read more about using this feature in [this AWS blog post](https://aws.amazon.com/blogs/aws/aws-lambda-now-supports-up-to-10-gb-ephemeral-storage/). ## Singleton Function diff --git a/packages/@aws-cdk/aws-lambda/lib/function.ts b/packages/@aws-cdk/aws-lambda/lib/function.ts index 6bc89845edf3b..904fe515e5a7c 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function.ts @@ -6,7 +6,7 @@ import * as kms from '@aws-cdk/aws-kms'; import * as logs from '@aws-cdk/aws-logs'; import * as sns from '@aws-cdk/aws-sns'; import * as sqs from '@aws-cdk/aws-sqs'; -import { Annotations, ArnFormat, CfnResource, Duration, Fn, Lazy, Names, Stack, Token } from '@aws-cdk/core'; +import { Annotations, ArnFormat, CfnResource, Duration, Fn, Lazy, Names, Size, Stack, Token } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { Architecture } from './architecture'; import { Code, CodeConfig } from './code'; @@ -95,6 +95,13 @@ export interface FunctionOptions extends EventInvokeConfigOptions { */ readonly memorySize?: number; + /** + * The size of the function’s /tmp directory in MB. + * + * @default 512 MiB + */ + readonly ephemeralStorageSize?: Size; + /** * Initial policy statements to add to the created Lambda Role. * @@ -747,6 +754,11 @@ export class Function extends FunctionBase { } this._architecture = props.architecture ?? (props.architectures && props.architectures[0]); + if (props.ephemeralStorageSize && !props.ephemeralStorageSize.isUnresolved() + && (props.ephemeralStorageSize.toMebibytes() < 512 || props.ephemeralStorageSize.toMebibytes() > 10240)) { + throw new Error(`Ephemeral storage size must be between 512 and 10240 MB, received ${props.ephemeralStorageSize}.`); + } + const resource: CfnFunction = new CfnFunction(this, 'Resource', { functionName: this.physicalName, description: props.description, @@ -767,6 +779,9 @@ export class Function extends FunctionBase { // Token, actually *modifies* the 'environment' map. environment: Lazy.uncachedAny({ produce: () => this.renderEnvironment() }), memorySize: props.memorySize, + ephemeralStorage: props.ephemeralStorageSize ? { + size: props.ephemeralStorageSize.toMebibytes(), + } : undefined, vpcConfig: this.configureVpc(props), deadLetterConfig: this.buildDeadLetterConfig(dlqTopicOrQueue), tracingConfig: this.buildTracingConfig(props), diff --git a/packages/@aws-cdk/aws-lambda/test/code.test.ts b/packages/@aws-cdk/aws-lambda/test/code.test.ts index d0bd913d75ad5..1b1bbf4530139 100644 --- a/packages/@aws-cdk/aws-lambda/test/code.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/code.test.ts @@ -304,7 +304,7 @@ describe('code', () => { { Ref: 'AWS::Region' }, '.', { Ref: 'AWS::URLSuffix' }, - '/aws-cdk/assets:f0fe8a410cb4b860a25f6f3e09237abf69cd38ab59f9ef2441597c75f598c634', + '/aws-cdk/assets:768d7b6c1d41b85135f498fe0cca69fea410be3c3322c69cf08690aaad29a610', ]], }, }, @@ -360,7 +360,7 @@ describe('code', () => { // then Template.fromStack(stack).hasResource('AWS::Lambda::Function', { Metadata: { - [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.7e6b1766b8ee0794b08669dc7eecd82d06dc7138c99bffded86c5693e335ac37', + [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.30b57ded32316be9aa6553a1d81689f1e0cb475a94306c557e05048f9f56bd79', [cxapi.ASSET_RESOURCE_METADATA_DOCKERFILE_PATH_KEY]: dockerfilePath, [cxapi.ASSET_RESOURCE_METADATA_DOCKER_BUILD_ARGS_KEY]: dockerBuildArgs, [cxapi.ASSET_RESOURCE_METADATA_DOCKER_BUILD_TARGET_KEY]: dockerBuildTarget, @@ -384,7 +384,7 @@ describe('code', () => { // then Template.fromStack(stack).hasResource('AWS::Lambda::Function', { Metadata: { - [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.f0fe8a410cb4b860a25f6f3e09237abf69cd38ab59f9ef2441597c75f598c634', + [cxapi.ASSET_RESOURCE_METADATA_PATH_KEY]: 'asset.768d7b6c1d41b85135f498fe0cca69fea410be3c3322c69cf08690aaad29a610', [cxapi.ASSET_RESOURCE_METADATA_DOCKERFILE_PATH_KEY]: 'Dockerfile', [cxapi.ASSET_RESOURCE_METADATA_PROPERTY_KEY]: 'Code.ImageUri', }, diff --git a/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile b/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile index 18064bbe78ba1..f03af5f73f1a5 100644 --- a/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile +++ b/packages/@aws-cdk/aws-lambda/test/docker-lambda-handler/Dockerfile @@ -1,8 +1,8 @@ -FROM 628053151772.dkr.ecr.sa-east-1.amazonaws.com/awslambda/nodejs12.x-runtime-internal:beta +FROM public.ecr.aws/lambda/nodejs:12 ARG FUNCTION_DIR="/var/task" # Create function directory RUN mkdir -p ${FUNCTION_DIR} # Copy handler function and package.json COPY app.js ${FUNCTION_DIR} # Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile) -CMD [ "app.handler" ] \ No newline at end of file +CMD [ "app.handler" ] diff --git a/packages/@aws-cdk/aws-lambda/test/function.test.ts b/packages/@aws-cdk/aws-lambda/test/function.test.ts index 886d7c754feb8..5b6debdf2825f 100644 --- a/packages/@aws-cdk/aws-lambda/test/function.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/function.test.ts @@ -16,6 +16,7 @@ import * as cxapi from '@aws-cdk/cx-api'; import * as constructs from 'constructs'; import * as _ from 'lodash'; import * as lambda from '../lib'; +import { Lazy, Size } from '@aws-cdk/core'; describe('function', () => { test('default function', () => { @@ -2590,6 +2591,7 @@ describe('function', () => { architectures: [lambda.Architecture.X86_64, lambda.Architecture.ARM_64], })).toThrow(/one architecture must be specified/); }); + test('Architecture is properly readable from the function', () => { const stack = new cdk.Stack(); const fn = new lambda.Function(stack, 'MyFunction', { @@ -2641,6 +2643,50 @@ describe('function', () => { }); }); +test('throws if ephemeral storage size is out of bound', () => { + const stack = new cdk.Stack(); + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'bar', + runtime: lambda.Runtime.NODEJS_14_X, + ephemeralStorageSize: Size.mebibytes(511), + })).toThrow(/Ephemeral storage size must be between 512 and 10240 MB/); +}); + +test('set ephemeral storage to desired size', () => { + const stack = new cdk.Stack(); + new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'bar', + runtime: lambda.Runtime.NODEJS_14_X, + ephemeralStorageSize: Size.mebibytes(1024), + }); + + Template.fromStack(stack).hasResource('AWS::Lambda::Function', { + Properties: + { + Code: { ZipFile: 'foo' }, + Handler: 'bar', + Runtime: 'nodejs14.x', + EphemeralStorage: { + Size: 1024, + }, + }, + }); +}); + +test('ephemeral storage allows unresolved tokens', () => { + const stack = new cdk.Stack(); + expect(() => { + new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'bar', + runtime: lambda.Runtime.NODEJS_14_X, + ephemeralStorageSize: Size.mebibytes(Lazy.number({ produce: () => 1024 })), + }); + }).not.toThrow(); +}); + function newTestLambda(scope: constructs.Construct) { return new lambda.Function(scope, 'MyLambda', { code: new lambda.InlineCode('foo'), diff --git a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json index 1ee05ac72cef8..bb6ee0277bb99 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.expected.json @@ -37,20 +37,20 @@ "Code": { "ZipFile": "exports.handler = async () => { console.log('hello world'); };" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaServiceRole4539ECB6", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaServiceRole4539ECB6" ] }, - "MyLambdaCurrentVersionE7A382CC03fc10af301b823dc69dee9357b5caa0": { + "MyLambdaCurrentVersionE7A382CCc9b5d5d60612e848a9b7c670d8802822": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -66,7 +66,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaCurrentVersionE7A382CC03fc10af301b823dc69dee9357b5caa0", + "MyLambdaCurrentVersionE7A382CCc9b5d5d60612e848a9b7c670d8802822", "Version" ] }, @@ -160,4 +160,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts index e8d3411b072f3..ec6387c230c1a 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.autoscaling.lit.ts @@ -14,7 +14,7 @@ class TestStack extends cdk.Stack { const fn = new lambda.Function(this, 'MyLambda', { code: new lambda.InlineCode('exports.handler = async () => { console.log(\'hello world\'); };'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const version = fn.currentVersion; diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json index 6affea556c9d9..d7f68ed5f5a1f 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.docker.expected.json @@ -50,7 +50,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:f0fe8a410cb4b860a25f6f3e09237abf69cd38ab59f9ef2441597c75f598c634" + "/aws-cdk/assets:768d7b6c1d41b85135f498fe0cca69fea410be3c3322c69cf08690aaad29a610" ] ] } diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json index 88e7b53442a15..a6928d7344a66 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.expected.json @@ -58,21 +58,21 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaServiceRole4539ECB6", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaServiceRoleDefaultPolicy5BBC6F68", "MyLambdaServiceRole4539ECB6" ] }, - "MyLambdaCurrentVersionE7A382CC306b64ef431b3e873cc6258340b63a78": { + "MyLambdaCurrentVersionE7A382CCaab0ffd2d3271bb29338c3fe7c7f3151": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -88,7 +88,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaCurrentVersionE7A382CC306b64ef431b3e873cc6258340b63a78", + "MyLambdaCurrentVersionE7A382CCaab0ffd2d3271bb29338c3fe7c7f3151", "Version" ] }, diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json index 15a57b7a0e598..668799ec1d170 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.expected.json @@ -58,21 +58,21 @@ "Code": { "ZipFile": "exports.handler = async function(event, context) { console.log(\"Hello from CDK! with Alias Provisioned Concurrent Exec!\");}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaAliasPCEServiceRoleF7C9F212", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaAliasPCEServiceRoleDefaultPolicyE7418D56", "MyLambdaAliasPCEServiceRoleF7C9F212" ] }, - "MyLambdaAliasPCECurrentVersion072335D3974767ca5ab9a8786a5779ede8cb8cc5": { + "MyLambdaAliasPCECurrentVersion072335D3f742c0f8cc0b7f48bb32fb34b63bc22c": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -88,7 +88,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaAliasPCECurrentVersion072335D3974767ca5ab9a8786a5779ede8cb8cc5", + "MyLambdaAliasPCECurrentVersion072335D3f742c0f8cc0b7f48bb32fb34b63bc22c", "Version" ] }, @@ -166,21 +166,21 @@ "Code": { "ZipFile": "exports.handler = async function(event, context) { console.log(\"Hello from CDK! with Version Provisioned Concurrent Exec!\");}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLambdaVersionPCEServiceRole2ACFB73E", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLambdaVersionPCEServiceRoleDefaultPolicy229A1552", "MyLambdaVersionPCEServiceRole2ACFB73E" ] }, - "MyLambdaVersionPCECurrentVersion27FC3932a1bc5d5d20600bf4225d17df43a36ea5": { + "MyLambdaVersionPCECurrentVersion27FC3932fbc6188ae863cb6dc15d61f96ad00420": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { @@ -199,7 +199,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "MyLambdaVersionPCECurrentVersion27FC3932a1bc5d5d20600bf4225d17df43a36ea5", + "MyLambdaVersionPCECurrentVersion27FC3932fbc6188ae863cb6dc15d61f96ad00420", "Version" ] }, diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts index 4a100b4d6e462..dde4a27d84ceb 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.prov.concurrent.ts @@ -15,7 +15,7 @@ const pce = 5; const fn = new lambda.Function(stack, 'MyLambdaAliasPCE', { code: new lambda.InlineCode(lambdaCode.replace('#type#', 'Alias')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); fn.addToRolePolicy(new iam.PolicyStatement({ @@ -39,7 +39,7 @@ alias.addPermission('AliasPermission', { const fnVersionPCE = new lambda.Function(stack, 'MyLambdaVersionPCE', { code: new lambda.InlineCode(lambdaCode.replace('#type#', 'Version')), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, currentVersionOptions: { provisionedConcurrentExecutions: pce, }, diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts b/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts index c6ca7302a1f91..1dc7ec07b6cfd 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda.ts @@ -9,7 +9,7 @@ const stack = new cdk.Stack(app, 'aws-cdk-lambda-1'); const fn = new lambda.Function(stack, 'MyLambda', { code: new lambda.InlineCode('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); fn.addToRolePolicy(new iam.PolicyStatement({ diff --git a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json index 93687882379f7..0c6e5b2d4447a 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.expected.json @@ -42,7 +42,7 @@ } }, "CompatibleRuntimes": [ - "nodejs10.x" + "nodejs14.x" ], "Description": "A layer to test the L2 construct", "LicenseInfo": "Apache-2.0" @@ -97,19 +97,19 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyLayeredLambdaServiceRole1A7DC118", "Arn" ] }, - "Runtime": "nodejs10.x", + "Handler": "index.handler", "Layers": [ { "Ref": "MyLayer38944FA5" } - ] + ], + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyLayeredLambdaServiceRole1A7DC118" @@ -130,4 +130,4 @@ "Description": "Artifact hash for asset \"8811a2632ac5564a08fd269e159298f7e497f259578b0dc5e927a1f48ab24d34\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts index d26722365c72e..49ba7c75a8675 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.layer-version.lit.ts @@ -12,7 +12,7 @@ const awsAccountId = stack.account; /// !show const layer = new lambda.LayerVersion(stack, 'MyLayer', { code: lambda.Code.fromAsset(path.join(__dirname, 'layer-code')), - compatibleRuntimes: [lambda.Runtime.NODEJS_10_X], + compatibleRuntimes: [lambda.Runtime.NODEJS_14_X], license: 'Apache-2.0', description: 'A layer to test the L2 construct', }); @@ -26,7 +26,7 @@ layer.addPermission('remote-account-grant', { accountId: awsAccountId }); new lambda.Function(stack, 'MyLayeredLambda', { code: new lambda.InlineCode('foo'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, layers: [layer], }); /// !hide diff --git a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json index 1765faee07465..8aafc5fe25b04 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "OneWeekServiceRole05A6F9F8" @@ -227,7 +227,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "OneMonthServiceRoleFBD1064F" @@ -300,7 +300,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "OneYearServiceRole24D47762" diff --git a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts index 7b4901f651252..965a04c5597d6 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.ts @@ -10,21 +10,21 @@ const stack = new cdk.Stack(app, 'aws-cdk-lambda-log-retention'); new lambda.Function(stack, 'OneWeek', { code: new lambda.InlineCode('exports.handler = (event) => console.log(JSON.stringify(event));'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, logRetention: logs.RetentionDays.ONE_WEEK, }); new lambda.Function(stack, 'OneMonth', { code: new lambda.InlineCode('exports.handler = (event) => console.log(JSON.stringify(event));'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, logRetention: logs.RetentionDays.ONE_MONTH, }); new lambda.Function(stack, 'OneYear', { code: new lambda.InlineCode('exports.handler = (event) => console.log(JSON.stringify(event));'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, logRetention: logs.RetentionDays.ONE_YEAR, }); diff --git a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json index 2a6f6c964822b..ccc1856ef6196 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.expected.json @@ -1,55 +1,5 @@ { "Resources": { - "NODEJS10XServiceRole2FD24B65": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "NODEJS10XF3831960": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = async function(event) { return \"success\" }" - }, - "Role": { - "Fn::GetAtt": [ - "NODEJS10XServiceRole2FD24B65", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs10.x" - }, - "DependsOn": [ - "NODEJS10XServiceRole2FD24B65" - ] - }, "NODEJS12XServiceRole59E71436": { "Type": "AWS::IAM::Role", "Properties": { @@ -100,56 +50,6 @@ "NODEJS12XServiceRole59E71436" ] }, - "PYTHON27ServiceRoleF484A17D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "PYTHON27F8E941FA": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "def handler(event, context):\n return \"success\"" - }, - "Role": { - "Fn::GetAtt": [ - "PYTHON27ServiceRoleF484A17D", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "python2.7" - }, - "DependsOn": [ - "PYTHON27ServiceRoleF484A17D" - ] - }, "PYTHON36ServiceRole814B3AD9": { "Type": "AWS::IAM::Role", "Properties": { @@ -402,21 +302,11 @@ } }, "Outputs": { - "NODEJS10XfunctionName": { - "Value": { - "Ref": "NODEJS10XF3831960" - } - }, "NODEJS12XfunctionName": { "Value": { "Ref": "NODEJS12X8B8075A4" } }, - "PYTHON27functionName": { - "Value": { - "Ref": "PYTHON27F8E941FA" - } - }, "PYTHON36functionName": { "Value": { "Ref": "PYTHON364935EF15" diff --git a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts index ff6160da9ac27..0aff4e4ff02a8 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.runtime.inlinecode.ts @@ -15,13 +15,6 @@ const app = new App(); const stack = new Stack(app, 'aws-cdk-lambda-runtime-inlinecode'); -const node10xfn = new Function(stack, 'NODEJS_10_X', { - code: new InlineCode('exports.handler = async function(event) { return "success" }'), - handler: 'index.handler', - runtime: Runtime.NODEJS_10_X, -}); -new CfnOutput(stack, 'NODEJS_10_X-functionName', { value: node10xfn.functionName }); - const node12xfn = new Function(stack, 'NODEJS_12_X', { code: new InlineCode('exports.handler = async function(event) { return "success" }'), handler: 'index.handler', @@ -29,13 +22,6 @@ const node12xfn = new Function(stack, 'NODEJS_12_X', { }); new CfnOutput(stack, 'NODEJS_12_X-functionName', { value: node12xfn.functionName }); -const python27 = new Function(stack, 'PYTHON_2_7', { - code: new InlineCode('def handler(event, context):\n return "success"'), - handler: 'index.handler', - runtime: Runtime.PYTHON_2_7, -}); -new CfnOutput(stack, 'PYTHON_2_7-functionName', { value: python27.functionName }); - const python36 = new Function(stack, 'PYTHON_3_6', { code: new InlineCode('def handler(event, context):\n return "success"'), handler: 'index.handler', diff --git a/packages/@aws-cdk/aws-lambda/test/singleton-lambda.test.ts b/packages/@aws-cdk/aws-lambda/test/singleton-lambda.test.ts index 0f0a864a4c173..0f259e1866abd 100644 --- a/packages/@aws-cdk/aws-lambda/test/singleton-lambda.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/singleton-lambda.test.ts @@ -172,17 +172,17 @@ describe('singleton lambda', () => { // WHEN const invokeResult = singleton.grantInvoke(new iam.ServicePrincipal('events.amazonaws.com')); - const statement = stack.resolve(invokeResult.resourceStatement); + const statement = stack.resolve(invokeResult.resourceStatement?.toJSON()); // THEN Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', { Action: 'lambda:InvokeFunction', Principal: 'events.amazonaws.com', }); - expect(statement.action).toEqual(['lambda:InvokeFunction']); - expect(statement.principal).toEqual({ Service: ['events.amazonaws.com'] }); - expect(statement.effect).toEqual('Allow'); - expect(statement.resource).toEqual([ + expect(statement.Action).toEqual('lambda:InvokeFunction'); + expect(statement.Principal).toEqual({ Service: 'events.amazonaws.com' }); + expect(statement.Effect).toEqual('Allow'); + expect(statement.Resource).toEqual([ { 'Fn::GetAtt': ['SingletonLambda84c0de93353f42179b0b45b6c993251a840BCC38', 'Arn'] }, { 'Fn::Join': ['', [{ 'Fn::GetAtt': ['SingletonLambda84c0de93353f42179b0b45b6c993251a840BCC38', 'Arn'] }, ':*']] }, ]); diff --git a/packages/@aws-cdk/aws-logs/README.md b/packages/@aws-cdk/aws-logs/README.md index 804b5c56c4eb3..4e04059638138 100644 --- a/packages/@aws-cdk/aws-logs/README.md +++ b/packages/@aws-cdk/aws-logs/README.md @@ -69,6 +69,10 @@ const logGroup = new logs.LogGroup(this, 'LogGroup'); logGroup.grantWrite(new iam.ServicePrincipal('es.amazonaws.com')); ``` +Be aware that any ARNs or tokenized values passed to the resource policy will be converted into AWS Account IDs. +This is because CloudWatch Logs Resource Policies do not accept ARNs as principals, but they do accept +Account ID strings. Non-ARN principals, like Service principals or Any princpals, are accepted by CloudWatch. + ## Encrypting Log Groups By default, log group data is always encrypted in CloudWatch Logs. You have the diff --git a/packages/@aws-cdk/aws-logs/lib/log-group.ts b/packages/@aws-cdk/aws-logs/lib/log-group.ts index 9baf950f92f85..026f00092087a 100644 --- a/packages/@aws-cdk/aws-logs/lib/log-group.ts +++ b/packages/@aws-cdk/aws-logs/lib/log-group.ts @@ -1,7 +1,7 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; -import { ArnFormat, RemovalPolicy, Resource, Stack, Token } from '@aws-cdk/core'; +import { Arn, ArnFormat, RemovalPolicy, Resource, Stack, Token } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { LogStream } from './log-stream'; import { CfnLogGroup } from './logs.generated'; @@ -194,15 +194,39 @@ abstract class LogGroupBase extends Resource implements ILogGroup { /** * Adds a statement to the resource policy associated with this log group. * A resource policy will be automatically created upon the first call to `addToResourcePolicy`. + * + * Any ARN Principals inside of the statement will be converted into AWS Account ID strings + * because CloudWatch Logs Resource Policies do not accept ARN principals. + * * @param statement The policy statement to add */ public addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult { if (!this.policy) { this.policy = new ResourcePolicy(this, 'Policy'); } - this.policy.document.addStatements(statement); + this.policy.document.addStatements(statement.copy({ + principals: statement.principals.map(p => this.convertArnPrincpalToAccountId(p)), + })); return { statementAdded: true, policyDependable: this.policy }; } + + private convertArnPrincpalToAccountId(principal: iam.IPrincipal) { + if (principal.principalAccount) { + // we use ArnPrincipal here because the constructor inserts the argument + // into the template without mutating it, which means that there is no + // ARN created by this call. + return new iam.ArnPrincipal(principal.principalAccount); + } + + if (principal instanceof iam.ArnPrincipal) { + const parsedArn = Arn.split(principal.arn, ArnFormat.SLASH_RESOURCE_NAME); + if (parsedArn.account) { + return new iam.ArnPrincipal(parsedArn.account); + } + } + + return principal; + } } /** diff --git a/packages/@aws-cdk/aws-logs/test/loggroup.test.ts b/packages/@aws-cdk/aws-logs/test/loggroup.test.ts index 4fefc67272d5f..2ba10fdd38f86 100644 --- a/packages/@aws-cdk/aws-logs/test/loggroup.test.ts +++ b/packages/@aws-cdk/aws-logs/test/loggroup.test.ts @@ -1,7 +1,7 @@ import { Template } from '@aws-cdk/assertions'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; -import { CfnParameter, RemovalPolicy, Stack } from '@aws-cdk/core'; +import { CfnParameter, Fn, RemovalPolicy, Stack } from '@aws-cdk/core'; import { LogGroup, RetentionDays } from '../lib'; describe('log group', () => { @@ -364,7 +364,7 @@ describe('log group', () => { }); }); - test('can add a policy to the log group', () => { + test('when added to log groups, IAM users are converted into account IDs in the resource policy', () => { // GIVEN const stack = new Stack(); const lg = new LogGroup(stack, 'LogGroup'); @@ -378,11 +378,43 @@ describe('log group', () => { // THEN Template.fromStack(stack).hasResourceProperties('AWS::Logs::ResourcePolicy', { - PolicyDocument: '{"Statement":[{"Action":"logs:PutLogEvents","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user-name"},"Resource":"*"}],"Version":"2012-10-17"}', + PolicyDocument: '{"Statement":[{"Action":"logs:PutLogEvents","Effect":"Allow","Principal":{"AWS":"123456789012"},"Resource":"*"}],"Version":"2012-10-17"}', PolicyName: 'LogGroupPolicy643B329C', }); }); + test('imported values are treated as if they are ARNs and converted to account IDs via CFN pseudo parameters', () => { + // GIVEN + const stack = new Stack(); + const lg = new LogGroup(stack, 'LogGroup'); + + // WHEN + lg.addToResourcePolicy(new iam.PolicyStatement({ + resources: ['*'], + actions: ['logs:PutLogEvents'], + principals: [iam.Role.fromRoleArn(stack, 'Role', Fn.importValue('SomeRole'))], + })); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Logs::ResourcePolicy', { + PolicyDocument: { + 'Fn::Join': [ + '', + [ + '{\"Statement\":[{\"Action\":\"logs:PutLogEvents\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"', + { + 'Fn::Select': [ + 4, + { 'Fn::Split': [':', { 'Fn::ImportValue': 'SomeRole' }] }, + ], + }, + '\"},\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}', + ], + ], + }, + }); + }); + test('correctly returns physical name of the log group', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-opensearchservice/lib/version.ts b/packages/@aws-cdk/aws-opensearchservice/lib/version.ts index 119b7844502dc..b989ac4867b72 100644 --- a/packages/@aws-cdk/aws-opensearchservice/lib/version.ts +++ b/packages/@aws-cdk/aws-opensearchservice/lib/version.ts @@ -65,6 +65,9 @@ export class EngineVersion { /** AWS OpenSearch 1.1 */ public static readonly OPENSEARCH_1_1 = EngineVersion.openSearch('1.1'); + /** AWS OpenSearch 1.2 */ + public static readonly OPENSEARCH_1_2 = EngineVersion.openSearch('1.2'); + /** * Custom ElasticSearch version * @param version custom version number diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json index 36c5fdc654df2..ccded802da6f0 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json @@ -19,11 +19,11 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -116,11 +116,11 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -213,11 +213,11 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -275,11 +275,11 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -628,7 +628,7 @@ "Properties": { "DBInstanceClass": "db.t3.medium", "AllocatedStorage": "100", - "AutoMinorVersionUpgrade": false, + "AutoMinorVersionUpgrade": true, "BackupRetentionPeriod": 7, "CopyTagsToSnapshot": true, "DBName": "ORCL", @@ -696,8 +696,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot", - "DeletionPolicy": "Snapshot" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "InstanceLogRetentiontrace487771C8": { "Type": "Custom::LogRetention", diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.ts b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.ts index 3e869950a0a46..7154c05b8970b 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.ts +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.ts @@ -5,6 +5,7 @@ import * as targets from '@aws-cdk/aws-events-targets'; import * as lambda from '@aws-cdk/aws-lambda'; import * as logs from '@aws-cdk/aws-logs'; import * as cdk from '@aws-cdk/core'; +import { RemovalPolicy } from '@aws-cdk/core'; import * as rds from '../lib'; const app = new cdk.App(); @@ -63,9 +64,10 @@ class DatabaseInstanceStack extends cdk.Stack { 'listener', ], cloudwatchLogsRetention: logs.RetentionDays.ONE_MONTH, - autoMinorVersionUpgrade: false, + autoMinorVersionUpgrade: true, // required to be true if LOCATOR is used in the option group optionGroup, parameterGroup, + removalPolicy: RemovalPolicy.DESTROY, }); // Allow connections on default port from any IPV4 diff --git a/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json b/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json index a8eff4138bc50..465915d69d202 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json @@ -18,11 +18,11 @@ "vpcPublicSubnet1Subnet2E65531E": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "vpcPublicSubnet2Subnet009B674F": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "vpcPrivateSubnet1Subnet934893E8": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -274,11 +274,11 @@ "vpcPrivateSubnet2Subnet7031C2BA": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -462,7 +462,7 @@ "Ref": "dbInstanceSubnetGroupD062EC9E" }, "Engine": "postgres", - "EngineVersion": "11.5", + "EngineVersion": "11.15", "MasterUsername": { "Fn::Join": [ "", @@ -497,8 +497,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot", - "DeletionPolicy": "Snapshot" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "dbProxyIAMRole662F3AB8": { "Type": "AWS::IAM::Role", diff --git a/packages/@aws-cdk/aws-rds/test/integ.proxy.ts b/packages/@aws-cdk/aws-rds/test/integ.proxy.ts index e59ead63f3590..0b67735f5c4e5 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.proxy.ts +++ b/packages/@aws-cdk/aws-rds/test/integ.proxy.ts @@ -1,5 +1,6 @@ import * as ec2 from '@aws-cdk/aws-ec2'; import * as cdk from '@aws-cdk/core'; +import { RemovalPolicy } from '@aws-cdk/core'; import * as rds from '../lib'; const app = new cdk.App(); @@ -9,13 +10,14 @@ const vpc = new ec2.Vpc(stack, 'vpc', { maxAzs: 2 }); const dbInstance = new rds.DatabaseInstance(stack, 'dbInstance', { engine: rds.DatabaseInstanceEngine.postgres({ - version: rds.PostgresEngineVersion.VER_11_5, + version: rds.PostgresEngineVersion.VER_11_15, }), instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM), credentials: rds.Credentials.fromUsername('master', { excludeCharacters: '"@/\\', }), vpc, + removalPolicy: RemovalPolicy.DESTROY, }); new rds.DatabaseProxy(stack, 'dbProxy', { diff --git a/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts b/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts index ec5fb358321b8..c5a1b97ef4e74 100644 --- a/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts +++ b/packages/@aws-cdk/aws-route53-patterns/lib/website-redirect.ts @@ -97,7 +97,7 @@ export class HttpsRedirect extends Construct { }); domainNames.forEach((domainName) => { - const hash = crypto.createHash('md5').update(domainName).digest('hex').substr(0, 6); + const hash = crypto.createHash('md5').update(domainName).digest('hex').slice(0, 6); const aliasProps = { recordName: domainName, zone: props.zone, diff --git a/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.expected.json b/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.expected.json index 1c131830312ba..f2885d0d342c7 100644 --- a/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.expected.json +++ b/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.expected.json @@ -37,14 +37,14 @@ "Code": { "ZipFile": "exports.handler = async () => {\n return {\n statusCode: '200',\n body: 'hello, world!'\n };\n };" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "HandlerServiceRoleFCDC14AE", "Arn" ] }, - "Runtime": "nodejs10.x" + "Handler": "index.handler", + "Runtime": "nodejs14.x" }, "DependsOn": [ "HandlerServiceRoleFCDC14AE" @@ -56,33 +56,6 @@ "Name": "api" } }, - "apiDeployment149F1294891f10d69bae7c4d19bdee7af013a950": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "apiC8550315" - }, - "Description": "Automatically created by the RestApi construct" - }, - "DependsOn": [ - "apiproxyANY7F13F09C", - "apiproxy4EA44110", - "apiANYB3DF8C3C" - ] - }, - "apiDeploymentStageprod896C8101": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "RestApiId": { - "Ref": "apiC8550315" - }, - "DeploymentId": { - "Ref": "apiDeployment149F1294891f10d69bae7c4d19bdee7af013a950" - }, - "StageName": "prod" - }, - "DependsOn": ["apiAccount57E28B43"] - }, "apiCloudWatchRoleAC81D93E": { "Type": "AWS::IAM::Role", "Properties": { @@ -128,6 +101,61 @@ "apiC8550315" ] }, + "apiDeployment149F1294891f10d69bae7c4d19bdee7af013a950": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "apiC8550315" + }, + "Description": "Automatically created by the RestApi construct" + }, + "DependsOn": [ + "apiproxyANY7F13F09C", + "apiproxy4EA44110", + "apiANYB3DF8C3C" + ] + }, + "apiDeploymentStageprod896C8101": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "RestApiId": { + "Ref": "apiC8550315" + }, + "DeploymentId": { + "Ref": "apiDeployment149F1294891f10d69bae7c4d19bdee7af013a950" + }, + "StageName": "prod" + }, + "DependsOn": [ + "apiAccount57E28B43" + ] + }, + "apiCustomDomain64773C4F": { + "Type": "AWS::ApiGateway::DomainName", + "Properties": { + "DomainName": "example.com", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "RegionalCertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate" + } + }, + "apiCustomDomainMapawscdkapigwaliasintegapiF4DF08ACCF365F22": { + "Type": "AWS::ApiGateway::BasePathMapping", + "Properties": { + "DomainName": { + "Ref": "apiCustomDomain64773C4F" + }, + "RestApiId": { + "Ref": "apiC8550315" + }, + "Stage": { + "Ref": "apiDeploymentStageprod896C8101" + } + } + }, "apiproxy4EA44110": { "Type": "AWS::ApiGateway::Resource", "Properties": { @@ -382,32 +410,6 @@ } } }, - "apiCustomDomain64773C4F": { - "Type": "AWS::ApiGateway::DomainName", - "Properties": { - "DomainName": "example.com", - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "RegionalCertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate" - } - }, - "apiCustomDomainMapawscdkapigwaliasintegapiF4DF08ACCF365F22": { - "Type": "AWS::ApiGateway::BasePathMapping", - "Properties": { - "DomainName": { - "Ref": "apiCustomDomain64773C4F" - }, - "RestApiId": { - "Ref": "apiC8550315" - }, - "Stage": { - "Ref": "apiDeploymentStageprod896C8101" - } - } - }, "Alias325C5727": { "Type": "AWS::Route53::RecordSet", "Properties": { diff --git a/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.ts b/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.ts index ce8246d7955f7..e6f4741aeddf1 100644 --- a/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.ts +++ b/packages/@aws-cdk/aws-route53-targets/test/integ.api-gateway-domain-name.ts @@ -22,7 +22,7 @@ class TestStack extends Stack { body: 'hello, world!' }; };`), - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', }); diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts index afb4d312083d8..07c25a500eea0 100644 --- a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts @@ -354,7 +354,7 @@ export class BucketDeployment extends Construct { let prefix: string = props.destinationKeyPrefix ? `:${props.destinationKeyPrefix}` : ''; - prefix += `:${this.cr.node.addr.substr(-8)}`; + prefix += `:${this.cr.node.addr.slice(-8)}`; const tagKey = CUSTOM_RESOURCE_OWNER_TAG + prefix; // destinationKeyPrefix can be 104 characters before we hit diff --git a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json index 472b3b55a72b7..ffab9e0aacf65 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json @@ -245,7 +245,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -344,4 +344,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json index 731effea95a53..8cc9c00a4fe29 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json @@ -114,7 +114,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyFunctionServiceRole3C357FF2" @@ -237,7 +237,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -255,4 +255,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts index c237b24e896e3..1493e29176362 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts +++ b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.ts @@ -12,7 +12,7 @@ const bucketA = new s3.Bucket(stack, 'MyBucket', { }); const fn = new lambda.Function(stack, 'MyFunction', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), }); diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json index 47f2a8ea6e0ce..fce3f59e27d78 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json @@ -195,7 +195,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -213,4 +213,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json index de109b272d9bb..1421e22410918 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json @@ -184,7 +184,7 @@ "Properties": { "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": { - "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n\n # find external notifications\n external_notifications = find_external_notifications(bucket, stack_id)\n\n # if delete, that's all we need\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n # otherwise, merge external with incoming config and augment with id\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n return notifications\n\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n # if the notification was created by us, we know what id to expect\n # so we can filter by it.\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n return external_notifications\n\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" }, "Handler": "index.handler", "Role": { @@ -376,4 +376,4 @@ } } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3/README.md b/packages/@aws-cdk/aws-s3/README.md index 47138a3d30ec6..26a62df2d9f41 100644 --- a/packages/@aws-cdk/aws-s3/README.md +++ b/packages/@aws-cdk/aws-s3/README.md @@ -279,6 +279,21 @@ const importedRole = iam.Role.fromRoleArn(this, 'role', 'arn:aws:iam::1234567890 [S3 Bucket Notifications]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html +### EventBridge notifications + +Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket. +Unlike other destinations, you don't need to select which event types you want to deliver. + +The following example will enable EventBridge notifications: + +```ts +const bucket = new s3.Bucket(this, 'MyEventBridgeBucket', { + eventBridgeEnabled: true, +}); +``` + +[S3 EventBridge notifications]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventBridge.html + ## Block Public Access Use `blockPublicAccess` to specify [block public access settings] on the bucket. diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index f21fb65db79f5..2a28f81c8b360 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -874,6 +874,10 @@ export abstract class BucketBase extends Resource implements IBucket { return this.addEventNotification(EventType.OBJECT_REMOVED, dest, ...filters); } + protected enableEventBridgeNotification() { + this.withNotifications(notifications => notifications.enableEventBridgeNotification()); + } + private get writeActions(): string[] { return [ ...perms.BUCKET_DELETE_ACTIONS, @@ -1350,6 +1354,13 @@ export interface BucketProps { */ readonly versioned?: boolean; + /** + * Whether this bucket should send notifications to Amazon EventBridge or not. + * + * @default false + */ + readonly eventBridgeEnabled?: boolean; + /** * Rules that define how Amazon S3 manages objects during their lifetime. * @@ -1638,6 +1649,7 @@ export class Bucket extends BucketBase { private accessControl?: BucketAccessControl; private readonly lifecycleRules: LifecycleRule[] = []; private readonly versioned?: boolean; + private readonly eventBridgeEnabled?: boolean; private readonly metrics: BucketMetrics[] = []; private readonly cors: CorsRule[] = []; private readonly inventories: Inventory[] = []; @@ -1679,6 +1691,7 @@ export class Bucket extends BucketBase { this.versioned = props.versioned; this.encryptionKey = encryptionKey; + this.eventBridgeEnabled = props.eventBridgeEnabled; this.bucketName = this.getResourceNameAttribute(resource.ref); this.bucketArn = this.getResourceArnAttribute(resource.attrArn, { @@ -1729,6 +1742,10 @@ export class Bucket extends BucketBase { this.enableAutoDeleteObjects(); } + + if (this.eventBridgeEnabled) { + this.enableEventBridgeNotification(); + } } /** diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py b/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py index 2551398d74958..12d584c290cc1 100644 --- a/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py +++ b/packages/@aws-cdk/aws-s3/lib/notifications-resource/lambda/index.py @@ -5,41 +5,40 @@ s3 = boto3.client("s3") +EVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration' + CONFIGURATION_TYPES = ["TopicConfigurations", "QueueConfigurations", "LambdaFunctionConfigurations"] def handler(event: dict, context): - response_status = "SUCCESS" - error_message = "" - try: - props = event["ResourceProperties"] - bucket = props["BucketName"] - notification_configuration = props["NotificationConfiguration"] - request_type = event["RequestType"] - managed = props.get('Managed', 'true').lower() == 'true' - stack_id = event['StackId'] - - if managed: - config = handle_managed(request_type, notification_configuration) - else: - config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration) - - put_bucket_notification_configuration(bucket, config) - except Exception as e: - logging.exception("Failed to put bucket notification configuration") - response_status = "FAILED" - error_message = f"Error: {str(e)}. " - finally: - submit_response(event, context, response_status, error_message) - + response_status = "SUCCESS" + error_message = "" + try: + props = event["ResourceProperties"] + bucket = props["BucketName"] + notification_configuration = props["NotificationConfiguration"] + request_type = event["RequestType"] + managed = props.get('Managed', 'true').lower() == 'true' + stack_id = event['StackId'] + + if managed: + config = handle_managed(request_type, notification_configuration) + else: + config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration) + + put_bucket_notification_configuration(bucket, config) + except Exception as e: + logging.exception("Failed to put bucket notification configuration") + response_status = "FAILED" + error_message = f"Error: {str(e)}. " + finally: + submit_response(event, context, response_status, error_message) def handle_managed(request_type, notification_configuration): if request_type == 'Delete': return {} return notification_configuration - def handle_unmanaged(bucket, stack_id, request_type, notification_configuration): - # find external notifications external_notifications = find_external_notifications(bucket, stack_id) @@ -57,8 +56,14 @@ def with_id(notification): external = external_notifications.get(t, []) incoming = [with_id(n) for n in notification_configuration.get(t, [])] notifications[t] = external + incoming - return notifications + # EventBridge configuration is a special case because it's just an empty object if it exists + if EVENTBRIDGE_CONFIGURATION in notification_configuration: + notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION] + elif EVENTBRIDGE_CONFIGURATION in external_notifications: + notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION] + + return notifications def find_external_notifications(bucket, stack_id): existing_notifications = get_bucket_notification_configuration(bucket) @@ -68,34 +73,36 @@ def find_external_notifications(bucket, stack_id): # so we can filter by it. external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f"{stack_id}-")] - return external_notifications + # always treat EventBridge configuration as an external config if it already exists + # as there is no way to determine whether it's managed by us or not + if EVENTBRIDGE_CONFIGURATION in existing_notifications: + external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION] + return external_notifications def get_bucket_notification_configuration(bucket): return s3.get_bucket_notification_configuration(Bucket=bucket) - def put_bucket_notification_configuration(bucket, notification_configuration): s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration) - def submit_response(event: dict, context, response_status: str, error_message: str): - response_body = json.dumps( - { - "Status": response_status, - "Reason": f"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}", - "PhysicalResourceId": event.get("PhysicalResourceId") or event["LogicalResourceId"], - "StackId": event["StackId"], - "RequestId": event["RequestId"], - "LogicalResourceId": event["LogicalResourceId"], - "NoEcho": False, - } - ).encode("utf-8") - headers = {"content-type": "", "content-length": str(len(response_body))} - try: - req = urllib.request.Request(url=event["ResponseURL"], headers=headers, data=response_body, method="PUT") - with urllib.request.urlopen(req) as response: - print(response.read().decode("utf-8")) - print("Status code: " + response.reason) - except Exception as e: - print("send(..) failed executing request.urlopen(..): " + str(e)) + response_body = json.dumps( + { + "Status": response_status, + "Reason": f"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}", + "PhysicalResourceId": event.get("PhysicalResourceId") or event["LogicalResourceId"], + "StackId": event["StackId"], + "RequestId": event["RequestId"], + "LogicalResourceId": event["LogicalResourceId"], + "NoEcho": False, + } + ).encode("utf-8") + headers = {"content-type": "", "content-length": str(len(response_body))} + try: + req = urllib.request.Request(url=event["ResponseURL"], headers=headers, data=response_body, method="PUT") + with urllib.request.urlopen(req) as response: + print(response.read().decode("utf-8")) + print("Status code: " + response.reason) + except Exception as e: + print("send(..) failed executing request.urlopen(..): " + str(e)) diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts index 3cf533a029004..cb213d51e247e 100644 --- a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts +++ b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts @@ -83,15 +83,19 @@ export class NotificationsResourceHandler extends Construct { } const handlerSource = fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8'); - if (handlerSource.length > 4096) { - throw new Error(`Source of Notifications Resource Handler is too large (${handlerSource.length} > 4096)`); + + // Removing lines that starts with '#' (comment lines) in order to fit the 4096 limit + const handlerSourceWithoutComments = handlerSource.replace(/^ *#.*\n?/gm, ''); + + if (handlerSourceWithoutComments.length > 4096) { + throw new Error(`Source of Notifications Resource Handler is too large (${handlerSourceWithoutComments.length} > 4096)`); } const resource = new InLineLambda(this, 'Resource', { type: resourceType, properties: { Description: 'AWS CloudFormation handler for "Custom::S3BucketNotifications" resources (@aws-cdk/aws-s3)', - Code: { ZipFile: handlerSource }, + Code: { ZipFile: handlerSourceWithoutComments }, Handler: 'index.handler', Role: this.role.roleArn, Runtime: 'python3.7', diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts index 1bb177e7518a2..3bfc5ed516503 100644 --- a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts +++ b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource.ts @@ -33,6 +33,7 @@ interface NotificationsProps { * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html */ export class BucketNotifications extends Construct { + private eventBridgeEnabled = false; private readonly lambdaNotifications = new Array(); private readonly queueNotifications = new Array(); private readonly topicNotifications = new Array(); @@ -91,8 +92,14 @@ export class BucketNotifications extends Construct { } } + public enableEventBridgeNotification() { + this.createResourceOnce(); + this.eventBridgeEnabled = true; + } + private renderNotificationConfiguration(): NotificationConfiguration { return { + EventBridgeConfiguration: this.eventBridgeEnabled ? {} : undefined, LambdaFunctionConfigurations: this.lambdaNotifications.length > 0 ? this.lambdaNotifications : undefined, QueueConfigurations: this.queueNotifications.length > 0 ? this.queueNotifications : undefined, TopicConfigurations: this.topicNotifications.length > 0 ? this.topicNotifications : undefined, @@ -173,6 +180,7 @@ function renderFilters(filters?: NotificationKeyFilter[]): Filter | undefined { } interface NotificationConfiguration { + EventBridgeConfiguration?: EventBridgeConfiguration; LambdaFunctionConfigurations?: LambdaFunctionConfiguration[]; QueueConfigurations?: QueueConfiguration[]; TopicConfigurations?: TopicConfiguration[]; @@ -184,6 +192,8 @@ interface CommonConfiguration { Filter?: Filter } +interface EventBridgeConfiguration { } + interface LambdaFunctionConfiguration extends CommonConfiguration { LambdaFunctionArn: string; } diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.expected.json new file mode 100644 index 0000000000000..7ef3ed3ba4d10 --- /dev/null +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.expected.json @@ -0,0 +1,101 @@ +{ + "Resources": { + "MyEventBridgeBucketNotifications19C0453F": { + "Type": "Custom::S3BucketNotifications", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691", + "Arn" + ] + }, + "BucketName": { + "Ref": "MyEventBridgeBucket1ABD5C2A" + }, + "NotificationConfiguration": { + "EventBridgeConfiguration": {} + }, + "Managed": true + } + }, + "MyEventBridgeBucket1ABD5C2A": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:PutBucketNotification", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", + "Roles": [ + { + "Ref": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" + } + ] + } + }, + "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", + "Code": { + "ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", + "Arn" + ] + }, + "Runtime": "python3.7", + "Timeout": 300 + }, + "DependsOn": [ + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", + "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" + ] + } + } +} diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.ts b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.ts new file mode 100644 index 0000000000000..3180b491f6250 --- /dev/null +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.notifications.ts @@ -0,0 +1,14 @@ +#!/usr/bin/env node +import * as cdk from '@aws-cdk/core'; +import * as s3 from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-s3-notifications'); + +new s3.Bucket(stack, 'MyEventBridgeBucket', { + eventBridgeEnabled: true, + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +app.synth(); diff --git a/packages/@aws-cdk/aws-s3/test/notification.test.ts b/packages/@aws-cdk/aws-s3/test/notification.test.ts index 411852018d081..a32b6c8c0eab9 100644 --- a/packages/@aws-cdk/aws-s3/test/notification.test.ts +++ b/packages/@aws-cdk/aws-s3/test/notification.test.ts @@ -146,4 +146,22 @@ describe('notification', () => { }), }, { suffix: '.png' }, { suffix: '.zip' })).toThrow(/suffix rule/); }); + + test('EventBridge notification custom resource', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new s3.Bucket(stack, 'MyBucket', { + eventBridgeEnabled: true, + }); + + // THEN + Template.fromStack(stack).resourceCountIs('AWS::S3::Bucket', 1); + Template.fromStack(stack).hasResourceProperties('Custom::S3BucketNotifications', { + NotificationConfiguration: { + EventBridgeConfiguration: {}, + }, + }); + }); }); diff --git a/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py b/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py index 9127677b02675..ff79da80ef669 100644 --- a/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py +++ b/packages/@aws-cdk/aws-s3/test/notifications-resource-handler/test_index.py @@ -19,6 +19,8 @@ ) sys.exit(1) +EVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration' + CONFIGURATION_TYPES = ["TopicConfigurations", "QueueConfigurations", "LambdaFunctionConfigurations"] @@ -33,6 +35,16 @@ def make_event(request_type: str, managed: bool): }, } +def make_event_with_eventbridge(request_type: str, managed: bool): + return { + "StackId": "StackId", + "RequestType": request_type, + "ResourceProperties": { + "Managed": str(managed), + "BucketName": "BucketName", + "NotificationConfiguration": make_notification_configuration_with_eventbridge(), + }, + } def make_notification_configuration(id_prefix: str = None): def make_id(): @@ -43,6 +55,11 @@ def make_id(): config[t] = [{"Id": make_id()}] return config +def make_notification_configuration_with_eventbridge(id_prefix: str = None): + return {**make_notification_configuration(id_prefix), **make_eventbridge_configuration()} + +def make_eventbridge_configuration(): + return { EVENTBRIDGE_CONFIGURATION: {} } def make_empty_notification_configuration(): config = {} @@ -50,11 +67,21 @@ def make_empty_notification_configuration(): config[t] = [] return config +def make_empty_notification_configuration_with_eventbridge(): + return {**make_empty_notification_configuration(), **make_eventbridge_configuration()} + def merge_notification_configurations(conf1: Dict, conf2: Dict): notifications = {} for t in CONFIGURATION_TYPES: notifications[t] = conf1.get(t, []) + conf2.get(t, []) + + if EVENTBRIDGE_CONFIGURATION in conf1: + notifications[EVENTBRIDGE_CONFIGURATION] = conf1[EVENTBRIDGE_CONFIGURATION] + + if EVENTBRIDGE_CONFIGURATION in conf2: + notifications[EVENTBRIDGE_CONFIGURATION] = conf2[EVENTBRIDGE_CONFIGURATION] + return notifications @@ -113,6 +140,22 @@ def test_create(self, _, get: MagicMock, put: MagicMock): event["ResourceProperties"]["NotificationConfiguration"], ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_create_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + get.return_value = {} + + event = make_event_with_eventbridge("Create", False) + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + event["ResourceProperties"]["NotificationConfiguration"], + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -131,6 +174,46 @@ def test_update(self, _, get: MagicMock, put: MagicMock): event["ResourceProperties"]["NotificationConfiguration"], ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Update", False) + + # simulate a previous create operation + current_notifications = make_notification_configuration(f"{event['StackId']}-") + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + event["ResourceProperties"]["NotificationConfiguration"], + ) + + + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_with_existing_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event("Update", False) + + # simulate a previous create operation + current_notifications = make_notification_configuration_with_eventbridge(f"{event['StackId']}-") + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + make_eventbridge_configuration(), + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -149,6 +232,24 @@ def test_delete(self, _, get: MagicMock, put: MagicMock): make_empty_notification_configuration(), ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_delete_with_eventbridge_should_not_remove_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Delete", False) + + # simulate a previous create operation + current_notifications = make_notification_configuration_with_eventbridge(f"{event['StackId']}-") + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + make_empty_notification_configuration_with_eventbridge(), + ) + class UnmanagedDirtyBucketTest(unittest.TestCase): @patch("index.put_bucket_notification_configuration") @@ -172,6 +273,48 @@ def test_create(self, _, get: MagicMock, put: MagicMock): ), ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_create_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Create", False) + + # simulate external notifications + current_notifications = make_notification_configuration() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_create_with_existing_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event("Create", False) + + # simulate external notifications + current_notifications = make_notification_configuration_with_eventbridge() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -193,6 +336,48 @@ def test_update(self, _, get: MagicMock, put: MagicMock): ), ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_with_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Update", False) + + # simulate external notifications + current_notifications = make_notification_configuration() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_update_without_eventbridge_should_not_remove_existing_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event("Update", False) + + # simulate external notifications + current_notifications = make_notification_configuration_with_eventbridge() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + merge_notification_configurations( + current_notifications, + event["ResourceProperties"]["NotificationConfiguration"], + ), + ) + @patch("index.put_bucket_notification_configuration") @patch("index.get_bucket_notification_configuration") @patch("index.submit_response") @@ -211,6 +396,24 @@ def test_delete(self, _, get: MagicMock, put: MagicMock): current_notifications, ) + @patch("index.put_bucket_notification_configuration") + @patch("index.get_bucket_notification_configuration") + @patch("index.submit_response") + def test_delete_with_eventbridge_should_not_remove_eventbridge(self, _, get: MagicMock, put: MagicMock): + + event = make_event_with_eventbridge("Delete", False) + + # simulate external notifications + current_notifications = make_notification_configuration_with_eventbridge() + get.return_value = current_notifications + + index.handler(event, {}) + + put.assert_called_once_with( + event["ResourceProperties"]["BucketName"], + current_notifications, + ) + class CfnResponsesTest(unittest.TestCase): @patch("index.put_bucket_notification_configuration") diff --git a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json index c53bfb57cd719..c134a1411a2cc 100644 --- a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json +++ b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.expected.json @@ -160,7 +160,6 @@ "MyObjectLambda17554FEF4": { "Type": "AWS::S3ObjectLambda::AccessPoint", "Properties": { - "Name": "obj-lambda-1", "ObjectLambdaConfiguration": { "AllowedFeatures": [ "GetObject-PartNumber" @@ -203,7 +202,6 @@ "MyObjectLambda2CCBCAAF7": { "Type": "AWS::S3ObjectLambda::AccessPoint", "Properties": { - "Name": "obj-lambda-1", "ObjectLambdaConfiguration": { "AllowedFeatures": [ "GetObject-Range" diff --git a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts index e840de6367479..79173d72d19c5 100644 --- a/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts +++ b/packages/@aws-cdk/aws-s3objectlambda/test/integ.s3objectlambda.ts @@ -23,7 +23,6 @@ class TestStack extends cdk.Stack { new AccessPoint(this, 'MyObjectLambda1', { bucket, handler: handler1, - accessPointName: 'obj-lambda-1', cloudWatchMetricsEnabled: true, supportsGetObjectPartNumber: true, }); @@ -31,7 +30,6 @@ class TestStack extends cdk.Stack { new AccessPoint(this, 'MyObjectLambda2', { bucket, handler: handler2, - accessPointName: 'obj-lambda-1', supportsGetObjectRange: true, payload: { foo: 10 }, }); diff --git a/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts b/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts index 38d916401cd97..b5df000699075 100644 --- a/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts +++ b/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts @@ -851,8 +851,8 @@ function parseSecretName(construct: IConstruct, secretArn: string) { // Secret resource names are in the format `${secretName}-${6-character SecretsManager suffix}` // If there is no hyphen (or 6-character suffix) assume no suffix was provided, and return the whole name. const lastHyphenIndex = resourceName.lastIndexOf('-'); - const hasSecretsSuffix = lastHyphenIndex !== -1 && resourceName.substr(lastHyphenIndex + 1).length === 6; - return hasSecretsSuffix ? resourceName.substr(0, lastHyphenIndex) : resourceName; + const hasSecretsSuffix = lastHyphenIndex !== -1 && resourceName.slice(lastHyphenIndex + 1).length === 6; + return hasSecretsSuffix ? resourceName.slice(0, lastHyphenIndex) : resourceName; } throw new Error('invalid ARN format; no secret name provided'); } diff --git a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts index 801077c5c8494..69894e994fc5f 100644 --- a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts +++ b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.ts @@ -38,7 +38,6 @@ class SecretsManagerStack extends cdk.Stack { } } -const app = new cdk.App({ -}); +const app = new cdk.App(); new SecretsManagerStack(app, 'Integ-SecretsManager-ParsedSecretName'); app.synth(); diff --git a/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json b/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json index fbb346b959470..22aa1e4657fdc 100644 --- a/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json +++ b/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json @@ -47,7 +47,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FunctionServiceRole675BB04A" diff --git a/packages/@aws-cdk/aws-ses-actions/test/integ.actions.ts b/packages/@aws-cdk/aws-ses-actions/test/integ.actions.ts index a34f6d0b86e0a..b07f286a9f4f3 100644 --- a/packages/@aws-cdk/aws-ses-actions/test/integ.actions.ts +++ b/packages/@aws-cdk/aws-ses-actions/test/integ.actions.ts @@ -16,7 +16,7 @@ const topic = new sns.Topic(stack, 'Topic'); const fn = new lambda.Function(stack, 'Function', { code: lambda.Code.fromInline('exports.handler = async (event) => event;'), handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, }); const bucket = new s3.Bucket(stack, 'Bucket'); diff --git a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.expected.json b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.expected.json index de5216b565954..4d177008c6722 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.expected.json +++ b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.expected.json @@ -55,7 +55,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "EchoServiceRoleBE28060B" diff --git a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.ts b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.ts index cfec9592e3dba..7c915db0db925 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.ts +++ b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda-cross-region.ts @@ -18,7 +18,7 @@ const functionStack = new cdk.Stack(app, 'FunctionStack', { }); const fction = new lambda.Function(functionStack, 'Echo', { handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), }); diff --git a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json index d20fe9bf9a8db..035d9df3a990b 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json +++ b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json @@ -47,7 +47,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "EchoServiceRoleBE28060B" @@ -176,7 +176,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "FilteredServiceRole16D9DDC1" diff --git a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.ts b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.ts index 6b92a97551478..bd847b73d18f0 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.ts +++ b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.ts @@ -12,7 +12,7 @@ class SnsToLambda extends cdk.Stack { const fction = new lambda.Function(this, 'Echo', { handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), }); @@ -22,7 +22,7 @@ class SnsToLambda extends cdk.Stack { const fctionFiltered = new lambda.Function(this, 'Filtered', { handler: 'index.handler', - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), }); diff --git a/packages/@aws-cdk/aws-sqs/lib/policy.ts b/packages/@aws-cdk/aws-sqs/lib/policy.ts index 5b79fc9af4e5a..5aeccf8b7be13 100644 --- a/packages/@aws-cdk/aws-sqs/lib/policy.ts +++ b/packages/@aws-cdk/aws-sqs/lib/policy.ts @@ -34,20 +34,23 @@ export class QueuePolicy extends Resource { */ public readonly document = new PolicyDocument(); - /** - * Not currently supported by AWS CloudFormation. - * @attribute - */ - public readonly queuePolicyId: string; - constructor(scope: Construct, id: string, props: QueuePolicyProps) { super(scope, id); - const resource = new CfnQueuePolicy(this, 'Resource', { + new CfnQueuePolicy(this, 'Resource', { policyDocument: this.document, queues: props.queues.map(q => q.queueUrl), }); + } - this.queuePolicyId = resource.attrId; + /** + * Not currently supported by AWS CloudFormation. + * + * This attribute temporarily existed in CloudFormation, and then was removed again. + * + * @attribute + */ + public get queuePolicyId(): string { + throw new Error('QueuePolicy.queuePolicyId has been removed from CloudFormation'); } } diff --git a/packages/@aws-cdk/aws-ssm/lib/parameter.ts b/packages/@aws-cdk/aws-ssm/lib/parameter.ts index 07521d1cf02de..efa23ec1f7812 100644 --- a/packages/@aws-cdk/aws-ssm/lib/parameter.ts +++ b/packages/@aws-cdk/aws-ssm/lib/parameter.ts @@ -141,7 +141,7 @@ export interface StringParameterProps extends ParameterOptions { /** * The data type of the parameter, such as `text` or `aws:ec2:image`. * - * @default - undefined + * @default ParameterDataType.TEXT */ readonly dataType?: ParameterDataType; } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts index e223988059c52..73c10a442b87e 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emr/emr-create-cluster.ts @@ -211,7 +211,7 @@ export class EmrCreateCluster extends sfn.TaskStateBase { throw new Error(`Step concurrency level must be in range [1, 256], but got ${this.props.stepConcurrencyLevel}.`); } if (this.props.releaseLabel && this.props.stepConcurrencyLevel !== 1) { - const [major, minor] = this.props.releaseLabel.substr(4).split('.'); + const [major, minor] = this.props.releaseLabel.slice(4).split('.'); if (Number(major) < 5 || (Number(major) === 5 && Number(minor) < 28)) { throw new Error(`Step concurrency is only supported in EMR release version 5.28.0 and above but got ${this.props.releaseLabel}.`); } @@ -391,8 +391,8 @@ export class EmrCreateCluster extends sfn.TaskStateBase { * @see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-components.html */ private validateReleaseLabel(releaseLabel: string): string { - const prefix = releaseLabel.substr(0, 4); - const versions = releaseLabel.substr(4).split('.'); + const prefix = releaseLabel.slice(0, 4); + const versions = releaseLabel.slice(4).split('.'); if (prefix !== 'emr-' || versions.length !== 3 || versions.some((e) => isNotANumber(e))) { throw new Error(`The release label must be in the format 'emr-x.x.x' but got ${releaseLabel}`); } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json index 37195febe4b9f..797702369a8cd 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json @@ -135,7 +135,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "HelloHandlerServiceRole11EF7C63" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts index aad59d754950d..0dd2837e82e3f 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.ts @@ -18,7 +18,7 @@ const stack = new cdk.Stack(app, 'CallHttpApiInteg'); const httpApi = new apigatewayv2.HttpApi(stack, 'MyHttpApi'); const handler = new lambda.Function(stack, 'HelloHandler', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: new lambda.InlineCode('exports.handler = async function(event, context) { return { statusCode: 200, body: "hello, world!" }; };'), }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json index 29b6885931a63..455d8d39bfd62 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.expected.json @@ -243,7 +243,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "HelloServiceRole1E55EA16" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts index 7cfe3c85ab12b..0117651011a38 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-rest-api.ts @@ -17,7 +17,7 @@ const stack = new cdk.Stack(app, 'CallRestApiInteg'); const restApi = new apigateway.RestApi(stack, 'MyRestApi'); const hello = new apigateway.LambdaIntegration(new lambda.Function(stack, 'Hello', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: new lambda.InlineCode('exports.handler = async function(event, context) { return { statusCode: 200, body: "hello, world!" }; };'), })); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json index 94145f863083d..aff74626991ab 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json @@ -869,7 +869,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3691f011ed75cf0fd05152b8fae3d684323da3da9eaf3be68cba18cb9def2562" + "/aws-cdk/assets:8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b" ] ] }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json index 7f48977f12e6c..a722fd182008c 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json @@ -869,7 +869,7 @@ { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3691f011ed75cf0fd05152b8fae3d684323da3da9eaf3be68cba18cb9def2562" + "/aws-cdk/assets:8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b" ] ] }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts index 0885dcfb55930..aa9ccbdd8a0d8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/submit-job.test.ts @@ -169,6 +169,33 @@ test('supports tokens', () => { }); }); +test('container overrides are tokens', () => { + // WHEN + const task = new BatchSubmitJob(stack, 'Task', { + jobDefinitionArn: batchJobDefinition.jobDefinitionArn, + jobName: 'JobName', + jobQueueArn: batchJobQueue.jobQueueArn, + containerOverrides: { + memory: cdk.Size.mebibytes(sfn.JsonPath.numberAt('$.asdf')), + }, + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':states:::batch:submitJob.sync']] }, + End: true, + Parameters: { + JobDefinition: { Ref: 'JobDefinition24FFE3ED' }, + JobName: 'JobName', + JobQueue: { Ref: 'JobQueueEE3AD499' }, + ContainerOverrides: { + ResourceRequirements: [{ 'Type': 'MEMORY', 'Value.$': '$.asdf' }], + }, + }, + }); +}); + test('supports passing task input into payload', () => { // WHEN const task = new BatchSubmitJob(stack, 'Task', { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile index 123b5670febc8..235b30e9661ed 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6 +FROM public.ecr.aws/lambda/python:3.6 EXPOSE 8000 WORKDIR /src ADD . /src diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json index 4dcc2e6776cca..5c8171c47d44c 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json @@ -3,6 +3,361 @@ "Ec2ClusterEE43E89D": { "Type": "AWS::ECS::Cluster" }, + "Ec2ClusterVpc568127F1": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1RouteTableAssociation9C78F646": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + } + } + }, + "Ec2ClusterVpcPublicSubnet1DefaultRouteC7FBE273": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + } + }, + "DependsOn": [ + "Ec2ClusterVpcVPCGW24F3B413" + ] + }, + "Ec2ClusterVpcPublicSubnet1EIPD4B5D142": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + "AllocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet1EIPD4B5D142", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2RouteTable44A09188": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2RouteTableAssociation7615C6B2": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } + } + }, + "Ec2ClusterVpcPublicSubnet2DefaultRouteEBA52256": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + } + }, + "DependsOn": [ + "Ec2ClusterVpcVPCGW24F3B413" + ] + }, + "Ec2ClusterVpcPublicSubnet2EIP921925E6": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + }, + "AllocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet2EIP921925E6", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet1RouteTableAssociation1043DBDA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E" + } + } + }, + "Ec2ClusterVpcPrivateSubnet1DefaultRouteD31A76F0": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPrivateSubnet2RouteTableAssociation3AFD70F4": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2DefaultRoute22B3073E": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0" + } + } + }, + "Ec2ClusterVpcIGW605638EB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/Vpc" + } + ] + } + }, + "Ec2ClusterVpcVPCGW24F3B413": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + }, + "InternetGatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + } + } + }, "Ec2ClusterDefaultAutoScalingGroupInstanceSecurityGroup149B0A9E": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -20,7 +375,9 @@ "Value": "aws-sfn-tasks-ecs-ec2-integ/Ec2Cluster/DefaultAutoScalingGroup" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } } }, "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898": { @@ -178,9 +535,12 @@ } ], "VPCZoneIdentifier": [ - "subnet-e19455ca", - "subnet-e0c24797", - "subnet-ccd77395" + { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } ] }, "UpdatePolicy": { @@ -255,7 +615,15 @@ { "Ref": "AWS::Partition" }, - ":autoscaling:test-region:12345678:autoScalingGroup:*:autoScalingGroupName/", + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", { "Ref": "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0" } @@ -481,11 +849,18 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, @@ -496,7 +871,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -564,7 +941,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -607,7 +992,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -776,7 +1172,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts index acaf9436c26ea..c44d5429bb5b1 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts @@ -16,18 +16,9 @@ import * as tasks from '../../lib'; * -- aws stepfunctions describe-execution --execution-arn returns a status of `Succeeded` */ const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-ec2-integ', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-ec2-integ'); -const cluster = new ecs.Cluster(stack, 'Ec2Cluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'Ec2Cluster'); cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new ec2.InstanceType('t2.micro'), vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json index 558b81faa2897..2b9c1c4701151 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json @@ -3,6 +3,361 @@ "FargateCluster7CCD5F93": { "Type": "AWS::ECS::Cluster" }, + "FargateClusterVpc377E8024": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1SubnetB9C24BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTable1D7FA747": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTableAssociation80F1442F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + } + } + }, + "FargateClusterVpcPublicSubnet1DefaultRoute80086690": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet1EIPF91909D0": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1NATGateway5202D86A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet1EIPF91909D0", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2Subnet24C0F9D8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTable1493C5D6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTableAssociation3EFA74DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } + } + }, + "FargateClusterVpcPublicSubnet2DefaultRoute8E847CD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet2EIPBBB24774": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet2EIPBBB24774", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1Subnet9127625F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTableAssociation78F6E213": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet1Subnet9127625F" + } + } + }, + "FargateClusterVpcPrivateSubnet1DefaultRoute0438DCBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet1NATGateway5202D86A" + } + } + }, + "FargateClusterVpcPrivateSubnet2Subnet307CEE57": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTableAssociation3A46964C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet2Subnet307CEE57" + } + } + }, + "FargateClusterVpcPrivateSubnet2DefaultRoute35FDD29D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2" + } + } + }, + "FargateClusterVpcIGW827638CB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcVPCGW38717255": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "InternetGatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + } + }, "FargateClusterDefaultAutoScalingGroupInstanceSecurityGroup42AF8A40": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -20,7 +375,9 @@ "Value": "aws-ecs-integ2/FargateCluster/DefaultAutoScalingGroup" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + } } }, "FargateClusterDefaultAutoScalingGroupInstanceRole0C1F7FF7": { @@ -178,9 +535,12 @@ } ], "VPCZoneIdentifier": [ - "subnet-e19455ca", - "subnet-e0c24797", - "subnet-ccd77395" + { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } ] }, "UpdatePolicy": { @@ -255,7 +615,15 @@ { "Ref": "AWS::Partition" }, - ":autoscaling:test-region:12345678:autoScalingGroup:*:autoScalingGroupName/", + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", { "Ref": "FargateClusterDefaultAutoScalingGroupASG36A4948F" } @@ -481,11 +849,18 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, @@ -496,7 +871,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -564,7 +941,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -607,7 +992,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -668,7 +1064,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts index 3a510c61bf659..e47524f326c2d 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.ts @@ -6,18 +6,9 @@ import * as cdk from '@aws-cdk/core'; import * as tasks from '../../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-integ2', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-ecs-integ2'); -const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'FargateCluster'); cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new ec2.InstanceType('t2.micro'), vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC }, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json index ca30cca5b1beb..8976862fd9678 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json @@ -3,6 +3,361 @@ "FargateCluster7CCD5F93": { "Type": "AWS::ECS::Cluster" }, + "FargateClusterVpc377E8024": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1SubnetB9C24BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTable1D7FA747": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTableAssociation80F1442F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + } + } + }, + "FargateClusterVpcPublicSubnet1DefaultRoute80086690": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet1EIPF91909D0": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1NATGateway5202D86A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet1EIPF91909D0", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2Subnet24C0F9D8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTable1493C5D6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTableAssociation3EFA74DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } + } + }, + "FargateClusterVpcPublicSubnet2DefaultRoute8E847CD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet2EIPBBB24774": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet2EIPBBB24774", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1Subnet9127625F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTableAssociation78F6E213": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet1Subnet9127625F" + } + } + }, + "FargateClusterVpcPrivateSubnet1DefaultRoute0438DCBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet1NATGateway5202D86A" + } + } + }, + "FargateClusterVpcPrivateSubnet2Subnet307CEE57": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTableAssociation3A46964C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet2Subnet307CEE57" + } + } + }, + "FargateClusterVpcPrivateSubnet2DefaultRoute35FDD29D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2" + } + } + }, + "FargateClusterVpcIGW827638CB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-fargate-integ/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcVPCGW38717255": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "InternetGatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + } + }, "TaskDefTaskRole1EDB4A67": { "Type": "AWS::IAM::Role", "Properties": { @@ -30,11 +385,18 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, @@ -45,7 +407,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -115,7 +479,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -160,7 +532,9 @@ "IpProtocol": "-1" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + } } }, "StateMachineRoleB840431D": { @@ -172,7 +546,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -341,7 +726,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } @@ -381,7 +774,15 @@ "Arn" ] }, - "\",\"TaskDefinition\":\"awssfntasksecsfargateintegTaskDefD0F4AD10\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"subnet-e19455ca\",\"subnet-e0c24797\",\"subnet-ccd77395\"],\"SecurityGroups\":[\"", + "\",\"TaskDefinition\":\"awssfntasksecsfargateintegTaskDefD0F4AD10\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"", + { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "\",\"", + { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "\"],\"SecurityGroups\":[\"", { "Fn::GetAtt": [ "FargateTaskSecurityGroup0BBB27CB", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts index c33a1f59ce90c..e490b69128ba8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts @@ -1,5 +1,4 @@ import * as path from 'path'; -import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecs from '@aws-cdk/aws-ecs'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import * as cdk from '@aws-cdk/core'; @@ -16,18 +15,9 @@ import * as tasks from '../../lib'; * -- aws stepfunctions describe-execution --execution-arn returns a status of `Succeeded` */ const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-fargate-integ', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-fargate-integ'); -const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'FargateCluster'); // Build task definition const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json index d6e61df69d806..3ea1f2bcb5a6d 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json @@ -3,6 +3,361 @@ "FargateCluster7CCD5F93": { "Type": "AWS::ECS::Cluster" }, + "FargateClusterVpc377E8024": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1SubnetB9C24BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTable1D7FA747": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1RouteTableAssociation80F1442F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + } + } + }, + "FargateClusterVpcPublicSubnet1DefaultRoute80086690": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet1RouteTable1D7FA747" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet1EIPF91909D0": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet1NATGateway5202D86A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet1EIPF91909D0", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet1" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2Subnet24C0F9D8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTable1493C5D6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2RouteTableAssociation3EFA74DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + } + } + }, + "FargateClusterVpcPublicSubnet2DefaultRoute8E847CD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPublicSubnet2RouteTable1493C5D6" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + }, + "DependsOn": [ + "FargateClusterVpcVPCGW38717255" + ] + }, + "FargateClusterVpcPublicSubnet2EIPBBB24774": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "AllocationId": { + "Fn::GetAtt": [ + "FargateClusterVpcPublicSubnet2EIPBBB24774", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PublicSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1Subnet9127625F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet1" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet1RouteTableAssociation78F6E213": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet1Subnet9127625F" + } + } + }, + "FargateClusterVpcPrivateSubnet1DefaultRoute0438DCBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet1RouteTable21B3CEAE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet1NATGateway5202D86A" + } + } + }, + "FargateClusterVpcPrivateSubnet2Subnet307CEE57": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc/PrivateSubnet2" + } + ] + } + }, + "FargateClusterVpcPrivateSubnet2RouteTableAssociation3A46964C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "SubnetId": { + "Ref": "FargateClusterVpcPrivateSubnet2Subnet307CEE57" + } + } + }, + "FargateClusterVpcPrivateSubnet2DefaultRoute35FDD29D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "FargateClusterVpcPrivateSubnet2RouteTable7B7F9678" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "FargateClusterVpcPublicSubnet2NATGatewayFFEC8ED2" + } + } + }, + "FargateClusterVpcIGW827638CB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ2/FargateCluster/Vpc" + } + ] + } + }, + "FargateClusterVpcVPCGW38717255": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + }, + "InternetGatewayId": { + "Ref": "FargateClusterVpcIGW827638CB" + } + } + }, "TaskDefTaskRole1EDB4A67": { "Type": "AWS::IAM::Role", "Properties": { @@ -30,11 +385,18 @@ "Fn::Join": [ "", [ - "12345678.dkr.ecr.test-region.", + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", { "Ref": "AWS::URLSuffix" }, - "/aws-cdk/assets:3fc39b45c4fd074ceef5d0f8528b74fa7fe6e8fa0aa4a6ffe7fb5e016cf8dc04" + "/aws-cdk/assets:7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2" ] ] }, @@ -45,7 +407,9 @@ "Ref": "TaskDefTheContainerLogGroupD94C8EF5" }, "awslogs-stream-prefix": "EventDemo", - "awslogs-region": "test-region" + "awslogs-region": { + "Ref": "AWS::Region" + } } }, "Memory": 256, @@ -115,7 +479,15 @@ { "Ref": "AWS::Partition" }, - ":ecr:test-region:12345678:repository/aws-cdk/assets" + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/aws-cdk/assets" ] ] } @@ -160,7 +532,9 @@ "IpProtocol": "-1" } ], - "VpcId": "vpc-60900905" + "VpcId": { + "Ref": "FargateClusterVpc377E8024" + } } }, "StateMachineRoleB840431D": { @@ -172,7 +546,18 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "states.test-region.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } } } ], @@ -233,7 +618,15 @@ { "Ref": "AWS::Partition" }, - ":events:test-region:12345678:rule/StepFunctionsGetEventsForECSTaskRule" + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" ] ] } @@ -273,7 +666,15 @@ { "Ref": "TaskDef54694570" }, - "\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"subnet-e19455ca\",\"subnet-e0c24797\",\"subnet-ccd77395\"],\"SecurityGroups\":[\"", + "\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"AssignPublicIp\":\"ENABLED\",\"Subnets\":[\"", + { + "Ref": "FargateClusterVpcPublicSubnet1SubnetB9C24BC7" + }, + "\",\"", + { + "Ref": "FargateClusterVpcPublicSubnet2Subnet24C0F9D8" + }, + "\"],\"SecurityGroups\":[\"", { "Fn::GetAtt": [ "FargateTaskSecurityGroup0BBB27CB", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts index 266946d85e899..d22f8964c12b1 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.ts @@ -1,23 +1,13 @@ import * as path from 'path'; -import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecs from '@aws-cdk/aws-ecs'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import * as cdk from '@aws-cdk/core'; import * as tasks from '../../lib'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-integ2', { - env: { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, - }, -}); - -const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { - isDefault: true, -}); +const stack = new cdk.Stack(app, 'aws-ecs-integ2'); -const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); +const cluster = new ecs.Cluster(stack, 'FargateCluster'); // Build task definition const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json index 06d010a158e56..08e8e50cc8ee7 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "submitJobLambdaServiceRole4D897ABD" @@ -94,7 +94,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "checkJobStateLambdaServiceRoleB8B57B65" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json index 0853de4a89c45..8bd6968f1ef99 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "submitJobLambdaServiceRole4D897ABD" @@ -94,7 +94,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "checkJobStateLambdaServiceRoleB8B57B65" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts index 711a5ceb458f6..88bd3830df602 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.ts @@ -25,7 +25,7 @@ const submitJobLambda = new Function(stack, 'submitJobLambda', { body: 'hello, world!' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); @@ -40,7 +40,7 @@ const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', { status: event.statusCode === '200' ? 'SUCCEEDED' : 'FAILED' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts index b7006b2ad33c4..8caa0b9e2032b 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.ts @@ -25,7 +25,7 @@ const submitJobLambda = new Function(stack, 'submitJobLambda', { body: 'hello, world!' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); @@ -40,7 +40,7 @@ const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', { status: event.statusCode === '200' ? 'SUCCEEDED' : 'FAILED' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json index 1023c2caf6167..30a7cac4f955a 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json @@ -44,7 +44,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "submitJobLambdaServiceRole4D897ABD" @@ -94,7 +94,7 @@ ] }, "Handler": "index.handler", - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "checkJobStateLambdaServiceRoleB8B57B65" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts index dcce6c0ed5d08..28b75282aeeb0 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.ts @@ -21,7 +21,7 @@ const submitJobLambda = new Function(stack, 'submitJobLambda', { body: 'hello, world!' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); @@ -36,7 +36,7 @@ const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', { status: event.statusCode === '200' ? 'SUCCEEDED' : 'FAILED' }; };`), - runtime: Runtime.NODEJS_10_X, + runtime: Runtime.NODEJS_14_X, handler: 'index.handler', }); diff --git a/packages/@aws-cdk/aws-synthetics/lib/runtime.ts b/packages/@aws-cdk/aws-synthetics/lib/runtime.ts index 10c7fb566a2e6..fa65d85219151 100644 --- a/packages/@aws-cdk/aws-synthetics/lib/runtime.ts +++ b/packages/@aws-cdk/aws-synthetics/lib/runtime.ts @@ -124,6 +124,16 @@ export class Runtime { */ public static readonly SYNTHETICS_NODEJS_PUPPETEER_3_4 = new Runtime('syn-nodejs-puppeteer-3.4', RuntimeFamily.NODEJS); + /** + * `syn-nodejs-puppeteer-3.5` includes the following: + * - Lambda runtime Node.js 14.x + * - Puppeteer-core version 10.1.0 + * - Chromium version 92.0.4512 + * + * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-3.5 + */ + public static readonly SYNTHETICS_NODEJS_PUPPETEER_3_5 = new Runtime('syn-nodejs-puppeteer-3.5', RuntimeFamily.NODEJS); + /** * `syn-python-selenium-1.0` includes the following: * - Lambda runtime Python 3.8 diff --git a/packages/@aws-cdk/cfnspec/CHANGELOG.md b/packages/@aws-cdk/cfnspec/CHANGELOG.md index 6fd6a19ec06f5..5993c4069c6e1 100644 --- a/packages/@aws-cdk/cfnspec/CHANGELOG.md +++ b/packages/@aws-cdk/cfnspec/CHANGELOG.md @@ -1,3 +1,134 @@ +# CloudFormation Resource Specification v65.0.0 + +## New Resource Types + + +## Removed Resource Types + +* AWS::Events::Endpoint + +## Attribute Changes + +* AWS::SQS::QueuePolicy Documentation (__changed__) + * Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html + * New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html +* AWS::SQS::QueuePolicy Id (__deleted__) +* AWS::SageMaker::Domain SecurityGroupIdForDomainBoundary (__added__) + +## Property Changes + +* AWS::ECS::Service PlacementConstraints.UpdateType (__changed__) + * Old: Immutable + * New: Mutable +* AWS::ECS::Service PlacementStrategies.UpdateType (__changed__) + * Old: Immutable + * New: Mutable +* AWS::SQS::QueuePolicy PolicyDocument.Documentation (__changed__) + * Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html#cfn-sqs-queuepolicy-policydocument + * New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html#cfn-sqs-queuepolicy-policydoc +* AWS::SQS::QueuePolicy Queues.Documentation (__changed__) + * Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html#cfn-sqs-queuepolicy-queues + * New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html#cfn-sqs-queuepolicy-queues +* AWS::SageMaker::Domain AppSecurityGroupManagement (__added__) +* AWS::SageMaker::Domain DomainSettings (__added__) + +## Property Type Changes + +* AWS::SageMaker::Domain.DomainSettings (__added__) +* AWS::SageMaker::Domain.RStudioServerProAppSettings (__added__) +* AWS::SageMaker::Domain.RStudioServerProDomainSettings (__added__) +* AWS::SageMaker::UserProfile.RStudioServerProAppSettings (__added__) +* AWS::DMS::Endpoint.KafkaSettings IncludePartitionValue (__added__) +* AWS::DMS::Endpoint.KafkaSettings MessageFormat (__added__) +* AWS::DMS::Endpoint.KafkaSettings MessageMaxBytes (__added__) +* AWS::DMS::Endpoint.KinesisSettings IncludePartitionValue (__added__) +* AWS::DMS::Endpoint.MySqlSettings AfterConnectScript (__added__) +* AWS::DMS::Endpoint.MySqlSettings CleanSourceMetadataOnMismatch (__added__) +* AWS::DMS::Endpoint.MySqlSettings EventsPollInterval (__added__) +* AWS::DMS::Endpoint.MySqlSettings MaxFileSize (__added__) +* AWS::DMS::Endpoint.MySqlSettings ParallelLoadThreads (__added__) +* AWS::DMS::Endpoint.MySqlSettings ServerTimezone (__added__) +* AWS::DMS::Endpoint.MySqlSettings TargetDbType (__added__) +* AWS::ECS::Service.PlacementConstraint Expression.UpdateType (__changed__) + * Old: Immutable + * New: Mutable +* AWS::ECS::Service.PlacementConstraint Type.UpdateType (__changed__) + * Old: Immutable + * New: Mutable +* AWS::ECS::Service.PlacementStrategy Field.UpdateType (__changed__) + * Old: Immutable + * New: Mutable +* AWS::ECS::Service.PlacementStrategy Type.UpdateType (__changed__) + * Old: Immutable + * New: Mutable +* AWS::SageMaker::Domain.UserSettings RStudioServerProAppSettings (__added__) +* AWS::SageMaker::UserProfile.UserSettings RStudioServerProAppSettings (__added__) + + +# CloudFormation Resource Specification v63.0.0 + +## New Resource Types + +* AWS::Events::Endpoint + +## Attribute Changes + + +## Property Changes + + +## Property Type Changes + +* AWS::EKS::Cluster.Provider (__added__) +* AWS::DMS::Endpoint.OracleSettings AccessAlternateDirectly (__added__) +* AWS::DMS::Endpoint.OracleSettings AddSupplementalLogging (__added__) +* AWS::DMS::Endpoint.OracleSettings AdditionalArchivedLogDestId (__added__) +* AWS::DMS::Endpoint.OracleSettings AllowSelectNestedTables (__added__) +* AWS::DMS::Endpoint.OracleSettings ArchivedLogDestId (__added__) +* AWS::DMS::Endpoint.OracleSettings ArchivedLogsOnly (__added__) +* AWS::DMS::Endpoint.OracleSettings AsmPassword (__added__) +* AWS::DMS::Endpoint.OracleSettings AsmServer (__added__) +* AWS::DMS::Endpoint.OracleSettings AsmUser (__added__) +* AWS::DMS::Endpoint.OracleSettings CharLengthSemantics (__added__) +* AWS::DMS::Endpoint.OracleSettings DirectPathNoLog (__added__) +* AWS::DMS::Endpoint.OracleSettings DirectPathParallelLoad (__added__) +* AWS::DMS::Endpoint.OracleSettings EnableHomogenousTablespace (__added__) +* AWS::DMS::Endpoint.OracleSettings ExtraArchivedLogDestIds (__added__) +* AWS::DMS::Endpoint.OracleSettings FailTasksOnLobTruncation (__added__) +* AWS::DMS::Endpoint.OracleSettings NumberDatatypeScale (__added__) +* AWS::DMS::Endpoint.OracleSettings OraclePathPrefix (__added__) +* AWS::DMS::Endpoint.OracleSettings ParallelAsmReadThreads (__added__) +* AWS::DMS::Endpoint.OracleSettings ReadAheadBlocks (__added__) +* AWS::DMS::Endpoint.OracleSettings ReadTableSpaceName (__added__) +* AWS::DMS::Endpoint.OracleSettings ReplacePathPrefix (__added__) +* AWS::DMS::Endpoint.OracleSettings RetryInterval (__added__) +* AWS::DMS::Endpoint.OracleSettings SecurityDbEncryption (__added__) +* AWS::DMS::Endpoint.OracleSettings SecurityDbEncryptionName (__added__) +* AWS::DMS::Endpoint.OracleSettings SpatialDataOptionToGeoJsonFunctionName (__added__) +* AWS::DMS::Endpoint.OracleSettings StandbyDelayTime (__added__) +* AWS::DMS::Endpoint.OracleSettings UseAlternateFolderForOnline (__added__) +* AWS::DMS::Endpoint.OracleSettings UseBFile (__added__) +* AWS::DMS::Endpoint.OracleSettings UseDirectPathFullLoad (__added__) +* AWS::DMS::Endpoint.OracleSettings UseLogminerReader (__added__) +* AWS::DMS::Endpoint.OracleSettings UsePathPrefix (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings AfterConnectScript (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings CaptureDdls (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings DdlArtifactsSchema (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings ExecuteTimeout (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings FailTasksOnLobTruncation (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings HeartbeatEnable (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings HeartbeatFrequency (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings HeartbeatSchema (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings MaxFileSize (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings PluginName (__added__) +* AWS::DMS::Endpoint.PostgreSqlSettings SlotName (__added__) +* AWS::EKS::Cluster.EncryptionConfig Provider.PrimitiveType (__deleted__) +* AWS::EKS::Cluster.EncryptionConfig Provider.Type (__added__) +* AWS::FSx::FileSystem.OntapConfiguration ThroughputCapacity.UpdateType (__changed__) + * Old: Immutable + * New: Mutable + + # CloudFormation Resource Specification v62.0.0 ## New Resource Types diff --git a/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts b/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts index 03d7438aa3d63..fede9f82de0dd 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts @@ -228,7 +228,7 @@ function findPatches(data: any, patchSource: any): Patch[] { throw new Error(`adjustPath: expected string, got ${JSON.stringify(originalPath)}`); } if (originalPath.startsWith('$/')) { - return originalPath.substr(1); + return originalPath.slice(1); } return jsonPath.map(p => `/${p}`).join('') + originalPath; } diff --git a/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts b/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts index 6b5a0d6d466f9..86fb8a6145f21 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/spec-diff.ts @@ -197,7 +197,7 @@ async function main() { function isSuffix(key: string, suffix: string) { const index = key.indexOf(suffix); - return index === -1 ? undefined : key.substr(0, index); + return index === -1 ? undefined : key.slice(0, index); } function suffixKeys(suffix: string, xs: Record): Record { diff --git a/packages/@aws-cdk/cfnspec/cfn.version b/packages/@aws-cdk/cfnspec/cfn.version index 8f7cbd8b05c11..4acff0a40e2b4 100644 --- a/packages/@aws-cdk/cfnspec/cfn.version +++ b/packages/@aws-cdk/cfnspec/cfn.version @@ -1 +1 @@ -62.0.0 +65.0.0 diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 7cd626e41dad8..62df3180e2be1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -8583,7 +8583,7 @@ "ProviderURL": "The URL of the provider of the Amazon Cognito user pool, specified as a `String` .", "Ref": "`Ref` returns a generated ID, such as `us-east-2_zgaEXAMPLE` ." }, - "description": "The `AWS::Cognito::UserPool` resource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see [Amazon Cognito User Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) and [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) .", + "description": "The `AWS::Cognito::UserPool` resource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see [Amazon Cognito User Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) and [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) .\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { "AccountRecoverySetting": "Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` . It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.", "AdminCreateUserConfig": "The configuration for creating a new user profile.", @@ -8622,7 +8622,7 @@ "properties": { "AllowAdminCreateUserOnly": "Set to `True` if only the administrator is allowed to create user profiles. Set to `False` if users can sign themselves up via an app.", "InviteMessageTemplate": "The message template to be used for the welcome message to new users.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", - "UnusedAccountValidityDays": "The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `\"RESEND\"` for the `MessageAction` parameter. The default value for this parameter is 7.\n\n> If you set a value for `TemporaryPasswordValidityDays` in `PasswordPolicy` , that value will be used, and `UnusedAccountValidityDays` will be no longer be an available parameter for that user pool." + "UnusedAccountValidityDays": "The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `\"RESEND\"` for the `MessageAction` parameter. The default value for this parameter is 7.\n\n> If you set a value for `TemporaryPasswordValidityDays` in `PasswordPolicy` , that value will be used, and `UnusedAccountValidityDays` will be no longer be an available parameter for that user pool." } }, "AWS::Cognito::UserPool.CustomEmailSender": { @@ -8783,9 +8783,9 @@ "attributes": { "Ref": "`Ref` returns the Amazon Cognito user pool client ID, such as `1h57kf5cpq17m0eml12EXAMPLE` ." }, - "description": "The `AWS::Cognito::UserPoolClient` resource specifies an Amazon Cognito user pool client.", + "description": "The `AWS::Cognito::UserPoolClient` resource specifies an Amazon Cognito user pool client.\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { - "AccessTokenValidity": "The time limit, after which the access token is no longer valid and cannot be used.", + "AccessTokenValidity": "The time limit after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you override the default time unit of *hours* . The default time unit for AccessTokenValidity in an API request is hours.", "AllowedOAuthFlows": "The allowed OAuth flows.\n\nSet to `code` to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.\n\nSet to `implicit` to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.\n\nSet to `client_credentials` to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.", "AllowedOAuthFlowsUserPoolClient": "Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.", "AllowedOAuthScopes": "The allowed OAuth scopes. Possible values provided by OAuth are: `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are: `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported.", @@ -8796,13 +8796,13 @@ "EnableTokenRevocation": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client.", "ExplicitAuthFlows": "The authentication flows that are supported by the user pool clients. Flow names without the `ALLOW_` prefix are no longer supported, in favor of new names with the `ALLOW_` prefix.\n\n> Values with `ALLOW_` prefix must be used only along with the `ALLOW_` prefix. \n\nValid values include:\n\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.\n- `ALLOW_CUSTOM_AUTH` : Enable AWS Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.", "GenerateSecret": "Boolean to specify whether you want to generate a secret for the user pool client being created.", - "IdTokenValidity": "The time limit, after which the ID token is no longer valid and cannot be used.", + "IdTokenValidity": "The time limit after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you override the default time unit of *hours* . The default time unit for AccessTokenValidity in an API request is hours.", "LogoutURLs": "A list of allowed logout URLs for the identity providers.", "PreventUserExistenceErrors": "Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.", "ReadAttributes": "The read attributes.", - "RefreshTokenValidity": "The time limit, in days, after which the refresh token is no longer valid and can't be used.", + "RefreshTokenValidity": "The time limit after which the refresh token is no longer valid and can't be used. The default time unit for RefreshTokenValidity in an API request is days.", "SupportedIdentityProviders": "A list of provider names for the identity providers that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `SignInWithApple` , `Google` and `LoginWithAmazon` .", - "TokenValidityUnits": "The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.", + "TokenValidityUnits": "The units in which the validity times are represented. The default unit for RefreshToken is days, and default for ID and access tokens are hours.", "UserPoolId": "The user pool ID for the user pool where you want to create a user pool client.", "WriteAttributes": "The user pool attributes that the app client can write to.\n\nIf your app client allows users to sign in through an identity provider, this array must include all attributes that you have mapped to identity provider attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying Identity Provider Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } @@ -8820,11 +8820,11 @@ }, "AWS::Cognito::UserPoolClient.TokenValidityUnits": { "attributes": {}, - "description": "The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.", + "description": "The units in which the validity times are represented. The default unit for RefreshToken is days, and the default for ID and access tokens is hours.", "properties": { - "AccessToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d or \u201cdays\u201d for the value in AccessTokenValidity, defaults to hours.", - "IdToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d or \u201cdays\u201d for the value in IdTokenValidity, defaults to hours.", - "RefreshToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d or \u201cdays\u201d for the value in RefreshTokenValidity, defaults to days." + "AccessToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d, or \u201cdays\u201d for the value in AccessTokenValidity, defaulting to hours.", + "IdToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d, or \u201cdays\u201d for the value in IdTokenValidity, defaulting to hours.", + "RefreshToken": "A time unit in \u201cseconds\u201d, \u201cminutes\u201d, \u201chours\u201d, or \u201cdays\u201d for the value in RefreshTokenValidity, defaulting to days." } }, "AWS::Cognito::UserPoolDomain": { @@ -8849,7 +8849,7 @@ "attributes": { "Ref": "`Ref` returns the name of the user pool group. For example: `Admins` ." }, - "description": "Specifies a new group in the identified user pool.\n\nCalling this action requires developer credentials.", + "description": "Specifies a new group in the identified user pool.\n\nCalling this action requires developer credentials.\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { "Description": "A string containing the description of the group.", "GroupName": "The name of the group. Must be unique.", @@ -8876,7 +8876,7 @@ "attributes": { "Ref": "`Ref` returns physicalResourceId, which is the resource server identifier \u201cIdentifier\". For example:\n\n`{ \"Ref\": \"yourResourceServerIdentifier\" }`\n\nFor the Amazon Cognito resource server `yourResourceServerIdentifier` , Ref returns the name of the resource server." }, - "description": "The `AWS::Cognito::UserPoolResourceServer` resource creates a new OAuth2.0 resource server and defines custom scopes in it.", + "description": "The `AWS::Cognito::UserPoolResourceServer` resource creates a new OAuth2.0 resource server and defines custom scopes in it.\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { "Identifier": "A unique resource server identifier for the resource server. This could be an HTTPS endpoint where the resource server is located. For example: `https://my-weather-api.example.com` .", "Name": "A friendly name for the resource server.", @@ -10127,18 +10127,60 @@ "attributes": {}, "description": "Provides information that defines an Oracle endpoint. This information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.ConnectionAttrib) and [Extra connection attributes when using Oracle as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Oracle.html#CHAP_Target.Oracle.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .", "properties": { + "AccessAlternateDirectly": "Set this attribute to `false` in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This tells the DMS instance to not access redo logs through any specified path prefix replacement using direct file access.", + "AddSupplementalLogging": "Set this attribute to set up table-level supplemental logging for the Oracle database. This attribute enables PRIMARY KEY supplemental logging on all tables selected for a migration task.\n\nIf you use this option, you still need to enable database-level supplemental logging.", + "AdditionalArchivedLogDestId": "Set this attribute with `ArchivedLogDestId` in a primary/ standby setup. This attribute is useful in the case of a switchover. In this case, AWS DMS needs to know which destination to get archive redo logs from to read changes. This need arises because the previous primary instance is now a standby instance after switchover.\n\nAlthough AWS DMS supports the use of the Oracle `RESETLOGS` option to open the database, never use `RESETLOGS` unless necessary. For additional information about `RESETLOGS` , see [RMAN Data Repair Concepts](https://docs.aws.amazon.com/https://docs.oracle.com/en/database/oracle/oracle-database/19/bradv/rman-data-repair-concepts.html#GUID-1805CCF7-4AF2-482D-B65A-998192F89C2B) in the *Oracle Database Backup and Recovery User's Guide* .", + "AllowSelectNestedTables": "Set this attribute to `true` to enable replication of Oracle tables containing columns that are nested tables or defined types.", + "ArchivedLogDestId": "Specifies the ID of the destination for the archived redo logs. This value should be the same as a number in the dest_id column of the v$archived_log view. If you work with an additional redo log destination, use the `AdditionalArchivedLogDestId` option to specify the additional destination ID. Doing this improves performance by ensuring that the correct logs are accessed from the outset.", + "ArchivedLogsOnly": "When this field is set to `Y` , AWS DMS only accesses the archived redo logs. If the archived redo logs are stored on Oracle ASM only, the AWS DMS user account needs to be granted ASM privileges.", + "AsmPassword": "For an Oracle source endpoint, your Oracle Automatic Storage Management (ASM) password. You can set this value from the `*asm_user_password*` value. You set this value as part of the comma-separated value that you set to the `Password` request parameter when you create the endpoint to access transaction logs using Binary Reader. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "AsmServer": "For an Oracle source endpoint, your ASM server address. You can set this value from the `asm_server` value. You set `asm_server` as part of the extra connection attribute string to access an Oracle server with Binary Reader that uses ASM. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "AsmUser": "For an Oracle source endpoint, your ASM user name. You can set this value from the `asm_user` value. You set `asm_user` as part of the extra connection attribute string to access an Oracle server with Binary Reader that uses ASM. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "CharLengthSemantics": "Specifies whether the length of a character column is in bytes or in characters. To indicate that the character column length is in characters, set this attribute to `CHAR` . Otherwise, the character column length is in bytes.\n\nExample: `charLengthSemantics=CHAR;`", + "DirectPathNoLog": "When set to `true` , this attribute helps to increase the commit rate on the Oracle target database by writing directly to tables and not writing a trail to database logs.", + "DirectPathParallelLoad": "When set to `true` , this attribute specifies a parallel load when `useDirectPathFullLoad` is set to `Y` . This attribute also only applies when you use the AWS DMS parallel load feature. Note that the target table cannot have any constraints or indexes.", + "EnableHomogenousTablespace": "Set this attribute to enable homogenous tablespace replication and create existing tables or indexes under the same tablespace on the target.", + "ExtraArchivedLogDestIds": "Specifies the IDs of one more destinations for one or more archived redo logs. These IDs are the values of the `dest_id` column in the `v$archived_log` view. Use this setting with the `archivedLogDestId` extra connection attribute in a primary-to-single setup or a primary-to-multiple-standby setup.\n\nThis setting is useful in a switchover when you use an Oracle Data Guard database as a source. In this case, AWS DMS needs information about what destination to get archive redo logs from to read changes. AWS DMS needs this because after the switchover the previous primary is a standby instance. For example, in a primary-to-single standby setup you might apply the following settings.\n\n`archivedLogDestId=1; ExtraArchivedLogDestIds=[2]`\n\nIn a primary-to-multiple-standby setup, you might apply the following settings.\n\n`archivedLogDestId=1; ExtraArchivedLogDestIds=[2,3,4]`\n\nAlthough AWS DMS supports the use of the Oracle `RESETLOGS` option to open the database, never use `RESETLOGS` unless it's necessary. For more information about `RESETLOGS` , see [RMAN Data Repair Concepts](https://docs.aws.amazon.com/https://docs.oracle.com/en/database/oracle/oracle-database/19/bradv/rman-data-repair-concepts.html#GUID-1805CCF7-4AF2-482D-B65A-998192F89C2B) in the *Oracle Database Backup and Recovery User's Guide* .", + "FailTasksOnLobTruncation": "When set to `true` , this attribute causes a task to fail if the actual size of an LOB column is greater than the specified `LobMaxSize` .\n\nIf a task is set to limited LOB mode and this option is set to `true` , the task fails instead of truncating the LOB data.", + "NumberDatatypeScale": "Specifies the number scale. You can select a scale up to 38, or you can select FLOAT. By default, the NUMBER data type is converted to precision 38, scale 10.\n\nExample: `numberDataTypeScale=12`", + "OraclePathPrefix": "Set this string attribute to the required value in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This value specifies the default Oracle root used to access the redo logs.", + "ParallelAsmReadThreads": "Set this attribute to change the number of threads that DMS configures to perform a change data capture (CDC) load using Oracle Automatic Storage Management (ASM). You can specify an integer value between 2 (the default) and 8 (the maximum). Use this attribute together with the `readAheadBlocks` attribute.", + "ReadAheadBlocks": "Set this attribute to change the number of read-ahead blocks that DMS configures to perform a change data capture (CDC) load using Oracle Automatic Storage Management (ASM). You can specify an integer value between 1000 (the default) and 200,000 (the maximum).", + "ReadTableSpaceName": "When set to `true` , this attribute supports tablespace replication.", + "ReplacePathPrefix": "Set this attribute to true in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This setting tells DMS instance to replace the default Oracle root with the specified `usePathPrefix` setting to access the redo logs.", + "RetryInterval": "Specifies the number of seconds that the system waits before resending a query.\n\nExample: `retryInterval=6;`", "SecretsManagerAccessRoleArn": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` . The role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value of the AWS Secrets Manager secret that allows access to the Oracle endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerSecretId` . Or you can specify clear-text values for `UserName` , `Password` , `ServerName` , and `Port` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerSecret` , the corresponding `SecretsManagerAccessRoleArn` , and the `SecretsManagerSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", "SecretsManagerOracleAsmAccessRoleArn": "Required only if your Oracle endpoint uses Advanced Storage Manager (ASM). The full ARN of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the `SecretsManagerOracleAsmSecret` . This `SecretsManagerOracleAsmSecret` has the secret value that allows access to the Oracle ASM of the endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerOracleAsmSecretId` . Or you can specify clear-text values for `AsmUserName` , `AsmPassword` , and `AsmServerName` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerOracleAsmSecret` , the corresponding `SecretsManagerOracleAsmAccessRoleArn` , and the `SecretsManagerOracleAsmSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", "SecretsManagerOracleAsmSecretId": "Required only if your Oracle endpoint uses Advanced Storage Manager (ASM). The full ARN, partial ARN, or display name of the `SecretsManagerOracleAsmSecret` that contains the Oracle ASM connection details for the Oracle endpoint.", - "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the Oracle endpoint connection details." + "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the Oracle endpoint connection details.", + "SecurityDbEncryption": "For an Oracle source endpoint, the transparent data encryption (TDE) password required by AWM DMS to access Oracle redo logs encrypted by TDE using Binary Reader. It is also the `*TDE_Password*` part of the comma-separated value you set to the `Password` request parameter when you create the endpoint. The `SecurityDbEncryptian` setting is related to this `SecurityDbEncryptionName` setting. For more information, see [Supported encryption methods for using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Encryption) in the *AWS Database Migration Service User Guide* .", + "SecurityDbEncryptionName": "For an Oracle source endpoint, the name of a key used for the transparent data encryption (TDE) of the columns and tablespaces in an Oracle source database that is encrypted using TDE. The key value is the value of the `SecurityDbEncryption` setting. For more information on setting the key name value of `SecurityDbEncryptionName` , see the information and example for setting the `securityDbEncryptionName` extra connection attribute in [Supported encryption methods for using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Encryption) in the *AWS Database Migration Service User Guide* .", + "SpatialDataOptionToGeoJsonFunctionName": "Use this attribute to convert `SDO_GEOMETRY` to `GEOJSON` format. By default, DMS calls the `SDO2GEOJSON` custom function if present and accessible. Or you can create your own custom function that mimics the operation of `SDOGEOJSON` and set `SpatialDataOptionToGeoJsonFunctionName` to call it instead.", + "StandbyDelayTime": "Use this attribute to specify a time in minutes for the delay in standby sync. If the source is an Oracle Active Data Guard standby database, use this attribute to specify the time lag between primary and standby databases.\n\nIn AWS DMS , you can create an Oracle CDC task that uses an Active Data Guard standby instance as a source for replicating ongoing changes. Doing this eliminates the need to connect to an active database that might be in production.", + "UseAlternateFolderForOnline": "Set this attribute to `true` in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This tells the DMS instance to use any specified prefix replacement to access all online redo logs.", + "UseBFile": "Set this attribute to Y to capture change data using the Binary Reader utility. Set `UseLogminerReader` to N to set this attribute to Y. To use Binary Reader with Amazon RDS for Oracle as the source, you set additional attributes. For more information about using this setting with Oracle Automatic Storage Management (ASM), see [Using Oracle LogMiner or AWS DMS Binary Reader for CDC](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC) .", + "UseDirectPathFullLoad": "Set this attribute to Y to have AWS DMS use a direct path full load. Specify this value to use the direct path protocol in the Oracle Call Interface (OCI). By using this OCI protocol, you can bulk-load Oracle target tables during a full load.", + "UseLogminerReader": "Set this attribute to Y to capture change data using the Oracle LogMiner utility (the default). Set this attribute to N if you want to access the redo logs as a binary file. When you set `UseLogminerReader` to N, also set `UseBfile` to Y. For more information on this setting and using Oracle ASM, see [Using Oracle LogMiner or AWS DMS Binary Reader for CDC](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC) in the *AWS DMS User Guide* .", + "UsePathPrefix": "Set this string attribute to the required value in order to use the Binary Reader to capture change data for an Amazon RDS for Oracle as the source. This value specifies the path prefix used to replace the default Oracle root to access the redo logs." } }, "AWS::DMS::Endpoint.PostgreSqlSettings": { "attributes": {}, "description": "Provides information that defines a PostgreSQL endpoint. This information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using PostgreSQL as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) and [Extra connection attributes when using PostgreSQL as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.PostgreSQL.html#CHAP_Target.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .", "properties": { + "AfterConnectScript": "For use with change data capture (CDC) only, this attribute has AWS DMS bypass foreign keys and user triggers to reduce the time it takes to bulk load data.\n\nExample: `afterConnectScript=SET session_replication_role='replica'`", + "CaptureDdls": "To capture DDL events, AWS DMS creates various artifacts in the PostgreSQL database when the task starts. You can later remove these artifacts.\n\nIf this value is set to `N` , you don't have to create tables or triggers on the source database.", + "DdlArtifactsSchema": "The schema in which the operational DDL database artifacts are created.\n\nExample: `ddlArtifactsSchema=xyzddlschema;`", + "ExecuteTimeout": "Sets the client statement timeout for the PostgreSQL instance, in seconds. The default value is 60 seconds.\n\nExample: `executeTimeout=100;`", + "FailTasksOnLobTruncation": "When set to `true` , this value causes a task to fail if the actual size of a LOB column is greater than the specified `LobMaxSize` .\n\nIf task is set to Limited LOB mode and this option is set to true, the task fails instead of truncating the LOB data.", + "HeartbeatEnable": "The write-ahead log (WAL) heartbeat feature mimics a dummy transaction. By doing this, it prevents idle logical replication slots from holding onto old WAL logs, which can result in storage full situations on the source. This heartbeat keeps `restart_lsn` moving and prevents storage full scenarios.", + "HeartbeatFrequency": "Sets the WAL heartbeat frequency (in minutes).", + "HeartbeatSchema": "Sets the schema in which the heartbeat artifacts are created.", + "MaxFileSize": "Specifies the maximum size (in KB) of any .csv file used to transfer data to PostgreSQL.\n\nExample: `maxFileSize=512`", + "PluginName": "Specifies the plugin to use to create a replication slot.", "SecretsManagerAccessRoleArn": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` . The role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value of the AWS Secrets Manager secret that allows access to the PostgreSQL endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerSecretId` . Or you can specify clear-text values for `UserName` , `Password` , `ServerName` , and `Port` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerSecret` , the corresponding `SecretsManagerAccessRoleArn` , and the `SecretsManagerSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", - "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the PostgreSQL endpoint connection details." + "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the PostgreSQL endpoint connection details.", + "SlotName": "Sets the name of a previously created logical replication slot for a change data capture (CDC) load of the PostgreSQL source instance.\n\nWhen used with the `CdcStartPosition` request parameter for the AWS DMS API , this attribute also makes it possible to use native CDC start points. DMS verifies that the specified logical replication slot exists before starting the CDC load task. It also verifies that the task was created with a valid setting of `CdcStartPosition` . If the specified slot doesn't exist or the task doesn't have a valid `CdcStartPosition` setting, DMS raises an error.\n\nFor more information about setting the `CdcStartPosition` request parameter, see [Determining a CDC native start point](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Task.CDC.html#CHAP_Task.CDC.StartPoint.Native) in the *AWS Database Migration Service User Guide* . For more information about using `CdcStartPosition` , see [CreateReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_CreateReplicationTask.html) , [StartReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_StartReplicationTask.html) , and [ModifyReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_ModifyReplicationTask.html) ." } }, "AWS::DMS::Endpoint.RedisSettings": { @@ -10681,7 +10723,16 @@ "attributes": {}, "description": "Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru.", "properties": { - "CloudFormation": "Information about AWS CloudFormation stacks. You can use up to 500 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* ." + "CloudFormation": "Information about AWS CloudFormation stacks. You can use up to 500 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* .", + "Tags": "The AWS tags used to filter the resources in the resource collection.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- An optional field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `Devops-guru-deployment-application` or `Devops-guru-rds-application` . While *keys* are case-sensitive, the case of *key* characters don't matter to DevOps Guru. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` ." + } + }, + "AWS::DevOpsGuru::ResourceCollection.TagCollection": { + "attributes": {}, + "description": "A collection of AWS stags.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- An optional field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `Devops-guru-deployment-application` or `Devops-guru-rds-application` . While *keys* are case-sensitive, the case of *key* characters don't matter to DevOps Guru. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "properties": { + "AppBoundaryKey": "An AWS tag *key* that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this *key* make up your DevOps Guru application and analysis boundary.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `Devops-guru-deployment-application` or `Devops-guru-rds-application` . While *keys* are case-sensitive, the case of *key* characters don't matter to DevOps Guru. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "TagValues": "The values in an AWS tag collection.\n\nThe tag's *value* is an optional field used to associate a string with the tag *key* (for example, `111122223333` , `Production` , or a team name). The *key* and *value* are the tag's *key* pair. Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. You can specify a maximum of 256 characters for a tag value." } }, "AWS::DeviceFarm::DevicePool": { @@ -10900,6 +10951,7 @@ "DBClusterIdentifier": "The identifier of the cluster that the instance will belong to.", "DBInstanceClass": "The compute and memory capacity of the instance; for example, `db.m4.large` . If you change the class of an instance there can be some interruption in the cluster's service.", "DBInstanceIdentifier": "The instance identifier. This parameter is stored as a lowercase string.\n\nConstraints:\n\n- Must contain from 1 to 63 letters, numbers, or hyphens.\n- The first character must be a letter.\n- Cannot end with a hyphen or contain two consecutive hyphens.\n\nExample: `mydbinstance`", + "EnablePerformanceInsights": "", "PreferredMaintenanceWindow": "The time range each week during which system maintenance can occur, in Universal Coordinated Time (UTC).\n\nFormat: `ddd:hh24:mi-ddd:hh24:mi`\n\nThe default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region , occurring on a random day of the week.\n\nValid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun\n\nConstraints: Minimum 30-minute window.", "Tags": "The tags to be assigned to the instance. You can assign up to 10 tags to an instance." } @@ -12218,6 +12270,13 @@ "VCpuCount": "The minimum and maximum number of vCPUs." } }, + "AWS::EC2::LaunchTemplate.Ipv4PrefixSpecification": { + "attributes": {}, + "description": "Describes an IPv4 prefix.", + "properties": { + "Ipv4Prefix": "The IPv4 prefix. For information, see [Assigning prefixes to Amazon EC2 network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the *Amazon Elastic Compute Cloud User Guide* ." + } + }, "AWS::EC2::LaunchTemplate.Ipv6Add": { "attributes": {}, "description": "Specifies an IPv6 address in an Amazon EC2 launch template.\n\n`Ipv6Add` is a property of [AWS::EC2::LaunchTemplate NetworkInterface](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-networkinterface.html) .", @@ -12225,6 +12284,13 @@ "Ipv6Address": "One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying a number of IPv6 addresses." } }, + "AWS::EC2::LaunchTemplate.Ipv6PrefixSpecification": { + "attributes": {}, + "description": "Describes the IPv6 prefix.", + "properties": { + "Ipv6Prefix": "The IPv6 prefix." + } + }, "AWS::EC2::LaunchTemplate.LaunchTemplateData": { "attributes": {}, "description": "The information to include in the launch template.", @@ -14753,6 +14819,13 @@ "Type": "The name of the log type." } }, + "AWS::EKS::Cluster.Provider": { + "attributes": {}, + "description": "Identifies the AWS Key Management Service ( AWS KMS ) key used to encrypt the secrets.", + "properties": { + "KeyArn": "Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key. For more information, see [Allowing Users in Other Accounts to Use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *AWS Key Management Service Developer Guide* ." + } + }, "AWS::EKS::Cluster.ResourcesVpcConfig": { "attributes": {}, "description": "An object representing the VPC configuration to use for an Amazon EKS cluster.\n\n> When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them:\n> \n> - `EndpointPublicAccess`\n> - `EndpointPrivateAccess`\n> - `PublicAccessCidrs`", @@ -16725,36 +16798,36 @@ }, "AWS::Events::Connection.ApiKeyAuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the API key authorization parameters for the connection.", "properties": { - "ApiKeyName": "", - "ApiKeyValue": "" + "ApiKeyName": "The name of the API key to use for authorization.", + "ApiKeyValue": "The value for the API key to use for authorization." } }, "AWS::Events::Connection.AuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the authorization parameters to use for the connection.", "properties": { - "ApiKeyAuthParameters": "", - "BasicAuthParameters": "", - "InvocationHttpParameters": "", - "OAuthParameters": "" + "ApiKeyAuthParameters": "The API Key parameters to use for authorization.", + "BasicAuthParameters": "The authorization parameters for Basic authorization.", + "InvocationHttpParameters": "Additional parameters for the connection that are passed through with every invocation to the HTTP endpoint.", + "OAuthParameters": "The OAuth parameters to use for authorization." } }, "AWS::Events::Connection.BasicAuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the Basic authorization parameters for the connection.", "properties": { - "Password": "", - "Username": "" + "Password": "The password associated with the user name to use for Basic authorization.", + "Username": "The user name to use for Basic authorization." } }, "AWS::Events::Connection.ClientParameters": { "attributes": {}, - "description": "", + "description": "Contains the OAuth authorization parameters to use for the connection.", "properties": { - "ClientID": "", - "ClientSecret": "" + "ClientID": "The client ID to use for OAuth authorization.", + "ClientSecret": "The client secret assciated with the client ID to use for OAuth authorization." } }, "AWS::Events::Connection.ConnectionHttpParameters": { @@ -16768,21 +16841,83 @@ }, "AWS::Events::Connection.OAuthParameters": { "attributes": {}, - "description": "", + "description": "Contains the OAuth authorization parameters to use for the connection.", "properties": { - "AuthorizationEndpoint": "", - "ClientParameters": "", - "HttpMethod": "", - "OAuthHttpParameters": "" + "AuthorizationEndpoint": "The URL to the authorization endpoint when OAuth is specified as the authorization type.", + "ClientParameters": "A `CreateConnectionOAuthClientRequestParameters` object that contains the client parameters for OAuth authorization.", + "HttpMethod": "The method to use for the authorization request.", + "OAuthHttpParameters": "A `ConnectionHttpParameters` object that contains details about the additional parameters to use for the connection." } }, "AWS::Events::Connection.Parameter": { "attributes": {}, + "description": "Additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.", + "properties": { + "IsValueSecret": "Specifies whether the value is secret.", + "Key": "The key for a query string parameter.", + "Value": "The value associated with the key for the query string parameter." + } + }, + "AWS::Events::Endpoint": { + "attributes": { + "Arn": "", + "EndpointId": "", + "EndpointUrl": "", + "Ref": "", + "State": "", + "StateReason": "" + }, "description": "", "properties": { - "IsValueSecret": "", - "Key": "", - "Value": "" + "Description": "", + "EventBuses": "", + "Name": "", + "ReplicationConfig": "", + "RoleArn": "", + "RoutingConfig": "" + } + }, + "AWS::Events::Endpoint.EndpointEventBus": { + "attributes": {}, + "description": "", + "properties": { + "EventBusArn": "" + } + }, + "AWS::Events::Endpoint.FailoverConfig": { + "attributes": {}, + "description": "", + "properties": { + "Primary": "", + "Secondary": "" + } + }, + "AWS::Events::Endpoint.Primary": { + "attributes": {}, + "description": "", + "properties": { + "HealthCheck": "" + } + }, + "AWS::Events::Endpoint.ReplicationConfig": { + "attributes": {}, + "description": "", + "properties": { + "State": "" + } + }, + "AWS::Events::Endpoint.RoutingConfig": { + "attributes": {}, + "description": "", + "properties": { + "FailoverConfig": "" + } + }, + "AWS::Events::Endpoint.Secondary": { + "attributes": {}, + "description": "", + "properties": { + "Route": "" } }, "AWS::Events::EventBus": { @@ -16796,15 +16931,15 @@ "properties": { "EventSourceName": "If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.", "Name": "The name of the new event bus.\n\nEvent bus names cannot contain the / character. You can't use the name `default` for a custom event bus, as this name is already used for your account's default event bus.\n\nIf this is a partner event bus, the name must exactly match the name of the partner event source that this event bus is matched to.", - "Tags": "" + "Tags": "Tags to associate with the event bus." } }, "AWS::Events::EventBus.TagEntry": { "attributes": {}, - "description": "", + "description": "A key-value pair associated with an AWS resource. In EventBridge, rules and event buses support tagging.", "properties": { - "Key": "", - "Value": "" + "Key": "A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.", + "Value": "The value for the specified tag key." } }, "AWS::Events::EventBusPolicy": { @@ -17947,7 +18082,7 @@ "properties": { "Name": "A descriptive label that is associated with a build. Build names do not need to be unique.", "OperatingSystem": "The operating system that the game server binaries are built to run on. This value determines the type of fleet resources that you can use for this build. If your game build contains multiple executables, they all must run on the same operating system. If an operating system is not specified when creating a build, Amazon GameLift uses the default value (WINDOWS_2012). This value cannot be changed later.", - "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon Web Services to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon Web Services will report a `SizeOnDisk` of 0.", + "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift will report a `SizeOnDisk` of 0.", "Version": "Version information that is associated with this build. Version strings do not need to be unique." } }, @@ -17958,7 +18093,7 @@ "Bucket": "An Amazon S3 bucket identifier. This is the name of the S3 bucket.\n\n> GameLift currently does not support uploading from Amazon S3 buckets with names that contain a dot (.).", "Key": "The name of the zip file that contains the build files or script files.", "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon Web Services to access the S3 bucket." + "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." } }, "AWS::GameLift::Fleet": { @@ -18066,7 +18201,7 @@ "LaunchTemplate": "The Amazon EC2 launch template that contains configuration settings and game server code to be deployed to all instances in the game server group. You can specify the template using either the template name or ID. For help with creating a launch template, see [Creating a Launch Template for an Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) in the *Amazon Elastic Compute Cloud Auto Scaling User Guide* . After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the AWS console or APIs.\n\n> If you specify network interfaces in your launch template, you must explicitly set the property `AssociatePublicIpAddress` to \"true\". If no network interface is specified in the launch template, GameLift FleetIQ uses your account's default VPC.", "MaxSize": "The maximum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, GameLift FleetIQ and EC2 do not scale up the group above this maximum. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the AWS console or APIs.", "MinSize": "The minimum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, GameLift FleetIQ and Amazon EC2 do not scale down the group below this minimum. In production, this value should be set to at least 1. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the AWS console or APIs.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon Web Services to access your Amazon EC2 Auto Scaling groups.", + "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access your Amazon EC2 Auto Scaling groups.", "Tags": "A list of labels to assign to the new game server group resource. Tags are developer-defined key-value pairs. Tagging AWS resources is useful for resource management, access management, and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags, respectively. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits.", "VpcSubnets": "A list of virtual private cloud (VPC) subnets to use with instances in the game server group. By default, all GameLift FleetIQ-supported Availability Zones are used. You can use this parameter to specify VPCs that you've set up. This property cannot be updated after the game server group is created, and the corresponding Auto Scaling group will always use the property value that is set with this request, even if the Auto Scaling group is updated directly." } @@ -18207,7 +18342,7 @@ "description": "The `AWS::GameLift::Script` resource creates a new script record for your Realtime Servers script. Realtime scripts are JavaScript that provide configuration settings and optional custom game logic for your game. The script is deployed when you create a Realtime Servers fleet to host your game sessions. Script logic is executed during an active game session.", "properties": { "Name": "A descriptive label that is associated with a script. Script names do not need to be unique.", - "StorageLocation": "The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon Web Services to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon Web Services uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the `ObjectVersion` parameter to specify an earlier version.", + "StorageLocation": "The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the `ObjectVersion` parameter to specify an earlier version.", "Tags": "A list of labels to assign to the new script resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits.", "Version": "The version that is associated with a build or script. Version strings do not need to be unique." } @@ -18218,8 +18353,8 @@ "properties": { "Bucket": "An Amazon S3 bucket identifier. This is the name of the S3 bucket.\n\n> GameLift currently does not support uploading from Amazon S3 buckets with names that contain a dot (.).", "Key": "The name of the zip file that contains the build files or script files.", - "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon Web Services uses this information when retrieving files from an S3 bucket that you own. Use this parameter to specify a specific version of the file. If not set, the latest version of the file is retrieved.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon Web Services to access the S3 bucket." + "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from an S3 bucket that you own. Use this parameter to specify a specific version of the file. If not set, the latest version of the file is retrieved.", + "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." } }, "AWS::GlobalAccelerator::Accelerator": { @@ -20547,7 +20682,7 @@ }, "description": "Creates a new container recipe. Container recipes define how images are configured, tested, and assessed.", "properties": { - "Components": "Components for build and test that are included in the container recipe.", + "Components": "Build and test components that are included in the container recipe. Recipes require a minimum of one build component, and can have a maximum of 20 build and test components in any combination.", "ContainerType": "Specifies the type of container, such as Docker.", "Description": "The description of the container recipe.", "DockerfileTemplateData": "Dockerfiles are text documents that are used to build Docker containers, and ensure that they contain all of the elements required by the application running inside. The template data consists of contextual variables where Image Builder places build information or scripts, based on your container image recipe.", @@ -20730,7 +20865,7 @@ }, "AWS::ImageBuilder::ImageRecipe.AdditionalInstanceConfiguration": { "attributes": {}, - "description": "In addition to your infrastruction configuration, these settings provide an extra layer of control over your build instances. For instances where Image Builder installs the Systems Manager agent, you can choose whether to keep it for the AMI that you create. You can also specify commands to run on launch for all of your build instances.", + "description": "In addition to your infrastructure configuration, these settings provide an extra layer of control over your build instances. You can also specify commands to run on launch for all of your build instances.\n\nImage Builder does not automatically install the Systems Manager agent on Windows instances. If your base image includes the Systems Manager agent, then the AMI that you create will also include the agent. For Linux instances, if the base image does not already include the Systems Manager agent, Image Builder installs it. For Linux instances where Image Builder installs the Systems Manager agent, you can choose whether to keep it for the AMI that you create.", "properties": { "SystemsManagerAgent": "Contains settings for the Systems Manager agent on your build instance.", "UserDataOverride": "Use this property to provide commands or a command script to run when you launch your build instance.\n\nThe userDataOverride property replaces any commands that Image Builder might have added to ensure that Systems Manager is installed on your Linux build instance. If you override the user data, make sure that you add commands to install Systems Manager, if it is not pre-installed on your base image.\n\n> The user data is always base 64 encoded. For example, the following commands are encoded as `IyEvYmluL2Jhc2gKbWtkaXIgLXAgL3Zhci9iYi8KdG91Y2ggL3Zhci$` :\n> \n> *#!/bin/bash*\n> \n> mkdir -p /var/bb/\n> \n> touch /var" @@ -20810,7 +20945,7 @@ "attributes": {}, "description": "The instance metadata options that apply to the HTTP requests that pipeline builds use to launch EC2 build and test instances. For more information about instance metadata options, see [Configure the instance metadata options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html) in the **Amazon EC2 User Guide** for Linux instances, or [Configure the instance metadata options](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/configuring-instance-metadata-options.html) in the **Amazon EC2 Windows Guide** for Windows instances.", "properties": { - "HttpPutResponseHopLimit": "Limit the number of hops that an instance metadata request can traverse to reach its destination.", + "HttpPutResponseHopLimit": "Limit the number of hops that an instance metadata request can traverse to reach its destination. The default is one hop. However, if HTTP tokens are required, container image builds need a minimum of two hops.", "HttpTokens": "Indicates whether a signed token header is required for instance metadata retrieval requests. The values affect the response as follows:\n\n- *required* \u2013 When you retrieve the IAM role credentials, version 2.0 credentials are returned in all cases.\n- *optional* \u2013 You can include a signed token header in your request to retrieve instance metadata, or you can leave it out. If you include it, version 2.0 credentials are returned for the IAM role. Otherwise, version 1.0 credentials are returned.\n\nThe default setting is *optional* ." } }, @@ -23418,7 +23553,7 @@ "description": "The `AWS::KMS::Key` resource specifies a [symmetric or asymmetric](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in AWS Key Management Service ( AWS KMS ).\n\nYou can use the `AWS::KMS::Key` resource to specify a symmetric or asymmetric multi-Region primary key. To specify a replica key, use the [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource. For information about multi-Region keys, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou cannot use the `AWS::KMS::Key` resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) .\n\n> AWS KMS is replacing the term *customer master key (CMK)* with *AWS KMS key* and *KMS key* . The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. \n\nYou can use symmetric KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use symmetric KMS key to encrypt data stored in AWS services that are [integrated with AWS KMS](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration) . For more information, see [What is AWS Key Management Service ?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric `KeySpec` value and a `KeyUsage` value.\n\n> If you change the value of the `KeyUsage` , `KeySpec` , or `MultiRegion` property on an existing KMS key, the existing KMS key is [scheduled for deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) and a new KMS key is created with the specified value.\n> \n> While scheduled for deletion, the existing KMS key becomes unusable. If you don't [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the existing KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. \n\n*Regions*\n\nAWS KMS CloudFormation resources are supported in all Regions in which AWS CloudFormation is supported. However, in the (ap-southeast-3), you cannot use a CloudFormation template to create or manage asymmetric KMS keys or multi-Region KMS keys (primary or replica).", "properties": { "Description": "A description of the KMS key. Use a description that helps you to distinguish this KMS key from others in the account, such as its intended use.", - "EnableKeyRotation": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n\nAWS KMS does not support automatic key rotation on asymmetric KMS keys. For asymmetric KMS keys, omit the `EnableKeyRotation` property or set it to `false` .\n\nWhen you enable automatic rotation, AWS KMS automatically creates new key material for the KMS key 365 days after the enable (or reenable) date and every 365 days thereafter. AWS KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *AWS Key Management Service Developer Guide* .", + "EnableKeyRotation": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n\nAWS KMS supports automatic rotation only for symmetric KMS keys ( `KeySpec` = `SYMMETRIC_DEFAULT` ). Automatic key rotation is *not* supported for asymmetric KMS keys. For asymmetric KMS keys, omit the `EnableKeyRotation` property or set it to `false` .\n\nTo enable automatic key rotation of the key material for a multi-Region KMS key, set `EnableKeyRotation` to `true` on the primary key (created by using `AWS::KMS::Key` ). AWS KMS copies the rotation status to all replica keys when you create them. For details, see [Rotating multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate) in the *AWS Key Management Service Developer Guide* .\n\nWhen you enable automatic rotation, AWS KMS automatically creates new key material for the KMS key one year after the enable date and every year thereafter. AWS KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *AWS Key Management Service Developer Guide* .", "Enabled": "Specifies whether the KMS key is enabled. Disabled KMS keys cannot be used in cryptographic operations.\n\nWhen `Enabled` is `true` , the *key state* of the KMS key is `Enabled` . When `Enabled` is `false` , the key state of the KMS key is `Disabled` . The default value is `true` .\n\nThe actual key state of the KMS key might be affected by actions taken outside of CloudFormation, such as running the [EnableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html) , [DisableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html) , or [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operations.\n\nFor information about the key states of a KMS key, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *AWS Key Management Service Developer Guide* .", "KeyPolicy": "The key policy that authorizes use of the KMS key. The key policy must conform to the following rules.\n\n- The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section of the **AWS Key Management Service Developer Guide** .\n- Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS . When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS . For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *AWS Identity and Access Management User Guide* .\n- The key policy size limit is 32 kilobytes (32768 bytes).\n\nIf you are unsure of which policy to use, consider the *default key policy* . This is the key policy that AWS KMS applies to KMS keys that are created by using the CreateKey API with no specified key policy. It gives the AWS account that owns the key permission to perform all operations on the key. It also allows you write IAM policies to authorize access to the key. For details, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *AWS Key Management Service Developer Guide* .\n\n*Minimum* : `1`\n\n*Maximum* : `32768`", "KeySpec": "Specifies the type of KMS key to create. The default value, `SYMMETRIC_DEFAULT` , creates a KMS key with a 256-bit symmetric key for encryption and decryption. For help choosing a key spec for your KMS key, see [How to choose Your KMS key configuration](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in the *AWS Key Management Service Developer Guide* .\n\nThe `KeySpec` property determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that the KMS key supports. You can't change the `KeySpec` after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [kms:EncryptionAlgorithm](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm) or [kms:Signing Algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) in the *AWS Key Management Service Developer Guide* .\n\n> If you change the `KeySpec` of an existing KMS key, the existing KMS key is scheduled for deletion and a new KMS key is created with the specified `KeySpec` value. While the scheduled deletion is pending, you can't use the existing KMS key. Unless you [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. > [AWS services that are integrated with AWS KMS](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric KMS keys to protect your data. These services do not support asymmetric KMS keys. For help determining whether a KMS key is symmetric or asymmetric, see [Identifying Symmetric and Asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *AWS Key Management Service Developer Guide* . \n\nAWS KMS supports the following key specs for KMS keys:\n\n- Symmetric key (default)\n\n- `SYMMETRIC_DEFAULT` (AES-256-GCM)\n- Asymmetric RSA key pairs\n\n- `RSA_2048`\n- `RSA_3072`\n- `RSA_4096`\n- Asymmetric NIST-recommended elliptic curve key pairs\n\n- `ECC_NIST_P256` (secp256r1)\n- `ECC_NIST_P384` (secp384r1)\n- `ECC_NIST_P521` (secp521r1)\n- Other asymmetric elliptic curve key pairs\n\n- `ECC_SECG_P256K1` (secp256k1), commonly used for cryptocurrencies.", @@ -25389,7 +25524,7 @@ }, "AWS::Lambda::EventSourceMapping": { "attributes": { - "Id": "", + "Id": "The event source mapping's ID.", "Ref": "`Ref` returns the mapping's ID." }, "description": "The `AWS::Lambda::EventSourceMapping` resource creates a mapping between an event source and an AWS Lambda function. Lambda reads items from the event source and triggers the function.\n\nFor details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source.\n\n- [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping)\n- [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping)\n- [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource)\n- [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping)\n- [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html)\n- [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html)", @@ -25597,12 +25732,13 @@ }, "AWS::Lambda::Permission": { "attributes": {}, - "description": "The `AWS::Lambda::Permission` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.\n\nTo grant permission to another account, specify the account ID as the `Principal` . For AWS services, the principal is a domain-style identifier defined by the service, like `s3.amazonaws.com` or `sns.amazonaws.com` . For AWS services, you can also specify the ARN of the associated resource as the `SourceArn` . If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.\n\nThis resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html) .", + "description": "The `AWS::Lambda::Permission` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.\n\nTo grant permission to another account, specify the account ID as the `Principal` . To grant permission to an organization defined in AWS Organizations , specify the organization ID as the `PrincipalOrgID` . For AWS services, the principal is a domain-style identifier defined by the service, like `s3.amazonaws.com` or `sns.amazonaws.com` . For AWS services, you can also specify the ARN of the associated resource as the `SourceArn` . If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.\n\nThis resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html) .", "properties": { "Action": "The action that the principal can use on the function. For example, `lambda:InvokeFunction` or `lambda:GetFunction` .", "EventSourceToken": "For Alexa Smart Home functions, a token that must be supplied by the invoker.", "FunctionName": "The name of the Lambda function, version, or alias.\n\n**Name formats** - *Function name* - `my-function` (name-only), `my-function:v1` (with alias).\n- *Function ARN* - `arn:aws:lambda:us-west-2:123456789012:function:my-function` .\n- *Partial ARN* - `123456789012:function:my-function` .\n\nYou can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.", "Principal": "The AWS service or account that invokes the function. If you specify a service, use `SourceArn` or `SourceAccount` to limit who can invoke the function through that service.", + "PrincipalOrgID": "The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.", "SourceAccount": "For Amazon S3, the ID of the account that owns the resource. Use this together with `SourceArn` to ensure that the resource is owned by the specified account. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.", "SourceArn": "For AWS services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.\n\nNote that Lambda configures the comparison using the `StringLike` operator." } @@ -29732,6 +29868,14 @@ "UtcTimingUri": "Specifies the value attribute of the UTC timing field when utcTiming is set to HTTP-ISO or HTTP-HEAD." } }, + "AWS::MediaPackage::OriginEndpoint.EncryptionContractConfiguration": { + "attributes": {}, + "description": "", + "properties": { + "PresetSpeke20Audio": "", + "PresetSpeke20Video": "" + } + }, "AWS::MediaPackage::OriginEndpoint.HlsEncryption": { "attributes": {}, "description": "Holds encryption information so that access to the content can be controlled by a DRM solution.", @@ -29798,6 +29942,7 @@ "description": "Keyprovider settings for DRM.", "properties": { "CertificateArn": "The Amazon Resource Name (ARN) for the certificate that you imported to AWS Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", + "EncryptionContractConfiguration": "", "ResourceId": "Unique identifier for this endpoint, as it is configured in the key provider service.", "RoleArn": "The ARN for the IAM role that's granted by the key provider to provide access to the key provider API. This role must have a trust policy that allows AWS Elemental MediaPackage to assume the role, and it must have a sufficient permissions policy to allow access to the specific key retrieval URL. Valid format: arn:aws:iam::{accountID}:role/{name}", "SystemIds": "List of unique identifiers for the DRM systems to use, as defined in the CPIX specification.", @@ -33361,7 +33506,7 @@ "AllowMajorVersionUpgrade": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n\nConstraints: Major version upgrades must be allowed when specifying a value for the `EngineVersion` parameter that is a different major version than the DB instance's current version.", "AssociatedRoles": "The AWS Identity and Access Management (IAM) roles associated with the DB instance.", "AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.", - "AvailabilityZone": "The Availability Zone that the database instance will be created in.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's region.\n\nExample: `us-east-1d`\n\nConstraint: The AvailabilityZone parameter cannot be specified if the MultiAZ parameter is set to `true` . The specified Availability Zone must be in the same region as the current endpoint.", + "AvailabilityZone": "The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) .\n\n*Amazon Aurora*\n\nNot applicable. Availability Zones are managed by the DB cluster.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's AWS Region .\n\nExample: `us-east-1d`\n\nConstraint: The `AvailabilityZone` parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same AWS Region as the current endpoint.\n\n> If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.\n> \n> For more information about RDS on VMware, see the [RDS on VMware User Guide.](https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html)", "BackupRetentionPeriod": "The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.\n\n*Amazon Aurora*\n\nNot applicable. The retention period for automated backups is managed by the DB cluster.\n\nDefault: 1\n\nConstraints:\n\n- Must be a value from 0 to 35\n- Can't be set to 0 if the DB instance is a source to read replicas", "CACertificateIdentifier": "The identifier of the CA certificate for this DB instance.\n\n> Specifying or updating this property triggers a reboot. \n\nFor more information about CA certificate identifiers for RDS DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide* .\n\nFor more information about CA certificate identifiers for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide* .", "CharacterSetName": "For supported engines, indicates that the DB instance should be associated with the specified character set.\n\n*Amazon Aurora*\n\nNot applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html) .", @@ -33546,9 +33691,9 @@ "description": "The `Ingress` property type specifies an individual ingress rule within an `AWS::RDS::DBSecurityGroup` resource.", "properties": { "CIDRIP": "The IP range to authorize.", - "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSecurityGroupIngress": { @@ -33558,10 +33703,10 @@ "description": "The `AWS::RDS::DBSecurityGroupIngress` resource enables ingress to a DB security group using one of two forms of authorization. First, you can add EC2 or VPC security groups to the DB security group if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the Internet.\n\nThis type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .\n\nFor details about the settings for DB security group ingress, see [AuthorizeDBSecurityGroupIngress](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html) .", "properties": { "CIDRIP": "The IP range to authorize.", - "DBSecurityGroupName": "The name of the DB Security Group to add authorization to.", - "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "DBSecurityGroupName": "The name of the DB security group to add authorization to.", + "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSubnetGroup": { @@ -33570,9 +33715,9 @@ }, "description": "The `AWS::RDS::DBSubnetGroup` resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region.\n\nFor more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide* .", "properties": { - "DBSubnetGroupDescription": "The description for the DB Subnet Group.", + "DBSubnetGroupDescription": "The description for the DB subnet group.", "DBSubnetGroupName": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n\nExample: `mysubnetgroup`", - "SubnetIds": "The EC2 Subnet IDs for the DB Subnet Group.", + "SubnetIds": "The EC2 Subnet IDs for the DB subnet group.", "Tags": "Tags to assign to the DB subnet group." } }, @@ -33582,8 +33727,8 @@ }, "description": "The `AWS::RDS::EventSubscription` resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see [Using Amazon RDS Event Notification](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) in the *Amazon RDS User Guide* .", "properties": { - "Enabled": "A Boolean value; set to *true* to activate the subscription, set to *false* to create the subscription but not active it.", - "EventCategories": "A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the [Events](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) topic in the Amazon RDS User Guide or by using the *DescribeEventCategories* action.", + "Enabled": "A value that indicates whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active.", + "EventCategories": "A list of event categories for a particular source type ( `SourceType` ) that you want to subscribe to. You can see a list of the categories for a given source type in the \"Amazon RDS event categories and event messages\" section of the [*Amazon RDS User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) or the [*Amazon Aurora User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html) . You can also see this list by using the `DescribeEventCategories` operation.", "SnsTopicArn": "The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it.", "SourceIds": "The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.\n\nConstraints:\n\n- If a `SourceIds` value is supplied, `SourceType` must also be provided.\n- If the source type is a DB instance, a `DBInstanceIdentifier` value must be supplied.\n- If the source type is a DB cluster, a `DBClusterIdentifier` value must be supplied.\n- If the source type is a DB parameter group, a `DBParameterGroupName` value must be supplied.\n- If the source type is a DB security group, a `DBSecurityGroupName` value must be supplied.\n- If the source type is a DB snapshot, a `DBSnapshotIdentifier` value must be supplied.\n- If the source type is a DB cluster snapshot, a `DBClusterSnapshotIdentifier` value must be supplied.", "SourceType": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to `db-instance` . If this value isn't specified, all events are returned.\n\nValid values: `db-instance` | `db-cluster` | `db-parameter-group` | `db-security-group` | `db-snapshot` | `db-cluster-snapshot`" @@ -36592,8 +36737,8 @@ }, "AWS::SageMaker::App": { "attributes": { - "AppArn": "The Amazon Resource Name (ARN) of the App, such as `arn:aws:sagemaker:us-west-2:account-id:app/my-app-name` .", - "Ref": "`Ref` returns the App type, App name, domain ID, and user profile name." + "AppArn": "The Amazon Resource Name (ARN) of the app, such as `arn:aws:sagemaker:us-west-2:account-id:app/my-app-name` .", + "Ref": "`Ref` returns the app type, app name, Domain ID, and user profile name." }, "description": "Creates a running app for the specified UserProfile. Supported apps are `JupyterServer` and `KernelGateway` . This operation is automatically invoked by Amazon SageMaker Studio upon access to the associated Domain, and when new kernel configurations are selected by the user. A user may have multiple Apps active simultaneously.", "properties": { @@ -36852,23 +36997,26 @@ }, "AWS::SageMaker::Domain": { "attributes": { - "DomainArn": "The Amazon Resource Name (ARN) of the domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .", - "DomainId": "The domain ID.", + "DomainArn": "The Amazon Resource Name (ARN) of the Domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .", + "DomainId": "The Domain ID.", "HomeEfsFileSystemId": "The ID of the Amazon Elastic File System (EFS) managed by this Domain.", - "Ref": "`Ref` returns the domain ID, such as `d-xxxxxxxxxxxx` .", + "Ref": "`Ref` returns the Domain ID, such as `d-xxxxxxxxxxxx` .", + "SecurityGroupIdForDomainBoundary": "The ID of the security group that authorizes traffic between the `RSessionGateway` apps and the `RStudioServerPro` app.", "SingleSignOnManagedApplicationInstanceId": "The AWS SSO managed application instance ID.", - "Url": "The URL for the domain." + "Url": "The URL for the Domain." }, "description": "Creates a `Domain` used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.\n\n*EFS storage*\n\nWhen a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.\n\nSageMaker uses the AWS Key Management Service ( AWS KMS) to encrypt the EFS volume attached to the domain with an AWS managed key by default. For more control, you can specify a customer managed key. For more information, see [Protect Data at Rest Using Encryption](https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest.html) .\n\n*VPC configuration*\n\nAll SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you can specify the `AppNetworkAccessType` parameter. `AppNetworkAccessType` corresponds to the network access type that you choose when you onboard to Studio. The following options are available:\n\n- `PublicInternetOnly` - Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.\n- `VpcOnly` - All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway.\n\nWhen internet access is disabled, you won't be able to run a Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.\n\n> NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules in order to launch a SageMaker Studio app successfully. \n\nFor more information, see [Connect SageMaker Studio Notebooks to Resources in a VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html) .", "properties": { "AppNetworkAccessType": "Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly` .\n\n- `PublicInternetOnly` - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access\n- `VpcOnly` - All Studio traffic is through the specified VPC and subnets\n\n*Valid Values* : `PublicInternetOnly | VpcOnly`", - "AuthMode": "The mode of authentication that members use to access the domain.\n\n*Valid Values* : `SSO | IAM`", + "AppSecurityGroupManagement": "The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode. Required when `CreateDomain.AppNetworkAccessType` is `VpcOnly` and `DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn` is provided.", + "AuthMode": "The mode of authentication that members use to access the Domain.\n\n*Valid Values* : `SSO | IAM`", "DefaultUserSettings": "The default user settings.", "DomainName": "The domain name.", - "KmsKeyId": "SageMaker uses AWS KMS to encrypt the EFS volume attached to the domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK.\n\n*Length Constraints* : Maximum length of 2048.\n\n*Pattern* : `.*`", + "DomainSettings": "A collection of settings that apply to the `SageMaker Domain` . These settings are specified through the `CreateDomain` API call.", + "KmsKeyId": "SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK.\n\n*Length Constraints* : Maximum length of 2048.\n\n*Pattern* : `.*`", "SubnetIds": "The VPC subnets that Studio uses for communication.\n\n*Length Constraints* : Maximum length of 32.\n\n*Array members* : Minimum number of 1 item. Maximum number of 16 items.\n\n*Pattern* : `[-0-9a-zA-Z]+`", - "Tags": "Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.\n\nTags that you specify for the Domain are also added to all Apps that are launched in the Domain.\n\n*Array members* : Minimum number of 0 items. Maximum number of 50 items.", - "VpcId": "The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n\n*Length Constraints* : Maximum length of 32.\n\n*Pattern* : `[-0-9a-zA-Z]+`" + "Tags": "Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.\n\nTags that you specify for the Domain are also added to all apps that are launched in the Domain.\n\n*Array members* : Minimum number of 0 items. Maximum number of 50 items.", + "VpcId": "The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.\n\n*Length Constraints* : Maximum length of 32.\n\n*Pattern* : `[-0-9a-zA-Z]+`" } }, "AWS::SageMaker::Domain.CustomImage": { @@ -36880,6 +37028,14 @@ "ImageVersionNumber": "The version number of the CustomImage." } }, + "AWS::SageMaker::Domain.DomainSettings": { + "attributes": {}, + "description": "A collection of settings that apply to the `SageMaker Domain` . These settings are specified through the `CreateDomain` API call.", + "properties": { + "RStudioServerProDomainSettings": "A collection of settings that configure the `RStudioServerPro` Domain-level app.", + "SecurityGroupIds": "The security groups for the Amazon Virtual Private Cloud that the `Domain` uses for communication between Domain-level apps and user apps." + } + }, "AWS::SageMaker::Domain.JupyterServerAppSettings": { "attributes": {}, "description": "The JupyterServer app settings.", @@ -36895,6 +37051,24 @@ "DefaultResourceSpec": "The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app.\n\n> The Amazon SageMaker Studio UI does not use the default instance type value set here. The default instance type set here is used when Apps are created using the AWS Command Line Interface or AWS CloudFormation and the instance type parameter value is not passed." } }, + "AWS::SageMaker::Domain.RStudioServerProAppSettings": { + "attributes": {}, + "description": "A collection of settings that configure user interaction with the `RStudioServerPro` app. `RStudioServerProAppSettings` cannot be updated. The `RStudioServerPro` app must be deleted and a new one created to make any changes.", + "properties": { + "AccessStatus": "Indicates whether the current user has access to the `RStudioServerPro` app.", + "UserGroup": "The level of permissions that the user has within the `RStudioServerPro` app. This value defaults to `User`. The `Admin` value allows the user access to the RStudio Administrative Dashboard." + } + }, + "AWS::SageMaker::Domain.RStudioServerProDomainSettings": { + "attributes": {}, + "description": "A collection of settings that configure the `RStudioServerPro` Domain-level app.", + "properties": { + "DefaultResourceSpec": "A collection that defines the default `InstanceType` , `SageMakerImageArn` , and `SageMakerImageVersionArn` for the Domain.", + "DomainExecutionRoleArn": "The ARN of the execution role for the `RStudioServerPro` Domain-level app.", + "RStudioConnectUrl": "A URL pointing to an RStudio Connect server.", + "RStudioPackageManagerUrl": "A URL pointing to an RStudio Package Manager server." + } + }, "AWS::SageMaker::Domain.ResourceSpec": { "attributes": {}, "description": "Specifies the ARN's of a SageMaker image and SageMaker image version, and the instance type that the version runs on.", @@ -36920,6 +37094,7 @@ "ExecutionRole": "The execution role for the user.", "JupyterServerAppSettings": "The Jupyter server's app settings.", "KernelGatewayAppSettings": "The kernel gateway app settings.", + "RStudioServerProAppSettings": "A collection of settings that configure user interaction with the `RStudioServerPro` app.", "SecurityGroups": "The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n\nOptional when the `CreateDomain.AppNetworkAccessType` parameter is set to `PublicInternetOnly` .\n\nRequired when the `CreateDomain.AppNetworkAccessType` parameter is set to `VpcOnly` .\n\nAmazon SageMaker adds a security group to allow NFS traffic from SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.", "SharingSettings": "Specifies options for sharing SageMaker Studio notebooks." } @@ -37169,7 +37344,7 @@ "Environment": "The environment variables to set in the Docker container. Each key and value in the `Environment` string to string map can have length of up to 1024. We support up to 16 entries in the map.", "Image": "The path where inference code is stored. This can be either in Amazon EC2 Container Registry or in a Docker registry that is accessible from the same VPC that you configure for your endpoint. If you are using your own custom algorithm instead of an algorithm provided by SageMaker, the inference code must meet SageMaker requirements. SageMaker supports both `registry/repository[:tag]` and `registry/repository[@digest]` image path formats. For more information, see [Using Your Own Algorithms with Amazon SageMaker](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms.html)", "ImageConfig": "Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For information about storing containers in a private Docker registry, see [Use a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html)", - "InferenceSpecificationName": "The inference specification name in the model package version.", + "InferenceSpecificationName": "", "Mode": "Whether the container hosts a single model or multiple models.", "ModelDataUrl": "The S3 path where the model artifacts, which result from model training, are stored. This path must point to a single gzip compressed tar archive (.tar.gz suffix). The S3 path is required for SageMaker built-in algorithms, but not if you use your own algorithms. For more information on built-in algorithms, see [Common Parameters](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-algo-docker-registry-paths.html) .\n\n> The model artifacts must be in an S3 bucket that is in the same region as the model or endpoint you are creating. \n\nIf you provide a value for this parameter, SageMaker uses AWS Security Token Service to download model artifacts from the S3 path you provide. AWS STS is activated in your IAM user account by default. If you previously deactivated AWS STS for a region, you need to reactivate AWS STS for that region. For more information, see [Activating and Deactivating AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the *AWS Identity and Access Management User Guide* .\n\n> If you use a built-in algorithm to create a model, SageMaker requires that you provide a S3 path to the model artifacts in `ModelDataUrl` .", "ModelPackageName": "The name or Amazon Resource Name (ARN) of the model package to use to create the model.", @@ -37868,7 +38043,7 @@ }, "description": "The `AWS::SageMaker::Pipeline` resource creates shell scripts that run when you create and/or start a SageMaker Pipeline. For information about SageMaker Pipelines, see [SageMaker Pipelines](https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines.html) in the *Amazon SageMaker Developer Guide* .", "properties": { - "ParallelismConfiguration": "The parallelism configuration applied to the pipeline.", + "ParallelismConfiguration": "", "PipelineDefinition": "The definition of the pipeline. This can be either a JSON string or an Amazon S3 location.", "PipelineDescription": "The description of the pipeline.", "PipelineDisplayName": "The display name of the pipeline.", @@ -37895,7 +38070,7 @@ }, "AWS::SageMaker::UserProfile": { "attributes": { - "Ref": "`Ref` returns the domain ID and the user profile name, such as `d-xxxxxxxxxxxx` and `my-user-profile` , respectively.", + "Ref": "`Ref` returns the Domain ID and the user profile name, such as `d-xxxxxxxxxxxx` and `my-user-profile` , respectively.", "UserProfileArn": "The Amazon Resource Name (ARN) of the user profile, such as `arn:aws:sagemaker:us-west-2:account-id:user-profile/my-user-profile` ." }, "description": "Creates a user profile. A user profile represents a single user within a domain, and is the main way to reference a \"person\" for the purposes of sharing, reporting, and other user-oriented features. This entity is created when a user onboards to Amazon SageMaker Studio. If an administrator invites a person by email or imports them from SSO, a user profile is automatically created. A user profile is the primary holder of settings for an individual user and has a reference to the user's private Amazon Elastic File System (EFS) home directory.", @@ -37903,7 +38078,7 @@ "DomainId": "The domain ID.", "SingleSignOnUserIdentifier": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is SSO, this field is required. If the Domain's AuthMode is not SSO, this field cannot be specified.", "SingleSignOnUserValue": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is SSO, this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO, this field cannot be specified.", - "Tags": "An array of key-value pairs to apply to this resource.\n\nTags that you specify for the User Profile are also added to all Apps that the User Profile launches.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "Tags": "An array of key-value pairs to apply to this resource.\n\nTags that you specify for the User Profile are also added to all apps that the User Profile launches.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", "UserProfileName": "The user profile name.", "UserSettings": "A collection of settings that apply to users of Amazon SageMaker Studio." } @@ -37932,6 +38107,14 @@ "DefaultResourceSpec": "The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app.\n\n> The Amazon SageMaker Studio UI does not use the default instance type value set here. The default instance type set here is used when Apps are created using the AWS Command Line Interface or AWS CloudFormation and the instance type parameter value is not passed." } }, + "AWS::SageMaker::UserProfile.RStudioServerProAppSettings": { + "attributes": {}, + "description": "A collection of settings that configure user interaction with the `RStudioServerPro` app. `RStudioServerProAppSettings` cannot be updated. The `RStudioServerPro` app must be deleted and a new one created to make any changes.", + "properties": { + "AccessStatus": "Indicates whether the current user has access to the `RStudioServerPro` app.", + "UserGroup": "The level of permissions that the user has within the `RStudioServerPro` app. This value defaults to `User`. The `Admin` value allows the user access to the RStudio Administrative Dashboard." + } + }, "AWS::SageMaker::UserProfile.ResourceSpec": { "attributes": {}, "description": "Specifies the ARN's of a SageMaker image and SageMaker image version, and the instance type that the version runs on.", @@ -37957,6 +38140,7 @@ "ExecutionRole": "The execution role for the user.", "JupyterServerAppSettings": "The Jupyter server's app settings.", "KernelGatewayAppSettings": "The kernel gateway app settings.", + "RStudioServerProAppSettings": "A collection of settings that configure user interaction with the `RStudioServerPro` app.", "SecurityGroups": "The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n\nOptional when the `CreateDomain.AppNetworkAccessType` parameter is set to `PublicInternetOnly` .\n\nRequired when the `CreateDomain.AppNetworkAccessType` parameter is set to `VpcOnly` .\n\nAmazon SageMaker adds a security group to allow NFS traffic from SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.", "SharingSettings": "Specifies options for sharing SageMaker Studio notebooks." } @@ -39065,7 +39249,7 @@ "CustomStepDetails": "Details for a step that invokes a lambda function.\n\nConsists of the lambda function name, target, and timeout (in seconds).", "DeleteStepDetails": "Details for a step that deletes the file.", "TagStepDetails": "Details for a step that creates one or more tags.\n\nYou specify one or more tags: each tag contains a key/value pair.", - "Type": "Currently, the following step types are supported.\n\n- *Copy* : copy the file to another location\n- *Custom* : custom step with a lambda target\n- *Delete* : delete the file\n- *Tag* : add a tag to the file" + "Type": "Currently, the following step types are supported.\n\n- *COPY* : copy the file to another location\n- *CUSTOM* : custom step with a lambda target\n- *DELETE* : delete the file\n- *TAG* : add a tag to the file" } }, "AWS::WAF::ByteMatchSet": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json index 76317d0a1eea5..31a291819a349 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ACMPCA.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ACMPCA::Certificate.ApiPassthrough": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-apipassthrough.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json index 2b9e7b271d126..6e69e21b0c5c9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_APS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::APS::RuleGroupsNamespace": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json index 6e462f6110cc0..8e69d543f98eb 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AccessAnalyzer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AccessAnalyzer::Analyzer.ArchiveRule": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-archiverule.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json index 1346343237282..19371db216bbb 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmazonMQ.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AmazonMQ::Broker.ConfigurationId": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-amazonmq-broker-configurationid.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json index 3f22bd6fb2197..557e569da1752 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Amplify.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Amplify::App.AutoBranchCreationConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-amplify-app-autobranchcreationconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json index 66fa567ac8f81..74187e57987fe 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AmplifyUIBuilder.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AmplifyUIBuilder::Component.ActionParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-amplifyuibuilder-component-actionparameters.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json index 9b91495c0562b..f64aa8e45b43c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGateway.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ApiGateway::ApiKey.StageKey": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-apikey-stagekey.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json index ce52ae104e29f..8b8886c633861 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApiGatewayV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ApiGatewayV2::Api.BodyS3Location": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json index 361a9d7d3c818..efb60e0aa53b2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppConfig.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AppConfig::Application.Tags": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appconfig-application-tags.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json index 6f240908c69f8..c51e19f377162 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppFlow.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AppFlow::ConnectorProfile.AmplitudeConnectorProfileCredentials": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appflow-connectorprofile-amplitudeconnectorprofilecredentials.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json index 03e94bc384fac..0e6c19dba37d2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppIntegrations.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AppIntegrations::DataIntegration.ScheduleConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appintegrations-dataintegration-scheduleconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json index 4d10869895be8..6cc82c83c6703 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppMesh.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AppMesh::GatewayRoute.GatewayRouteHostnameMatch": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-gatewayroute-gatewayroutehostnamematch.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json index cb4b9b032c6a5..988e4e8bd4968 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppRunner.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AppRunner::Service.AuthenticationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apprunner-service-authenticationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json index abf8603f1c8a2..d61d6b7f95655 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppStream.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AppStream::AppBlock.S3Location": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appstream-appblock-s3location.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json index 0d48328fafbcc..29a48ad2c496c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AppSync.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AppSync::DataSource.AuthorizationConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-authorizationconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json index 6b783d17ad9d6..3b9216ab0c990 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationAutoScaling.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ApplicationAutoScaling::ScalableTarget.ScalableTargetAction": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalabletarget-scalabletargetaction.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json index 79405cf27def4..ae1c226ddf36e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ApplicationInsights.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ApplicationInsights::Application.Alarm": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationinsights-application-alarm.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json index ad20cc5b38181..8f8877dd7a814 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Athena.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Athena::WorkGroup.EncryptionConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-encryptionconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json index 1cd0aaa2b4cba..be2772514210d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AuditManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AuditManager::Assessment.AWSAccount": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-auditmanager-assessment-awsaccount.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json index 7444f1351643d..a9da22e23f77f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScaling.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AutoScaling::AutoScalingGroup.AcceleratorCountRequest": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-acceleratorcountrequest.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json index 370e90b31650d..744f026f3c875 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_AutoScalingPlans.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::AutoScalingPlans::ScalingPlan.ApplicationSource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscalingplans-scalingplan-applicationsource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json index 293257d7bbc6a..7984ab5bf19dc 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Backup.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Backup::BackupPlan.AdvancedBackupSettingResourceType": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-backup-backupplan-advancedbackupsettingresourcetype.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json index 24078d5eacedc..a3fd4fecec863 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Batch.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Batch::ComputeEnvironment.ComputeResources": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-computeenvironment-computeresources.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json index 80a756f6d9a2c..f19f101132301 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_BillingConductor.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::BillingConductor::BillingGroup.AccountGrouping": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-billingconductor-billinggroup-accountgrouping.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json index f34a65e4c0867..f49628168aab5 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Budgets.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Budgets::Budget.BudgetData": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-budgets-budget-budgetdata.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json index 6580dd1621100..63c91c8e96922 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CE.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CE::AnomalySubscription.Subscriber": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ce-anomalysubscription-subscriber.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json index 8a351a0396b83..3ae4d1801a9d9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CUR.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CUR::ReportDefinition": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json index 28fd524f70e6c..c0fb87068d5d8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cassandra.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Cassandra::Table.BillingMode": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cassandra-table-billingmode.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json index c1a95b5fefbd1..998c3fb6a7ff1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CertificateManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CertificateManager::Account.ExpiryEventsConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-account-expiryeventsconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json index 794d021976812..0967bf8ae4916 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Chatbot.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Chatbot::SlackChannelConfiguration": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json index 5c24f8d93de7a..1317a2389436e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cloud9.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Cloud9::EnvironmentEC2.Repository": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloud9-environmentec2-repository.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json index edcd2c7e5dbdc..658c86a481cb5 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFormation.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CloudFormation::HookVersion.LoggingConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-hookversion-loggingconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json index 25fb68fcaa39f..cda050e48c840 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudFront.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CloudFront::CachePolicy.CachePolicyConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json index 0b4a350d5338d..ca208c959033e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudTrail.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CloudTrail::Trail.DataResource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudtrail-trail-dataresource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json index 2701350772f79..83a6dbbd0286e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CloudWatch.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CloudWatch::Alarm.Dimension": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-dimension.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json index 3579558192d45..fad8c8c7ce35b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeArtifact.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CodeArtifact::Domain": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json index 399e9f1cf84e7..9462011a5ecc9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeBuild.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CodeBuild::Project.Artifacts": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-artifacts.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json index 06599a720ed62..72268b920aa79 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeCommit.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CodeCommit::Repository.Code": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codecommit-repository-code.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json index ccd78fd04514d..3816307559d88 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeDeploy.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHosts": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentconfig-minimumhealthyhosts.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json index 47a53e3d951a5..271cd277d1157 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruProfiler.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CodeGuruProfiler::ProfilingGroup.Channel": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codeguruprofiler-profilinggroup-channel.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json index 1eb469e8d43b6..679838864533c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeGuruReviewer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CodeGuruReviewer::RepositoryAssociation": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json index 34854e1f5929c..719cc8cbf3035 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodePipeline.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CodePipeline::CustomActionType.ArtifactDetails": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-customactiontype-artifactdetails.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json index ff55293cd2f65..a3354f9cb49d0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStar.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CodeStar::GitHubRepository.Code": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codestar-githubrepository-code.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json index 1cb961d7c1c2c..6b17cf76c4957 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarConnections.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::CodeStarConnections::Connection": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json index c9986ae3f028a..a62bb5bd618ff 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CodeStarNotifications.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CodeStarNotifications::NotificationRule.Target": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codestarnotifications-notificationrule-target.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json index 27efac0ea696c..274645a0faec8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Cognito.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Cognito::IdentityPool.CognitoIdentityProvider": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json index 3c6a54684a0b9..e66aa2d3468c7 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Config.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Config::ConfigRule.Scope": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json index 1e9d3c2ddd409..a3d23a9e074e5 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Connect.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Connect::HoursOfOperation.HoursOfOperationConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-connect-hoursofoperation-hoursofoperationconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json index 0f2b10fd0389a..80f847af74abc 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_CustomerProfiles.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::CustomerProfiles::Integration.ConnectorOperator": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-customerprofiles-integration-connectoroperator.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json index 235e5572d7403..ea1c00b14561a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DAX.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DAX::Cluster.SSESpecification": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json index b4b642e1d4f9a..87c06843423b1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DLM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DLM::LifecyclePolicy.Action": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dlm-lifecyclepolicy-action.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json index 357934de20f64..ff6cb9276d253 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DMS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DMS::Endpoint.DocDbSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html", @@ -179,6 +179,12 @@ "Required": false, "UpdateType": "Mutable" }, + "IncludePartitionValue": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-kafkasettings.html#cfn-dms-endpoint-kafkasettings-includepartitionvalue", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, "IncludeTableAlterOperations": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-kafkasettings.html#cfn-dms-endpoint-kafkasettings-includetablealteroperations", "PrimitiveType": "Boolean", @@ -191,6 +197,18 @@ "Required": false, "UpdateType": "Mutable" }, + "MessageFormat": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-kafkasettings.html#cfn-dms-endpoint-kafkasettings-messageformat", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "MessageMaxBytes": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-kafkasettings.html#cfn-dms-endpoint-kafkasettings-messagemaxbytes", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, "NoHexPrefix": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-kafkasettings.html#cfn-dms-endpoint-kafkasettings-nohexprefix", "PrimitiveType": "Boolean", @@ -268,6 +286,12 @@ "Required": false, "UpdateType": "Mutable" }, + "IncludePartitionValue": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-kinesissettings.html#cfn-dms-endpoint-kinesissettings-includepartitionvalue", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, "IncludeTableAlterOperations": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-kinesissettings.html#cfn-dms-endpoint-kinesissettings-includetablealteroperations", "PrimitiveType": "Boolean", @@ -415,6 +439,36 @@ "AWS::DMS::Endpoint.MySqlSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html", "Properties": { + "AfterConnectScript": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-afterconnectscript", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "CleanSourceMetadataOnMismatch": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-cleansourcemetadataonmismatch", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "EventsPollInterval": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-eventspollinterval", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "MaxFileSize": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-maxfilesize", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "ParallelLoadThreads": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-parallelloadthreads", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, "SecretsManagerAccessRoleArn": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-secretsmanageraccessrolearn", "PrimitiveType": "String", @@ -426,6 +480,18 @@ "PrimitiveType": "String", "Required": false, "UpdateType": "Mutable" + }, + "ServerTimezone": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-servertimezone", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "TargetDbType": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mysqlsettings.html#cfn-dms-endpoint-mysqlsettings-targetdbtype", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" } } }, @@ -479,6 +545,139 @@ "AWS::DMS::Endpoint.OracleSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html", "Properties": { + "AccessAlternateDirectly": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-accessalternatedirectly", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "AddSupplementalLogging": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-addsupplementallogging", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "AdditionalArchivedLogDestId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-additionalarchivedlogdestid", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "AllowSelectNestedTables": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-allowselectnestedtables", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "ArchivedLogDestId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-archivedlogdestid", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "ArchivedLogsOnly": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-archivedlogsonly", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "AsmPassword": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-asmpassword", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "AsmServer": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-asmserver", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "AsmUser": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-asmuser", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "CharLengthSemantics": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-charlengthsemantics", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "DirectPathNoLog": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-directpathnolog", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "DirectPathParallelLoad": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-directpathparallelload", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "EnableHomogenousTablespace": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-enablehomogenoustablespace", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "ExtraArchivedLogDestIds": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-extraarchivedlogdestids", + "PrimitiveItemType": "Integer", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + }, + "FailTasksOnLobTruncation": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-failtasksonlobtruncation", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "NumberDatatypeScale": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-numberdatatypescale", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "OraclePathPrefix": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-oraclepathprefix", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "ParallelAsmReadThreads": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-parallelasmreadthreads", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "ReadAheadBlocks": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-readaheadblocks", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "ReadTableSpaceName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-readtablespacename", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "ReplacePathPrefix": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-replacepathprefix", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "RetryInterval": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-retryinterval", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, "SecretsManagerAccessRoleArn": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-secretsmanageraccessrolearn", "PrimitiveType": "String", @@ -502,12 +701,126 @@ "PrimitiveType": "String", "Required": false, "UpdateType": "Mutable" + }, + "SecurityDbEncryption": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-securitydbencryption", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "SecurityDbEncryptionName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-securitydbencryptionname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "SpatialDataOptionToGeoJsonFunctionName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-spatialdataoptiontogeojsonfunctionname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "StandbyDelayTime": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-standbydelaytime", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "UseAlternateFolderForOnline": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usealternatefolderforonline", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UseBFile": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usebfile", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UseDirectPathFullLoad": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usedirectpathfullload", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UseLogminerReader": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-uselogminerreader", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "UsePathPrefix": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-oraclesettings.html#cfn-dms-endpoint-oraclesettings-usepathprefix", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" } } }, "AWS::DMS::Endpoint.PostgreSqlSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html", "Properties": { + "AfterConnectScript": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-afterconnectscript", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "CaptureDdls": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-captureddls", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "DdlArtifactsSchema": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-ddlartifactsschema", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "ExecuteTimeout": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-executetimeout", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "FailTasksOnLobTruncation": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-failtasksonlobtruncation", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "HeartbeatEnable": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-heartbeatenable", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "HeartbeatFrequency": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-heartbeatfrequency", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "HeartbeatSchema": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-heartbeatschema", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "MaxFileSize": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-maxfilesize", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "PluginName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-pluginname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, "SecretsManagerAccessRoleArn": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-secretsmanageraccessrolearn", "PrimitiveType": "String", @@ -519,6 +832,12 @@ "PrimitiveType": "String", "Required": false, "UpdateType": "Mutable" + }, + "SlotName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-slotname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" } } }, diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json index 9e211746a1002..a560e126ec48f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataBrew.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DataBrew::Dataset.CsvOptions": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-databrew-dataset-csvoptions.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json index 08c0b91c1a9b5..64977ff5f85ca 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataPipeline.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DataPipeline::Pipeline.Field": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-datapipeline-pipeline-pipelineobjects-fields.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json index 6814c2f59d551..616ef1f812aca 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DataSync.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DataSync::LocationEFS.Ec2Config": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-datasync-locationefs-ec2config.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json index aadbfcb5da29e..4a0cfa99fd393 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Detective.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Detective::Graph": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json index 3ff862dcd90e1..36ae1cdb432ca 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DevOpsGuru.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DevOpsGuru::NotificationChannel.NotificationChannelConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-devopsguru-notificationchannel-notificationchannelconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json index 8176716fdfebc..f1b85143d78fd 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DirectoryService.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DirectoryService::MicrosoftAD.VpcSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-directoryservice-microsoftad-vpcsettings.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json index 1859ee015f0a9..6d90d7c6c57d1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DocDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::DocDB::DBCluster": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json index 8310e71d5bcd4..3e1443f5c9b00 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_DynamoDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::DynamoDB::GlobalTable.AttributeDefinition": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-attributedefinition.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json index add912221c1d1..709bee378bf52 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EC2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::EC2::CapacityReservation.TagSpecification": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-capacityreservation-tagspecification.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json index b4dbc946f2272..d1f9fd3d4d0a0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECR.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ECR::ReplicationConfiguration.ReplicationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json index 16b5685a9268a..08b57e4b39f1d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ECS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ECS::CapacityProvider.AutoScalingGroupProvider": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-autoscalinggroupprovider.html", @@ -337,13 +337,13 @@ "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementconstraint.html#cfn-ecs-service-placementconstraint-expression", "PrimitiveType": "String", "Required": false, - "UpdateType": "Immutable" + "UpdateType": "Mutable" }, "Type": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementconstraint.html#cfn-ecs-service-placementconstraint-type", "PrimitiveType": "String", "Required": true, - "UpdateType": "Immutable" + "UpdateType": "Mutable" } } }, @@ -354,13 +354,13 @@ "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementstrategy.html#cfn-ecs-service-placementstrategy-field", "PrimitiveType": "String", "Required": false, - "UpdateType": "Immutable" + "UpdateType": "Mutable" }, "Type": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-placementstrategy.html#cfn-ecs-service-placementstrategy-type", "PrimitiveType": "String", "Required": true, - "UpdateType": "Immutable" + "UpdateType": "Mutable" } } }, @@ -1603,14 +1603,14 @@ "ItemType": "PlacementConstraint", "Required": false, "Type": "List", - "UpdateType": "Immutable" + "UpdateType": "Mutable" }, "PlacementStrategies": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-placementstrategies", "ItemType": "PlacementStrategy", "Required": false, "Type": "List", - "UpdateType": "Immutable" + "UpdateType": "Mutable" }, "PlatformVersion": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-platformversion", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json index 5743efb5a34eb..bba85ff5c3bfb 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EFS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::EFS::AccessPoint.AccessPointTag": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-accesspointtag.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json index feb909598c490..c873bddb7c055 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EKS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::EKS::Cluster.ClusterLogging": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-clusterlogging.html", @@ -18,8 +18,8 @@ "Properties": { "Provider": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider", - "PrimitiveType": "Json", "Required": false, + "Type": "Provider", "UpdateType": "Immutable" }, "Resources": { @@ -76,6 +76,17 @@ } } }, + "AWS::EKS::Cluster.Provider": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html", + "Properties": { + "KeyArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + } + } + }, "AWS::EKS::Cluster.ResourcesVpcConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html", "Properties": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json index 7ba86fe7a46b9..bcad3f358f03f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMR.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::EMR::Cluster.Application": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticmapreduce-cluster-application.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json index 7d233bd95ccd6..3abad19275971 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EMRContainers.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::EMRContainers::VirtualCluster.ContainerInfo": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-emrcontainers-virtualcluster-containerinfo.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json index 007147c8d8854..3efbceca22c1a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElastiCache.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ElastiCache::CacheCluster.CloudWatchLogsDestinationDetails": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cachecluster-cloudwatchlogsdestinationdetails.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json index ae516f1ac53db..3892b2fab02c4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticBeanstalk.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ElasticBeanstalk::Application.ApplicationResourceLifecycleConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticbeanstalk-application-applicationresourcelifecycleconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json index bb6cc2dce74a5..26e4988bc418b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancing.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ElasticLoadBalancing::LoadBalancer.AccessLoggingPolicy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-accessloggingpolicy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json index 6e5f45f6304b4..f273244dea180 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ElasticLoadBalancingV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ElasticLoadBalancingV2::Listener.Action": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json index c60d403cdec7f..89ab08a27ffb8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Elasticsearch.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Elasticsearch::Domain.AdvancedSecurityOptionsInput": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-advancedsecurityoptionsinput.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json index 4c209deab4b5f..0b254979b40ad 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_EventSchemas.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::EventSchemas::Discoverer.TagsEntry": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eventschemas-discoverer-tagsentry.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json index d9bf0d2663bef..a79d3477a59fe 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Events.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Events::Connection.ApiKeyAuthParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-connection-apikeyauthparameters.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json index 93da0b6ed6a2a..c3739861f7f4b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Evidently.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Evidently::Experiment.MetricGoalObject": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-evidently-experiment-metricgoalobject.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json index 6aeb599eefd2f..2a3401f2eaab2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FIS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::FIS::ExperimentTemplate.ExperimentTemplateAction": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fis-experimenttemplate-experimenttemplateaction.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json index 46aa360260463..d5207e4678790 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FMS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::FMS::Policy.IEMap": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json index 74c31ec547be8..bf141d918adcd 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FSx.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::FSx::FileSystem.AuditLogConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-windowsconfiguration-auditlogconfiguration.html", @@ -204,7 +204,7 @@ "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-ontapconfiguration.html#cfn-fsx-filesystem-ontapconfiguration-throughputcapacity", "PrimitiveType": "Integer", "Required": false, - "UpdateType": "Immutable" + "UpdateType": "Mutable" }, "WeeklyMaintenanceStartTime": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-ontapconfiguration.html#cfn-fsx-filesystem-ontapconfiguration-weeklymaintenancestarttime", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json index a77e993af024a..86880cc94fc99 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FinSpace.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::FinSpace::Environment.FederationParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-finspace-environment-federationparameters.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json index 88b70dfde00bc..9709f838af4ab 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Forecast.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Forecast::Dataset": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json index 9771bb30f675c..b1b4f999a8f8c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_FraudDetector.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::FraudDetector::Detector.EntityType": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-frauddetector-detector-entitytype.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json index 3a2796ee65ff6..b7561a98e604c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GameLift.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::GameLift::Alias.RoutingStrategy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-gamelift-alias-routingstrategy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json index b40343a251538..0a8a12315910a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GlobalAccelerator.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::GlobalAccelerator::EndpointGroup.EndpointConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-endpointgroup-endpointconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json index cedab3e5a2544..c92366799ca6f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Glue.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Glue::Classifier.CsvClassifier": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-classifier-csvclassifier.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json index 2029c87073c9f..6367efa5cac07 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Greengrass.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Greengrass::ConnectorDefinition.Connector": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connector.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json index fbe11510b5b49..2321c3c73723b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GreengrassV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::GreengrassV2::ComponentVersion.ComponentDependencyRequirement": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrassv2-componentversion-componentdependencyrequirement.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json index 70f7db435f582..e1074519290b8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GroundStation.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::GroundStation::Config.AntennaDownlinkConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-groundstation-config-antennadownlinkconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json index 61ef6e697381f..756a0faff9a28 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_GuardDuty.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::GuardDuty::Detector.CFNDataSourceConfigurations": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json index 48894bc8e9b9f..4a3a5cb3b66f4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_HealthLake.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::HealthLake::FHIRDatastore.KmsEncryptionConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-kmsencryptionconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json index 31d55f180aa2b..f08ee66a0e5d2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IAM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IAM::Group.Policy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json index db96adf0a36da..2112cfcccdd1a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IVS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IVS::RecordingConfiguration.DestinationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-destinationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json index 0fa14609abab2..e101857fd1382 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ImageBuilder.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ImageBuilder::ContainerRecipe.ComponentConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-containerrecipe-componentconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json index 342159403846e..a06ff4cf1de0a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Inspector.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Inspector::AssessmentTarget": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json index e2c7c28637957..5f3eea2e5bf8a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_InspectorV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::InspectorV2::Filter.DateFilter": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-inspectorv2-filter-datefilter.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json index 1b55d59949fa5..f05f51e09ccc5 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IoT::AccountAuditConfiguration.AuditCheckConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json index 0b45647d8018c..e81eb24a10880 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoT1Click.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IoT1Click::Project.DeviceTemplate": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot1click-project-devicetemplate.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json index 32ef1ef900e3d..06392c8d15228 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTAnalytics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IoTAnalytics::Channel.ChannelStorage": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotanalytics-channel-channelstorage.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json index 1b16fabbc6771..322b806dc2332 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTCoreDeviceAdvisor.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::IoTCoreDeviceAdvisor::SuiteDefinition": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json index f5c8a01e395e5..d053b8811e968 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTEvents.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IoTEvents::AlarmModel.AcknowledgeFlow": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotevents-alarmmodel-acknowledgeflow.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json index d8eb0c0f67d43..6f12fda293e65 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTFleetHub.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::IoTFleetHub::Application": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json index 89fb4b81f7b87..e0170b9b6e124 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTSiteWise.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IoTSiteWise::AccessPolicy.AccessPolicyIdentity": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-accesspolicy-accesspolicyidentity.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json index bb44f337a5d65..fc6cc4ef74ee0 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTThingsGraph.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IoTThingsGraph::FlowTemplate.DefinitionDocument": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotthingsgraph-flowtemplate-definitiondocument.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json index 3a1bc624604a4..2d914b2d402e4 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_IoTWireless.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::IoTWireless::DeviceProfile.LoRaWANDeviceProfile": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotwireless-deviceprofile-lorawandeviceprofile.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json index 9a8c5dc81c899..d06b5196495c6 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KMS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::KMS::Alias": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json index 4bd53485ff89c..068f42cc1c15d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KafkaConnect.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::KafkaConnect::Connector.ApacheKafkaCluster": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kafkaconnect-connector-apachekafkacluster.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json index 844f658a4d28d..048245cb5e16c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kendra.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Kendra::DataSource.AccessControlListConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kendra-datasource-accesscontrollistconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json index 506527f7e582f..3d4bcc50f28ad 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Kinesis.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Kinesis::Stream.StreamEncryption": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesis-stream-streamencryption.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json index 274721e096413..879036a701bb1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalytics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::KinesisAnalytics::Application.CSVMappingParameters": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisanalytics-application-csvmappingparameters.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json index 0f953718f8b0b..1ff96a9d04186 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisAnalyticsV2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::KinesisAnalyticsV2::Application.ApplicationCodeConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisanalyticsv2-application-applicationcodeconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json index e834216437405..c00db83b3de67 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisFirehose.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::KinesisFirehose::DeliveryStream.AmazonopensearchserviceBufferingHints": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-amazonopensearchservicebufferinghints.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json index b033fa1c1dce9..a65286545d35a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_KinesisVideo.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::KinesisVideo::SignalingChannel": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json index 97be64ac2ae10..0d273aad78230 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LakeFormation.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::LakeFormation::DataLakeSettings.Admins": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-datalakesettings-admins.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json index 8410ee175283e..ae495ce6d1f95 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lambda.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Lambda::Alias.AliasRoutingConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-aliasroutingconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json index 5b84bddd31d68..ec077e524ca06 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lex.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Lex::Bot.AdvancedRecognitionSetting": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lex-bot-advancedrecognitionsetting.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json index c5f86612ba7e2..6780cb0164e9a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LicenseManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::LicenseManager::License.BorrowConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-licensemanager-license-borrowconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json index b6e74e0dd10a2..08602fb1f9d02 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Lightsail.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Lightsail::Bucket.AccessRules": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lightsail-bucket-accessrules.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json index 56282c7b8294d..132b2a5a76c19 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Location.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Location::Map.MapConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-location-map-mapconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json index 614b08cff3161..019ee43b9259e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Logs.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Logs::MetricFilter.MetricTransformation": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json index 77cbcd73bea73..91d509bc29b51 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutEquipment.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::LookoutEquipment::InferenceScheduler": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json index 6b2d6aa000bd2..c5dd728b0282c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutMetrics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::LookoutMetrics::Alert.Action": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lookoutmetrics-alert-action.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json index d654b1a1da791..b841ea62893a5 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_LookoutVision.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::LookoutVision::Project": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json index 26816e3dc00d4..6334ba4ebd85d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MSK.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MSK::Cluster.BrokerLogs": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-brokerlogs.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json index 6ad262d484bb8..40f81113b56fe 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MWAA.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MWAA::Environment.LoggingConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mwaa-environment-loggingconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json index 7aeab3d3ab71a..1f020780832ff 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Macie.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Macie::FindingsFilter.Criterion": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-macie-findingsfilter-criterion.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json index 214c7ce42f797..7788065aaa8ce 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ManagedBlockchain.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ManagedBlockchain::Member.ApprovalThresholdPolicy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-managedblockchain-member-approvalthresholdpolicy.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json index 87e04105a1976..268e659bbb1fa 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConnect.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MediaConnect::Flow.Encryption": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flow-encryption.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json index e62127363e018..ca108de7d4e11 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaConvert.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MediaConvert::JobTemplate.AccelerationSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconvert-jobtemplate-accelerationsettings.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json index 432661c85d1e2..07f160f2aff60 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaLive.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MediaLive::Channel.AacSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-medialive-channel-aacsettings.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json index 0b7f7dffdca0a..d35d3353607b5 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaPackage.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MediaPackage::Asset.EgressEndpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackage-asset-egressendpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json index 359c46a49c958..fd99cc83dc129 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MediaStore.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MediaStore::Container.CorsRule": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediastore-container-corsrule.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json index 16e2ffd19738d..2f3279c691bc9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_MemoryDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::MemoryDB::Cluster.Endpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-memorydb-cluster-endpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json index 510739261020b..fe10967b8fb1b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Neptune.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Neptune::DBCluster.DBClusterRole": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-neptune-dbcluster-dbclusterrole.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json index 6104afc7f7f5b..87f491f339fe1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkFirewall.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::NetworkFirewall::Firewall.SubnetMapping": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-subnetmapping.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json index 01fd7e475bca6..786dd74fd6e20 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NetworkManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::NetworkManager::Device.Location": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkmanager-device-location.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json index c11221c00052d..bb59347e6d93a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_NimbleStudio.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::NimbleStudio::LaunchProfile.StreamConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-nimblestudio-launchprofile-streamconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json index 9b12f921347de..cb38bc35b25fb 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpenSearchService.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::OpenSearchService::Domain.AdvancedSecurityOptionsInput": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json index d78c3537817ba..adfa529eeb3ad 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorks.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::OpsWorks::App.DataSource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworks-app-datasource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json index 86f16e562ee40..ea11efc3556a1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_OpsWorksCM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::OpsWorksCM::Server.EngineAttribute": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworkscm-server-engineattribute.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json index 996210de5e2a8..225719b641e00 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Panorama.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Panorama::ApplicationInstance.ManifestOverridesPayload": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-panorama-applicationinstance-manifestoverridespayload.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json index 7338d9e5c2624..bf02ac3460e4e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Personalize.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Personalize::Dataset.DatasetImportJob": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-personalize-dataset-datasetimportjob.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json index 745a5a954231c..11a6d2484e887 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Pinpoint.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Pinpoint::ApplicationSettings.CampaignHook": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pinpoint-applicationsettings-campaignhook.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json index cc8ec549f6c9d..45c488cfa70a8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_PinpointEmail.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::PinpointEmail::ConfigurationSet.DeliveryOptions": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pinpointemail-configurationset-deliveryoptions.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json index c79dcca718bda..11c8c31b3e6be 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QLDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::QLDB::Stream.KinesisConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-qldb-stream-kinesisconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json index 27fbc41d6b7c1..d5113b88299c9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_QuickSight.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::QuickSight::Analysis.AnalysisError": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-quicksight-analysis-analysiserror.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json index a29931bfe0ea7..bf254c6c3ac7e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RAM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::RAM::ResourceShare": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json index 8c736b53103db..d34c706f590c1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RDS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::RDS::DBCluster.DBClusterRole": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-dbclusterrole.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json index 5bc6f30391434..77b5056c84279 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RUM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::RUM::AppMonitor.AppMonitorConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rum-appmonitor-appmonitorconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json index 3629c5115177b..ec5d4cb8d6a7d 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Redshift.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Redshift::Cluster.Endpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-redshift-cluster-endpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json index 244630b2a83fe..0241c3e136c64 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RefactorSpaces.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::RefactorSpaces::Application.ApiGatewayProxyInput": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-refactorspaces-application-apigatewayproxyinput.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json index 05a2634638b49..b7af9ddf4da75 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Rekognition.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::Rekognition::Collection": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json index 6d89c6372e982..5d746cd1d2e5a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResilienceHub.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ResilienceHub::App.PhysicalResourceId": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resiliencehub-app-physicalresourceid.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json index dce994bb4dbb9..32ea2da90078c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ResourceGroups.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ResourceGroups::Group.ConfigurationItem": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resourcegroups-group-configurationitem.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json index e9030414622d4..ae657003d96c8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_RoboMaker.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::RoboMaker::RobotApplication.RobotSoftwareSuite": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-robomaker-robotapplication-robotsoftwaresuite.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json index cab6632eb5ebe..539ce2b47cf06 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Route53::HealthCheck.HealthCheckTag": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-healthcheck-healthchecktag.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json index 7fa168c98f3d6..ba6f7179d0fd9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryControl.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Route53RecoveryControl::Cluster.ClusterEndpoint": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53recoverycontrol-cluster-clusterendpoint.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json index cff04ffe1db8e..c3d989e6ef5dd 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53RecoveryReadiness.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Route53RecoveryReadiness::ResourceSet.DNSTargetResource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53recoveryreadiness-resourceset-dnstargetresource.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json index 167e2d7f6a071..a7387022ac7a2 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Route53Resolver.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Route53Resolver::FirewallRuleGroup.FirewallRule": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json index 41ba5c107ed6b..e02d59ddd160a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::S3::AccessPoint.PublicAccessBlockConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json index 5a159d6c3017d..89b0cf0a806f8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3ObjectLambda.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::S3ObjectLambda::AccessPoint.ObjectLambdaConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3objectlambda-accesspoint-objectlambdaconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json index 606d9937a6fe8..710e765160180 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_S3Outposts.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::S3Outposts::AccessPoint.VpcConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3outposts-accesspoint-vpcconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json index fcca6d6b5c862..3e1c1cb5f14cd 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SDB.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::SDB::Domain": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json index 65b1f9060108b..b7f876672425b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SES.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SES::ConfigurationSetEventDestination.CloudWatchDestination": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-configurationseteventdestination-cloudwatchdestination.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json index f1be4f95b6d34..d18230fc7d027 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SNS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SNS::Topic.Subscription": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-subscription.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json index ad4aa5617c916..03ed3429b558b 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SQS.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::SQS::Queue": { @@ -111,21 +111,16 @@ } }, "AWS::SQS::QueuePolicy": { - "Attributes": { - "Id": { - "PrimitiveType": "String" - } - }, - "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html", + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html", "Properties": { "PolicyDocument": { - "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html#cfn-sqs-queuepolicy-policydocument", + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html#cfn-sqs-queuepolicy-policydoc", "PrimitiveType": "Json", "Required": true, "UpdateType": "Mutable" }, "Queues": { - "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html#cfn-sqs-queuepolicy-queues", + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html#cfn-sqs-queuepolicy-queues", "DuplicatesAllowed": true, "PrimitiveItemType": "String", "Required": true, diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json index 52e3472b8283b..86116ba415876 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSM.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SSM::Association.InstanceAssociationOutputLocation": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-association-instanceassociationoutputlocation.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json index 85b57e417440b..dd05422752be1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMContacts.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SSMContacts::Contact.ChannelTargetInfo": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssmcontacts-contact-channeltargetinfo.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json index ab44592fea2bf..a374edbe7f28c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSMIncidents.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SSMIncidents::ReplicationSet.RegionConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssmincidents-replicationset-regionconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json index 1d1440ab395a8..1f6d774fae724 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SSO.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SSO::InstanceAccessControlAttributeConfiguration.AccessControlAttribute": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json index 56ea6f7cfb860..b5153d8bd618a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SageMaker.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SageMaker::App.ResourceSpec": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-app-resourcespec.html", @@ -442,6 +442,25 @@ } } }, + "AWS::SageMaker::Domain.DomainSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html", + "Properties": { + "RStudioServerProDomainSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html#cfn-sagemaker-domain-domainsettings-rstudioserverprodomainsettings", + "Required": false, + "Type": "RStudioServerProDomainSettings", + "UpdateType": "Mutable" + }, + "SecurityGroupIds": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html#cfn-sagemaker-domain-domainsettings-securitygroupids", + "DuplicatesAllowed": true, + "PrimitiveItemType": "String", + "Required": false, + "Type": "List", + "UpdateType": "Immutable" + } + } + }, "AWS::SageMaker::Domain.JupyterServerAppSettings": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-jupyterserverappsettings.html", "Properties": { @@ -472,6 +491,52 @@ } } }, + "AWS::SageMaker::Domain.RStudioServerProAppSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverproappsettings.html", + "Properties": { + "AccessStatus": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverproappsettings.html#cfn-sagemaker-domain-rstudioserverproappsettings-accessstatus", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "UserGroup": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverproappsettings.html#cfn-sagemaker-domain-rstudioserverproappsettings-usergroup", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::SageMaker::Domain.RStudioServerProDomainSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverprodomainsettings.html", + "Properties": { + "DefaultResourceSpec": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverprodomainsettings.html#cfn-sagemaker-domain-rstudioserverprodomainsettings-defaultresourcespec", + "Required": false, + "Type": "ResourceSpec", + "UpdateType": "Immutable" + }, + "DomainExecutionRoleArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverprodomainsettings.html#cfn-sagemaker-domain-rstudioserverprodomainsettings-domainexecutionrolearn", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "RStudioConnectUrl": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverprodomainsettings.html#cfn-sagemaker-domain-rstudioserverprodomainsettings-rstudioconnecturl", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "RStudioPackageManagerUrl": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-rstudioserverprodomainsettings.html#cfn-sagemaker-domain-rstudioserverprodomainsettings-rstudiopackagemanagerurl", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + } + } + }, "AWS::SageMaker::Domain.ResourceSpec": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-resourcespec.html", "Properties": { @@ -539,6 +604,12 @@ "Type": "KernelGatewayAppSettings", "UpdateType": "Mutable" }, + "RStudioServerProAppSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-rstudioserverproappsettings", + "Required": false, + "Type": "RStudioServerProAppSettings", + "UpdateType": "Mutable" + }, "SecurityGroups": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-securitygroups", "DuplicatesAllowed": true, @@ -2358,6 +2429,23 @@ } } }, + "AWS::SageMaker::UserProfile.RStudioServerProAppSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-rstudioserverproappsettings.html", + "Properties": { + "AccessStatus": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-rstudioserverproappsettings.html#cfn-sagemaker-userprofile-rstudioserverproappsettings-accessstatus", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + }, + "UserGroup": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-rstudioserverproappsettings.html#cfn-sagemaker-userprofile-rstudioserverproappsettings-usergroup", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + } + } + }, "AWS::SageMaker::UserProfile.ResourceSpec": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-resourcespec.html", "Properties": { @@ -2425,6 +2513,12 @@ "Type": "KernelGatewayAppSettings", "UpdateType": "Mutable" }, + "RStudioServerProAppSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-rstudioserverproappsettings", + "Required": false, + "Type": "RStudioServerProAppSettings", + "UpdateType": "Mutable" + }, "SecurityGroups": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-securitygroups", "DuplicatesAllowed": true, @@ -2740,6 +2834,9 @@ "HomeEfsFileSystemId": { "PrimitiveType": "String" }, + "SecurityGroupIdForDomainBoundary": { + "PrimitiveType": "String" + }, "SingleSignOnManagedApplicationInstanceId": { "PrimitiveType": "String" }, @@ -2755,6 +2852,12 @@ "Required": false, "UpdateType": "Immutable" }, + "AppSecurityGroupManagement": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html#cfn-sagemaker-domain-appsecuritygroupmanagement", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + }, "AuthMode": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html#cfn-sagemaker-domain-authmode", "PrimitiveType": "String", @@ -2773,6 +2876,12 @@ "Required": true, "UpdateType": "Immutable" }, + "DomainSettings": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html#cfn-sagemaker-domain-domainsettings", + "Required": false, + "Type": "DomainSettings", + "UpdateType": "Mutable" + }, "KmsKeyId": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html#cfn-sagemaker-domain-kmskeyid", "PrimitiveType": "String", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json index f244c0790c684..c518822a0d6ca 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecretsManager.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::SecretsManager::RotationSchedule.HostedRotationLambda": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-rotationschedule-hostedrotationlambda.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json index 0c2b4c4e27e19..ffd6469afa82e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_SecurityHub.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::SecurityHub::Hub": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json index d8cfd9227d7c6..e6981019f167c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalog.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ServiceCatalog::CloudFormationProduct.ProvisioningArtifactProperties": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-servicecatalog-cloudformationproduct-provisioningartifactproperties.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json index 27a603fcf7cb9..3394fdcbdc43f 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceCatalogAppRegistry.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": {}, "ResourceTypes": { "AWS::ServiceCatalogAppRegistry::Application": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json index 6533cfd0ed89f..6703a55412649 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_ServiceDiscovery.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::ServiceDiscovery::PrivateDnsNamespace.PrivateDnsPropertiesMutable": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-servicediscovery-privatednsnamespace-privatednspropertiesmutable.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json index ac65819177be2..064c7a1000b64 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Signer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Signer::SigningProfile.SignatureValidityPeriod": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-signer-signingprofile-signaturevalidityperiod.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json index f837189a4079a..568e76f18bb3e 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_StepFunctions.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::StepFunctions::Activity.TagsEntry": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stepfunctions-activity-tagsentry.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json index 8d2f18abd9309..1913280df82ed 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Synthetics.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Synthetics::Canary.ArtifactConfig": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-artifactconfig.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json index cb18ef5d2fa0d..525740ac94c23 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Timestream.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Timestream::ScheduledQuery.DimensionMapping": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-timestream-scheduledquery-dimensionmapping.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json index 2570ee33a06ce..0e78fa72cad74 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Transfer.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Transfer::Server.EndpointDetails": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json index aef9d7abb75ec..03b2d809585aa 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAF.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::WAF::ByteMatchSet.ByteMatchTuple": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-bytematchset-bytematchtuples.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json index d6d436cdb9274..0ee74e285b8dc 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFRegional.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::WAFRegional::ByteMatchSet.ByteMatchTuple": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-bytematchset-bytematchtuple.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json index cd2524b6eed39..15c980e2dd7a9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WAFv2.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::WAFv2::LoggingConfiguration.FieldToMatch": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json index b100b5ba69b48..4f970e00b68cf 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_Wisdom.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::Wisdom::Assistant.ServerSideEncryptionConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wisdom-assistant-serversideencryptionconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json index d1d1b380fd109..f090b864ac3fd 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_WorkSpaces.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::WorkSpaces::ConnectionAlias.ConnectionAliasAssociation": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-connectionalias-connectionaliasassociation.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json index cc356a17882c1..86833dc185fef 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_AWS_XRay.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "AWS::XRay::Group.InsightsConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-xray-group-insightsconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json index c3f50a0424edd..640471a91baca 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Alexa_ASK.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "Alexa::ASK::Skill.AuthenticationConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ask-skill-authenticationconfiguration.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json index 2218ba7d03d34..70ecedfc02b9a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/000_Tag.json @@ -1,5 +1,5 @@ { - "$version": "62.0.0", + "$version": "65.0.0", "PropertyTypes": { "Tag": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html", diff --git a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json index 0b72c26e9f22e..5c69a88216bc1 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json +++ b/packages/@aws-cdk/cfnspec/spec-source/specification/000_cfn/000_official/001_Version.json @@ -1,3 +1,3 @@ { - "ResourceSpecificationVersion": "62.0.0" + "ResourceSpecificationVersion": "65.0.0" } diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts index 50c2dc35a5eab..5fd6eb6ceda07 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/index.ts @@ -1,3 +1,4 @@ export * from './cloud-assembly'; export * from './assets'; export * from './manifest'; +export * from './integ-tests'; diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/common.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/common.ts new file mode 100644 index 0000000000000..01ab969b63098 --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/common.ts @@ -0,0 +1,202 @@ +/** + * In what scenarios should the CLI ask for approval + */ +export enum RequireApproval { + /** + * Never ask for approval + */ + NEVER = 'never', + + /** + * Prompt for approval for any type of change to the stack + */ + ANYCHANGE = 'any-change', + + /** + * Only prompt for approval if there are security related changes + */ + BROADENING = 'broadening' +} + +/** + * Default CDK CLI options that apply to all commands + */ +export interface DefaultCdkOptions { + /** + * List of stacks to deploy + * + * Requried if `all` is not set + * + * @default - [] + */ + readonly stacks?: string[]; + + /** + * Deploy all stacks + * + * Requried if `stacks` is not set + * + * @default - false + */ + readonly all?: boolean; + + /** + * command-line for executing your app or a cloud assembly directory + * e.g. "node bin/my-app.js" + * or + * "cdk.out" + * + * @default - read from cdk.json + */ + readonly app?: string; + + + /** + * Role to pass to CloudFormation for deployment + * + * @default - use the bootstrap cfn-exec role + */ + readonly roleArn?: string; + + /** + * Additional context + * + * @default - no additional context + */ + readonly context?: { [name: string]: string }; + + /** + * Print trace for stack warnings + * + * @default false + */ + readonly trace?: boolean; + + /** + * Do not construct stacks with warnings + * + * @default false + */ + readonly strict?: boolean; + + /** + * Perform context lookups. + * + * Synthesis fails if this is disabled and context lookups need + * to be performed + * + * @default true + */ + readonly lookups?: boolean; + + /** + * Ignores synthesis errors, which will likely produce an invalid output + * + * @default false + */ + readonly ignoreErrors?: boolean; + + /** + * Use JSON output instead of YAML when templates are printed + * to STDOUT + * + * @default false + */ + readonly json?: boolean; + + /** + * show debug logs + * + * @default false + */ + readonly verbose?: boolean; + + /** + * enable emission of additional debugging information, such as creation stack + * traces of tokens + * + * @default false + */ + readonly debug?: boolean; + + /** + * Use the indicated AWS profile as the default environment + * + * @default - no profile is used + */ + readonly profile?: string; + + /** + * Use the indicated proxy. Will read from + * HTTPS_PROXY environment if specified + * + * @default - no proxy + */ + readonly proxy?: string; + + /** + * Path to CA certificate to use when validating HTTPS + * requests. + * + * @default - read from AWS_CA_BUNDLE environment variable + */ + readonly caBundlePath?: string; + + /** + * Force trying to fetch EC2 instance credentials + * + * @default - guess EC2 instance status + */ + readonly ec2Creds?: boolean; + + /** + * Include "AWS::CDK::Metadata" resource in synthesized templates + * + * @default true + */ + readonly versionReporting?: boolean; + + /** + * Include "aws:cdk:path" CloudFormation metadata for each resource + * + * @default true + */ + readonly pathMetadata?: boolean; + + /** + * Include "aws:asset:*" CloudFormation metadata for resources that use assets + * + * @default true + */ + readonly assetMetadata?: boolean; + + /** + * Copy assets to the output directory + * + * Needed for local debugging the source files with SAM CLI + * + * @default false + */ + readonly staging?: boolean; + + /** + * Emits the synthesized cloud assembly into a directory + * + * @default cdk.out + */ + readonly output?: string; + + /** + * Show relevant notices + * + * @default true + */ + readonly notices?: boolean; + + /** + * Show colors and other style from console output + * + * @default true + */ + readonly color?: boolean; +} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts new file mode 100644 index 0000000000000..09a20c610f12d --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts @@ -0,0 +1,97 @@ +import { DefaultCdkOptions, RequireApproval } from './common'; + +/** + * Options to use with cdk deploy + */ +export interface DeployOptions extends DefaultCdkOptions { + /** + * Only perform action on the given stack + * + * @default false + */ + readonly exclusively?: boolean; + + /** + * Name of the toolkit stack to use/deploy + * + * @default CDKToolkit + */ + readonly toolkitStackName?: string; + + /** + * Reuse the assets with the given asset IDs + * + * @default - do not reuse assets + */ + readonly reuseAssets?: string[]; + + /** + * Optional name to use for the CloudFormation change set. + * If not provided, a name will be generated automatically. + * + * @default - auto generate a name + */ + readonly changeSetName?: string; + + /** + * Always deploy, even if templates are identical. + * @default false + */ + readonly force?: boolean; + + /** + * Rollback failed deployments + * + * @default true + */ + readonly rollback?: boolean; + + /** + * ARNs of SNS topics that CloudFormation will notify with stack related events + * + * @default - no notifications + */ + readonly notificationArns?: string[]; + + /** + * What kind of security changes require approval + * + * @default RequireApproval.Never + */ + readonly requireApproval?: RequireApproval; + + /** + * Whether to execute the ChangeSet + * Not providing `execute` parameter will result in execution of ChangeSet + * @default true + */ + readonly execute?: boolean; + + /** + * Additional parameters for CloudFormation at deploy time + * @default {} + */ + readonly parameters?: { [name: string]: string }; + + /** + * Use previous values for unspecified parameters + * + * If not set, all parameters must be specified for every deployment. + * + * @default true + */ + readonly usePreviousParameters?: boolean; + + /** + * Path to file where stack outputs will be written after a successful deploy as JSON + * @default - Outputs are not written to any file + */ + readonly outputsFile?: string; + + /** + * Whether we are on a CI system + * + * @default false + */ + readonly ci?: boolean; +} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts new file mode 100644 index 0000000000000..9dfe8f267c6db --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts @@ -0,0 +1,20 @@ +import { DefaultCdkOptions } from './common'; + +/** + * Options to use with cdk destroy + */ +export interface DestroyOptions extends DefaultCdkOptions { + /** + * Do not ask for permission before destroying stacks + * + * @default false + */ + readonly force?: boolean; + + /** + * Only destroy the given stack + * + * @default false + */ + readonly exclusively?: boolean; +} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/index.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/index.ts new file mode 100644 index 0000000000000..528980446938b --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/commands/index.ts @@ -0,0 +1,3 @@ +export * from './common'; +export * from './deploy'; +export * from './destroy'; diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/index.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/index.ts new file mode 100644 index 0000000000000..5a08e62a47958 --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/index.ts @@ -0,0 +1,3 @@ +export * from './schema'; +export * from './commands'; +export * from './test-case'; diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts new file mode 100644 index 0000000000000..4eccc8a6422b4 --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts @@ -0,0 +1,26 @@ +import { TestCase } from './test-case'; +/** + * Definitions for the integration testing manifest + */ +export interface IntegManifest { + /** + * Version of the manifest + */ + readonly version: string; + + /** + * Enable lookups for this test. If lookups are enabled + * then `stackUpdateWorkflow` must be set to false. + * Lookups should only be enabled when you are explicitely testing + * lookups. + * + * @default false + */ + readonly enableLookups?: boolean; + + /** + * test cases + */ + readonly testCases: { [testName: string]: TestCase }; +} + diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/test-case.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/test-case.ts new file mode 100644 index 0000000000000..6d3ecc05c626e --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/integ-tests/test-case.ts @@ -0,0 +1,186 @@ +import { DeployOptions, DestroyOptions } from './commands'; + +/** + * Represents an integration test test case + */ +export interface TestCase { + /** + * Stacks that should be tested as part of this test case + * The stackNames will be passed as args to the cdk commands + * so dependent stacks will be automatically deployed unless + * `exclusively` is passed + */ + readonly stacks: string[]; + + /** + * Run update workflow on this test case + * This should only be set to false to test scenarios + * that are not possible to test as part of the update workflow + * + * @default true + */ + readonly stackUpdateWorkflow?: boolean; + + /** + * Additional options to use for each CDK command + * + * @default - runner default options + */ + readonly cdkCommandOptions?: CdkCommands; + + /** + * Additional commands to run at predefined points in the test workflow + * + * e.g. { postDeploy: ['yarn', 'test'] } + * + * @default - no hooks + */ + readonly hooks?: Hooks; + + /** + * Whether or not to include asset hashes in the diff + * Asset hashes can introduces a lot of unneccessary noise into tests, + * but there are some cases where asset hashes _should_ be included. For example + * any tests involving custom resources or bundling + * + * @default false + */ + readonly diffAssets?: boolean; + + /** + * List of CloudFormation resource types in this stack that can + * be destroyed as part of an update without failing the test. + * + * This list should only include resources that for this specific + * integration test we are sure will not cause errors or an outage if + * destroyed. For example, maybe we know that a new resource will be created + * first before the old resource is destroyed which prevents any outage. + * + * e.g. ['AWS::IAM::Role'] + * + * @default - do not allow destruction of any resources on update + */ + readonly allowDestroy?: string[]; + + /** + * Limit deployment to these regions + * + * @default - can run in any region + */ + readonly regions?: string[]; +} + +/** + * Commands to run at predefined points during the + * integration test workflow + */ +export interface Hooks { + /** + * Commands to run prior to deploying the cdk stacks + * in the integration test + * + * @default - no commands + */ + readonly preDeploy?: string[]; + + /** + * Commands to run prior after deploying the cdk stacks + * in the integration test + * + * @default - no commands + */ + readonly postDeploy?: string[]; + + /** + * Commands to run prior to destroying the cdk stacks + * in the integration test + * + * @default - no commands + */ + readonly preDestroy?: string[]; + + /** + * Commands to run after destroying the cdk stacks + * in the integration test + * + * @default - no commands + */ + readonly postDestroy?: string[]; +} + +/** + * Represents a cdk command + * i.e. `synth`, `deploy`, & `destroy` + */ +export interface CdkCommand { + /** + * Whether or not to run this command as part of the workflow + * This can be used if you only want to test some of the workflow + * for example enable `synth` and disable `deploy` & `destroy` in order + * to limit the test to synthesis + * + * @default true + */ + readonly enabled?: boolean; + + /** + * If the runner should expect this command to fail + * + * @default false + */ + readonly expectError?: boolean; + + /** + * This can be used in combination with `expectedError` + * to validate that a specific message is returned. + * + * @default - do not validate message + */ + readonly expectedMessage?: string; +} + +/** + * Represents a cdk deploy command + */ +export interface DeployCommand extends CdkCommand { + /** + * Additional arguments to pass to the command + * This can be used to test specific CLI functionality + * + * @default - only default args are used + */ + readonly args?: DeployOptions; +} + +/** + * Represents a cdk destroy command + */ +export interface DestroyCommand extends CdkCommand { + /** + * Additional arguments to pass to the command + * This can be used to test specific CLI functionality + * + * @default - only default args are used + */ + readonly args?: DestroyOptions; +} + +/** + * Options for specific cdk commands that are run + * as part of the integration test workflow + */ +export interface CdkCommands { + /** + * Options to for the cdk deploy command + * + * @default - default deploy options + */ + readonly deploy?: DeployCommand; + + /** + * Options to for the cdk destroy command + * + * @default - default destroy options + */ + readonly destroy?: DestroyCommand; +} diff --git a/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts b/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts index d2ceb45685678..62f7894a54dd3 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts +++ b/packages/@aws-cdk/cloud-assembly-schema/lib/manifest.ts @@ -3,6 +3,7 @@ import * as jsonschema from 'jsonschema'; import * as semver from 'semver'; import * as assets from './assets'; import * as assembly from './cloud-assembly'; +import * as integ from './integ-tests'; /* eslint-disable @typescript-eslint/no-var-requires */ /* eslint-disable @typescript-eslint/no-require-imports */ @@ -21,6 +22,8 @@ const ASSEMBLY_SCHEMA = require('../schema/cloud-assembly.schema.json'); */ const SCHEMA_VERSION = require('../schema/cloud-assembly.version.json').version; +const INTEG_SCHEMA = require('../schema/integ.schema.json'); + /** * Options for the loadManifest operation */ @@ -89,6 +92,25 @@ export class Manifest { return this.loadManifest(filePath, ASSETS_SCHEMA); } + /** + * Validates and saves the integ manifest to file. + * + * @param manifest - manifest. + * @param filePath - output file path. + */ + public static saveIntegManifest(manifest: integ.IntegManifest, filePath: string) { + Manifest.saveManifest(manifest, filePath, INTEG_SCHEMA); + } + + /** + * Load and validates the integ manifest from file. + * + * @param filePath - path to the manifest file. + */ + public static loadIntegManifest(filePath: string): integ.IntegManifest { + return this.loadManifest(filePath, INTEG_SCHEMA); + } + /** * Fetch the current schema version number. */ @@ -251,4 +273,4 @@ function noUndefined(xs: A): A { function stripEnumErrors(errors: jsonschema.ValidationError[]) { return errors.filter(e => typeof e.schema ==='string' || !('enum' in e.schema)); -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json index ae7a33e962d0b..90bef2e09ad39 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json +++ b/packages/@aws-cdk/cloud-assembly-schema/schema/cloud-assembly.version.json @@ -1 +1 @@ -{"version":"16.0.0"} +{"version":"17.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/cloud-assembly-schema/schema/integ.schema.json b/packages/@aws-cdk/cloud-assembly-schema/schema/integ.schema.json new file mode 100644 index 0000000000000..676c1bdab91dd --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/schema/integ.schema.json @@ -0,0 +1,474 @@ +{ + "$ref": "#/definitions/IntegManifest", + "definitions": { + "IntegManifest": { + "description": "Definitions for the integration testing manifest", + "type": "object", + "properties": { + "version": { + "description": "Version of the manifest", + "type": "string" + }, + "enableLookups": { + "description": "Enable lookups for this test. If lookups are enabled\nthen `stackUpdateWorkflow` must be set to false.\nLookups should only be enabled when you are explicitely testing\nlookups.", + "default": false, + "type": "boolean" + }, + "testCases": { + "description": "test cases", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/TestCase" + } + } + }, + "required": [ + "testCases", + "version" + ] + }, + "TestCase": { + "description": "Represents an integration test test case", + "type": "object", + "properties": { + "stacks": { + "description": "Stacks that should be tested as part of this test case\nThe stackNames will be passed as args to the cdk commands\nso dependent stacks will be automatically deployed unless\n`exclusively` is passed", + "type": "array", + "items": { + "type": "string" + } + }, + "stackUpdateWorkflow": { + "description": "Run update workflow on this test case\nThis should only be set to false to test scenarios\nthat are not possible to test as part of the update workflow (Default true)", + "type": "boolean" + }, + "cdkCommandOptions": { + "description": "Additional options to use for each CDK command (Default - runner default options)", + "$ref": "#/definitions/CdkCommands" + }, + "hooks": { + "description": "Additional commands to run at predefined points in the test workflow\n\ne.g. { postDeploy: ['yarn', 'test'] } (Default - no hooks)", + "$ref": "#/definitions/Hooks" + }, + "diffAssets": { + "description": "Whether or not to include asset hashes in the diff\nAsset hashes can introduces a lot of unneccessary noise into tests,\nbut there are some cases where asset hashes _should_ be included. For example\nany tests involving custom resources or bundling", + "default": false, + "type": "boolean" + }, + "allowDestroy": { + "description": "List of CloudFormation resource types in this stack that can\nbe destroyed as part of an update without failing the test.\n\nThis list should only include resources that for this specific\nintegration test we are sure will not cause errors or an outage if\ndestroyed. For example, maybe we know that a new resource will be created\nfirst before the old resource is destroyed which prevents any outage.\n\ne.g. ['AWS::IAM::Role'] (Default - do not allow destruction of any resources on update)", + "type": "array", + "items": { + "type": "string" + } + }, + "regions": { + "description": "Limit deployment to these regions (Default - can run in any region)", + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "stacks" + ] + }, + "CdkCommands": { + "description": "Options for specific cdk commands that are run\nas part of the integration test workflow", + "type": "object", + "properties": { + "deploy": { + "description": "Options to for the cdk deploy command (Default - default deploy options)", + "$ref": "#/definitions/DeployCommand" + }, + "destroy": { + "description": "Options to for the cdk destroy command (Default - default destroy options)", + "$ref": "#/definitions/DestroyCommand" + } + } + }, + "DeployCommand": { + "description": "Represents a cdk deploy command", + "type": "object", + "properties": { + "args": { + "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", + "$ref": "#/definitions/DeployOptions" + }, + "enabled": { + "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", + "type": "boolean" + }, + "expectError": { + "description": "If the runner should expect this command to fail", + "default": false, + "type": "boolean" + }, + "expectedMessage": { + "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", + "type": "string" + } + } + }, + "DeployOptions": { + "description": "Options to use with cdk deploy", + "type": "object", + "properties": { + "exclusively": { + "description": "Only perform action on the given stack", + "default": false, + "type": "boolean" + }, + "toolkitStackName": { + "description": "Name of the toolkit stack to use/deploy (Default CDKToolkit)", + "type": "string" + }, + "reuseAssets": { + "description": "Reuse the assets with the given asset IDs (Default - do not reuse assets)", + "type": "array", + "items": { + "type": "string" + } + }, + "changeSetName": { + "description": "Optional name to use for the CloudFormation change set.\nIf not provided, a name will be generated automatically. (Default - auto generate a name)", + "type": "string" + }, + "force": { + "description": "Always deploy, even if templates are identical.", + "default": false, + "type": "boolean" + }, + "rollback": { + "description": "Rollback failed deployments (Default true)", + "type": "boolean" + }, + "notificationArns": { + "description": "ARNs of SNS topics that CloudFormation will notify with stack related events (Default - no notifications)", + "type": "array", + "items": { + "type": "string" + } + }, + "requireApproval": { + "description": "What kind of security changes require approval (Default RequireApproval.Never)", + "enum": [ + "any-change", + "broadening", + "never" + ], + "type": "string" + }, + "execute": { + "description": "Whether to execute the ChangeSet\nNot providing `execute` parameter will result in execution of ChangeSet (Default true)", + "type": "boolean" + }, + "parameters": { + "description": "Additional parameters for CloudFormation at deploy time (Default [object Object])", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "usePreviousParameters": { + "description": "Use previous values for unspecified parameters\n\nIf not set, all parameters must be specified for every deployment. (Default true)", + "type": "boolean" + }, + "outputsFile": { + "description": "Path to file where stack outputs will be written after a successful deploy as JSON (Default - Outputs are not written to any file)", + "type": "string" + }, + "ci": { + "description": "Whether we are on a CI system", + "default": false, + "type": "boolean" + }, + "stacks": { + "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", + "type": "array", + "items": { + "type": "string" + } + }, + "all": { + "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", + "type": "boolean" + }, + "app": { + "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", + "type": "string" + }, + "roleArn": { + "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", + "type": "string" + }, + "context": { + "description": "Additional context (Default - no additional context)", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "trace": { + "description": "Print trace for stack warnings", + "default": false, + "type": "boolean" + }, + "strict": { + "description": "Do not construct stacks with warnings", + "default": false, + "type": "boolean" + }, + "lookups": { + "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", + "type": "boolean" + }, + "ignoreErrors": { + "description": "Ignores synthesis errors, which will likely produce an invalid output", + "default": false, + "type": "boolean" + }, + "json": { + "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", + "default": false, + "type": "boolean" + }, + "verbose": { + "description": "show debug logs", + "default": false, + "type": "boolean" + }, + "debug": { + "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", + "default": false, + "type": "boolean" + }, + "profile": { + "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", + "type": "string" + }, + "proxy": { + "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", + "type": "string" + }, + "caBundlePath": { + "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", + "type": "string" + }, + "ec2Creds": { + "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", + "type": "boolean" + }, + "versionReporting": { + "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", + "type": "boolean" + }, + "pathMetadata": { + "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", + "type": "boolean" + }, + "assetMetadata": { + "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", + "type": "boolean" + }, + "staging": { + "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", + "default": false, + "type": "boolean" + }, + "output": { + "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", + "type": "string" + }, + "notices": { + "description": "Show relevant notices (Default true)", + "type": "boolean" + }, + "color": { + "description": "Show colors and other style from console output (Default true)", + "type": "boolean" + } + } + }, + "DestroyCommand": { + "description": "Represents a cdk destroy command", + "type": "object", + "properties": { + "args": { + "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", + "$ref": "#/definitions/DestroyOptions" + }, + "enabled": { + "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", + "type": "boolean" + }, + "expectError": { + "description": "If the runner should expect this command to fail", + "default": false, + "type": "boolean" + }, + "expectedMessage": { + "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", + "type": "string" + } + } + }, + "DestroyOptions": { + "description": "Options to use with cdk destroy", + "type": "object", + "properties": { + "force": { + "description": "Do not ask for permission before destroying stacks", + "default": false, + "type": "boolean" + }, + "exclusively": { + "description": "Only destroy the given stack", + "default": false, + "type": "boolean" + }, + "stacks": { + "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", + "type": "array", + "items": { + "type": "string" + } + }, + "all": { + "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", + "type": "boolean" + }, + "app": { + "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", + "type": "string" + }, + "roleArn": { + "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", + "type": "string" + }, + "context": { + "description": "Additional context (Default - no additional context)", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "trace": { + "description": "Print trace for stack warnings", + "default": false, + "type": "boolean" + }, + "strict": { + "description": "Do not construct stacks with warnings", + "default": false, + "type": "boolean" + }, + "lookups": { + "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", + "type": "boolean" + }, + "ignoreErrors": { + "description": "Ignores synthesis errors, which will likely produce an invalid output", + "default": false, + "type": "boolean" + }, + "json": { + "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", + "default": false, + "type": "boolean" + }, + "verbose": { + "description": "show debug logs", + "default": false, + "type": "boolean" + }, + "debug": { + "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", + "default": false, + "type": "boolean" + }, + "profile": { + "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", + "type": "string" + }, + "proxy": { + "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", + "type": "string" + }, + "caBundlePath": { + "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", + "type": "string" + }, + "ec2Creds": { + "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", + "type": "boolean" + }, + "versionReporting": { + "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", + "type": "boolean" + }, + "pathMetadata": { + "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", + "type": "boolean" + }, + "assetMetadata": { + "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", + "type": "boolean" + }, + "staging": { + "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", + "default": false, + "type": "boolean" + }, + "output": { + "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", + "type": "string" + }, + "notices": { + "description": "Show relevant notices (Default true)", + "type": "boolean" + }, + "color": { + "description": "Show colors and other style from console output (Default true)", + "type": "boolean" + } + } + }, + "Hooks": { + "description": "Commands to run at predefined points during the\nintegration test workflow", + "type": "object", + "properties": { + "preDeploy": { + "description": "Commands to run prior to deploying the cdk stacks\nin the integration test (Default - no commands)", + "type": "array", + "items": { + "type": "string" + } + }, + "postDeploy": { + "description": "Commands to run prior after deploying the cdk stacks\nin the integration test (Default - no commands)", + "type": "array", + "items": { + "type": "string" + } + }, + "preDestroy": { + "description": "Commands to run prior to destroying the cdk stacks\nin the integration test (Default - no commands)", + "type": "array", + "items": { + "type": "string" + } + }, + "postDestroy": { + "description": "Commands to run after destroying the cdk stacks\nin the integration test (Default - no commands)", + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "$schema": "http://json-schema.org/draft-07/schema#" +} \ No newline at end of file diff --git a/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts b/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts index e92083d34b0a6..13a410cd4a36f 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts +++ b/packages/@aws-cdk/cloud-assembly-schema/scripts/update-schema.ts @@ -17,6 +17,7 @@ const SCHEMA_DIR = path.resolve(__dirname, '../schema'); const SCHEMA_DEFINITIONS: { [schemaName: string]: { rootTypeName: string } } = { 'assets': { rootTypeName: 'AssetManifest' }, 'cloud-assembly': { rootTypeName: 'AssemblyManifest' }, + 'integ': { rootTypeName: 'IntegManifest' }, }; export const SCHEMAS = Object.keys(SCHEMA_DEFINITIONS); diff --git a/packages/@aws-cdk/cloud-assembly-schema/test/integ-tests.test.ts b/packages/@aws-cdk/cloud-assembly-schema/test/integ-tests.test.ts new file mode 100644 index 0000000000000..3baefc89d750f --- /dev/null +++ b/packages/@aws-cdk/cloud-assembly-schema/test/integ-tests.test.ts @@ -0,0 +1,137 @@ +import * as fs from 'fs'; +import * as os from 'os'; +import * as path from 'path'; +import { Manifest } from '../lib'; + +describe('Integration test', () => { + test('valid input', () => { + expect(() => { + validate({ + version: Manifest.version(), + testCases: { + testCase1: { + stacks: ['stack1', 'stack2'], + stackUpdateWorkflow: true, + cdkCommandOptions: { + deploy: { + enabled: true, + expectError: false, + expectedMessage: 'some message', + args: { + exclusively: true, + toolkitStackName: 'Stack', + reuseAssets: ['asset1', 'asset2'], + changeSetName: 'changeset', + force: true, + rollback: false, + notificationArns: ['arn1', 'arn2'], + execute: true, + parameters: { + 'MYPARAM': 'Value', + 'Stack1:OtherParam': 'OtherValue', + }, + usePreviousParameters: true, + outputsFile: 'outputs.json', + ci: true, + requireApproval: 'never', + app: 'node bin/my-app.js', + roleArn: 'roleArn', + context: { + KEY: 'value', + }, + trace: true, + strict: true, + lookups: true, + ignoreErrors: true, + json: true, + verbose: true, + debug: true, + profile: 'profile', + proxy: 'https://proxy', + caBundlePath: 'path/to/bundle', + ec2Creds: true, + versionReporting: false, + pathMetadata: false, + assetMetadata: true, + staging: false, + output: true, + notices: true, + color: false, + }, + }, + synth: { + enabled: true, + expectError: false, + expectedMessage: 'some message', + args: { + quiet: true, + exclusively: true, + validation: true, + }, + }, + destroy: { + enabled: true, + expectError: false, + expectedMessage: 'some message', + args: { + force: true, + exclusively: true, + }, + }, + }, + hooks: { + preDeploy: ['yarn test'], + postDeploy: ['some other command'], + preDestroy: ['command1', 'command2'], + postDestroy: ['command3', 'command4'], + }, + diffAssets: true, + allowDestroy: ['AWS::IAM::Role'], + region: ['us-east-1', 'us-east-2'], + }, + }, + }); + }); + }); + + test('invalid input', () => { + expect(() => { + validate({ + version: Manifest.version(), + testCases: { + stacks: true, + }, + }); + }).toThrow(/instance\.testCases\.stacks is not of a type\(s\) object/); + }); + + test('without command options', () => { + expect(() => { + validate({ + version: Manifest.version(), + testCases: { + testCase1: { + stacks: ['stack1', 'stack2'], + stackUpdateWorkflow: true, + hooks: { + preDeploy: ['yarn test'], + }, + diffAssets: true, + }, + }, + }); + }); + }); +}); + +function validate(manifest: any) { + const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'integ.test.')); + const filePath = path.join(dir, 'manifest.json'); + fs.writeFileSync(filePath, JSON.stringify(manifest, undefined, 2)); + try { + Manifest.loadIntegManifest(filePath); + } finally { + fs.unlinkSync(filePath); + fs.rmdirSync(dir); + } +} diff --git a/packages/@aws-cdk/cloudformation-diff/lib/format.ts b/packages/@aws-cdk/cloudformation-diff/lib/format.ts index 3dee563f8cf36..ff8915dbd069a 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/format.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/format.ts @@ -340,7 +340,7 @@ class Formatter { */ function normalizePath(p: string) { if (p.startsWith('/')) { - p = p.substr(1); + p = p.slice(1); } let parts = p.split('/'); diff --git a/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts b/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts index 7f83a5561bc76..f491d8638ea13 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/iam/statement.ts @@ -324,5 +324,5 @@ export function renderCondition(condition: any): string { // We can make it more compact without losing information by getting rid of the outermost braces // and the indentation. const lines = jsonRepresentation.split('\n'); - return lines.slice(1, lines.length - 1).map(s => s.substr(2)).join('\n'); + return lines.slice(1, lines.length - 1).map(s => s.slice(2)).join('\n'); } diff --git a/packages/@aws-cdk/cloudformation-include/test/test-templates/fn-select-with-novalue.json b/packages/@aws-cdk/cloudformation-include/test/test-templates/fn-select-with-novalue.json new file mode 100644 index 0000000000000..861387e330ee7 --- /dev/null +++ b/packages/@aws-cdk/cloudformation-include/test/test-templates/fn-select-with-novalue.json @@ -0,0 +1,23 @@ +{ + "Parameters": { + "DoIt": { + "Type": "String" + } + }, + "Conditions": { + "MyCondition": { + "Fn::Equals": [{ "Ref": "DoIt" }, "Yes"] + } + }, + "Resources": { + "Bucket": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketName": { "Fn::Select": [0, [ + { "Fn::If": ["MyCondition", "doing-it", { "Ref": "AWS::NoValue" }] }, + "not-doingit" + ]]} + } + } + } +} diff --git a/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts b/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts index 65cd7e981cc81..eec714ac5d7d6 100644 --- a/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts +++ b/packages/@aws-cdk/cloudformation-include/test/valid-templates.test.ts @@ -1081,6 +1081,14 @@ describe('CDK Include', () => { loadTestFileToJsObject('properties-not-in-cfn-spec.json'), ); }); + + test('roundtrip a fn-select with a fn-if/ref-novalue in it', () => { + includeTestTemplate(stack, 'fn-select-with-novalue.json'); + + Template.fromStack(stack).templateMatches( + loadTestFileToJsObject('fn-select-with-novalue.json'), + ); + }); }); interface IncludeTestTemplateProps { diff --git a/packages/@aws-cdk/core/lib/cfn-element.ts b/packages/@aws-cdk/core/lib/cfn-element.ts index 8d048452baf6f..11db74d9b04aa 100644 --- a/packages/@aws-cdk/core/lib/cfn-element.ts +++ b/packages/@aws-cdk/core/lib/cfn-element.ts @@ -157,7 +157,7 @@ export abstract class CfnRefElement extends CfnElement { function notTooLong(x: string) { if (x.length < 100) { return x; } - return x.substr(0, 47) + '...' + x.substr(x.length - 47); + return x.slice(0, 47) + '...' + x.slice(-47); } import { CfnReference } from './private/cfn-reference'; diff --git a/packages/@aws-cdk/core/lib/cfn-fn.ts b/packages/@aws-cdk/core/lib/cfn-fn.ts index 3ef1c265654bd..673784e0e2a5b 100644 --- a/packages/@aws-cdk/core/lib/cfn-fn.ts +++ b/packages/@aws-cdk/core/lib/cfn-fn.ts @@ -127,7 +127,7 @@ export class Fn { * @returns a token represented as a string */ public static select(index: number, array: string[]): string { - if (!Token.isUnresolved(array)) { + if (!Token.isUnresolved(index) && !Token.isUnresolved(array) && !array.some(Token.isUnresolved)) { return array[index]; } diff --git a/packages/@aws-cdk/core/lib/cfn-parse.ts b/packages/@aws-cdk/core/lib/cfn-parse.ts index e57bf28e785f3..28391d8916028 100644 --- a/packages/@aws-cdk/core/lib/cfn-parse.ts +++ b/packages/@aws-cdk/core/lib/cfn-parse.ts @@ -537,8 +537,8 @@ export class CfnParser { if (dotIndex === -1) { throw new Error(`Short-form Fn::GetAtt must contain a '.' in its string argument, got: '${value}'`); } - logicalId = value.substr(0, dotIndex); - attributeName = value.substr(dotIndex + 1); // the +1 is to skip the actual '.' + logicalId = value.slice(0, dotIndex); + attributeName = value.slice(dotIndex + 1); // the +1 is to skip the actual '.' stringForm = true; } else { // ...or a 2-element list diff --git a/packages/@aws-cdk/core/lib/cfn-resource.ts b/packages/@aws-cdk/core/lib/cfn-resource.ts index d1f6c3d65ffbb..c09ac87674aad 100644 --- a/packages/@aws-cdk/core/lib/cfn-resource.ts +++ b/packages/@aws-cdk/core/lib/cfn-resource.ts @@ -361,7 +361,7 @@ export class CfnResource extends CfnRefElement { const trace = this.creationStack; if (trace) { const creationStack = ['--- resource created at ---', ...trace].join('\n at '); - const problemTrace = e.stack.substr(e.stack.indexOf(e.message) + e.message.length); + const problemTrace = e.stack.slice(e.stack.indexOf(e.message) + e.message.length); e.stack = `${e.message}\n ${creationStack}\n --- problem discovered at ---${problemTrace}`; } diff --git a/packages/@aws-cdk/core/lib/custom-resource.ts b/packages/@aws-cdk/core/lib/custom-resource.ts index a466b600fa386..fcbc96c95b6d6 100644 --- a/packages/@aws-cdk/core/lib/custom-resource.ts +++ b/packages/@aws-cdk/core/lib/custom-resource.ts @@ -186,7 +186,7 @@ export class CustomResource extends Resource { function uppercaseProperties(props: { [key: string]: any }) { const ret: { [key: string]: any } = {}; Object.keys(props).forEach(key => { - const upper = key.substr(0, 1).toUpperCase() + key.substr(1); + const upper = key.slice(0, 1).toUpperCase() + key.slice(1); ret[upper] = props[key]; }); return ret; @@ -201,7 +201,7 @@ function renderResourceType(resourceType?: string) { throw new Error(`Custom resource type must begin with "Custom::" (${resourceType})`); } - const typeName = resourceType.substr(resourceType.indexOf('::') + 2); + const typeName = resourceType.slice(resourceType.indexOf('::') + 2); if (typeName.length > 60) { throw new Error(`Custom resource type length > 60 (${resourceType})`); } diff --git a/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts b/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts index 049ceb207f92f..82d2809255806 100644 --- a/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts +++ b/packages/@aws-cdk/core/lib/private/cloudformation-lang.ts @@ -43,8 +43,8 @@ export class CloudFormationLang { // Some case analysis to produce minimal expressions if (parts.length === 1) { return parts[0]; } - if (parts.length === 2 && typeof parts[0] === 'string' && typeof parts[1] === 'string') { - return parts[0] + parts[1]; + if (parts.length === 2 && isConcatable(parts[0]) && isConcatable(parts[1])) { + return `${parts[0]}${parts[1]}`; } // Otherwise return a Join intrinsic (already in the target document language to avoid taking @@ -323,8 +323,8 @@ export function minimalCloudFormationJoin(delimiter: string, values: any[]): any const el = values[i]; if (isSplicableFnJoinIntrinsic(el)) { values.splice(i, 1, ...el['Fn::Join'][1]); - } else if (i > 0 && isPlainString(values[i - 1]) && isPlainString(values[i])) { - values[i - 1] += delimiter + values[i]; + } else if (i > 0 && isConcatable(values[i - 1]) && isConcatable(values[i])) { + values[i - 1] = `${values[i-1]}${delimiter}${values[i]}`; values.splice(i, 1); } else { i += 1; @@ -333,10 +333,6 @@ export function minimalCloudFormationJoin(delimiter: string, values: any[]): any return values; - function isPlainString(obj: any): boolean { - return typeof obj === 'string' && !Token.isUnresolved(obj); - } - function isSplicableFnJoinIntrinsic(obj: any): boolean { if (!isIntrinsic(obj)) { return false; } if (Object.keys(obj)[0] !== 'Fn::Join') { return false; } @@ -351,6 +347,11 @@ export function minimalCloudFormationJoin(delimiter: string, values: any[]): any } } +function isConcatable(obj: any): boolean { + return ['string', 'number'].includes(typeof obj) && !Token.isUnresolved(obj); +} + + /** * Return whether the given value represents a CloudFormation intrinsic */ diff --git a/packages/@aws-cdk/core/lib/private/encoding.ts b/packages/@aws-cdk/core/lib/private/encoding.ts index fae5b1a41ec63..15be87cf42ee0 100644 --- a/packages/@aws-cdk/core/lib/private/encoding.ts +++ b/packages/@aws-cdk/core/lib/private/encoding.ts @@ -14,7 +14,10 @@ const QUOTED_BEGIN_STRING_TOKEN_MARKER = regexQuote(BEGIN_STRING_TOKEN_MARKER); const QUOTED_BEGIN_LIST_TOKEN_MARKER = regexQuote(BEGIN_LIST_TOKEN_MARKER); const QUOTED_END_TOKEN_MARKER = regexQuote(END_TOKEN_MARKER); -const STRING_TOKEN_REGEX = new RegExp(`${QUOTED_BEGIN_STRING_TOKEN_MARKER}([${VALID_KEY_CHARS}]+)${QUOTED_END_TOKEN_MARKER}`, 'g'); +// Sometimes the number of digits is different +export const STRINGIFIED_NUMBER_PATTERN = '-1\\.\\d{10,16}e\\+289'; + +const STRING_TOKEN_REGEX = new RegExp(`${QUOTED_BEGIN_STRING_TOKEN_MARKER}([${VALID_KEY_CHARS}]+)${QUOTED_END_TOKEN_MARKER}|(${STRINGIFIED_NUMBER_PATTERN})`, 'g'); const LIST_TOKEN_REGEX = new RegExp(`${QUOTED_BEGIN_LIST_TOKEN_MARKER}([${VALID_KEY_CHARS}]+)${QUOTED_END_TOKEN_MARKER}`, 'g'); /** @@ -52,7 +55,7 @@ export class TokenString { ret.addLiteral(this.str.substring(rest, m.index)); } - ret.addToken(lookup(m[1])); + ret.addToken(lookup(m[1] ?? m[2])); rest = this.re.lastIndex; m = this.re.exec(this.str); @@ -218,3 +221,12 @@ export function extractTokenDouble(encoded: number): number | undefined { return ints[0] + shl32(ints[1] & 0xFFFF); /* eslint-enable no-bitwise */ } + +const STRINGIFIED_NUMBER_REGEX = new RegExp(STRINGIFIED_NUMBER_PATTERN); + +/** + * Return whether the given string contains accidentally stringified number tokens + */ +export function stringContainsNumberTokens(x: string) { + return !!x.match(STRINGIFIED_NUMBER_REGEX); +} diff --git a/packages/@aws-cdk/core/lib/private/region-lookup.ts b/packages/@aws-cdk/core/lib/private/region-lookup.ts index 226df28d7f444..d81facdac0d12 100644 --- a/packages/@aws-cdk/core/lib/private/region-lookup.ts +++ b/packages/@aws-cdk/core/lib/private/region-lookup.ts @@ -44,7 +44,7 @@ export function deployTimeLookup(stack: Stack, factName: string, lookupMap: Reco } function ucfirst(x: string) { - return `${x.substr(0, 1).toUpperCase()}${x.substr(1)}`; + return `${x.slice(0, 1).toUpperCase()}${x.slice(1)}`; } /** diff --git a/packages/@aws-cdk/core/lib/private/token-map.ts b/packages/@aws-cdk/core/lib/private/token-map.ts index 1a5b0e1f29547..ed2b6a59d0a4f 100644 --- a/packages/@aws-cdk/core/lib/private/token-map.ts +++ b/packages/@aws-cdk/core/lib/private/token-map.ts @@ -177,8 +177,12 @@ export class TokenMap { private registerNumberKey(token: IResolvable): number { const counter = this.tokenCounter++; + const dbl = createTokenDouble(counter); + // Register in the number map, as well as a string representation of that token + // in the string map. this.numberTokenMap.set(counter, token); - return createTokenDouble(counter); + this.stringTokenMap.set(`${dbl}`, token); + return dbl; } } diff --git a/packages/@aws-cdk/core/lib/runtime.ts b/packages/@aws-cdk/core/lib/runtime.ts index e8124c2714093..222fa1f8d3f03 100644 --- a/packages/@aws-cdk/core/lib/runtime.ts +++ b/packages/@aws-cdk/core/lib/runtime.ts @@ -137,7 +137,7 @@ export class ValidationResult { if (!this.isSuccess) { let message = this.errorTree(); // The first letter will be lowercase, so uppercase it for a nicer error message - message = message.substr(0, 1).toUpperCase() + message.substr(1); + message = message.slice(0, 1).toUpperCase() + message.slice(1); throw new CfnSynthesisError(message); } } @@ -382,7 +382,7 @@ function isCloudFormationIntrinsic(x: any) { const keys = Object.keys(x); if (keys.length !== 1) { return false; } - return keys[0] === 'Ref' || keys[0].substr(0, 4) === 'Fn::'; + return keys[0] === 'Ref' || keys[0].slice(0, 4) === 'Fn::'; } /** diff --git a/packages/@aws-cdk/core/lib/stack.ts b/packages/@aws-cdk/core/lib/stack.ts index 4a83831793e11..07b68b9def913 100644 --- a/packages/@aws-cdk/core/lib/stack.ts +++ b/packages/@aws-cdk/core/lib/stack.ts @@ -366,6 +366,9 @@ export class Stack extends Construct implements ITaggable { } this._stackName = props.stackName ?? this.generateStackName(); + if (this._stackName.length > 128) { + throw new Error(`Stack name must be <= 128 characters. Stack name: '${this._stackName}'`); + } this.tags = new TagManager(TagType.KEY_VALUE, 'aws:cdk:stack', props.tags); if (!VALID_STACK_NAME_REGEX.test(this.stackName)) { @@ -788,7 +791,7 @@ export class Stack extends Construct implements ITaggable { Annotations.of(this).addInfo(`Number of resources: ${numberOfResources} is approaching allowed maximum of ${this.maxResources}`); } } - fs.writeFileSync(outPath, JSON.stringify(template, undefined, 2)); + fs.writeFileSync(outPath, JSON.stringify(template, undefined, 1)); for (const ctx of this._missingContext) { if (lookupRoleArn != null) { diff --git a/packages/@aws-cdk/core/lib/string-fragments.ts b/packages/@aws-cdk/core/lib/string-fragments.ts index b92fd3628a28d..4fea67f333a2a 100644 --- a/packages/@aws-cdk/core/lib/string-fragments.ts +++ b/packages/@aws-cdk/core/lib/string-fragments.ts @@ -1,5 +1,5 @@ import { IFragmentConcatenator, IResolvable } from './resolvable'; -import { isResolvableObject } from './token'; +import { isResolvableObject, Token } from './token'; /** * Result of the split of a string with Tokens @@ -71,8 +71,10 @@ export class TokenizedStringFragments { const mapped = mapper.mapToken(f.token); if (isResolvableObject(mapped)) { ret.addToken(mapped); - } else { + } else if (Token.isUnresolved(mapped)) { ret.addIntrinsic(mapped); + } else { + ret.addLiteral(mapped); } break; case 'intrinsic': diff --git a/packages/@aws-cdk/core/test/fn.test.ts b/packages/@aws-cdk/core/test/fn.test.ts index 9c0350bc3e867..7ebdcc6578f75 100644 --- a/packages/@aws-cdk/core/test/fn.test.ts +++ b/packages/@aws-cdk/core/test/fn.test.ts @@ -1,6 +1,6 @@ import * as fc from 'fast-check'; import * as _ from 'lodash'; -import { App, CfnOutput, Fn, Stack, Token } from '../lib'; +import { App, Aws, CfnOutput, Fn, Stack, Token } from '../lib'; import { Intrinsic } from '../lib/private/intrinsic'; function asyncTest(cb: () => Promise): () => void { @@ -27,8 +27,24 @@ describe('fn', () => { describe('eager resolution for non-tokens', () => { test('Fn.select', () => { expect(Fn.select(2, ['hello', 'you', 'dude'])).toEqual('dude'); + }); + + test('Fn.select does not short-circuit if there are tokens in the array', () => { + const stack = new Stack(); + expect(stack.resolve(Fn.select(2, [ + Fn.conditionIf('xyz', 'yep', Aws.NO_VALUE).toString(), + 'you', + 'dude', + ]))).toEqual({ + 'Fn::Select': [2, [ + { 'Fn::If': ['xyz', 'yep', { Ref: 'AWS::NoValue' }] }, + 'you', + 'dude', + ]], + }); }); + test('Fn.split', () => { expect(Fn.split(':', 'hello:world:yeah')).toEqual(['hello', 'world', 'yeah']); diff --git a/packages/@aws-cdk/core/test/resource.test.ts b/packages/@aws-cdk/core/test/resource.test.ts index 97e6afbcc19fc..bc5a0d1433125 100644 --- a/packages/@aws-cdk/core/test/resource.test.ts +++ b/packages/@aws-cdk/core/test/resource.test.ts @@ -912,7 +912,7 @@ class Counter extends CfnResource { } function withoutHash(logId: string) { - return logId.substr(0, logId.length - 8); + return logId.slice(0, -8); } class CustomizableResource extends CfnResource { diff --git a/packages/@aws-cdk/core/test/stack.test.ts b/packages/@aws-cdk/core/test/stack.test.ts index e6e6b2f650b1e..a8d7b558b3625 100644 --- a/packages/@aws-cdk/core/test/stack.test.ts +++ b/packages/@aws-cdk/core/test/stack.test.ts @@ -20,6 +20,19 @@ describe('stack', () => { expect(toCloudFormation(stack)).toEqual({ }); }); + test('stack name cannot exceed 128 characters', () => { + // GIVEN + const app = new App({}); + const reallyLongStackName = 'LookAtMyReallyLongStackNameThisStackNameIsLongerThan128CharactersThatIsNutsIDontThinkThereIsEnoughAWSAvailableToLetEveryoneHaveStackNamesThisLong'; + + // THEN + expect(() => { + new Stack(app, 'MyStack', { + stackName: reallyLongStackName, + }); + }).toThrow(`Stack name must be <= 128 characters. Stack name: '${reallyLongStackName}'`); + }); + test('stack objects have some template-level propeties, such as Description, Version, Transform', () => { const stack = new Stack(); stack.templateOptions.templateFormatVersion = 'MyTemplateVersion'; diff --git a/packages/@aws-cdk/core/test/tokens.test.ts b/packages/@aws-cdk/core/test/tokens.test.ts index 48e07c1fc720f..62cd683da6ac2 100644 --- a/packages/@aws-cdk/core/test/tokens.test.ts +++ b/packages/@aws-cdk/core/test/tokens.test.ts @@ -1,5 +1,5 @@ -import { Fn, isResolvableObject, Lazy, Stack, Token, Tokenization } from '../lib'; -import { createTokenDouble, extractTokenDouble } from '../lib/private/encoding'; +import { CfnResource, Fn, isResolvableObject, Lazy, Stack, Token, Tokenization } from '../lib'; +import { createTokenDouble, extractTokenDouble, stringContainsNumberTokens, STRINGIFIED_NUMBER_PATTERN } from '../lib/private/encoding'; import { Intrinsic } from '../lib/private/intrinsic'; import { findTokens } from '../lib/private/resolve'; import { IResolvable } from '../lib/resolvable'; @@ -482,15 +482,12 @@ describe('tokens', () => { expect(() => { resolve({ value: encoded[0] }); }).toThrow(/Found an encoded list/); - - }); }); describe('number encoding', () => { test('basic integer encoding works', () => { expect(16).toEqual(extractTokenDouble(createTokenDouble(16))); - }); test('arbitrary integers can be encoded, stringified, and recovered', () => { @@ -504,16 +501,12 @@ describe('tokens', () => { const decoded = extractTokenDouble(roundtripped); expect(decoded).toEqual(x); } - - }); test('arbitrary numbers are correctly detected as not being tokens', () => { expect(undefined).toEqual(extractTokenDouble(0)); expect(undefined).toEqual(extractTokenDouble(1243)); expect(undefined).toEqual(extractTokenDouble(4835e+532)); - - }); test('can number-encode and resolve Token objects', () => { @@ -528,8 +521,42 @@ describe('tokens', () => { // THEN const resolved = resolve({ value: encoded }); expect(resolved).toEqual({ value: 123 }); + }); + test('regex detects all stringifications of encoded tokens', () => { + expect(stringContainsNumberTokens(`${createTokenDouble(0)}`)).toBeTruthy(); + expect(stringContainsNumberTokens(`${createTokenDouble(Math.pow(2, 48) - 1)}`)).toBeTruthy(); // MAX_ENCODABLE_INTEGER + expect(stringContainsNumberTokens('1234')).toBeFalsy(); + }); + test('check that the first N encoded numbers can be detected', () => { + const re = new RegExp(STRINGIFIED_NUMBER_PATTERN); + // Ran this up to 1 million offline + for (let i = 0; i < 1000; i++) { + expect(`${createTokenDouble(i)}`).toMatch(re); + } + }); + + test('handle stringified number token', () => { + // GIVEN + const tok = `the answer is: ${Lazy.number({ produce: () => 86 })}`; + + // THEN + expect(resolve({ value: `${tok}` })).toEqual({ + value: 'the answer is: 86', + }); + }); + + test('handle stringified number reference', () => { + const stack = new Stack(); + const res = new CfnResource(stack, 'Resource', { type: 'My::Resource' }); + // GIVEN + const tok = `the answer is: ${Token.asNumber(res.ref)}`; + + // THEN + expect(resolve({ value: `${tok}` })).toEqual({ + value: { 'Fn::Join': ['', ['the answer is: ', { Ref: 'Resource' }]] }, + }); }); }); @@ -694,25 +721,21 @@ describe('tokens', () => { describe('stringifyNumber', () => { test('converts number to string', () => { expect(Tokenization.stringifyNumber(100)).toEqual('100'); - }); test('converts tokenized number to string', () => { expect(resolve(Tokenization.stringifyNumber({ resolve: () => 100, } as any))).toEqual('100'); - }); test('string remains the same', () => { expect(Tokenization.stringifyNumber('123' as any)).toEqual('123'); - }); test('Ref remains the same', () => { const val = { Ref: 'SomeLogicalId' }; expect(Tokenization.stringifyNumber(val as any)).toEqual(val); - }); test('lazy Ref remains the same', () => { @@ -791,3 +814,4 @@ function tokensThatResolveTo(value: any): Token[] { function resolve(x: any) { return new Stack().resolve(x); } + diff --git a/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts b/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts index 0e52b4ad66e3f..de12c193aa637 100644 --- a/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts +++ b/packages/@aws-cdk/custom-resources/test/provider-framework/integration-test-fixtures/s3-file-handler/index.ts @@ -28,7 +28,7 @@ export async function putObject(event: AWSCDKAsyncCustomResource.OnEventRequest) // trim trailing `/` if (objectKey.startsWith('/')) { - objectKey = objectKey.substr(1); + objectKey = objectKey.slice(1); } const publicRead = event.ResourceProperties[api.PROP_PUBLIC] || false; diff --git a/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile b/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile index ceaf18ac05257..9b247ee4463fa 100644 --- a/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile +++ b/packages/@aws-cdk/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile @@ -1 +1 @@ -FROM ubuntu +FROM public.ecr.aws/docker/library/ubuntu:latest diff --git a/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile b/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile index ceaf18ac05257..9b247ee4463fa 100644 --- a/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile +++ b/packages/@aws-cdk/cx-api/test/fixtures/assets/docker-asset/Dockerfile @@ -1 +1 @@ -FROM ubuntu +FROM public.ecr.aws/docker/library/ubuntu:latest diff --git a/packages/@aws-cdk/integ-runner/.eslintrc.js b/packages/@aws-cdk/integ-runner/.eslintrc.js new file mode 100644 index 0000000000000..2658ee8727166 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/.eslintrc.js @@ -0,0 +1,3 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); +baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; +module.exports = baseConfig; diff --git a/packages/@aws-cdk/integ-runner/.gitignore b/packages/@aws-cdk/integ-runner/.gitignore new file mode 100644 index 0000000000000..d24092a6feda2 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/.gitignore @@ -0,0 +1,28 @@ +*.js +*.js.map +*.d.ts +!lib/init-templates/**/javascript/**/* +node_modules +dist + +# Generated by generate.sh +build-info.json + +.LAST_BUILD +.nyc_output +coverage +nyc.config.js +.LAST_PACKAGE +*.snk + +!test/integ/run-wrappers/dist +!test/integ/cli/**/* +assets.json +npm-shrinkwrap.json +!.eslintrc.js +!jest.config.js + +junit.xml + +# Ignore this symlink, we recreate it at test time +test/test-archive-follow/data/linked diff --git a/packages/@aws-cdk/integ-runner/.npmignore b/packages/@aws-cdk/integ-runner/.npmignore new file mode 100644 index 0000000000000..45b8808bdd7ac --- /dev/null +++ b/packages/@aws-cdk/integ-runner/.npmignore @@ -0,0 +1,30 @@ +# Don't include original .ts files when doing `npm pack` +*.ts +!*.template.ts +!*.d.ts +coverage +.nyc_output +*.tgz + +dist +.LAST_PACKAGE +.LAST_BUILD +*.snk + +!lib/init-templates/*/*/tsconfig.json +!test/integ/cli/**/*.js +!test/integ/run-wrappers/dist + +*.tsbuildinfo + +tsconfig.json + +# init templates include default tsconfig.json files which we need +!lib/init-templates/**/tsconfig.json +.eslintrc.js +jest.config.js + +# exclude cdk artifacts +**/cdk.out +junit.xml +test/ \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/LICENSE b/packages/@aws-cdk/integ-runner/LICENSE new file mode 100644 index 0000000000000..82ad00bb02d0b --- /dev/null +++ b/packages/@aws-cdk/integ-runner/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/@aws-cdk/integ-runner/NOTICE b/packages/@aws-cdk/integ-runner/NOTICE new file mode 100644 index 0000000000000..1b7adbb891265 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/NOTICE @@ -0,0 +1,2 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/integ-runner/README.md b/packages/@aws-cdk/integ-runner/README.md new file mode 100644 index 0000000000000..e67a64282a42b --- /dev/null +++ b/packages/@aws-cdk/integ-runner/README.md @@ -0,0 +1,161 @@ +# integ-runner + + + +--- + +![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) + +> The APIs of higher level constructs in this module are experimental and under active development. +> They are subject to non-backward compatible changes or removal in any future version. These are +> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be +> announced in the release notes. This means that while you may use them, you may need to update +> your source code when upgrading to a newer version of this package. + +--- + + + + +## Overview + + +## Usage + +- Run all integration tests in `test` directory + +```bash +integ-runner [ARGS] [TEST...] +``` + +This will look for all files that match the naming convention of `/integ.*.ts$/`. Each of these files will be expected +to be a self contained CDK app. The runner will execute the following for each file (app): + +1. Check if a snapshot file exists (i.e. `/integ.*.expected.snapshot$/`) +2. If the snapshot does not exist + 2a. Synth the integ app which will produce the `integ.json` file +3. Read the `integ.json` file which contains instructions on what the runner should do. +4. Execute instructions + +### Options + +- `--update-on-failed` (default=false) + Rerun integration tests if snapshot fails +- `--clean` (default=`true`) + Destroy stacks after deploy (use `--no-clean` for debugging) +- `--verbose` (default=`false`) + verbose logging +- `--parallel` (default=`false`) + Run tests in parallel across default regions +- `--parallel-regions` + List of regions to run tests in. If this is provided then all tests will + be run in parallel across these regions +- `--directory` (default=`test`) + Search for integration tests recursively from this starting directory +- `--force` (default=`false`) + Rerun integration test even if the test passes +- `--file` + Read the list of tests from this file + +Example: + +```bash +integ-runner --update --parallel --parallel-regions us-east-1 --parallel-regions us-east-2 --parallel-regions us-west-2 --directory ./ +``` + +This will search for integration tests recursively from the current directory and then execute them in parallel across `us-east-1`, `us-east-2`, & `us-west-2`. + +### integ.json schema + +See [@aws-cdk/cloud-assembly-schema/lib/integ-tests/schema.ts](../cloud-assembly-schema/lib/integ-tests/schema.ts) + +### defining an integration test + +In most cases an integration test will be an instance of a stack + +```ts +import { Function, FunctionOptions } from '../lib'; + +interface MyIntegTestProps extends StackOptions { + functionProps?: FunctionOptions; +} +class MyIntegTest extends Stack { + constructor(scope: Construct, id: string, props: MyIntegTestProps) { + super(scope, id, props); + + new Function(this, 'Handler', { + runtime: Runtime.NODEJS_12_X, + handler: 'index.handler', + code: Code.fromAsset(path.join(__dirname, 'lambda-handler')), + ...props.functionProps, + }); + } +} +``` + +You would then use the `IntegTest` construct to create your test cases + +```ts +new IntegTeset(app, 'ArmTest', { + stacks: [ + new MyIntegTest(app, 'Stack1', { + functionProps: { + architecture: lambda.Architecture.ARM_64, + }, + }), + ], + diffAssets: true, + update: true, + cdkCommandOptions: { + deploy: { + args: { + requireApproval: RequireApproval.NEVER, + json: true, + }, + }, + destroy: { + args: { + force: true, + }, + }, + }, +}); + +new IntegTeset(app, 'AmdTest', { + stacks: [ + new MyIntegTest(app, 'Stack2', { + functionProps: { + architecture: lambda.Architecture.X86_64, + }, + }), + ], +}); +``` + +This will synthesize an `integ.json` file with the following contents + +```json +{ + "ArmTest": { + "stacks": ["Stack1"], + "diffAssets": true, + "update": true, + "cdkCommands": { + "deploy": { + "args": { + "requireApproval": "never", + "json": true + } + }, + "destroy": { + "args": { + "force": true + } + } + } + }, + "AmdTest": { + "stacks": ["Stack2"] + } +} +``` diff --git a/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES b/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES new file mode 100644 index 0000000000000..72508e4743434 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES @@ -0,0 +1,902 @@ +The @aws-cdk/integ-runner package includes the following third-party software/licensing: + +** ajv@8.11.0 - https://www.npmjs.com/package/ajv/v/8.11.0 | MIT +The MIT License (MIT) + +Copyright (c) 2015-2021 Evgeny Poberezkin + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + + +---------------- + +** ansi-regex@5.0.1 - https://www.npmjs.com/package/ansi-regex/v/5.0.1 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** ansi-styles@4.3.0 - https://www.npmjs.com/package/ansi-styles/v/4.3.0 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** astral-regex@2.0.0 - https://www.npmjs.com/package/astral-regex/v/2.0.0 | MIT +MIT License + +Copyright (c) Kevin Mårtensson (github.com/kevva) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** at-least-node@1.0.0 - https://www.npmjs.com/package/at-least-node/v/1.0.0 | ISC +The ISC License +Copyright (c) 2020 Ryan Zimmerman + +Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** chalk@4.1.2 - https://www.npmjs.com/package/chalk/v/4.1.2 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** cliui@7.0.4 - https://www.npmjs.com/package/cliui/v/7.0.4 | ISC +Copyright (c) 2015, Contributors + +Permission to use, copy, modify, and/or distribute this software +for any purpose with or without fee is hereby granted, provided +that the above copyright notice and this permission notice +appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE +LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES +OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** color-convert@2.0.1 - https://www.npmjs.com/package/color-convert/v/2.0.1 | MIT +Copyright (c) 2011-2016 Heather Arthur + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + + +---------------- + +** color-name@1.1.4 - https://www.npmjs.com/package/color-name/v/1.1.4 | MIT +The MIT License (MIT) +Copyright (c) 2015 Dmitry Ivanov + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +---------------- + +** diff@5.0.0 - https://www.npmjs.com/package/diff/v/5.0.0 | BSD-3-Clause +Software License Agreement (BSD License) + +Copyright (c) 2009-2015, Kevin Decker + +All rights reserved. + +Redistribution and use of this software in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above + copyright notice, this list of conditions and the + following disclaimer. + +* Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the + following disclaimer in the documentation and/or other + materials provided with the distribution. + +* Neither the name of Kevin Decker nor the names of its + contributors may be used to endorse or promote products + derived from this software without specific prior + written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +---------------- + +** emoji-regex@8.0.0 - https://www.npmjs.com/package/emoji-regex/v/8.0.0 | MIT +Copyright Mathias Bynens + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** escalade@3.1.1 - https://www.npmjs.com/package/escalade/v/3.1.1 | MIT +MIT License + +Copyright (c) Luke Edwards (lukeed.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** fast-deep-equal@3.1.3 - https://www.npmjs.com/package/fast-deep-equal/v/3.1.3 | MIT +MIT License + +Copyright (c) 2017 Evgeny Poberezkin + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + +---------------- + +** fs-extra@9.1.0 - https://www.npmjs.com/package/fs-extra/v/9.1.0 | MIT +(The MIT License) + +Copyright (c) 2011-2017 JP Richardson + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files +(the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, + merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE +WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** get-caller-file@2.0.5 - https://www.npmjs.com/package/get-caller-file/v/2.0.5 | ISC + +---------------- + +** graceful-fs@4.2.9 - https://www.npmjs.com/package/graceful-fs/v/4.2.9 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter, Ben Noordhuis, and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** has-flag@4.0.0 - https://www.npmjs.com/package/has-flag/v/4.0.0 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** is-fullwidth-code-point@3.0.0 - https://www.npmjs.com/package/is-fullwidth-code-point/v/3.0.0 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** jsonfile@6.1.0 - https://www.npmjs.com/package/jsonfile/v/6.1.0 | MIT +(The MIT License) + +Copyright (c) 2012-2015, JP Richardson + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files +(the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, + merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE +WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** jsonschema@1.4.0 - https://www.npmjs.com/package/jsonschema/v/1.4.0 | MIT +jsonschema is licensed under MIT license. + +Copyright (C) 2012-2015 Tom de Grunt + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + +---------------- + +** lodash.truncate@4.4.2 - https://www.npmjs.com/package/lodash.truncate/v/4.4.2 | MIT +Copyright jQuery Foundation and other contributors + +Based on Underscore.js, copyright Jeremy Ashkenas, +DocumentCloud and Investigative Reporters & Editors + +This software consists of voluntary contributions made by many +individuals. For exact contribution history, see the revision history +available at https://github.com/lodash/lodash + +The following license applies to all parts of this software except as +documented below: + +==== + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==== + +Copyright and related rights for sample code are waived via CC0. Sample +code is defined as all source code displayed within the prose of the +documentation. + +CC0: http://creativecommons.org/publicdomain/zero/1.0/ + +==== + +Files located in the node_modules and vendor directories are externally +maintained libraries used by this software which have their own +licenses; we recommend you read them, as their terms may differ from the +terms above. + + +---------------- + +** lru-cache@6.0.0 - https://www.npmjs.com/package/lru-cache/v/6.0.0 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** require-directory@2.1.1 - https://www.npmjs.com/package/require-directory/v/2.1.1 | MIT +The MIT License (MIT) + +Copyright (c) 2011 Troy Goode + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** semver@7.3.5 - https://www.npmjs.com/package/semver/v/7.3.5 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** slice-ansi@4.0.0 - https://www.npmjs.com/package/slice-ansi/v/4.0.0 | MIT +MIT License + +Copyright (c) DC +Copyright (c) Sindre Sorhus (https://sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** string-width@4.2.3 - https://www.npmjs.com/package/string-width/v/4.2.3 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** strip-ansi@6.0.1 - https://www.npmjs.com/package/strip-ansi/v/6.0.1 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** supports-color@7.2.0 - https://www.npmjs.com/package/supports-color/v/7.2.0 | MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** table@6.8.0 - https://www.npmjs.com/package/table/v/6.8.0 | BSD-3-Clause +Copyright (c) 2018, Gajus Kuizinas (http://gajus.com/) +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the Gajus Kuizinas (http://gajus.com/) nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL ANUARY BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +---------------- + +** universalify@2.0.0 - https://www.npmjs.com/package/universalify/v/2.0.0 | MIT +(The MIT License) + +Copyright (c) 2017, Ryan Zimmerman + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the 'Software'), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** workerpool@6.2.0 - https://www.npmjs.com/package/workerpool/v/6.2.0 | Apache-2.0 +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +---------------- + +** wrap-ansi@7.0.0 - https://www.npmjs.com/package/wrap-ansi/v/7.0.0 | MIT +MIT License + +Copyright (c) Sindre Sorhus (https://sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +---------------- + +** y18n@5.0.8 - https://www.npmjs.com/package/y18n/v/5.0.8 | ISC +Copyright (c) 2015, Contributors + +Permission to use, copy, modify, and/or distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright notice +and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. + + +---------------- + +** yallist@4.0.0 - https://www.npmjs.com/package/yallist/v/4.0.0 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** yargs-parser@20.2.9 - https://www.npmjs.com/package/yargs-parser/v/20.2.9 | ISC +Copyright (c) 2016, Contributors + +Permission to use, copy, modify, and/or distribute this software +for any purpose with or without fee is hereby granted, provided +that the above copyright notice and this permission notice +appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE +LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES +OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** yargs@16.2.0 - https://www.npmjs.com/package/yargs/v/16.2.0 | MIT +MIT License + +Copyright 2010 James Halliday (mail@substack.net); Modified work Copyright 2014 Contributors (ben@npmjs.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + + +---------------- diff --git a/packages/@aws-cdk/integ-runner/bin/integ-runner b/packages/@aws-cdk/integ-runner/bin/integ-runner new file mode 100755 index 0000000000000..20ace56b80449 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/bin/integ-runner @@ -0,0 +1,2 @@ +#!/usr/bin/env node +require('./integ-runner.js'); diff --git a/packages/@aws-cdk/integ-runner/bin/integ-runner.ts b/packages/@aws-cdk/integ-runner/bin/integ-runner.ts new file mode 100644 index 0000000000000..4f2652b107236 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/bin/integ-runner.ts @@ -0,0 +1,3 @@ +import { cli } from '../lib'; + +cli(); diff --git a/packages/@aws-cdk/integ-runner/jest.config.js b/packages/@aws-cdk/integ-runner/jest.config.js new file mode 100644 index 0000000000000..d052cbb29f05d --- /dev/null +++ b/packages/@aws-cdk/integ-runner/jest.config.js @@ -0,0 +1,10 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); +module.exports = { + ...baseConfig, + coverageThreshold: { + global: { + ...baseConfig.coverageThreshold.global, + branches: 60, + }, + }, +}; diff --git a/packages/@aws-cdk/integ-runner/lib/cli.ts b/packages/@aws-cdk/integ-runner/lib/cli.ts new file mode 100644 index 0000000000000..9174946f8da75 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/cli.ts @@ -0,0 +1,106 @@ +// Exercise all integ stacks and if they deploy, update the expected synth files +import * as os from 'os'; +import * as path from 'path'; +import * as workerpool from 'workerpool'; +import * as logger from './logger'; +import { IntegrationTests, IntegTestConfig } from './runner/integ-tests'; +import { runSnapshotTests, runIntegrationTests } from './workers'; + +// https://github.com/yargs/yargs/issues/1929 +// https://github.com/evanw/esbuild/issues/1492 +// eslint-disable-next-line @typescript-eslint/no-require-imports +const yargs = require('yargs'); + + +async function main() { + const argv = yargs + .usage('Usage: integ-runner [TEST...]') + .option('list', { type: 'boolean', default: false, desc: 'List tests instead of running them' }) + .option('clean', { type: 'boolean', default: true, desc: 'Skips stack clean up after test is completed (use --no-clean to negate)' }) + .option('verbose', { type: 'boolean', default: false, alias: 'v', desc: 'Verbose logs' }) + .option('dry-run', { type: 'boolean', default: false, desc: 'do not actually deploy the stack. just update the snapshot (not recommended!)' }) + .option('update-on-failed', { type: 'boolean', default: false, desc: 'rerun integration tests and update snapshots for failed tests.' }) + .option('force', { type: 'boolean', default: false, desc: 'Rerun all integration tests even if tests are passing' }) + .option('parallel', { type: 'boolean', default: false, desc: 'run integration tests in parallel' }) + .option('parallel-regions', { type: 'array', desc: 'if --parallel is used then these regions are used to run tests in parallel', nargs: 1, default: [] }) + .options('directory', { type: 'string', default: 'test', desc: 'starting directory to discover integration tests' }) + .argv; + + // Cap to a reasonable top-level limit to prevent thrash on machines with many, many cores. + const maxWorkers = parseInt(process.env.CDK_INTEG_MAX_WORKER_COUNT ?? '16'); + const N = Math.min(maxWorkers, Math.max(1, Math.ceil(os.cpus().length / 2))); + const pool = workerpool.pool(path.join(__dirname, '../lib/workers/extract/index.js'), { + maxWorkers: N, + }); + + // list of integration tests that will be executed + const testsToRun: IntegTestConfig[] = []; + const testsFromArgs: IntegTestConfig[] = []; + const parallelRegions = arrayFromYargs(argv['parallel-regions']); + const testRegions: string[] = parallelRegions ?? ['us-east-1', 'us-east-2', 'us-west-2']; + const runUpdateOnFailed = argv['update-on-failed'] ?? false; + try { + + if (argv.list) { + const tests = await new IntegrationTests(argv.directory).fromCliArgs(); + process.stdout.write(tests.map(t => t.fileName).join('\n') + '\n'); + return; + } + + if (argv._.length === 0) { + testsFromArgs.push(...(await new IntegrationTests(argv.directory).fromCliArgs())); + } else { + testsFromArgs.push(...(await new IntegrationTests(argv.directory).fromCliArgs(argv._.map((x: any) => x.toString())))); + } + + // If `--force` is not used then first validate the snapshots and gather + // the failed snapshot tests. If `--force` is used then we will skip snapshot + // tests and run integration tests for all tests + if (!argv.force) { + const failedSnapshots = await runSnapshotTests(pool, testsFromArgs); + testsToRun.push(...failedSnapshots); + } else { + testsToRun.push(...testsFromArgs); + } + + + // run integration tests if `--update-on-failed` OR `--force` is used + if (runUpdateOnFailed || argv.force) { + await runIntegrationTests({ + pool, + tests: testsToRun, + regions: testRegions, + clean: argv.clean, + dryRun: argv['dry-run'], + verbose: argv.verbose, + }); + + if (argv.clean === false) { + logger.warning('Not cleaning up stacks since "--no-clean" was used'); + } + } + } finally { + void pool.terminate(); + } +} + +/** + * Translate a Yargs input array to something that makes more sense in a programming language + * model (telling the difference between absence and an empty array) + * + * - An empty array is the default case, meaning the user didn't pass any arguments. We return + * undefined. + * - If the user passed a single empty string, they did something like `--array=`, which we'll + * take to mean they passed an empty array. + */ +function arrayFromYargs(xs: string[]): string[] | undefined { + if (xs.length === 0) { return undefined; } + return xs.filter(x => x !== ''); +} + +export function cli() { + main().then().catch(err => { + logger.error(err); + process.exitCode = 1; + }); +} diff --git a/packages/@aws-cdk/integ-runner/lib/index.ts b/packages/@aws-cdk/integ-runner/lib/index.ts new file mode 100644 index 0000000000000..e8523067d0351 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/index.ts @@ -0,0 +1 @@ +export { cli } from './cli'; diff --git a/packages/@aws-cdk/integ-runner/lib/logger.ts b/packages/@aws-cdk/integ-runner/lib/logger.ts new file mode 100644 index 0000000000000..55c7f80b24365 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/logger.ts @@ -0,0 +1,20 @@ +import { Writable } from 'stream'; +import * as util from 'util'; +import * as chalk from 'chalk'; + +type StyleFn = (str: string) => string; +const { stderr } = process; + +const logger = (stream: Writable, styles?: StyleFn[]) => (fmt: string, ...args: any[]) => { + let str = util.format(fmt, ...args); + if (styles && styles.length) { + str = styles.reduce((a, style) => style(a), str); + } + stream.write(str + '\n'); +}; + +export const print = logger(stderr); +export const error = logger(stderr, [chalk.red]); +export const warning = logger(stderr, [chalk.yellow]); +export const success = logger(stderr, [chalk.green]); +export const highlight = logger(stderr, [chalk.bold]); diff --git a/packages/@aws-cdk/integ-runner/lib/runner/index.ts b/packages/@aws-cdk/integ-runner/lib/runner/index.ts new file mode 100644 index 0000000000000..02b61b3dfe184 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/runner/index.ts @@ -0,0 +1,2 @@ +export * from './runners'; +export * from './integ-tests'; diff --git a/packages/@aws-cdk/integ-runner/lib/runner/integ-tests.ts b/packages/@aws-cdk/integ-runner/lib/runner/integ-tests.ts new file mode 100644 index 0000000000000..0fd648c31c5d1 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/runner/integ-tests.ts @@ -0,0 +1,76 @@ +import * as path from 'path'; +import * as fs from 'fs-extra'; + +/** + * Represents a single integration test + */ +export interface IntegTestConfig { + readonly directory: string; + readonly fileName: string; +} + +/** + * Discover integration tests + */ +export class IntegrationTests { + constructor(private readonly directory: string) { + } + + /** + * Takes an optional list of tests to look for, otherwise + * it will look for all tests from the directory + */ + public async fromCliArgs(tests?: string[]): Promise { + let allTests = await this.discover(); + const all = allTests.map(x => x.fileName); + let foundAll = true; + + if (tests && tests.length > 0) { + // Pare down found tests to filter + allTests = allTests.filter(t => { + const parts = path.parse(t.fileName); + return (tests.includes(t.fileName) || tests.includes(parts.base)); + }); + + const selectedNames = allTests.map(t => path.parse(t.fileName).base); + for (const unmatched of tests.filter(t => !selectedNames.includes(t))) { + process.stderr.write(`No such integ test: ${unmatched}\n`); + foundAll = false; + } + } + + if (!foundAll) { + process.stderr.write(`Available tests: ${all.join(' ')}\n`); + return []; + } + + return allTests; + } + + private async discover(): Promise { + const files = await this.readTree(); + const integs = files.filter(fileName => path.basename(fileName).startsWith('integ.') && path.basename(fileName).endsWith('.js')); + return this.request(integs); + } + + private request(files: string[]): IntegTestConfig[] { + return files.map(fileName => { return { directory: this.directory, fileName }; }); + } + + private async readTree(): Promise { + const ret = new Array(); + + async function recurse(dir: string) { + const files = await fs.readdir(dir); + for (const file of files) { + const fullPath = path.join(dir, file); + const statf = await fs.stat(fullPath); + if (statf.isFile()) { ret.push(fullPath); } + if (statf.isDirectory()) { await recurse(path.join(fullPath)); } + } + } + + await recurse(this.directory); + return ret; + } +} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/private/canonicalize-assets.ts b/packages/@aws-cdk/integ-runner/lib/runner/private/canonicalize-assets.ts new file mode 100644 index 0000000000000..9cee3d4742b3c --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/runner/private/canonicalize-assets.ts @@ -0,0 +1,71 @@ +/** + * Reduce template to a normal form where asset references have been normalized + * + * This makes it possible to compare templates if all that's different between + * them is the hashes of the asset values. + * + * Currently only handles parameterized assets, but can (and should) + * be adapted to handle convention-mode assets as well when we start using + * more of those. + */ +export function canonicalizeTemplate(template: any): any { + // For the weird case where we have an array of templates... + if (Array.isArray(template)) { + return template.map(canonicalizeTemplate); + } + + // Find assets via parameters + const stringSubstitutions = new Array<[RegExp, string]>(); + const paramRe = /^AssetParameters([a-zA-Z0-9]{64})(S3Bucket|S3VersionKey|ArtifactHash)([a-zA-Z0-9]{8})$/; + + const assetsSeen = new Set(); + for (const paramName of Object.keys(template?.Parameters || {})) { + const m = paramRe.exec(paramName); + if (!m) { continue; } + if (assetsSeen.has(m[1])) { continue; } + + assetsSeen.add(m[1]); + const ix = assetsSeen.size; + + // Full parameter reference + stringSubstitutions.push([ + new RegExp(`AssetParameters${m[1]}(S3Bucket|S3VersionKey|ArtifactHash)([a-zA-Z0-9]{8})`), + `Asset${ix}$1`, + ]); + // Substring asset hash reference + stringSubstitutions.push([ + new RegExp(`${m[1]}`), + `Asset${ix}Hash`, + ]); + } + + // Substitute them out + return substitute(template); + + function substitute(what: any): any { + if (Array.isArray(what)) { + return what.map(substitute); + } + + if (typeof what === 'object' && what !== null) { + const ret: any = {}; + for (const [k, v] of Object.entries(what)) { + ret[stringSub(k)] = substitute(v); + } + return ret; + } + + if (typeof what === 'string') { + return stringSub(what); + } + + return what; + } + + function stringSub(x: string) { + for (const [re, replacement] of stringSubstitutions) { + x = x.replace(re, replacement); + } + return x; + } +} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/private/cloud-assembly.ts b/packages/@aws-cdk/integ-runner/lib/runner/private/cloud-assembly.ts new file mode 100644 index 0000000000000..99626ea53bdb2 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/runner/private/cloud-assembly.ts @@ -0,0 +1,66 @@ +import * as path from 'path'; +import { AssemblyManifest, Manifest, ArtifactType, AwsCloudFormationStackProperties } from '@aws-cdk/cloud-assembly-schema'; +import * as fs from 'fs-extra'; + +/** + * Reads a Cloud Assembly manifest + */ +export class AssemblyManifestReader { + public static readonly DEFAULT_FILENAME = 'manifest.json'; + + /** + * Reads a Cloud Assembly manifest from a file + */ + public static fromFile(fileName: string): AssemblyManifestReader { + try { + const obj = Manifest.loadAssemblyManifest(fileName); + return new AssemblyManifestReader(path.dirname(fileName), obj); + + } catch (e) { + throw new Error(`Cannot read integ manifest '${fileName}': ${e.message}`); + } + } + + /** + * Reads a Cloud Assembly manifest from a file or a directory + * If the given filePath is a directory then it will look for + * a file within the directory with the DEFAULT_FILENAME + */ + public static fromPath(filePath: string): AssemblyManifestReader { + let st; + try { + st = fs.statSync(filePath); + } catch (e) { + throw new Error(`Cannot read integ manifest at '${filePath}': ${e.message}`); + } + if (st.isDirectory()) { + return AssemblyManifestReader.fromFile(path.join(filePath, AssemblyManifestReader.DEFAULT_FILENAME)); + } + return AssemblyManifestReader.fromFile(filePath); + } + + /** + * The directory where the manifest was found + */ + public readonly directory: string; + + constructor(directory: string, private readonly manifest: AssemblyManifest) { + this.directory = directory; + } + + /** + * Get the stacks from the manifest + * returns a map of artifactId to CloudFormation template + */ + public get stacks(): Record { + const stacks: Record = {}; + for (const [artifactId, artifact] of Object.entries(this.manifest.artifacts ?? {})) { + if (artifact.type !== ArtifactType.AWS_CLOUDFORMATION_STACK) { continue; } + const props = artifact.properties as AwsCloudFormationStackProperties; + + const template = fs.readJSONSync(path.resolve(this.directory, props.templateFile)); + stacks[artifactId] = template; + } + return stacks; + } +} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/private/integ-manifest.ts b/packages/@aws-cdk/integ-runner/lib/runner/private/integ-manifest.ts new file mode 100644 index 0000000000000..80b567dbb69ce --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/runner/private/integ-manifest.ts @@ -0,0 +1,76 @@ +import * as path from 'path'; +import { IntegManifest, Manifest, TestCase } from '@aws-cdk/cloud-assembly-schema'; +import * as fs from 'fs-extra'; + +/** + * Test case configuration read from the integ manifest + */ +export interface IntegTestConfig { + /** + * Test cases contained in this integration test + */ + readonly testCases: { [testCaseName: string]: TestCase }; + + /** + * Whether to enable lookups for this test + * + * @default false + */ + readonly enableLookups: boolean; +} + +/** + * Reads an integration tests manifest + */ +export class IntegManifestReader { + public static readonly DEFAULT_FILENAME = 'integ.json'; + + /** + * Reads an integration test manifest from the specified file + */ + public static fromFile(fileName: string): IntegManifestReader { + try { + const obj = Manifest.loadIntegManifest(fileName); + return new IntegManifestReader(path.dirname(fileName), obj); + + } catch (e) { + throw new Error(`Cannot read integ manifest '${fileName}': ${e.message}`); + } + } + + /** + * Reads a Integration test manifest from a file or a directory + * If the given filePath is a directory then it will look for + * a file within the directory with the DEFAULT_FILENAME + */ + public static fromPath(filePath: string): IntegManifestReader { + let st; + try { + st = fs.statSync(filePath); + } catch (e) { + throw new Error(`Cannot read integ manifest at '${filePath}': ${e.message}`); + } + if (st.isDirectory()) { + return IntegManifestReader.fromFile(path.join(filePath, IntegManifestReader.DEFAULT_FILENAME)); + } + return IntegManifestReader.fromFile(filePath); + } + + /** + * The directory where the manifest was found + */ + public readonly directory: string; + constructor(directory: string, private readonly manifest: IntegManifest) { + this.directory = directory; + } + + /** + * List of integration tests in the manifest + */ + public get tests(): IntegTestConfig { + return { + testCases: this.manifest.testCases, + enableLookups: this.manifest.enableLookups ?? false, + }; + } +} diff --git a/packages/@aws-cdk/integ-runner/lib/runner/runners.ts b/packages/@aws-cdk/integ-runner/lib/runner/runners.ts new file mode 100644 index 0000000000000..90327a82da7b0 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/runner/runners.ts @@ -0,0 +1,607 @@ +import * as path from 'path'; +import { Writable, WritableOptions } from 'stream'; +import { StringDecoder, NodeStringDecoder } from 'string_decoder'; +import { TestCase, RequireApproval, DefaultCdkOptions } from '@aws-cdk/cloud-assembly-schema'; +import { diffTemplate, formatDifferences } from '@aws-cdk/cloudformation-diff'; +import { AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY, FUTURE_FLAGS, TARGET_PARTITIONS } from '@aws-cdk/cx-api'; +import { CdkCliWrapper, ICdk } from 'cdk-cli-wrapper'; +import * as fs from 'fs-extra'; +import { Diagnostic, DiagnosticReason } from '../workers/common'; +import { canonicalizeTemplate } from './private/canonicalize-assets'; +import { AssemblyManifestReader } from './private/cloud-assembly'; +import { IntegManifestReader } from './private/integ-manifest'; + +const CDK_OUTDIR_PREFIX = 'cdk-integ.out'; +const CDK_INTEG_STACK_PRAGMA = '/// !cdk-integ'; +const PRAGMA_PREFIX = 'pragma:'; +const SET_CONTEXT_PRAGMA_PREFIX = 'pragma:set-context:'; +const VERIFY_ASSET_HASHES = 'pragma:include-assets-hashes'; +const ENABLE_LOOKUPS_PRAGMA = 'pragma:enable-lookups'; + +/** + * Options for creating an integration test runner + */ +export interface IntegRunnerOptions { + /** + * The name of the file that contains the integration test + * This should be a JavaScript file + */ + readonly fileName: string, + + /** + * Additional environment variables that will be available + * to the CDK CLI + * + * @default - no additional environment variables + */ + readonly env?: { [name: string]: string }, + + /** + * tmp cdk.out directory + * + * @default - directory will be `cdk-integ.out.${testName}` + */ + readonly integOutDir?: string, + + /** + * Instance of the CDK CLI to use + * + * @default - CdkCliWrapper + */ + readonly cdk?: ICdk; +} + +/** + * Represents an Integration test runner + */ +export abstract class IntegRunner { + /** + * The directory where the snapshot will be stored + */ + public readonly snapshotDir: string; + + /** + * An instance of the CDK CLI + */ + public readonly cdk: ICdk; + + /** + * Pretty name of the test + */ + public readonly testName: string; + + /** + * The path to the integration test file + */ + protected readonly sourceFilePath: string; + + /** + * The value used in the '--app' CLI parameter + */ + protected readonly cdkApp: string; + + /** + * The path where the `cdk.context.json` file + * will be created + */ + protected readonly cdkContextPath: string; + + /** + * The relative path from the cwd to the snapshot directory + */ + protected readonly relativeSnapshotDir: string; + + /** + * The integration tests that this runner will execute + */ + protected _tests?: { [testName: string]: TestCase }; + + /** + * The working directory that the integration tests will be + * executed from + */ + protected readonly directory: string; + + /** + * Default options to pass to the CDK CLI + */ + protected readonly defaultArgs: DefaultCdkOptions = { + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + } + + private _enableLookups?: boolean; + + /** + * The directory where the CDK will be synthed to + */ + protected readonly cdkOutDir: string; + + constructor(options: IntegRunnerOptions) { + const parsed = path.parse(options.fileName); + this.directory = parsed.dir; + this.testName = parsed.name.slice(6); + this.snapshotDir = path.join(this.directory, `${this.testName}.integ.snapshot`); + this.relativeSnapshotDir = `${this.testName}.integ.snapshot`; + this.sourceFilePath = path.join(this.directory, parsed.base); + this.cdkContextPath = path.join(this.directory, 'cdk.context.json'); + this.cdk = options.cdk ?? new CdkCliWrapper({ + cdkExecutable: require.resolve('aws-cdk/bin/cdk'), + directory: this.directory, + env: options.env, + }); + this.cdkOutDir = options.integOutDir ?? `${CDK_OUTDIR_PREFIX}.${this.testName}`; + this.cdkApp = `node ${parsed.base}`; + if (this.hasSnapshot()) { + this.loadManifest(); + } + } + + /** + * Whether or not lookups are enabled for a given test case + */ + protected get enableLookups(): boolean { + return this._enableLookups ?? false; + } + + /** + * Return this list of test cases for this integration test + */ + public get tests(): { [testName: string]: TestCase } | undefined { + return this._tests; + } + + /** + * Returns true if a snapshot already exists for this test + */ + public hasSnapshot(): boolean { + if (fs.existsSync(this.snapshotDir)) { + return true; + } else { + return false; + } + } + + protected loadManifest(dir?: string): void { + try { + const reader = IntegManifestReader.fromPath(dir ?? this.snapshotDir); + this._tests = reader.tests.testCases; + this._enableLookups = reader.tests.enableLookups; + } catch (e) { + this._tests = this.renderTestCasesForLegacyTests(); + this._enableLookups = this.pragmas().includes(ENABLE_LOOKUPS_PRAGMA); + } + } + + protected cleanup(): void { + const cdkOutPath = path.join(this.directory, this.cdkOutDir); + if (fs.existsSync(cdkOutPath)) { + fs.removeSync(cdkOutPath); + } + } + + protected createSnapshot(): void { + if (fs.existsSync(this.snapshotDir)) { + fs.removeSync(this.snapshotDir); + } + + // if lookups are enabled then we need to synth again + // using dummy context and save that as the snapshot + if (this.enableLookups) { + this.writeContext(); + this.cdk.synth({ + ...this.defaultArgs, + all: true, + app: this.cdkApp, + output: this.relativeSnapshotDir, + // TODO: figure out if we need this... + // env: { + // ...DEFAULT_SYNTH_OPTIONS.env, + // }, + }); + this.cleanupContextFile(); + } else { + fs.moveSync(path.join(this.directory, this.cdkOutDir), this.snapshotDir, { overwrite: true }); + } + } + + /** + * Returns the single test stack to use. + * + * If the test has a single stack, it will be chosen. Otherwise a pragma is expected within the + * test file the name of the stack: + * + * @example + * + * /// !cdk-integ + * + */ + private renderTestCasesForLegacyTests(): { [testName: string]: TestCase } { + const tests: TestCase = { + stacks: [], + }; + const pragma = this.readStackPragma(); + if (pragma.length > 0) { + tests.stacks.push(...pragma); + } else { + const stacks = (this.cdk.list({ + ...this.defaultArgs, + all: true, + app: this.cdkApp, + output: this.cdkOutDir, + })).split('\n'); + if (stacks.length !== 1) { + throw new Error('"cdk-integ" can only operate on apps with a single stack.\n\n' + + ' If your app has multiple stacks, specify which stack to select by adding this to your test source:\n\n' + + ` ${CDK_INTEG_STACK_PRAGMA} STACK ...\n\n` + + ` Available stacks: ${stacks.join(' ')} (wildcards are also supported)\n`); + } + tests.stacks.push(...stacks); + } + + return { + [this.testName]: tests, + }; + } + + /** + * Reads stack names from the "!cdk-integ" pragma. + * + * Every word that's NOT prefixed by "pragma:" is considered a stack name. + * + * @example + * + * /// !cdk-integ + */ + private readStackPragma(): string[] { + return (this.readIntegPragma()).filter(p => !p.startsWith(PRAGMA_PREFIX)); + } + + /** + * Read arbitrary cdk-integ pragma directives + * + * Reads the test source file and looks for the "!cdk-integ" pragma. If it exists, returns it's + * contents. This allows integ tests to supply custom command line arguments to "cdk deploy" and "cdk synth". + * + * @example + * + * /// !cdk-integ [...] + */ + private readIntegPragma(): string[] { + const source = fs.readFileSync(this.sourceFilePath, { encoding: 'utf-8' }); + const pragmaLine = source.split('\n').find(x => x.startsWith(CDK_INTEG_STACK_PRAGMA + ' ')); + if (!pragmaLine) { + return []; + } + + const args = pragmaLine.substring(CDK_INTEG_STACK_PRAGMA.length).trim().split(' '); + if (args.length === 0) { + throw new Error(`Invalid syntax for cdk-integ pragma. Usage: "${CDK_INTEG_STACK_PRAGMA} [STACK] [pragma:PRAGMA] [...]"`); + } + return args; + } + + /** + * Return the non-stack pragmas + * + * These are all pragmas that start with "pragma:". + * + * For backwards compatibility reasons, all pragmas that DON'T start with this + * string are considered to be stack names. + */ + protected pragmas(): string[] { + return (this.readIntegPragma()).filter(p => p.startsWith(PRAGMA_PREFIX)); + } + + /** + * There is not currently a way to pass structured context to the CLI + * so to workaround this we write the context to a file + */ + protected writeContext(additionalContext?: Record): void { + const ctxPragmaContext: Record = {}; + + // apply context from set-context pragma + // usage: pragma:set-context:key=value + const ctxPragmas = (this.pragmas()).filter(p => p.startsWith(SET_CONTEXT_PRAGMA_PREFIX)); + for (const p of ctxPragmas) { + const instruction = p.substring(SET_CONTEXT_PRAGMA_PREFIX.length); + const [key, value] = instruction.split('='); + if (key == null || value == null) { + throw new Error(`invalid "set-context" pragma syntax. example: "pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true" got: ${p}`); + } + + ctxPragmaContext[key] = value; + } + const context: Record = { + ...DEFAULT_SYNTH_OPTIONS.context, + ...ctxPragmaContext, + ...additionalContext, + }; + fs.writeFileSync(this.cdkContextPath, JSON.stringify(context, undefined, 2), { encoding: 'utf-8' }); + } + + protected cleanupContextFile() { + if (fs.existsSync(this.cdkContextPath)) { + fs.unlinkSync(this.cdkContextPath); + } + } +} + +/** + * Options for the integration test runner + */ +export interface RunOptions { + /** + * The test case to execute + */ + readonly testCase: TestCase; + + /** + * Whether or not to run `cdk destroy` and cleanup the + * integration test stacks. + * + * Set this to false if you need to perform any validation + * or troubleshooting after deployment. + * + * @default true + */ + readonly clean?: boolean; + + /** + * If set to true, the integration test will not deploy + * anything and will simply update the snapshot. + * + * You should NOT use this method since you are essentially + * bypassing the integration test. + * + * @default false + */ + readonly dryRun?: boolean; +} + +/** + * An integration test runner that orchestrates executing + * integration tests + */ +export class IntegTestRunner extends IntegRunner { + constructor(options: IntegRunnerOptions) { + super(options); + } + + /** + * Orchestrates running integration tests. Currently this includes + * + * 1. Deploying the integration test stacks + * 2. Saving the snapshot + * 3. Destroying the integration test stacks + */ + public runIntegTestCase(options: RunOptions): void { + const clean = options.clean ?? true; + try { + if (!options.dryRun) { + this.cdk.deploy({ + ...this.defaultArgs, + stacks: options.testCase.stacks, + requireApproval: RequireApproval.NEVER, + output: this.cdkOutDir, + app: this.cdkApp, + lookups: this.enableLookups, + }); + } else { + this.cdk.synth({ + ...this.defaultArgs, + stacks: options.testCase.stacks, + output: this.cdkOutDir, + app: this.cdkApp, + lookups: this.enableLookups, + }); + } + this.createSnapshot(); + } catch (e) { + throw e; + } finally { + if (!options.dryRun) { + if (clean) { + this.cdk.destroy({ + ...this.defaultArgs, + stacks: options.testCase.stacks, + force: true, + app: this.cdkApp, + output: this.cdkOutDir, + }); + } + } + this.cleanup(); + } + } + + /** + * Generate a snapshot if one does not exist + * This will synth and then load the integration test manifest + */ + public generateSnapshot(): void { + if (this.hasSnapshot()) { + throw new Error(`${this.testName} already has a snapshot: ${this.snapshotDir}`); + } + + this.cdk.synth({ + ...this.defaultArgs, + all: true, + app: this.cdkApp, + output: this.cdkOutDir, + }); + this.loadManifest(this.cdkOutDir); + } +} + +/** + * Runner for snapshot tests. This handles orchestrating + * the validation of the integration test snapshots + */ +export class IntegSnapshotRunner extends IntegRunner { + constructor(options: IntegRunnerOptions) { + super(options); + } + + /** + * Synth the integration tests and compare the templates + * to the existing snapshot. + */ + public testSnapshot(): Diagnostic[] { + try { + // read the existing snapshot + const expectedStacks = this.readAssembly(this.snapshotDir); + + // if lookups are enabled then write the dummy context file + if (this.enableLookups) { + this.writeContext(); + } + // synth the integration test + this.cdk.synth({ + ...this.defaultArgs, + all: true, + app: this.cdkApp, + output: this.cdkOutDir, + lookups: this.enableLookups, + }); + const actualStacks = this.readAssembly(path.join(this.directory, this.cdkOutDir)); + + // diff the existing snapshot (expected) with the integration test (actual) + const diagnostics = this.diffAssembly(expectedStacks, actualStacks); + return diagnostics; + } catch (e) { + throw e; + } finally { + this.cleanupContextFile(); + this.cleanup(); + } + } + + private diffAssembly(existing: Record, actual: Record): Diagnostic[] { + const verifyHashes = this.pragmas().includes(VERIFY_ASSET_HASHES); + const failures: Diagnostic[] = []; + for (const templateId of Object.keys(existing)) { + if (!actual.hasOwnProperty(templateId)) { + failures.push({ + testName: this.testName, + reason: DiagnosticReason.SNAPSHOT_FAILED, + message: `${templateId} exists in snapshot, but not in actual`, + }); + } + } + + for (const templateId of Object.keys(actual)) { + if (!existing.hasOwnProperty(templateId)) { + failures.push({ + testName: this.testName, + reason: DiagnosticReason.SNAPSHOT_FAILED, + message: `${templateId} does not exist in snapshot, but does in actual`, + }); + } else { + let actualTemplate = actual[templateId]; + let expectedTemplate = existing[templateId]; + + if (!verifyHashes) { + actualTemplate = canonicalizeTemplate(actualTemplate); + expectedTemplate = canonicalizeTemplate(expectedTemplate); + } + const diff = diffTemplate(expectedTemplate, actualTemplate); + if (!diff.isEmpty) { + const writable = new StringWritable({}); + formatDifferences(writable, diff); + failures.push({ + reason: DiagnosticReason.SNAPSHOT_FAILED, + message: writable.data, + testName: this.testName, + }); + } + } + } + + return failures; + } + + private readAssembly(dir: string): Record { + const assembly = AssemblyManifestReader.fromPath(dir); + const stacks = assembly.stacks; + + return stacks; + } +} + +class StringWritable extends Writable { + public data: string; + private _decoder: NodeStringDecoder; + constructor(options: WritableOptions) { + super(options); + this._decoder = new StringDecoder(); + this.data = ''; + } + + _write(chunk: any, encoding: string, callback: (error?: Error | null) => void): void { + if (encoding === 'buffer') { + chunk = this._decoder.write(chunk); + } + + this.data += chunk; + callback(); + } + + _final(callback: (error?: Error | null) => void): void { + this.data += this._decoder.end(); + callback(); + } +} + +// Default context we run all integ tests with, so they don't depend on the +// account of the exercising user. +const DEFAULT_SYNTH_OPTIONS = { + context: { + [AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY]: ['test-region-1a', 'test-region-1b', 'test-region-1c'], + 'availability-zones:account=12345678:region=test-region': ['test-region-1a', 'test-region-1b', 'test-region-1c'], + 'ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2:region=test-region': 'ami-1234', + 'ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2:region=test-region': 'ami-1234', + 'ssm:account=12345678:parameterName=/aws/service/ecs/optimized-ami/amazon-linux/recommended:region=test-region': '{"image_id": "ami-1234"}', + // eslint-disable-next-line max-len + 'ami:account=12345678:filters.image-type.0=machine:filters.name.0=amzn-ami-vpc-nat-*:filters.state.0=available:owners.0=amazon:region=test-region': 'ami-1234', + 'vpc-provider:account=12345678:filter.isDefault=true:region=test-region:returnAsymmetricSubnets=true': { + vpcId: 'vpc-60900905', + subnetGroups: [ + { + type: 'Public', + name: 'Public', + subnets: [ + { + subnetId: 'subnet-e19455ca', + availabilityZone: 'us-east-1a', + routeTableId: 'rtb-e19455ca', + }, + { + subnetId: 'subnet-e0c24797', + availabilityZone: 'us-east-1b', + routeTableId: 'rtb-e0c24797', + }, + { + subnetId: 'subnet-ccd77395', + availabilityZone: 'us-east-1c', + routeTableId: 'rtb-ccd77395', + }, + ], + }, + ], + }, + // Enable feature flags for all integ tests + ...FUTURE_FLAGS, + + // Restricting to these target partitions makes most service principals synthesize to + // `service.${URL_SUFFIX}`, which is technically *incorrect* (it's only `amazonaws.com` + // or `amazonaws.com.cn`, never UrlSuffix for any of the restricted regions) but it's what + // most existing integ tests contain, and we want to disturb as few as possible. + [TARGET_PARTITIONS]: ['aws', 'aws-cn'], + }, + env: { + CDK_INTEG_ACCOUNT: '12345678', + CDK_INTEG_REGION: 'test-region', + }, +}; diff --git a/packages/@aws-cdk/integ-runner/lib/workers/common.ts b/packages/@aws-cdk/integ-runner/lib/workers/common.ts new file mode 100644 index 0000000000000..b1bd40e6a2312 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/workers/common.ts @@ -0,0 +1,128 @@ +import * as chalk from 'chalk'; +import * as logger from '../logger'; +import { IntegTestConfig } from '../runner/integ-tests'; + +/** + * Integration test results + */ +export interface IntegBatchResponse { + failedTests: IntegTestConfig[]; +} + +/** + * Common options for running integration tests + */ +export interface IntegTestOptions { + /** + * A list of integration tests to run + * in this batch + */ + readonly tests: IntegTestConfig[]; + + /** + * Whether or not to destroy the stacks at the + * end of the test + * + * @default true + */ + readonly clean?: boolean; + + /** + * When this is set to `true` the snapshot will + * be created _without_ running the integration test + * The resulting snapshot SHOULD NOT be checked in + * + * @default false + */ + readonly dryRun?: boolean; + + /** + * Whether to enable verbose logging + * + * @default false + */ + readonly verbose?: boolean; +} + +/** + * Represents possible reasons for a diagnostic + */ +export enum DiagnosticReason { + /** + * The integration test failed because there + * is not existing snapshot + */ + NO_SNAPSHOT = 'NO_SNAPSHOT', + + /** + * The integration test failed + */ + TEST_FAILED = 'TEST_FAILED', + + /** + * The snapshot test failed because the actual + * snapshot was different than the expected snapshot + */ + SNAPSHOT_FAILED = 'SNAPSHOT_FAILED', + + /** + * The snapshot test succeeded + */ + SNAPSHOT_SUCCESS = 'SNAPSHOT_SUCCESS', + + /** + * The integration test succeeded + */ + TEST_SUCCESS = 'TEST_SUCCESS', +} + +/** + * Integration test diagnostics + * This is used to report back the status of each test + */ +export interface Diagnostic { + /** + * The name of the test + */ + readonly testName: string; + + /** + * The diagnostic message + */ + readonly message: string; + + /** + * The reason for the diagnostic + */ + readonly reason: DiagnosticReason; +} + +export function printSummary(total: number, failed: number): void { + if (failed > 0) { + logger.print('%s: %s %s, %s total', chalk.bold('Tests'), chalk.red(failed), chalk.red('failed'), total); + } else { + logger.print('%s: %s %s, %s total', chalk.bold('Tests'), chalk.green(total), chalk.green('passed'), total); + } +} + +/** + * Print out the results from tests + */ +export function printResults(diagnostic: Diagnostic): void { + switch (diagnostic.reason) { + case DiagnosticReason.SNAPSHOT_SUCCESS: + logger.success(' %s No Change!', diagnostic.testName); + break; + case DiagnosticReason.TEST_SUCCESS: + logger.success(' %s Test Succeeded!', diagnostic.testName); + break; + case DiagnosticReason.NO_SNAPSHOT: + logger.error(' %s - No Snapshot!', diagnostic.testName); + break; + case DiagnosticReason.SNAPSHOT_FAILED: + logger.error(' %s - Snapshot changed!\n%s', diagnostic.testName, diagnostic.message); + break; + case DiagnosticReason.TEST_FAILED: + logger.error(' %s - Failed!\n%s', diagnostic.testName, diagnostic.message); + } +} diff --git a/packages/@aws-cdk/integ-runner/lib/workers/extract/extract_worker.ts b/packages/@aws-cdk/integ-runner/lib/workers/extract/extract_worker.ts new file mode 100644 index 0000000000000..f4991f56d1826 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/workers/extract/extract_worker.ts @@ -0,0 +1,35 @@ +import * as workerpool from 'workerpool'; +import { IntegTestConfig } from '../../runner/integ-tests'; +import { Diagnostic, IntegBatchResponse } from '../common'; +import { singleThreadedSnapshotRunner } from '../integ-snapshot-worker'; +import { singleThreadedTestRunner, IntegTestBatchRequest } from '../integ-test-worker'; + +/** + * Options for running snapshot tests + */ +export interface SnapshotBatchRequest { + readonly tests: IntegTestConfig[]; +} + +/** + * Snapshot test results + */ +export interface SnapshotBatchResponse { + diagnostics: Diagnostic[]; + failedTests: IntegTestConfig[]; +} + +function integTestBatch(request: IntegTestBatchRequest): IntegBatchResponse { + const result = singleThreadedTestRunner(request); + return result; +} + +function snapshotTestBatch(request: SnapshotBatchRequest): IntegBatchResponse { + const result = singleThreadedSnapshotRunner(request.tests); + return result; +} + +workerpool.worker({ + snapshotTestBatch, + integTestBatch, +}); diff --git a/packages/@aws-cdk/integ-runner/lib/workers/extract/index.ts b/packages/@aws-cdk/integ-runner/lib/workers/extract/index.ts new file mode 100644 index 0000000000000..f1a7211364650 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/workers/extract/index.ts @@ -0,0 +1 @@ +export * from './extract_worker'; diff --git a/packages/@aws-cdk/integ-runner/lib/workers/index.ts b/packages/@aws-cdk/integ-runner/lib/workers/index.ts new file mode 100644 index 0000000000000..f425090046137 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/workers/index.ts @@ -0,0 +1,3 @@ +export * from './common'; +export * from './integ-test-worker'; +export * from './integ-snapshot-worker'; diff --git a/packages/@aws-cdk/integ-runner/lib/workers/integ-snapshot-worker.ts b/packages/@aws-cdk/integ-runner/lib/workers/integ-snapshot-worker.ts new file mode 100644 index 0000000000000..3e9668ad34583 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/workers/integ-snapshot-worker.ts @@ -0,0 +1,103 @@ +import * as workerpool from 'workerpool'; +import * as logger from '../logger'; +import { IntegTestConfig } from '../runner/integ-tests'; +import { IntegSnapshotRunner } from '../runner/runners'; +import { IntegBatchResponse, printSummary, Diagnostic, DiagnosticReason, printResults } from './common'; + +/** + * Options for running snapshot tests + */ +export interface SnapshotBatchRequest { + readonly tests: IntegTestConfig[]; +} + +/** + * Snapshot test results + */ +export interface SnapshotBatchResponse { + diagnostics: Diagnostic[]; + failedTests: IntegTestConfig[]; +} + +/** + * Split a list of snapshot tests into batches that can be run using a workerpool. + */ +function batchTests(tests: IntegTestConfig[]): SnapshotBatchRequest[] { + let batchSize = 3; + const ret: SnapshotBatchRequest[] = []; + for (let i = 0; i < tests.length; i += batchSize) { + ret.push({ + tests: tests.slice(i, i + batchSize), + }); + } + return ret; +} + +/** + * Run Snapshot tests + * First batch up the tests. By default there will be 3 tests per batch. + * Use a workerpool to run the batches in parallel. + */ +export async function runSnapshotTests(pool: workerpool.WorkerPool, tests: IntegTestConfig[]): Promise { + const testsToRun: IntegTestConfig[] = []; + const requests = batchTests(tests); + logger.highlight('\nVerifying integration test snapshots...\n'); + + const responses: IntegBatchResponse[] = await Promise.all( + requests.map((request) => pool.exec('snapshotTestBatch', [request], { + on: printResults, + })), + ); + for (const response of responses) { + testsToRun.push(...response.failedTests); + } + + logger.highlight('\nSnapshot Results: \n'); + printSummary(tests.length, testsToRun.length); return testsToRun; +} + +/** + * Runs a single snapshot test batch request. + * For each integration test this will check to see + * if there is an existing snapshot, and if there is will + * check if there are any changes + */ +export function singleThreadedSnapshotRunner(tests: IntegTestConfig[]): IntegBatchResponse { + const failedTests = new Array(); + for (const test of tests) { + const runner = new IntegSnapshotRunner({ fileName: test.fileName }); + try { + if (!runner.hasSnapshot()) { + workerpool.workerEmit({ + reason: DiagnosticReason.NO_SNAPSHOT, + testName: runner.testName, + message: 'No Snapshot', + }); + failedTests.push(test); + } else { + const snapshotDiagnostics = runner.testSnapshot(); + if (snapshotDiagnostics.length > 0) { + snapshotDiagnostics.forEach(diagnostic => printResults(diagnostic)); + failedTests.push(test); + } else { + workerpool.workerEmit({ + reason: DiagnosticReason.SNAPSHOT_SUCCESS, + testName: runner.testName, + message: 'Success', + }); + } + } + } catch (e) { + failedTests.push(test); + workerpool.workerEmit({ + message: e.message, + testName: runner.testName, + reason: DiagnosticReason.SNAPSHOT_FAILED, + }); + } + } + + return { + failedTests, + }; +} diff --git a/packages/@aws-cdk/integ-runner/lib/workers/integ-test-worker.ts b/packages/@aws-cdk/integ-runner/lib/workers/integ-test-worker.ts new file mode 100644 index 0000000000000..b02af11b46861 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/lib/workers/integ-test-worker.ts @@ -0,0 +1,140 @@ +import * as workerpool from 'workerpool'; +import * as logger from '../logger'; +import { IntegTestConfig } from '../runner/integ-tests'; +import { IntegTestRunner } from '../runner/runners'; +import { printResults, printSummary, IntegBatchResponse, IntegTestOptions, DiagnosticReason } from './common'; + +/** + * Options for an integration test batch + */ +export interface IntegTestBatchRequest extends IntegTestOptions { + /** + * The AWS region to run this batch in + */ + readonly region: string; +} + +/** + * Options for running all integration tests + */ +export interface IntegTestRunOptions extends IntegTestOptions { + /** + * The regions to run the integration tests across. + * This allows the runner to run integration tests in parallel + */ + readonly regions: string[]; + + /** + * The workerpool to use + */ + readonly pool: workerpool.WorkerPool; +} + +/** + * Run Integration tests. + */ +export async function runIntegrationTests(options: IntegTestRunOptions): Promise { + logger.highlight('\nRunning integration tests for failed tests...\n'); + logger.print('Running in parallel across: %s', options.regions.join(', ')); + const totalTests = options.tests.length; + const failedTests: IntegTestConfig[] = []; + + const responses = await runIntegrationTestsInParallel(options); + for (const response of responses) { + failedTests.push(...response.failedTests); + } + logger.highlight('\nTest Results: \n'); + printSummary(totalTests, failedTests.length); +} + +/** + * Runs a set of integration tests in parallel across a list of AWS regions. + * Only a single test can be run at a time in a given region. Once a region + * is done running a test, the next test will be pulled from the queue + */ +export async function runIntegrationTestsInParallel( + options: IntegTestRunOptions, +): Promise { + + const queue = options.tests; + const results: IntegBatchResponse[] = []; + + async function runTest(region: string): Promise { + do { + const test = queue.pop(); + if (!test) break; + logger.highlight(`Running test ${test.fileName} in ${region}`); + const response: IntegBatchResponse = await options.pool.exec('integTestBatch', [{ + region, + tests: [test], + clean: options.clean, + dryRun: options.dryRun, + verbose: options.verbose, + }], { + on: printResults, + }); + + results.push(response); + } while (queue.length > 0); + } + + const workers = options.regions.map((region) => runTest(region)); + await Promise.all(workers); + return results; +} + +/** + * Runs a single integration test batch request. + * If the test does not have an existing snapshot, + * this will first generate a snapshot and then execute + * the integration tests. + * + * If the tests succeed it will then save the snapshot + */ +export function singleThreadedTestRunner(request: IntegTestBatchRequest): IntegBatchResponse { + const failures: IntegTestConfig[] = []; + for (const test of request.tests) { + const runner = new IntegTestRunner({ + fileName: test.fileName, + env: { + AWS_REGION: request.region, + }, + }); + try { + if (!runner.hasSnapshot()) { + runner.generateSnapshot(); + } + + if (!runner.tests) { + throw new Error(`No tests defined for ${runner.testName}`); + } + for (const [testName, testCase] of Object.entries(runner.tests)) { + try { + runner.runIntegTestCase({ + testCase: testCase, + clean: request.clean, + dryRun: request.dryRun, + }); + workerpool.workerEmit({ + reason: DiagnosticReason.TEST_SUCCESS, + testName: testName, + message: 'Success', + }); + } catch (e) { + failures.push(test); + workerpool.workerEmit({ + reason: DiagnosticReason.TEST_FAILED, + testName: testName, + message: `Integration test failed: ${e}`, + }); + } + } + } catch (e) { + logger.error(`Errors running test cases: ${e}`); + } + } + + return { + failedTests: failures, + }; +} diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json new file mode 100644 index 0000000000000..dbf265f93b6d2 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/package.json @@ -0,0 +1,100 @@ +{ + "name": "@aws-cdk/integ-runner", + "description": "CDK Integration Testing Tool", + "version": "0.0.0", + "private": true, + "main": "lib/index.js", + "types": "lib/index.d.ts", + "bin": { + "integ-runner": "bin/integ-runner" + }, + "scripts": { + "build": "cdk-build", + "lint": "cdk-lint", + "package": "cdk-package", + "awslint": "cdk-awslint", + "pkglint": "pkglint -f", + "test": "cdk-test", + "watch": "cdk-watch", + "build+test": "yarn build && yarn test", + "build+test+package": "yarn build+test && yarn package", + "compat": "cdk-compat", + "build+extract": "yarn build", + "build+test+extract": "yarn build+test" + }, + "cdk-package": { + "bundle": { + "entryPoints": [ + "lib/index.js", + "lib/workers/extract/index.js" + ], + "externals": { + "dependencies": [ + "aws-cdk" + ] + }, + "allowedLicenses": [ + "Apache-2.0", + "MIT", + "BSD-3-Clause", + "ISC", + "BSD-2-Clause", + "0BSD" + ], + "dontAttribute": "^@aws-cdk/|^cdk-assets$|^cdk-cli-wrapper$", + "test": "bin/integ-runner --version" + } + }, + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "devDependencies": { + "@aws-cdk/cdk-build-tools": "0.0.0", + "@aws-cdk/pkglint": "0.0.0", + "@types/fs-extra": "^8.1.2", + "@types/jest": "^27.4.1", + "@types/node": "^10.17.60", + "@types/workerpool": "^6.1.0", + "@types/yargs": "^15.0.14", + "jest": "^27.5.1" + }, + "dependencies": { + "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloudformation-diff": "0.0.0", + "@aws-cdk/cx-api": "0.0.0", + "cdk-cli-wrapper": "0.0.0", + "aws-cdk": "0.0.0", + "chalk": "^4", + "fs-extra": "^9.1.0", + "workerpool": "^6.2.0", + "yargs": "^16.2.0" + }, + "repository": { + "url": "https://github.com/aws/aws-cdk.git", + "type": "git", + "directory": "packages/@aws-cdk/integ-runner" + }, + "keywords": [ + "aws", + "cdk" + ], + "homepage": "https://github.com/aws/aws-cdk", + "engines": { + "node": ">= 14.15.0" + }, + "nozem": { + "ostools": [ + "unzip", + "diff", + "rm" + ] + }, + "stability": "experimental", + "maturity": "experimental", + "publishConfig": { + "tag": "latest" + } +} diff --git a/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts b/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts new file mode 100644 index 0000000000000..878f5bf5d2489 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts @@ -0,0 +1,15 @@ +import * as path from 'path'; +import { IntegrationTests } from '../../lib/runner/integ-tests'; + +const directory = path.join(__dirname, '../test-data'); + +describe('IntegrationTests', () => { + test('from cli args', async () => { + const tests = new IntegrationTests(directory); + + const integTests = await tests.fromCliArgs(['integ.integ-test1.js']); + + expect(integTests.length).toEqual(1); + expect(integTests[0].fileName).toEqual(expect.stringMatching(/integ.integ-test1.js$/)); + }); +}); diff --git a/packages/@aws-cdk/integ-runner/test/runner/runners.test.ts b/packages/@aws-cdk/integ-runner/test/runner/runners.test.ts new file mode 100644 index 0000000000000..da6cb3aaf83ae --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/runner/runners.test.ts @@ -0,0 +1,324 @@ +import * as path from 'path'; +import * as fs from 'fs-extra'; +import { IntegTestRunner, IntegSnapshotRunner } from '../../lib/runner/runners'; +import { DiagnosticReason } from '../../lib/workers/common'; + +describe('IntegTest runSnapshotTests', () => { + let synthMock: jest.SpyInstance; + beforeEach(() => { + jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); + jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); + }); + afterEach(() => { + jest.clearAllMocks(); + jest.resetAllMocks(); + jest.restoreAllMocks(); + }); + test('with defaults no diff', () => { + // WHEN + const integTest = new IntegSnapshotRunner({ + fileName: 'test/test-data/integ.test-with-snapshot.js', + integOutDir: 'test-with-snapshot.integ.snapshot', + }); + synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); + integTest.testSnapshot(); + + // THEN + expect(synthMock).toHaveBeenCalledTimes(1); + expect(synthMock.mock.calls[0][0]).toEqual({ + all: true, + app: 'node integ.test-with-snapshot.js', + output: 'test-with-snapshot.integ.snapshot', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + lookups: false, + }); + }); + + test('with defaults and diff', () => { + // WHEN + const integTest = new IntegSnapshotRunner({ + fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot.js'), + integOutDir: 'test-with-snapshot-diff.integ.snapshot', + }); + synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); + const diagnostics = integTest.testSnapshot(); + + // THEN + expect(synthMock).toHaveBeenCalledTimes(1); + expect(synthMock.mock.calls[0][0]).toEqual({ + all: true, + app: 'node integ.test-with-snapshot.js', + output: 'test-with-snapshot-diff.integ.snapshot', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + lookups: false, + }); + expect(diagnostics).toEqual(expect.arrayContaining([expect.objectContaining({ + reason: DiagnosticReason.SNAPSHOT_FAILED, + testName: integTest.testName, + message: expect.stringContaining('foobar'), + })])); + }); + + test('dont diff asset hashes', () => { + // WHEN + const integTest = new IntegSnapshotRunner({ + fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot-assets-diff.js'), + integOutDir: 'test-with-snapshot-assets.integ.snapshot', + }); + synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); + expect(() => { + integTest.testSnapshot(); + }).not.toThrow(); + + // THEN + expect(synthMock).toHaveBeenCalledTimes(1); + expect(synthMock.mock.calls[0][0]).toEqual({ + all: true, + app: 'node integ.test-with-snapshot-assets-diff.js', + output: 'test-with-snapshot-assets.integ.snapshot', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + lookups: true, + }); + }); + + test('diff asset hashes', () => { + // WHEN + const integTest = new IntegSnapshotRunner({ + fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot-assets.js'), + integOutDir: 'test-with-snapshot-assets-diff.integ.snapshot', + }); + synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); + const diagnostics = integTest.testSnapshot(); + + // THEN + expect(synthMock).toHaveBeenCalledTimes(1); + expect(synthMock.mock.calls[0][0]).toEqual({ + all: true, + app: 'node integ.test-with-snapshot-assets.js', + output: 'test-with-snapshot-assets-diff.integ.snapshot', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + lookups: false, + }); + expect(diagnostics).toEqual(expect.arrayContaining([expect.objectContaining({ + reason: DiagnosticReason.SNAPSHOT_FAILED, + testName: integTest.testName, + message: expect.stringContaining('Parameters'), + })])); + }); +}); + +describe('IntegTest runIntegTests', () => { + let integTest: IntegTestRunner; + let deployMock: jest.SpyInstance; + let destroyMock: jest.SpyInstance; + let synthMock: jest.SpyInstance; + let listMock: jest.SpyInstance; + // let stderrMock: jest.SpyInstance; + beforeEach(() => { + integTest = new IntegTestRunner({ fileName: path.join(__dirname, '../test-data/integ.integ-test1.js') }); + deployMock = jest.spyOn(integTest.cdk, 'deploy').mockImplementation(); + destroyMock = jest.spyOn(integTest.cdk, 'destroy').mockImplementation(); + synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); + listMock = jest.spyOn(integTest.cdk, 'list').mockImplementation(); + jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); + }); + afterEach(() => { + jest.clearAllMocks(); + jest.resetAllMocks(); + jest.restoreAllMocks(); + }); + test('with defaults', () => { + // WHEN + integTest.runIntegTestCase({ + testCase: { + stacks: ['stack1'], + }, + }); + + // THEN + expect(deployMock).toHaveBeenCalledTimes(1); + expect(destroyMock).toHaveBeenCalledTimes(1); + expect(synthMock).toHaveBeenCalledTimes(0); + expect(deployMock.mock.calls[0][0]).toEqual({ + app: 'node integ.integ-test1.js', + requireApproval: 'never', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + lookups: false, + stacks: ['stack1'], + output: 'cdk-integ.out.integ-test1', + }); + expect(destroyMock.mock.calls[0][0]).toEqual({ + app: 'node integ.integ-test1.js', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + force: true, + stacks: ['stack1'], + output: 'cdk-integ.out.integ-test1', + }); + }); + + test('with lookups', () => { + // WHEN + integTest = new IntegTestRunner({ fileName: path.join(__dirname, '../test-data/integ.test-with-snapshot-assets-diff.js') }); + deployMock = jest.spyOn(integTest.cdk, 'deploy').mockImplementation(); + destroyMock = jest.spyOn(integTest.cdk, 'destroy').mockImplementation(); + synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); + listMock = jest.spyOn(integTest.cdk, 'list').mockImplementation(); + integTest.runIntegTestCase({ + testCase: { + stacks: ['test-stack'], + }, + }); + + // THEN + expect(deployMock).toHaveBeenCalledTimes(1); + expect(destroyMock).toHaveBeenCalledTimes(1); + expect(synthMock).toHaveBeenCalledTimes(1); + expect(deployMock.mock.calls[0][0]).toEqual({ + app: 'node integ.test-with-snapshot-assets-diff.js', + requireApproval: 'never', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + lookups: true, + stacks: ['test-stack'], + output: 'cdk-integ.out.test-with-snapshot-assets-diff', + }); + expect(synthMock.mock.calls[0][0]).toEqual({ + app: 'node integ.test-with-snapshot-assets-diff.js', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + all: true, + output: 'test-with-snapshot-assets-diff.integ.snapshot', + }); + expect(destroyMock.mock.calls[0][0]).toEqual({ + app: 'node integ.test-with-snapshot-assets-diff.js', + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + force: true, + stacks: ['test-stack'], + output: 'cdk-integ.out.test-with-snapshot-assets-diff', + }); + }); + + test('no clean', () => { + // WHEN + integTest.runIntegTestCase({ + clean: false, + testCase: { + stacks: ['stack1'], + }, + }); + + // THEN + expect(deployMock).toHaveBeenCalledTimes(1); + expect(destroyMock).toHaveBeenCalledTimes(0); + expect(synthMock).toHaveBeenCalledTimes(0); + }); + + test('dryrun', () => { + // WHEN + integTest.runIntegTestCase({ + dryRun: true, + testCase: { + stacks: ['stack1'], + }, + }); + + // THEN + expect(deployMock).toHaveBeenCalledTimes(0); + expect(destroyMock).toHaveBeenCalledTimes(0); + expect(synthMock).toHaveBeenCalledTimes(1); + }); + + test('determine test stack via pragma', () => { + // WHEN + integTest.generateSnapshot(); + + // THEN + expect(integTest.tests).toEqual(expect.objectContaining({ + 'integ-test1': { + stacks: ['stack1'], + }, + })); + expect(listMock).toHaveBeenCalledTimes(0); + }); + + test('generate snapshot', () => { + // WHEN + integTest.generateSnapshot(); + + // THEN + expect(synthMock).toHaveBeenCalledTimes(1); + expect(synthMock.mock.calls[0][0]).toEqual({ + all: true, + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + app: 'node integ.integ-test1.js', + output: 'cdk-integ.out.integ-test1', + }); + }); +}); + +describe('IntegTest no pragma', () => { + let integTest: IntegTestRunner; + let synthMock: jest.SpyInstance; + beforeEach(() => { + integTest = new IntegTestRunner({ fileName: 'test/test-data/integ.integ-test2.js' }); + jest.spyOn(integTest.cdk, 'deploy').mockImplementation(); + jest.spyOn(integTest.cdk, 'destroy').mockImplementation(); + synthMock = jest.spyOn(integTest.cdk, 'synth').mockImplementation(); + jest.spyOn(integTest.cdk, 'list').mockImplementation(() => { + return 'stackabc'; + }); + jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); + }); + afterEach(() => { + jest.clearAllMocks(); + jest.resetAllMocks(); + jest.restoreAllMocks(); + }); + test('get stacks from list', async () => { + // WHEN + integTest.generateSnapshot(); + + // THEN + expect(integTest.tests).toEqual(expect.objectContaining({ + 'integ-test2': { + stacks: ['stackabc'], + }, + })); + expect(synthMock).toHaveBeenCalledTimes(1); + expect(synthMock.mock.calls[0][0]).toEqual({ + app: 'node integ.integ-test2.js', + all: true, + pathMetadata: false, + assetMetadata: false, + versionReporting: false, + output: 'cdk-integ.out.integ-test2', + }); + }); +}); diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/cdk.out new file mode 100644 index 0000000000000..2efc89439fab8 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/cdk.out @@ -0,0 +1 @@ +{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/manifest.json new file mode 100644 index 0000000000000..c0da3afe14484 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/manifest.json @@ -0,0 +1,57 @@ +{ + "version": "17.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-stack.template.json", + "validateOnSynth": false + }, + "metadata": { + "/test-stack/MyFunction1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction1ServiceRole9852B06B", + "trace": [ + "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ], + "/test-stack/MyFunction1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction12A744C2E", + "trace": [ + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ] + }, + "displayName": "test-stack" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/test-stack.template.json new file mode 100644 index 0000000000000..969780cdf33e5 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/test-stack.template.json @@ -0,0 +1,68 @@ +{ + "Resources": { + "MyFunction1ServiceRole9852B06B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MyFunction12A744C2E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "foo" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunction1ServiceRole9852B06B" + ] + } + }, + "Parameters": { + "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3BucketBF50F97C": { + "Type": "String", + "Description": "S3 bucket for asset \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + }, + "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1": { + "Type": "String", + "Description": "S3 key for asset version \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + }, + "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509ArtifactHash5D8C129B": { + "Type": "String", + "Description": "Artifact hash for asset \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/tree.json new file mode 100644 index 0000000000000..b664bec74b37c --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot-assets/tree.json @@ -0,0 +1,114 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "@aws-cdk/core.Construct", + "version": "0.0.0" + } + }, + "test-stack": { + "id": "test-stack", + "path": "test-stack", + "children": { + "MyFunction1": { + "id": "MyFunction1", + "path": "test-stack/MyFunction1", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "test-stack/MyFunction1/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "foo" + }, + "role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/cdk.out new file mode 100644 index 0000000000000..2efc89439fab8 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/manifest.json new file mode 100644 index 0000000000000..c0da3afe14484 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/manifest.json @@ -0,0 +1,57 @@ +{ + "version": "17.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-stack.template.json", + "validateOnSynth": false + }, + "metadata": { + "/test-stack/MyFunction1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction1ServiceRole9852B06B", + "trace": [ + "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ], + "/test-stack/MyFunction1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction12A744C2E", + "trace": [ + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ] + }, + "displayName": "test-stack" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/test-stack.template.json new file mode 100644 index 0000000000000..40f4c8238c04f --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/test-stack.template.json @@ -0,0 +1,54 @@ +{ + "Resources": { + "MyFunction1ServiceRole9852B06B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MyFunction12A744C2E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "foo" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunction1ServiceRole9852B06B" + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/tree.json new file mode 100644 index 0000000000000..b664bec74b37c --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/cdk-integ.out.test-with-snapshot/tree.json @@ -0,0 +1,114 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "@aws-cdk/core.Construct", + "version": "0.0.0" + } + }, + "test-stack": { + "id": "test-stack", + "path": "test-stack", + "children": { + "MyFunction1": { + "id": "MyFunction1", + "path": "test-stack/MyFunction1", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "test-stack/MyFunction1/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "foo" + }, + "role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test1.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test1.ts new file mode 100644 index 0000000000000..26679b49d93bc --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test1.ts @@ -0,0 +1,2 @@ +/// !cdk-integ stack1 pragma:ignore-assets +/// !cdk-integ pragma:ignore-assets diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test2.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test2.ts new file mode 100644 index 0000000000000..bb0eb24f2756d --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/integ.integ-test2.ts @@ -0,0 +1 @@ +/// !cdk-integ pragma:enable-lookups diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets-diff.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets-diff.ts new file mode 100644 index 0000000000000..bcdc92fbcdcf2 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets-diff.ts @@ -0,0 +1 @@ +/// !cdk-integ test-stack pragma:enable-lookups diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets.ts new file mode 100644 index 0000000000000..ff230f9f7e58e --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot-assets.ts @@ -0,0 +1 @@ +/// !cdk-integ test-stack pragma:include-assets-hashes diff --git a/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot.ts b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot.ts new file mode 100644 index 0000000000000..c3548a8acffcc --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/integ.test-with-snapshot.ts @@ -0,0 +1,2 @@ +/// !cdk-integ test-stack pragma:ignore-assets +/// !cdk-integ pragma:ignore-assets diff --git a/packages/@aws-cdk/integ-runner/test/test-data/not.integ-test.ts b/packages/@aws-cdk/integ-runner/test/test-data/not.integ-test.ts new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..2efc89439fab8 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..c0da3afe14484 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/manifest.json @@ -0,0 +1,57 @@ +{ + "version": "17.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-stack.template.json", + "validateOnSynth": false + }, + "metadata": { + "/test-stack/MyFunction1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction1ServiceRole9852B06B", + "trace": [ + "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ], + "/test-stack/MyFunction1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction12A744C2E", + "trace": [ + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ] + }, + "displayName": "test-stack" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/test-stack.template.json new file mode 100644 index 0000000000000..969780cdf33e5 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/test-stack.template.json @@ -0,0 +1,68 @@ +{ + "Resources": { + "MyFunction1ServiceRole9852B06B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MyFunction12A744C2E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "foo" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunction1ServiceRole9852B06B" + ] + } + }, + "Parameters": { + "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3BucketBF50F97C": { + "Type": "String", + "Description": "S3 bucket for asset \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + }, + "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1": { + "Type": "String", + "Description": "S3 key for asset version \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + }, + "AssetParametersDec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509ArtifactHash5D8C129B": { + "Type": "String", + "Description": "Artifact hash for asset \"Dec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/tree.json new file mode 100644 index 0000000000000..b664bec74b37c --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets-diff.integ.snapshot/tree.json @@ -0,0 +1,114 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "@aws-cdk/core.Construct", + "version": "0.0.0" + } + }, + "test-stack": { + "id": "test-stack", + "path": "test-stack", + "children": { + "MyFunction1": { + "id": "MyFunction1", + "path": "test-stack/MyFunction1", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "test-stack/MyFunction1/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "foo" + }, + "role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..2efc89439fab8 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..c0da3afe14484 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/manifest.json @@ -0,0 +1,57 @@ +{ + "version": "17.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-stack.template.json", + "validateOnSynth": false + }, + "metadata": { + "/test-stack/MyFunction1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction1ServiceRole9852B06B", + "trace": [ + "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ], + "/test-stack/MyFunction1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction12A744C2E", + "trace": [ + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ] + }, + "displayName": "test-stack" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/test-stack.template.json new file mode 100644 index 0000000000000..ed2a09b94be23 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/test-stack.template.json @@ -0,0 +1,68 @@ +{ + "Resources": { + "MyFunction1ServiceRole9852B06B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MyFunction12A744C2E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "foo" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunction1ServiceRole9852B06B" + ] + } + }, + "Parameters": { + "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3BucketBF50F97C": { + "Type": "String", + "Description": "S3 bucket for asset \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + }, + "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1": { + "Type": "String", + "Description": "S3 key for asset version \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + }, + "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509ArtifactHash5D8C129B": { + "Type": "String", + "Description": "Artifact hash for asset \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/tree.json new file mode 100644 index 0000000000000..b664bec74b37c --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-assets.integ.snapshot/tree.json @@ -0,0 +1,114 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "@aws-cdk/core.Construct", + "version": "0.0.0" + } + }, + "test-stack": { + "id": "test-stack", + "path": "test-stack", + "children": { + "MyFunction1": { + "id": "MyFunction1", + "path": "test-stack/MyFunction1", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "test-stack/MyFunction1/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "foo" + }, + "role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..2efc89439fab8 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..c0da3afe14484 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/manifest.json @@ -0,0 +1,57 @@ +{ + "version": "17.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-stack.template.json", + "validateOnSynth": false + }, + "metadata": { + "/test-stack/MyFunction1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction1ServiceRole9852B06B", + "trace": [ + "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ], + "/test-stack/MyFunction1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction12A744C2E", + "trace": [ + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ] + }, + "displayName": "test-stack" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/test-stack.template.json new file mode 100644 index 0000000000000..3d62830b46139 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/test-stack.template.json @@ -0,0 +1,54 @@ +{ + "Resources": { + "MyFunction1ServiceRole9852B06B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MyFunction12A744C2E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "foobar" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunction1ServiceRole9852B06B" + ] + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/tree.json new file mode 100644 index 0000000000000..b664bec74b37c --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot-diff.integ.snapshot/tree.json @@ -0,0 +1,114 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "@aws-cdk/core.Construct", + "version": "0.0.0" + } + }, + "test-stack": { + "id": "test-stack", + "path": "test-stack", + "children": { + "MyFunction1": { + "id": "MyFunction1", + "path": "test-stack/MyFunction1", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "test-stack/MyFunction1/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "foo" + }, + "role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/cdk.out b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..2efc89439fab8 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/manifest.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..c0da3afe14484 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/manifest.json @@ -0,0 +1,57 @@ +{ + "version": "17.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-stack.template.json", + "validateOnSynth": false + }, + "metadata": { + "/test-stack/MyFunction1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction1ServiceRole9852B06B", + "trace": [ + "new Role (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-iam/lib/role.js:50:22)", + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:82:35)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ], + "/test-stack/MyFunction1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyFunction12A744C2E", + "trace": [ + "new Function (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-lambda/lib/function.js:154:26)", + "new TestStack (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:10:9)", + "Object. (/home/hallcor/work/aws-cdk/integ-test-runner/packages/@aws-cdk/aws-s3objectlambda/test/integ.lambda.js:18:1)", + "Module._compile (node:internal/modules/cjs/loader:1103:14)", + "Object.Module._extensions..js (node:internal/modules/cjs/loader:1155:10)", + "Module.load (node:internal/modules/cjs/loader:981:32)", + "Function.Module._load (node:internal/modules/cjs/loader:822:12)", + "Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)", + "node:internal/main/run_main_module:17:47" + ] + } + ] + }, + "displayName": "test-stack" + } + } +} diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/test-stack.template.json new file mode 100644 index 0000000000000..40f4c8238c04f --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/test-stack.template.json @@ -0,0 +1,54 @@ +{ + "Resources": { + "MyFunction1ServiceRole9852B06B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MyFunction12A744C2E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "foo" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunction1ServiceRole9852B06B" + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/tree.json b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/tree.json new file mode 100644 index 0000000000000..b664bec74b37c --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/test-data/test-with-snapshot.integ.snapshot/tree.json @@ -0,0 +1,114 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "@aws-cdk/core.Construct", + "version": "0.0.0" + } + }, + "test-stack": { + "id": "test-stack", + "path": "test-stack", + "children": { + "MyFunction1": { + "id": "MyFunction1", + "path": "test-stack/MyFunction1", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "test-stack/MyFunction1/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "test-stack/MyFunction1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "foo" + }, + "role": { + "Fn::GetAtt": [ + "MyFunction1ServiceRole9852B06B", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts b/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts new file mode 100644 index 0000000000000..7479d229302b8 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts @@ -0,0 +1,15 @@ +import * as workerpool from 'workerpool'; +import { IntegBatchResponse } from '../../lib/workers/common'; +import { IntegTestBatchRequest } from '../../lib/workers/integ-test-worker'; + + +function integTestBatch(request: IntegTestBatchRequest): IntegBatchResponse { + return { + failedTests: request.tests, + }; +} + +workerpool.worker({ + integTestBatch, +}); + diff --git a/packages/@aws-cdk/integ-runner/test/workers/workers.test.ts b/packages/@aws-cdk/integ-runner/test/workers/workers.test.ts new file mode 100644 index 0000000000000..26ca05a3dfe9e --- /dev/null +++ b/packages/@aws-cdk/integ-runner/test/workers/workers.test.ts @@ -0,0 +1,298 @@ +import * as child_process from 'child_process'; +import * as path from 'path'; +import * as fs from 'fs-extra'; +import * as workerpool from 'workerpool'; +import { singleThreadedSnapshotRunner } from '../../lib/workers'; +import { singleThreadedTestRunner, runIntegrationTestsInParallel, runIntegrationTests } from '../../lib/workers/integ-test-worker'; + +const directory = path.join(__dirname, '../test-data'); +describe('Snapshot tests', () => { + beforeEach(() => { + jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); + jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); + }); + afterEach(() => { + jest.clearAllMocks(); + jest.resetAllMocks(); + jest.restoreAllMocks(); + }); + test('no snapshot', () => { + // WHEN + const test = { + fileName: path.join(directory, 'integ.integ-test1.js'), + directory: directory, + }; + const result = singleThreadedSnapshotRunner([test]); + + // THEN + expect(result.failedTests.length).toEqual(1); + expect(result.failedTests[0]).toEqual(test); + }); + + test('has snapshot', () => { + // WHEN + jest.spyOn(child_process, 'spawnSync').mockResolvedValue; + const test = { + fileName: path.join(directory, 'integ.test-with-snapshot.js'), + directory: directory, + }; + const result = singleThreadedSnapshotRunner([test]); + + // THEN + expect(result.failedTests.length).toEqual(0); + }); + + test('failed snapshot', () => { + // WHEN + jest.spyOn(child_process, 'spawnSync').mockRejectedValue; + const test = { + fileName: path.join(directory, 'integ.test-with-snapshot-assets.js'), + directory: directory, + }; + const result = singleThreadedSnapshotRunner([test]); + + // THEN + expect(result.failedTests.length).toEqual(1); + expect(result.failedTests[0]).toEqual(test); + }); +}); + +describe('test runner', () => { + beforeEach(() => { + jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); + jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); + }); + afterEach(() => { + jest.clearAllMocks(); + jest.resetAllMocks(); + jest.restoreAllMocks(); + }); + + test('no snapshot', () => { + // WHEN + const test = { + fileName: path.join(directory, 'integ.integ-test1.js'), + directory: directory, + }; + const spawnSyncMock = jest.spyOn(child_process, 'spawnSync').mockImplementation(); + singleThreadedTestRunner({ + tests: [test], + region: 'us-east-1', + }); + + expect(spawnSyncMock).toHaveBeenCalledWith( + expect.stringMatching(/cdk/), + ['synth', '--app', 'node integ.integ-test1.js', '--no-version-reporting', '--no-path-metadata', '--no-asset-metadata', '--output', 'cdk-integ.out.integ-test1', '--all'], + expect.anything(), + ); + }); +}); + +describe('parallel worker', () => { + let pool: workerpool.WorkerPool; + let stderrMock: jest.SpyInstance; + beforeEach(() => { + pool = workerpool.pool(path.join(__dirname, './mock-extract_worker.js')); + jest.spyOn(child_process, 'spawnSync').mockImplementation(); + stderrMock = jest.spyOn(process.stderr, 'write').mockImplementation(() => { return true; }); + jest.spyOn(process.stdout, 'write').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'moveSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'removeSync').mockImplementation(() => { return true; }); + jest.spyOn(fs, 'writeFileSync').mockImplementation(() => { return true; }); + }); + afterEach(async () => { + await pool.terminate(); + jest.clearAllMocks(); + jest.resetAllMocks(); + jest.restoreAllMocks(); + }); + test('run all integration tests', async () => { + const tests = [ + { + fileName: 'integ.test-with-snapshot.js', + directory, + }, + { + fileName: 'integ.another-test-with-snapshot.js', + directory, + }, + ]; + await runIntegrationTests({ + tests, + pool, + regions: ['us-east-1', 'us-east-2'], + }); + + expect(stderrMock.mock.calls[0][0]).toContain( + 'Running integration tests for failed tests...', + ); + expect(stderrMock.mock.calls[1][0]).toContain( + 'Running in parallel across: us-east-1, us-east-2', + ); + expect(stderrMock.mock.calls[3][0]).toContain( + 'Running test integ.test-with-snapshot.js in us-east-2', + ); + expect(stderrMock.mock.calls[2][0]).toContain( + 'Running test integ.another-test-with-snapshot.js in us-east-1', + ); + + }); + test('run tests', async () => { + const tests = [{ + fileName: 'integ.test-with-snapshot.js', + directory, + }]; + const results = await runIntegrationTestsInParallel({ + pool, + tests, + regions: ['us-east-1'], + }); + + expect(stderrMock.mock.calls[0][0]).toContain( + 'Running test integ.test-with-snapshot.js in us-east-1', + ); + expect(results).toEqual([ + { + failedTests: [{ + fileName: 'integ.test-with-snapshot.js', + directory, + }], + }, + ]); + }); + + test('run multiple tests', async () => { + const tests = [ + { + fileName: 'integ.test-with-snapshot.js', + directory, + }, + { + fileName: 'integ.another-test-with-snapshot.js', + directory, + }, + ]; + const results = await runIntegrationTestsInParallel({ + tests, + pool, + regions: ['us-east-1', 'us-east-2'], + }); + + expect(stderrMock.mock.calls[1][0]).toContain( + 'Running test integ.test-with-snapshot.js in us-east-2', + ); + expect(stderrMock.mock.calls[0][0]).toContain( + 'Running test integ.another-test-with-snapshot.js in us-east-1', + ); + expect(results).toEqual(expect.arrayContaining([ + { + failedTests: [ + { + fileName: 'integ.test-with-snapshot.js', + directory, + }, + ], + }, + { + failedTests: [ + { + fileName: 'integ.another-test-with-snapshot.js', + directory, + }, + ], + }, + ])); + }); + + test('more tests than regions', async () => { + const tests = [ + { + fileName: 'integ.test-with-snapshot.js', + directory, + }, + { + fileName: 'integ.another-test-with-snapshot.js', + directory, + }, + ]; + const results = await runIntegrationTestsInParallel({ + tests, + pool, + regions: ['us-east-1'], + }); + + expect(stderrMock.mock.calls[1][0]).toContain( + 'Running test integ.test-with-snapshot.js in us-east-1', + ); + expect(stderrMock.mock.calls[0][0]).toContain( + 'Running test integ.another-test-with-snapshot.js in us-east-1', + ); + expect(results).toEqual([ + { + failedTests: [ + { + fileName: 'integ.another-test-with-snapshot.js', + directory, + }, + ], + }, + { + failedTests: [ + { + fileName: 'integ.test-with-snapshot.js', + directory, + }, + ], + }, + ]); + }); + + test('more regions than tests', async () => { + const tests = [ + { + fileName: 'integ.test-with-snapshot.js', + directory, + }, + { + fileName: 'integ.another-test-with-snapshot.js', + directory, + }, + ]; + const results = await runIntegrationTestsInParallel({ + tests, + pool, + regions: ['us-east-1', 'us-east-2', 'us-west-2'], + }); + + expect(stderrMock.mock.calls[1][0]).toContain( + 'Running test integ.test-with-snapshot.js in us-east-2', + ); + expect(stderrMock.mock.calls[0][0]).toContain( + 'Running test integ.another-test-with-snapshot.js in us-east-1', + ); + expect(results).toEqual(expect.arrayContaining([ + { + failedTests: [ + { + fileName: 'integ.another-test-with-snapshot.js', + directory, + }, + ], + }, + { + failedTests: [ + { + fileName: 'integ.test-with-snapshot.js', + directory, + }, + ], + }, + ])); + }); +}); diff --git a/packages/@aws-cdk/integ-runner/tsconfig.json b/packages/@aws-cdk/integ-runner/tsconfig.json new file mode 100644 index 0000000000000..04e0404f04442 --- /dev/null +++ b/packages/@aws-cdk/integ-runner/tsconfig.json @@ -0,0 +1,28 @@ +{ + "compilerOptions": { + "target": "ES2018", + "module": "commonjs", + "lib": ["es2018", "dom"], + "strict": true, + "alwaysStrict": true, + "declaration": true, + "inlineSourceMap": true, + "inlineSources": true, + "noUnusedLocals": true, + "noUnusedParameters": true, + "noImplicitReturns": true, + "noFallthroughCasesInSwitch": true, + "resolveJsonModule": true, + "composite": true, + "incremental": true + }, + "include": [ + "**/*.ts", + "**/*.d.ts", + "lib/init-templates/*/*/add-project.hook.ts" + ], + "exclude": [ + "lib/init-templates/*/typescript/**/*.ts" + ] +} + diff --git a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt index 1137fa10c7c4b..27dc1d062cd83 100644 --- a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt +++ b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt @@ -1 +1 @@ -awscli==1.22.82 +awscli==1.22.87 diff --git a/packages/@aws-cdk/pipelines/lib/blueprint/shell-step.ts b/packages/@aws-cdk/pipelines/lib/blueprint/shell-step.ts index fa01624e9635a..103e42588a7e5 100644 --- a/packages/@aws-cdk/pipelines/lib/blueprint/shell-step.ts +++ b/packages/@aws-cdk/pipelines/lib/blueprint/shell-step.ts @@ -160,7 +160,7 @@ export class ShellStep extends Step { if (props.input) { const fileSet = props.input.primaryOutput; if (!fileSet) { - throw new Error(`'${id}': primary input should be a step that produces a file set, got ${props.input}`); + throw new Error(`'${id}': primary input should be a step that has produced a file set, got ${props.input}`); } this.addDependencyFileSet(fileSet); this.inputs.push({ directory: '.', fileSet }); @@ -173,7 +173,7 @@ export class ShellStep extends Step { const fileSet = step.primaryOutput; if (!fileSet) { - throw new Error(`'${id}': additionalInput for directory '${directory}' should be a step that produces a file set, got ${step}`); + throw new Error(`'${id}': additionalInput for directory '${directory}' should be a step that has produced a file set, got ${step}`); } this.addDependencyFileSet(fileSet); this.inputs.push({ directory, fileSet }); diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts index 2d3383bb469bf..5379811427286 100644 --- a/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts +++ b/packages/@aws-cdk/pipelines/lib/codepipeline/artifact-map.ts @@ -55,8 +55,8 @@ function sanitizeArtifactName(x: string): string { const maxLength = 100; // Max length of 100 is imposed by CodePipeline library if (sani.length > maxLength) { - const fingerprint = crypto.createHash('sha256').update(sani).digest('hex').substr(0, 8); - sani = sani.substr(0, maxLength - fingerprint.length) + fingerprint; + const fingerprint = crypto.createHash('sha256').update(sani).digest('hex').slice(0, 8); + sani = sani.slice(0, maxLength - fingerprint.length) + fingerprint; } return sani; diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts index cef0bbfddabfd..8ccd4baf58e73 100644 --- a/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts +++ b/packages/@aws-cdk/pipelines/lib/codepipeline/private/codebuild-factory.ts @@ -504,7 +504,7 @@ function filterBuildSpecCommands(buildSpec: codebuild.BuildSpec, osType: ec2.Ope function extractTag(x: any): [string | undefined, any] { if (typeof x !== 'string') { return [undefined, x]; } for (const tag of [winTag, linuxTag]) { - if (x.startsWith(tag)) { return [tag, x.substr(tag.length)]; } + if (x.startsWith(tag)) { return [tag, x.slice(tag.length)]; } } return [undefined, x]; } diff --git a/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts b/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts index 738576017afb9..e26058b724b62 100644 --- a/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts +++ b/packages/@aws-cdk/pipelines/lib/helpers-internal/pipeline-graph.ts @@ -342,5 +342,5 @@ export type AGraphNode = GraphNode; export type AGraph = Graph; function stripPrefix(s: string, prefix: string) { - return s.startsWith(prefix) ? s.substr(prefix.length) : s; + return s.startsWith(prefix) ? s.slice(prefix.length) : s; } \ No newline at end of file diff --git a/packages/@aws-cdk/pipelines/lib/legacy/stage.ts b/packages/@aws-cdk/pipelines/lib/legacy/stage.ts index 63094554f1209..7fcab18e803e9 100644 --- a/packages/@aws-cdk/pipelines/lib/legacy/stage.ts +++ b/packages/@aws-cdk/pipelines/lib/legacy/stage.ts @@ -441,7 +441,7 @@ export class StackOutput { } function stripPrefix(s: string, prefix: string) { - return s.startsWith(prefix) ? s.substr(prefix.length) : s; + return s.startsWith(prefix) ? s.slice(prefix.length) : s; } function isAssetManifest(s: cxapi.CloudArtifact): s is cxapi.AssetManifestArtifact { diff --git a/packages/@aws-cdk/pipelines/lib/private/identifiers.ts b/packages/@aws-cdk/pipelines/lib/private/identifiers.ts index cb2bf85c6d9a9..7de1d3ef0744e 100644 --- a/packages/@aws-cdk/pipelines/lib/private/identifiers.ts +++ b/packages/@aws-cdk/pipelines/lib/private/identifiers.ts @@ -54,8 +54,8 @@ function sanitizeName(x: string): string { */ export function limitIdentifierLength(s: string, n: number): string { if (s.length <= n) { return s; } - const h = hash(s).substr(0, 8); + const h = hash(s).slice(0, 8); const mid = Math.floor((n - h.length) / 2); - return s.substr(0, mid) + h + s.substr(s.length - mid); + return s.slice(0, mid) + h + s.slice(-mid); } diff --git a/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts b/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts index 5c6de962beec0..005b49586b500 100644 --- a/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts +++ b/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts @@ -31,7 +31,7 @@ describe('templateUrl', () => { const sd = StageDeployment.fromStage(stage); // THEN - expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-us-east-1.s3.us-east-1.amazonaws.com/93ae4de94f81d0905c37db64b7304f5d65233ca4d9581d3a32215743c9bb92dd.json'); + expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-us-east-1.s3.us-east-1.amazonaws.com/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json'); }); test('without region', () => { @@ -43,7 +43,7 @@ describe('templateUrl', () => { const sd = StageDeployment.fromStage(stage); // THEN - expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-.s3.amazonaws.com/$%7BAWS::Region%7D/93ae4de94f81d0905c37db64b7304f5d65233ca4d9581d3a32215743c9bb92dd.json'); + expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-.s3.amazonaws.com/$%7BAWS::Region%7D/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json'); }); }); diff --git a/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts b/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts index 5b9538a5a4d00..a48b41ce1d6c6 100644 --- a/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts +++ b/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts @@ -125,8 +125,8 @@ test('timeout from defaults can be overridden', () => { test('envFromOutputs works even with very long stage and stack names', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const myApp = new AppWithOutput(app, 'Alpha'.repeat(20), { - stackId: 'Stack'.repeat(20), + const myApp = new AppWithOutput(app, 'Alpha'.repeat(10), { + stackId: 'Stack'.repeat(10), }); pipeline.addStage(myApp, { diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json index 1d9619be9c0c9..ebb4a166033b5 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "TestPipelineArtifactsBucketEncryptionKey13258842": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -307,6 +474,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", + "Arn" + ] + }, { "Fn::GetAtt": [ "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", @@ -327,7 +500,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -359,23 +543,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -398,7 +587,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -497,7 +686,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -519,7 +719,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -546,7 +757,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -693,7 +915,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -715,7 +948,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -742,7 +986,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -766,7 +1021,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -788,7 +1054,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -815,7 +1092,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -839,7 +1127,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -861,7 +1160,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -888,7 +1198,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -965,7 +1286,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -987,7 +1319,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1014,7 +1357,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1038,7 +1392,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1060,7 +1425,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1087,7 +1463,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -1126,6 +1513,133 @@ "TestPipelineRole63C35BBD" ] }, + "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "TestPipelineArtifactsBucket026AF2F9", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "TestPipelineArtifactsBucket026AF2F9", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestPipelineArtifactsBucketEncryptionKey13258842", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD", + "Roles": [ + { + "Ref": "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0" + } + ] + } + }, "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926": { "Type": "AWS::IAM::Role", "Properties": { @@ -1143,7 +1657,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1222,7 +1740,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" }, @@ -1238,7 +1764,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" } @@ -1264,7 +1798,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" }, @@ -1395,7 +1937,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1453,7 +1999,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1481,7 +2031,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1539,7 +2093,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1567,7 +2125,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1625,7 +2187,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1653,7 +2219,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1711,7 +2281,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1786,7 +2360,9 @@ "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region", + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, "S3Key": "6c6c8f170c2cc5c6e35d90fe172fbc17cae75777b84707d58332dee79f444404.zip" }, "Role": { @@ -1842,7 +2418,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" }, @@ -1858,7 +2442,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" } @@ -1884,7 +2476,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" }, @@ -2104,7 +2704,9 @@ "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region", + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, "S3Key": "6c6c8f170c2cc5c6e35d90fe172fbc17cae75777b84707d58332dee79f444404.zip" }, "Role": { @@ -2160,7 +2762,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" }, @@ -2176,7 +2786,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" } @@ -2202,7 +2820,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" }, diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts index a5d257b78523e..2bcf8654368c1 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.ts @@ -2,9 +2,10 @@ import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; import * as iam from '@aws-cdk/aws-iam'; +import * as s3 from '@aws-cdk/aws-s3'; import * as sns from '@aws-cdk/aws-sns'; import * as subscriptions from '@aws-cdk/aws-sns-subscriptions'; -import { App, SecretValue, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -12,7 +13,6 @@ class MyStage extends Stage { constructor(scope: Construct, id: string, props?: StageProps) { super(scope, id, props); const stack = new Stack(this, 'MyStack', { - env: props?.env, }); const topic = new sns.Topic(stack, 'Topic'); topic.grantPublish(new iam.AccountPrincipal(stack.account)); @@ -23,7 +23,6 @@ class MySafeStage extends Stage { constructor(scope: Construct, id: string, props?: StageProps) { super(scope, id, props); const stack = new Stack(this, 'MySafeStack', { - env: props?.env, }); new sns.Topic(stack, 'MySafeTopic'); } @@ -36,18 +35,20 @@ export class TestCdkStack extends Stack { // The code that defines your stack goes here const sourceArtifact = new codepipeline.Artifact(); const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'TestPipeline', { selfMutating: false, pipelineName: 'TestPipeline', cloudAssemblyArtifact, - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), synthAction: cdkp.SimpleSynthAction.standardYarnSynth({ sourceArtifact, @@ -74,28 +75,21 @@ export class TestCdkStack extends Stack { topic.addSubscription(new subscriptions.EmailSubscription('test@email.com')); unattachedStage.addApplication(new MyStage(this, 'SingleStage', { - env: { account: this.account, region: this.region }, }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); const stage1 = pipeline.addApplicationStage(new MyStage(this, 'PreProduction', { - env: { account: this.account, region: this.region }, }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); stage1.addApplication(new MySafeStage(this, 'SafeProduction', { - env: { account: this.account, region: this.region }, })); stage1.addApplication(new MySafeStage(this, 'DisableSecurityCheck', { - env: { account: this.account, region: this.region }, }), { confirmBroadeningPermissions: false }); const stage2 = pipeline.addApplicationStage(new MyStage(this, 'NoSecurityCheck', { - env: { account: this.account, region: this.region }, })); - stage2.addApplication(new MyStage(this, 'EnableSecurityCheck', { - env: { account: this.account, region: this.region }, - }), { confirmBroadeningPermissions: true }); + stage2.addApplication(new MyStage(this, 'EnableSecurityCheck', { }), { confirmBroadeningPermissions: true }); } } @@ -104,7 +98,5 @@ const app = new App({ '@aws-cdk/core:newStyleStackSynthesis': 'true', }, }); -new TestCdkStack(app, 'PipelineSecurityStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, -}); +new TestCdkStack(app, 'PipelineSecurityStack'); app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json index cd761893998ed..57ebcfe3c9483 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketEncryptionKeyF5BF0670": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -283,6 +450,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, { "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", @@ -297,7 +470,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -329,23 +513,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -368,7 +557,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -471,7 +660,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "UseSource", @@ -501,7 +690,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -523,7 +723,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -550,7 +761,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -582,6 +804,133 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKeyF5BF0670", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { "Type": "AWS::IAM::Role", "Properties": { @@ -599,7 +948,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -678,7 +1031,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -694,7 +1055,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -720,7 +1089,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -852,7 +1229,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -910,7 +1291,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -989,7 +1374,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1005,7 +1398,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" } @@ -1031,7 +1432,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1169,7 +1578,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1185,7 +1602,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" } @@ -1211,7 +1636,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1232,7 +1665,18 @@ } }, "Effect": "Allow", - "Resource": "arn:*:iam::12345678:role/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } }, { "Action": [ @@ -1350,7 +1794,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] }, @@ -1382,7 +1830,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/*" + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/*" ] ] } @@ -1404,7 +1860,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/*" + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/*" ] ] } @@ -1422,7 +1886,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } }, { diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts index 66e40c3519ca3..a8002a319276d 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.ts @@ -2,8 +2,9 @@ import * as path from 'path'; import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; +import * as s3 from '@aws-cdk/aws-s3'; import * as s3_assets from '@aws-cdk/aws-s3-assets'; -import { App, CfnResource, SecretValue, DefaultStackSynthesizer, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import { App, CfnResource, RemovalPolicy, DefaultStackSynthesizer, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -40,18 +41,20 @@ class CdkpipelinesDemoPipelineStack extends Stack { const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); const integTestArtifact = new codepipeline.Artifact('IntegTests'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { cloudAssemblyArtifact, singlePublisherPerType: true, // Where the source can be found - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), // How it will be built @@ -70,9 +73,7 @@ class CdkpipelinesDemoPipelineStack extends Stack { // This is where we add the application stages // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, - })); + const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); stage.addActions( new cdkp.ShellScriptAction({ actionName: 'UseSource', @@ -92,7 +93,6 @@ const app = new App({ }, }); new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, synthesizer: new DefaultStackSynthesizer(), }); app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json index 89fe06e7c3e32..32190a9c57562 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketEncryptionKeyF5BF0670": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -283,6 +450,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, { "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", @@ -297,7 +470,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -329,23 +513,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -368,7 +557,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -498,7 +687,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "UseSource", @@ -528,7 +717,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -550,7 +750,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -577,7 +788,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -609,6 +831,133 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKeyF5BF0670", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { "Type": "AWS::IAM::Role", "Properties": { @@ -626,7 +975,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -705,7 +1058,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -721,7 +1082,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -747,7 +1116,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -879,7 +1256,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -937,7 +1318,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -1016,7 +1401,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1032,7 +1425,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" } @@ -1058,7 +1459,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1196,7 +1605,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1212,7 +1629,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" } @@ -1238,7 +1663,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1259,7 +1692,18 @@ } }, "Effect": "Allow", - "Resource": "arn:*:iam::12345678:role/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } }, { "Action": [ @@ -1377,7 +1821,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] }, @@ -1409,7 +1857,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/*" + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/*" ] ] } @@ -1431,7 +1887,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/*" + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/*" ] ] } @@ -1449,7 +1913,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } }, { @@ -1526,7 +1990,7 @@ ] }, "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5:12345678-test-region\\\"\"\n ]\n }\n }\n}", + "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5:current_account-current_region\\\"\"\n ]\n }\n }\n}", "Type": "CODEPIPELINE" }, "Cache": { @@ -1560,7 +2024,7 @@ ] }, "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e:12345678-test-region\\\"\"\n ]\n }\n }\n}", + "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g cdk-assets@1\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk-assets --path \\\"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\\\" --verbose publish \\\"ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e:current_account-current_region\\\"\"\n ]\n }\n }\n}", "Type": "CODEPIPELINE" }, "Cache": { diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts index cfc9572296633..aa5006a389823 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.ts @@ -2,8 +2,9 @@ import * as path from 'path'; import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; +import * as s3 from '@aws-cdk/aws-s3'; import * as s3_assets from '@aws-cdk/aws-s3-assets'; -import { App, CfnResource, DefaultStackSynthesizer, SecretValue, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import { App, CfnResource, DefaultStackSynthesizer, RemovalPolicy, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -40,17 +41,19 @@ class CdkpipelinesDemoPipelineStack extends Stack { const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); const integTestArtifact = new codepipeline.Artifact('IntegTests'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { cloudAssemblyArtifact, // Where the source can be found - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), // How it will be built @@ -69,9 +72,7 @@ class CdkpipelinesDemoPipelineStack extends Stack { // This is where we add the application stages // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, - })); + const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); stage.addActions( new cdkp.ShellScriptAction({ actionName: 'UseSource', @@ -91,7 +92,6 @@ const app = new App({ }, }); new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, synthesizer: new DefaultStackSynthesizer(), }); app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json index 49ac746217192..8ac5312c4acbe 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketAEA9A052": { "Type": "AWS::S3::Bucket", "Properties": { @@ -149,6 +290,12 @@ "PipelineMyWaveProduceCodePipelineActionRoleE0DCE9D3", "Arn" ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] } ] } @@ -178,23 +325,30 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "cdklabs", - "Repo": "construct-hub-probe", - "Branch": "main", - "OAuthToken": "{{resolve:secretsmanager:github-token:SecretString:::}}", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" + }, + "Name": { + "Ref": "SourceBucketDDD2130A" }, - "Name": "cdklabs_construct-hub-probe", "OutputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -216,7 +370,7 @@ }, "InputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], "Name": "Synth", @@ -252,7 +406,7 @@ }, "InputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], "Name": "Produce", @@ -280,7 +434,7 @@ }, "InputArtifacts": [ { - "Name": "cdklabs_construct_hub_probe_Source" + "Name": "c8afb86a650460a8cc607cf72a0827e7c93d0d6d5c_Source" } ], "Name": "Consume", @@ -309,6 +463,118 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { "Type": "AWS::IAM::Role", "Properties": { @@ -347,7 +613,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -363,7 +637,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -389,7 +671,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -493,7 +783,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -572,7 +866,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveProduce884410D6" }, @@ -588,7 +890,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveProduce884410D6" } @@ -614,7 +924,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineMyWaveProduce884410D6" }, @@ -711,7 +1029,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -790,7 +1112,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" }, @@ -806,7 +1136,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" } @@ -832,7 +1170,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" }, @@ -929,7 +1275,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts index 2a2351375ef62..23c4db5195d93 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.ts @@ -1,7 +1,7 @@ // eslint-disable-next-line import/no-extraneous-dependencies /// !cdk-integ VariablePipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import { GitHubTrigger } from '@aws-cdk/aws-codepipeline-actions'; -import { App, Stack, StackProps } from '@aws-cdk/core'; +import * as s3 from '@aws-cdk/aws-s3'; +import { App, Stack, StackProps, RemovalPolicy } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as pipelines from '../lib'; @@ -9,11 +9,16 @@ class PipelineStack extends Stack { constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { - input: pipelines.CodePipelineSource.gitHub('cdklabs/construct-hub-probe', 'main', { - trigger: GitHubTrigger.POLL, - }), + input: pipelines.CodePipelineSource.s3(sourceBucket, 'key'), + // input: pipelines.CodePipelineSource.gitHub('cdklabs/construct-hub-probe', 'main', { + // trigger: GitHubTrigger.POLL, + // }), commands: ['mkdir cdk.out', 'touch cdk.out/dummy'], }), selfMutation: false, @@ -45,8 +50,5 @@ const app = new App({ }, }); -new PipelineStack(app, 'VariablePipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, -}); - -app.synth(); \ No newline at end of file +new PipelineStack(app, 'VariablePipelineStack'); +app.synth(); diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json index 4674a0e8891fa..55c602dc91d09 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json @@ -1,5 +1,146 @@ { "Resources": { + "SourceBucketDDD2130A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SourceBucketPolicy703DFBF9": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "SourceBucketDDD2130A" + } + }, + "DependsOn": [ + "SourceBucketPolicy703DFBF9" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "SourceBucketDDD2130A" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "PipelineArtifactsBucketEncryptionKeyF5BF0670": { "Type": "AWS::KMS::Key", "Properties": { @@ -17,7 +158,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -39,7 +184,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -153,7 +309,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -277,6 +444,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, { "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", @@ -291,7 +464,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] } @@ -323,23 +507,28 @@ { "ActionTypeId": { "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", + "Owner": "AWS", + "Provider": "S3", "Version": "1" }, "Configuration": { - "Owner": "OWNER", - "Repo": "REPO", - "Branch": "master", - "OAuthToken": "not-a-secret", - "PollForSourceChanges": true + "S3Bucket": { + "Ref": "SourceBucketDDD2130A" + }, + "S3ObjectKey": "key" }, - "Name": "GitHub", + "Name": "S3", "OutputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole83895A58", + "Arn" + ] + }, "RunOrder": 1 } ], @@ -362,7 +551,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "Synth", @@ -433,7 +622,7 @@ }, "InputArtifacts": [ { - "Name": "Artifact_Source_GitHub" + "Name": "Artifact_Source_S3" } ], "Name": "UseSource", @@ -463,7 +652,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -485,7 +685,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -512,7 +723,18 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } ] ] }, @@ -544,6 +766,133 @@ "PipelineRoleB27FAA37" ] }, + "PipelineSourceS3CodePipelineActionRole83895A58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "SourceBucketDDD2130A", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKeyF5BF0670", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", + "Roles": [ + { + "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" + } + ] + } + }, "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { "Type": "AWS::IAM::Role", "Properties": { @@ -561,7 +910,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -640,7 +993,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -656,7 +1017,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" } @@ -682,7 +1051,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" }, @@ -814,7 +1191,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -872,7 +1253,11 @@ { "Ref": "AWS::Partition" }, - ":iam::12345678:root" + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] ] } @@ -951,7 +1336,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -967,7 +1360,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" } @@ -993,7 +1394,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" }, @@ -1131,7 +1540,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1147,7 +1564,15 @@ { "Ref": "AWS::Partition" }, - ":logs:test-region:12345678:log-group:/aws/codebuild/", + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" } @@ -1173,7 +1598,15 @@ { "Ref": "AWS::Partition" }, - ":codebuild:test-region:12345678:report-group/", + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" }, @@ -1194,7 +1627,18 @@ } }, "Effect": "Allow", - "Resource": "arn:*:iam::12345678:role/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } }, { "Action": [ diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline.ts b/packages/@aws-cdk/pipelines/test/integ.pipeline.ts index fa1c94d61ea44..bcbf8fd9c335b 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline.ts +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline.ts @@ -1,7 +1,8 @@ /// !cdk-integ PipelineStack import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; -import { App, CfnResource, DefaultStackSynthesizer, SecretValue, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; +import * as s3 from '@aws-cdk/aws-s3'; +import { App, CfnResource, DefaultStackSynthesizer, RemovalPolicy, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as cdkp from '../lib'; @@ -30,17 +31,19 @@ class CdkpipelinesDemoPipelineStack extends Stack { const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); const integTestArtifact = new codepipeline.Artifact('IntegTests'); + const sourceBucket = new s3.Bucket(this, 'SourceBucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { cloudAssemblyArtifact, // Where the source can be found - sourceAction: new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', + sourceAction: new codepipeline_actions.S3SourceAction({ + bucket: sourceBucket, output: sourceArtifact, - oauthToken: SecretValue.plainText('not-a-secret'), - owner: 'OWNER', - repo: 'REPO', - trigger: codepipeline_actions.GitHubTrigger.POLL, + bucketKey: 'key', + actionName: 'S3', }), // How it will be built @@ -59,9 +62,7 @@ class CdkpipelinesDemoPipelineStack extends Stack { // This is where we add the application stages // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, - })); + const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); stage.addActions( new cdkp.ShellScriptAction({ actionName: 'UseSource', @@ -81,7 +82,6 @@ const app = new App({ }, }); new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION }, synthesizer: new DefaultStackSynthesizer(), }); -app.synth(); \ No newline at end of file +app.synth(); diff --git a/packages/@aws-cdk/region-info/lib/aws-entities.ts b/packages/@aws-cdk/region-info/lib/aws-entities.ts index 9c14e89605607..0c28399449434 100644 --- a/packages/@aws-cdk/region-info/lib/aws-entities.ts +++ b/packages/@aws-cdk/region-info/lib/aws-entities.ts @@ -133,14 +133,3 @@ export function partitionInformation(region: string): Region { } return PARTITION_MAP.default; } - -/** - * Build a lookup map for all regions - */ -export function generateRegionMap(cb: (region: string) => string): Record { - const ret: Record = {}; - for (const region of AWS_REGIONS) { - ret[region] = cb(region); - } - return ret; -} diff --git a/packages/@aws-cdk/region-info/lib/default.ts b/packages/@aws-cdk/region-info/lib/default.ts index e306bd8c1fc25..c4e02d42bca3d 100644 --- a/packages/@aws-cdk/region-info/lib/default.ts +++ b/packages/@aws-cdk/region-info/lib/default.ts @@ -35,10 +35,10 @@ export class Default { } function determineConfiguration(service: string): (service: string, region: string, urlSuffix: string) => string { - function universal(s: string) { return `${s}.amazonaws.com`; }; - function partitional(s: string, _: string, u: string) { return `${s}.${u}`; }; - function regional(s: string, r: string) { return `${s}.${r}.amazonaws.com`; }; - function regionalPartitional(s: string, r: string, u: string) { return `${s}.${r}.${u}`; }; + function universal(s: string) { return `${s}.amazonaws.com`; } + function partitional(s: string, _: string, u: string) { return `${s}.${u}`; } + function regional(s: string, r: string) { return `${s}.${r}.amazonaws.com`; } + function regionalPartitional(s: string, r: string, u: string) { return `${s}.${r}.${u}`; } // Exceptions for Service Principals in us-iso-* const US_ISO_EXCEPTIONS = new Set([ @@ -91,7 +91,8 @@ export class Default { case 'codedeploy': return region.startsWith('cn-') ? regionalPartitional - : regional; + // ...except in the isolated regions, where it's universal + : (region.startsWith('us-iso') ? universal : regional); // Services with a regional AND partitional principal case 'logs': diff --git a/packages/@aws-cdk/region-info/lib/fact.ts b/packages/@aws-cdk/region-info/lib/fact.ts index 9c2831f67d2c6..583a4ac68450f 100644 --- a/packages/@aws-cdk/region-info/lib/fact.ts +++ b/packages/@aws-cdk/region-info/lib/fact.ts @@ -182,7 +182,7 @@ export class FactName { * The `.amazonaws.com` and `.amazonaws.com.cn` domains are stripped from service names, so they are * canonicalized in that respect. */ - public static servicePrincipal(service: string) { + public static servicePrincipal(service: string): string { return `service-principal:${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}`; } } diff --git a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap index 678a65fb4ccc3..5a3c0e2683c2c 100644 --- a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap +++ b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap @@ -795,7 +795,7 @@ Object { "servicePrincipals": Object { "application-autoscaling": "application-autoscaling.amazonaws.com", "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-iso-east-1.amazonaws.com", + "codedeploy": "codedeploy.amazonaws.com", "ec2": "ec2.c2s.ic.gov", "events": "events.amazonaws.com", "lambda": "lambda.amazonaws.com", @@ -826,7 +826,7 @@ Object { "servicePrincipals": Object { "application-autoscaling": "application-autoscaling.amazonaws.com", "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-iso-west-1.amazonaws.com", + "codedeploy": "codedeploy.amazonaws.com", "ec2": "ec2.c2s.ic.gov", "events": "events.amazonaws.com", "lambda": "lambda.amazonaws.com", @@ -857,7 +857,7 @@ Object { "servicePrincipals": Object { "application-autoscaling": "application-autoscaling.amazonaws.com", "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-isob-east-1.amazonaws.com", + "codedeploy": "codedeploy.amazonaws.com", "ec2": "ec2.sc2s.sgov.gov", "events": "events.amazonaws.com", "lambda": "lambda.amazonaws.com", diff --git a/packages/aws-cdk-migration/lib/rewrite.ts b/packages/aws-cdk-migration/lib/rewrite.ts index 8f875f932249b..9d3e414587d15 100644 --- a/packages/aws-cdk-migration/lib/rewrite.ts +++ b/packages/aws-cdk-migration/lib/rewrite.ts @@ -410,7 +410,7 @@ function updatedExternalLocation( return customModulePath; } - if (options.rewriteCfnImports && modulePath.endsWith(`${options.packageUnscopedName?.substr('aws-'.length)}.generated`)) { + if (options.rewriteCfnImports && modulePath.endsWith(`${options.packageUnscopedName?.slice('aws-'.length)}.generated`)) { return `${libName}/${options.packageUnscopedName}`; } diff --git a/packages/aws-cdk/README.md b/packages/aws-cdk/README.md index 0ac2e08947ec8..265f4a39f1b7c 100644 --- a/packages/aws-cdk/README.md +++ b/packages/aws-cdk/README.md @@ -19,6 +19,7 @@ Command | Description [`cdk synth`](#cdk-synthesize) | Synthesize a CDK app to CloudFormation template(s) [`cdk diff`](#cdk-diff) | Diff stacks against current state [`cdk deploy`](#cdk-deploy) | Deploy a stack into an AWS account +[`cdk import`](#cdk-import) | Import existing AWS resources into a CDK stack [`cdk watch`](#cdk-watch) | Watches a CDK app for deployable and hotswappable changes [`cdk destroy`](#cdk-destroy) | Deletes a stack from an AWS account [`cdk bootstrap`](#cdk-bootstrap) | Deploy a toolkit stack to support deploying large stacks & artifacts @@ -450,6 +451,53 @@ $ cdk watch --no-logs **Note**: This command is considered experimental, and might have breaking changes in the future. +### `cdk import` + +Sometimes you want to import AWS resources that were created using other means +into a CDK stack. For some resources (like Roles, Lambda Functions, Event Rules, +...), it's feasible to create new versions in CDK and then delete the old +versions. For other resources, this is not possible: stateful resources like S3 +Buckets, DynamoDB tables, etc., cannot be easily deleted without impact on the +service. + +`cdk import`, which uses [CloudFormation resource +imports](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import.html), +makes it possible to bring an existing resource under CDK/CloudFormation's +management. See the [list of resources that can be imported here](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html). + +To import an existing resource to a CDK stack, follow the following steps: + +1. Run a `cdk diff` to make sure there are no pending changes to the CDK stack you want to + import resources into. The only changes allowed in an "import" operation are + the addition of new resources which you want to import. +2. Add constructs for the resources you want to import to your Stack (for example, + for an S3 bucket, add something like `new s3.Bucket(this, 'ImportedS3Bucket', {});`). + **Do not add any other changes!** You must also make sure to exactly model the state + that the resource currently has. For the example of the Bucket, be sure to + include KMS keys, life cycle policies, and anything else that's relevant + about the bucket. If you do not, subsequent update operations may not do what + you expect. +3. Run the `cdk import` - if there are multiple stacks in the CDK app, pass a specific + stack name as an argument. +4. The CLI will prompt you to pass in the actual names of the resources you are + importing. After you supply it, the import starts. +5. When `cdk import` reports success, the resource is managed by CDK. Any subsequent + changes in the construct configuration will be reflected on the resource. + +#### Limitations + +This feature is currently in preview. Be aware of the following limitations: + +- Importing resources in nested stacks is not possible. +- Uses the deploy role credentials (necessary to read the encrypted staging + bucket). Requires a new version (version 12) of the bootstrap stack, for the added + IAM permissions to the `deploy-role`. +- There is no check on whether the properties you specify are correct and complete + for the imported resource. Try starting a drift detection operation after importing. +- Resources that depend on other resources must all be imported together, or one-by-one + in the right order. The CLI will not help you import dependent resources in the right + order, the CloudFormation deployment will fail with unresolved references. + ### `cdk destroy` Deletes a stack from it's environment. This will cause the resources in the stack to be destroyed (unless they were @@ -521,10 +569,10 @@ NOTICES 16603 Toggling off auto_delete_objects for Bucket empties the bucket Overview: If a stack is deployed with an S3 bucket with - auto_delete_objects=True, and then re-deployed with - auto_delete_objects=False, all the objects in the bucket + auto_delete_objects=True, and then re-deployed with + auto_delete_objects=False, all the objects in the bucket will be deleted. - + Affected versions: <1.126.0. More information at: https://github.com/aws/aws-cdk/issues/16603 @@ -533,12 +581,12 @@ NOTICES 17061 Error when building EKS cluster with monocdk import Overview: When using monocdk/aws-eks to build a stack containing - an EKS cluster, error is thrown about missing + an EKS cluster, error is thrown about missing lambda-layer-node-proxy-agent/layer/package.json. - + Affected versions: >=1.126.0 <=1.130.0. - More information at: https://github.com/aws/aws-cdk/issues/17061 + More information at: https://github.com/aws/aws-cdk/issues/17061 If you don’t want to see an notice anymore, use "cdk acknowledge ID". For example, "cdk acknowledge 16603". @@ -580,7 +628,7 @@ $cdk acknowledge 16603 ### `cdk notices` List the notices that are relevant to the current CDK repository, regardless of context flags or notices that -have been acknowledged: +have been acknowledged: ```console $ cdk notices @@ -589,9 +637,9 @@ NOTICES 16603 Toggling off auto_delete_objects for Bucket empties the bucket - Overview: if a stack is deployed with an S3 bucket with - auto_delete_objects=True, and then re-deployed with - auto_delete_objects=False, all the objects in the bucket + Overview: if a stack is deployed with an S3 bucket with + auto_delete_objects=True, and then re-deployed with + auto_delete_objects=False, all the objects in the bucket will be deleted. Affected versions: framework: <=2.15.0 >=2.10.0 @@ -643,7 +691,7 @@ Some of the interesting keys that can be used in the JSON configuration files: ```json5 { "app": "node bin/main.js", // Command to start the CDK app (--app='node bin/main.js') - "build": "mvn package", // Specify pre-synth build (no command line option) + "build": "mvn package", // Specify pre-synth build (--build='mvn package') "context": { // Context entries (--context=key=value) "key": "value" }, diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml index 15d7a22f1edfd..d4f674dfa2cac 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml @@ -453,6 +453,8 @@ Resources: - cloudformation:DeleteStack - cloudformation:UpdateTerminationProtection - sts:GetCallerIdentity + # `cdk import` + - cloudformation:GetTemplateSummary Resource: "*" Effect: Allow - Sid: CliStagingBucket @@ -507,7 +509,7 @@ Resources: Type: String Name: Fn::Sub: '/cdk-bootstrap/${Qualifier}/version' - Value: '11' + Value: '12' Outputs: BucketName: Description: The name of the S3 bucket owned by the CDK toolkit stack diff --git a/packages/aws-cdk/lib/api/cloudformation-deployments.ts b/packages/aws-cdk/lib/api/cloudformation-deployments.ts index ebf40bbb7442b..5594c71a42630 100644 --- a/packages/aws-cdk/lib/api/cloudformation-deployments.ts +++ b/packages/aws-cdk/lib/api/cloudformation-deployments.ts @@ -6,10 +6,10 @@ import { publishAssets } from '../util/asset-publishing'; import { Mode } from './aws-auth/credentials'; import { ISDK } from './aws-auth/sdk'; import { SdkProvider } from './aws-auth/sdk-provider'; -import { deployStack, DeployStackResult, destroyStack } from './deploy-stack'; +import { deployStack, DeployStackResult, destroyStack, makeBodyParameterAndUpload } from './deploy-stack'; import { loadCurrentTemplateWithNestedStacks, loadCurrentTemplate } from './nested-stack-helpers'; import { ToolkitInfo } from './toolkit-info'; -import { CloudFormationStack, Template } from './util/cloudformation'; +import { CloudFormationStack, Template, ResourcesToImport, ResourceIdentifierSummaries } from './util/cloudformation'; import { StackActivityProgress } from './util/cloudformation/stack-activity-monitor'; import { replaceEnvPlaceholders } from './util/placeholders'; @@ -224,6 +224,18 @@ export interface DeployStackOptions { * @default - nothing extra is appended to the User-Agent header */ readonly extraUserAgent?: string; + + /** + * List of existing resources to be IMPORTED into the stack, instead of being CREATED + */ + readonly resourcesToImport?: ResourcesToImport; + + /** + * If present, use this given template instead of the stored one + * + * @default - Use the stored template + */ + readonly overrideTemplate?: any; } export interface DestroyStackOptions { @@ -280,23 +292,52 @@ export class CloudFormationDeployments { } public async readCurrentTemplateWithNestedStacks(rootStackArtifact: cxapi.CloudFormationStackArtifact): Promise