From b43e15502d91acb5560d49a3cac9918809f119fa Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Tue, 31 Oct 2023 14:20:19 +0000 Subject: [PATCH] chore(awslint): new rules for reference interfaces --- packages/aws-cdk-lib/awslint.json | 987 ++++++++++++++++++++- packages/awslint/lib/rules/api.ts | 275 +++--- packages/awslint/lib/rules/cfn-resource.ts | 7 + packages/awslint/lib/rules/resource.ts | 13 + 4 files changed, 1182 insertions(+), 100 deletions(-) diff --git a/packages/aws-cdk-lib/awslint.json b/packages/aws-cdk-lib/awslint.json index 671c7a3218c4a..25917658a42f2 100644 --- a/packages/aws-cdk-lib/awslint.json +++ b/packages/aws-cdk-lib/awslint.json @@ -2880,6 +2880,991 @@ "docs-public-apis:aws-cdk-lib.aws_guardduty.CfnDetector.CFNFeatureConfigurationProperty.additionalConfiguration", "docs-public-apis:aws-cdk-lib.aws_guardduty.CfnDetector.TagItemProperty", "docs-public-apis:aws-cdk-lib.aws_guardduty.CfnDetector.TagItemProperty.key", - "docs-public-apis:aws-cdk-lib.aws_guardduty.CfnDetector.TagItemProperty.value" + "docs-public-apis:aws-cdk-lib.aws_guardduty.CfnDetector.TagItemProperty.value", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IApiKey", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IDomainName", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IGatewayResponse", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IModel", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IRequestValidator", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IResource", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IRestApi", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IStage", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IUsagePlan", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_apigateway.IVpcLink", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_applicationautoscaling.IScalableTarget", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appmesh.IGatewayRoute", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appmesh.IMesh", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appmesh.IRoute", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appmesh.IVirtualGateway", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appmesh.IVirtualNode", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appmesh.IVirtualRouter", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appmesh.IVirtualService", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appsync.IAppsyncFunction", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appsync.IGraphqlApi", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_appsync.ISourceApiAssociation", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_autoscaling.IAutoScalingGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_autoscaling.ILifecycleHook", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_backup.IBackupPlan", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_backup.IBackupVault", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_batch.IEksJobDefinition", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_batch.IFairshareSchedulingPolicy", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_batch.IFargateComputeEnvironment", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_batch.IJobQueue", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_batch.IManagedEc2EcsComputeEnvironment", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_batch.IUnmanagedComputeEnvironment", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_certificatemanager.ICertificate", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_chatbot.ISlackChannelConfiguration", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.ICachePolicy", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IDistribution", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IFunction", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IKeyGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IOriginAccessIdentity", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IOriginRequestPolicy", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IPublicKey", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IRealtimeLogConfig", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudfront.IResponseHeadersPolicy", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cloudwatch.IAlarm", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codebuild.IProject", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codebuild.IReportGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codecommit.IRepository", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.IEcsApplication", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.IEcsDeploymentConfig", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.IEcsDeploymentGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.ILambdaApplication", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.ILambdaDeploymentConfig", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.ILambdaDeploymentGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.IServerApplication", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.IServerDeploymentConfig", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codedeploy.IServerDeploymentGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codepipeline.IPipeline", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_codestarnotifications.INotificationRule", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cognito.IUserPool", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cognito.IUserPoolClient", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cognito.IUserPoolDomain", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_cognito.IUserPoolResourceServer", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_docdb.IClusterParameterGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_docdb.IDatabaseCluster", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_docdb.IDatabaseInstance", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_dynamodb.ITable", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_dynamodb.ITableV2", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IClientVpnEndpoint", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IFlowLog", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IGatewayVpcEndpoint", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IInstance", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IInterfaceVpcEndpoint", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.ILaunchTemplate", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.INetworkAcl", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.INetworkAclEntry", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IPlacementGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IPrefixList", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IPrivateSubnet", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IPublicSubnet", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.ISecurityGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.ISubnet", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.ISubnetNetworkAclAssociation", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IVolume", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IVpc", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IVpcEndpointService", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IVpnConnection", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ec2.IVpnGateway", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecr.IRepository", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.ICluster", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.IEc2Service", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.IEc2TaskDefinition", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.IExternalService", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.IExternalTaskDefinition", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.IFargateService", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.IFargateTaskDefinition", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ecs.ITaskDefinition", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_efs.IAccessPoint", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_efs.IFileSystem", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_eks.ICluster", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_eks.INodegroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancer", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_elasticloadbalancingv2.INetworkListener", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_elasticloadbalancingv2.INetworkLoadBalancer", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_elasticsearch.IDomain", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_events.IApiDestination", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_events.IConnection", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_events.IEventBus", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_events.IRule", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_globalaccelerator.IAccelerator", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_globalaccelerator.IEndpointGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_globalaccelerator.IListener", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IAccessKey", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IInstanceProfile", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IManagedPolicy", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IOpenIdConnectProvider", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IPolicy", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IRole", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.ISamlProvider", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_iam.IUser", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_kinesis.IStream", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_kms.IAlias", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_kms.IKey", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_lambda.IAlias", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_lambda.ICodeSigningConfig", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_lambda.IEventSourceMapping", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_lambda.IFunction", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_lambda.IFunctionUrl", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_lambda.ILayerVersion", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_lambda.IVersion", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_logs.ILogGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_logs.ILogStream", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_opensearchservice.IDomain", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_rds.IDatabaseCluster", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_rds.IDatabaseInstance", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_rds.IDatabaseProxy", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_rds.IOptionGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_rds.IParameterGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_rds.IServerlessCluster", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_rds.ISubnetGroup", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_route53.IHostedZone", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_route53.IPrivateHostedZone", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_route53.IPublicHostedZone", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_route53.IRecordSet", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_s3.IBucket", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_secretsmanager.ISecret", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_secretsmanager.ISecretTargetAttachment", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_servicecatalog.IPortfolio", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_servicediscovery.IHttpNamespace", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_servicediscovery.IPrivateDnsNamespace", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_servicediscovery.IPublicDnsNamespace", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_servicediscovery.IService", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ses.IConfigurationSet", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ses.IConfigurationSetEventDestination", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ses.IDedicatedIpPool", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ses.IEmailIdentity", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ses.IReceiptRule", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ses.IReceiptRuleSet", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ses.IVdmAttributes", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_signer.ISigningProfile", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_sns.ITopic", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_sqs.IQueue", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ssm.IStringListParameter", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_ssm.IStringParameter", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_stepfunctions.IActivity", + "resource-interface-extends-resource-ref:aws-cdk-lib.aws_stepfunctions.IStateMachine", + "ref-via-ref-interface:aws-cdk-lib.AppProps.defaultStackSynthesizer", + "ref-via-ref-interface:aws-cdk-lib.IReusableStackSynthesizer.synthesize.session", + "ref-via-ref-interface:aws-cdk-lib.AppProps.policyValidationBeta1", + "ref-via-ref-interface:aws-cdk-lib.IPolicyValidationPluginBeta1.validate.context", + "ref-via-ref-interface:aws-cdk-lib.BundlingOptions.local", + "ref-via-ref-interface:aws-cdk-lib.IResolvable.resolve.context", + "ref-via-ref-interface:aws-cdk-lib.IResolveContext.registerPostProcessor.postProcessor", + "ref-via-ref-interface:aws-cdk-lib.CfnParameter.resolve._context", + "ref-via-ref-interface:aws-cdk-lib.ICfnConditionExpression.resolve.context", + "ref-via-ref-interface:aws-cdk-lib.StackProps.synthesizer", + "ref-via-ref-interface:aws-cdk-lib.IStackSynthesizer.synthesize.session", + "ref-via-ref-interface:aws-cdk-lib.StageProps.policyValidationBeta1", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.ApiKey.grantRead.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.MethodOptions.authorizer", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.MethodResponse.responseModels", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.MethodOptions.requestValidator", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.ApiKeyProps.resources", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.ApiKeyProps.stages", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.BasePathMappingProps.domainName", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.BasePathMappingProps.restApi", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.CognitoUserPoolsAuthorizerProps.cognitoUserPools", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.CustomDomainOptions.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.IUserPool.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.IUserPool.registerIdentityProvider.provider", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.DeploymentProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.DomainName.addApiMapping.targetStage", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.DomainName.addBasePathMapping.targetApi", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.DomainNameProps.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.MTLSConfig.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_s3.IBucket.addEventNotification.dest", + "ref-via-ref-interface:aws-cdk-lib.aws_s3.IBucket.grantDelete.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_s3.OnCloudTrailBucketEventOptions.target", + "ref-via-ref-interface:aws-cdk-lib.aws_events.IRuleTarget.bind.rule", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.GatewayResponseProps.restApi", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.DomainNameOptions.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.UsagePlanPerApiStage.api", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.StageOptions.accessLogDestination", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.IAccessLogDestination.bind.stage", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.EndpointConfiguration.vpcEndpoints", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.LambdaRestApiProps.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IFunction.addEventSource.source", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.EventSourceMappingOptions.onFailure", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IEventSourceDlq.bind.target", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.Permission.principal", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.EventInvokeConfigOptions.onFailure", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.LambdaIntegrationOptions.credentialsRole", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.IRole.addManagedPolicy.policy", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.LambdaIntegrationOptions.vpcLink", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.Method.grantExecute.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.Method.metric.stage", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.MethodProps.resource", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.ModelProps.restApi", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.ResourceAttributes.restApi", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.ProxyResourceProps.parent", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.RateLimitedApiKey.grantRead.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.RateLimitedApiKeyProps.resources", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.RateLimitedApiKeyProps.stages", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.RequestAuthorizerProps.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IFunction.grantInvoke.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.RequestAuthorizerProps.assumeRole", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.RequestValidatorProps.restApi", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.ResourceProps.parent", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.StageAttributes.restApi", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.StageProps.accessLogDestination", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.StepFunctionsRestApiProps.stateMachine", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.StepFunctionsRestApiProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.IRole.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.TokenAuthorizerProps.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.TokenAuthorizerProps.assumeRole", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.IUsagePlan.addApiKey.apiKey", + "ref-via-ref-interface:aws-cdk-lib.aws_apigateway.VpcLink.addTargets.targets", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.BaseNetworkListenerProps.certificates", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.BaseNetworkListenerProps.defaultTargetGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.INetworkTargetGroup.addTarget.targets", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.INetworkTargetGroup.registerListener.listener", + "ref-via-ref-interface:aws-cdk-lib.aws_applicationautoscaling.BasicStepScalingPolicyProps.metric", + "ref-via-ref-interface:aws-cdk-lib.aws_applicationautoscaling.ScalableTargetProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_applicationautoscaling.StepScalingActionProps.scalingTarget", + "ref-via-ref-interface:aws-cdk-lib.aws_applicationautoscaling.StepScalingPolicyProps.metric", + "ref-via-ref-interface:aws-cdk-lib.aws_applicationautoscaling.StepScalingPolicyProps.scalingTarget", + "ref-via-ref-interface:aws-cdk-lib.aws_applicationautoscaling.TargetTrackingScalingPolicyProps.customMetric", + "ref-via-ref-interface:aws-cdk-lib.aws_applicationautoscaling.TargetTrackingScalingPolicyProps.scalingTarget", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.GatewayRouteAttributes.virtualGateway", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.IVirtualGateway.grantStreamAggregatedResources.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.RouteAttributes.virtualRouter", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.RouteProps.mesh", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.VirtualGatewayAttributes.mesh", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.VirtualNodeAttributes.mesh", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.IVirtualNode.grantStreamAggregatedResources.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.VirtualRouterAttributes.mesh", + "ref-via-ref-interface:aws-cdk-lib.aws_appmesh.VirtualServiceAttributes.mesh", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.AppsyncFunctionProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.IGraphqlApi.addDynamoDbDataSource.table", + "ref-via-ref-interface:aws-cdk-lib.aws_dynamodb.ITable.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.IGraphqlApi.addElasticsearchDataSource.domain", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.IGraphqlApi.addEventBridgeDataSource.eventBus", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.IGraphqlApi.addLambdaDataSource.lambdaFunction", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.IGraphqlApi.addOpenSearchDataSource.domain", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.IGraphqlApi.addRdsDataSource.serverlessCluster", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.IGraphqlApi.addRdsDataSource.secretStore", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.ISecret.attach.target", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.ExtendedResolverProps.pipelineConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.BaseResolverProps.pipelineConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.DynamoDbDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.DynamoDbDataSourceProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.ElasticsearchDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.ElasticsearchDataSourceProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.EventBridgeDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.EventBridgeDataSourceProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.UserPoolConfig.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.LogConfig.excludeVerboseContent", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.LogConfig.role", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.GraphqlApiProps.schema", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.ISchema.bind.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.HttpDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.LambdaDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.LambdaDataSourceProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.NoneDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.OpenSearchDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.OpenSearchDataSourceProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.RdsDataSourceProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.RdsDataSourceProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.ResolverProps.pipelineConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.ResolverProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.SourceApiAssociationAttributes.mergedApi", + "ref-via-ref-interface:aws-cdk-lib.aws_appsync.SourceApiAssociationProps.mergedApiExecutionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.BasicLifecycleHookProps.notificationTarget", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.BindHookTargetOptions.role", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.AutoScalingGroup.addSecurityGroup.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ISecurityGroup.addEgressRule.peer", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancerTarget.attachToApplicationTargetGroup.targetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationTargetGroup.addTarget.targets", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationTargetGroup.registerConnectable.connectable", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationTargetGroup.registerListener.listener", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener.addCertificates.certificates", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.INetworkLoadBalancerTarget.attachToNetworkTargetGroup.targetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.BasicStepScalingPolicyProps.metric", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.NotificationConfiguration.topic", + "ref-via-ref-interface:aws-cdk-lib.aws_sns.ITopic.addSubscription.subscription", + "ref-via-ref-interface:aws-cdk-lib.aws_sns.ITopic.grantPublish.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.SubnetSelection.subnets", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ISubnet.associateNetworkAcl.acl", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.AutoScalingGroupProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointOptions.clientConnectionHandler", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointOptions.logGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.MetricFilterOptions.filterPattern", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.SubscriptionFilterOptions.destination", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointOptions.logStream", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.GatewayVpcEndpointOptions.service", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.InterfaceVpcEndpointOptions.service", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.AutoScalingGroupProps.launchTemplate", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.AutoScalingGroupProps.machineImage", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.LifecycleHookProps.notificationTarget", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.LifecycleHookProps.autoScalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.ScheduledActionProps.autoScalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.StepScalingActionProps.autoScalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.StepScalingPolicyProps.metric", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.StepScalingPolicyProps.autoScalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.TargetTrackingScalingPolicyProps.customMetric", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.TargetTrackingScalingPolicyProps.autoScalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_autoscaling.WarmPoolProps.autoScalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_backup.BackupPlan.daily35DayRetention.backupVault", + "ref-via-ref-interface:aws-cdk-lib.aws_backup.IBackupVault.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_backup.BackupSelectionOptions.role", + "ref-via-ref-interface:aws-cdk-lib.aws_backup.BackupSelectionProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_backup.BackupSelectionProps.backupPlan", + "ref-via-ref-interface:aws-cdk-lib.aws_backup.BackupVaultProps.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_backup.BackupVaultProps.notificationTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.EcsEc2ContainerDefinitionProps.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.EcsFargateContainerDefinitionProps.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.EcsJobDefinition.grantSubmitJob.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.EcsJobDefinition.grantSubmitJob.queue", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.IJobQueue.addComputeEnvironment.computeEnvironment", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.EcsJobDefinitionProps.container", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.FargateComputeEnvironmentProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.FargateComputeEnvironmentProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.ILogGroup.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointOptions.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.JobQueueProps.schedulingPolicy", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EcsComputeEnvironmentProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EcsComputeEnvironmentProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.EcsMachineImage.image", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EcsComputeEnvironmentProps.launchTemplate", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EcsComputeEnvironmentProps.placementGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EksComputeEnvironmentProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EksComputeEnvironmentProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EksComputeEnvironmentProps.eksCluster", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.EksMachineImage.image", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EksComputeEnvironmentProps.launchTemplate", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.ManagedEc2EksComputeEnvironmentProps.placementGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.MultiNodeContainer.container", + "ref-via-ref-interface:aws-cdk-lib.aws_batch.UnmanagedComputeEnvironmentProps.serviceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificateProps.hostedZone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.IHostedZone.grantDelegation.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificateProps.customResourceRole", + "ref-via-ref-interface:aws-cdk-lib.aws_certificatemanager.PrivateCertificateProps.certificateAuthority", + "ref-via-ref-interface:aws-cdk-lib.aws_chatbot.SlackChannelConfiguration.addNotificationTopic.notificationTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_chatbot.SlackChannelConfigurationProps.guardrailPolicies", + "ref-via-ref-interface:aws-cdk-lib.aws_chatbot.SlackChannelConfigurationProps.logRetentionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.IDistribution.grant.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.CfnDistribution.ForwardedValuesProperty.queryString", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.FunctionAssociation.function", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.LambdaFunctionAssociation.lambdaFunction", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IVersion.addEventSource.source", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IEventSource.bind.target", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.Behavior.trustedKeyGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.S3OriginConfig.s3BucketSource", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.S3OriginConfig.originAccessIdentity", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.Distribution.addBehavior.origin", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.AddBehaviorOptions.cachePolicy", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.EdgeLambda.functionVersion", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.AddBehaviorOptions.originRequestPolicy", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.AddBehaviorOptions.realtimeLogConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.AddBehaviorOptions.responseHeadersPolicy", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.AddBehaviorOptions.trustedKeyGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.DistributionProps.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.DistributionProps.logBucket", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.KeyGroupProps.items", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.AliasOptions.onFailure", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IDestination.bind.fn", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.VersionWeight.version", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.codeSigningConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.deadLetterQueue", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.deadLetterTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.environmentEncryption", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.layers", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.logRetentionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.profilingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudfront.experimental.EdgeFunctionProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_events.OnEventOptions.target", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudtrail.Trail.addLambdaEventSelector.handlers", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudtrail.S3EventSelector.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudtrail.TrailProps.cloudWatchLogGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudtrail.TrailProps.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudtrail.TrailProps.snsTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudwatch.AlarmBase.addAlarmAction.actions", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudwatch.IAlarmAction.bind.alarm", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudwatch.AlarmProps.metric", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudwatch.CompositeAlarm.addAlarmAction.actions", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudwatch.CompositeAlarmProps.alarmRule", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudwatch.Dashboard.addVariable.variable", + "ref-via-ref-interface:aws-cdk-lib.aws_cloudwatch.Dashboard.addWidgets.widgets", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProject.serializeEnvVariables.principal", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProject.addFileSystemLocation.fileSystemLocation", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.IFileSystemLocation.bind.project", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.IProject.notifyOn.target", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProject.addSecondaryArtifact.secondaryArtifact", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProject.addSecondarySource.secondarySource", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.BindToCodePipelineOptions.artifactBucket", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProjectProps.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.BuildEnvironment.buildImage", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.CloudWatchLoggingOptions.logGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProjectProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProjectProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.PipelineProjectProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.Project.serializeEnvVariables.principal", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.Project.addFileSystemLocation.fileSystemLocation", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.Project.addSecondaryArtifact.secondaryArtifact", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.Project.addSecondarySource.secondarySource", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.ProjectProps.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.ProjectProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.ProjectProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.ProjectProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.IReportGroup.grantWrite.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.ReportGroupProps.exportBucket", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.UntrustedCodeBoundaryPolicy.attachToGroup.group", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.IGroup.addManagedPolicy.policy", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.UntrustedCodeBoundaryPolicy.attachToRole.role", + "ref-via-ref-interface:aws-cdk-lib.aws_codebuild.UntrustedCodeBoundaryPolicy.attachToUser.user", + "ref-via-ref-interface:aws-cdk-lib.aws_codecommit.IRepository.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_codecommit.Repository.notifiyOnPullRequestMerged.target", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.EcsDeploymentGroupAttributes.application", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.EcsDeploymentGroupAttributes.deploymentConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.EcsDeploymentGroup.addAlarm.alarm", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.EcsBlueGreenDeploymentConfig.blueTargetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.EcsBlueGreenDeploymentConfig.listener", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.EcsDeploymentGroupProps.service", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.EcsDeploymentGroupProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.LambdaDeploymentGroupAttributes.application", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.LambdaDeploymentGroupAttributes.deploymentConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.LambdaDeploymentGroup.addAlarm.alarm", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.LambdaDeploymentGroup.addPostHook.postHook", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.LambdaDeploymentGroupProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.ServerDeploymentGroupAttributes.application", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.ServerDeploymentGroupAttributes.deploymentConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.ServerDeploymentGroup.addAlarm.alarm", + "ref-via-ref-interface:aws-cdk-lib.aws_codedeploy.ServerDeploymentGroupProps.autoScalingGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup.grantPublish.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_codepipeline.StageOptions.actions", + "ref-via-ref-interface:aws-cdk-lib.aws_codepipeline.IAction.bind.stage", + "ref-via-ref-interface:aws-cdk-lib.aws_codepipeline.IStage.onStateChange.target", + "ref-via-ref-interface:aws-cdk-lib.aws_events.RuleProps.eventBus", + "ref-via-ref-interface:aws-cdk-lib.aws_events.IEventBus.grantPutEventsTo.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_codepipeline.ActionBindOptions.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_codepipeline.ActionBindOptions.role", + "ref-via-ref-interface:aws-cdk-lib.aws_codepipeline.IPipeline.notifyOn.target", + "ref-via-ref-interface:aws-cdk-lib.aws_codestarnotifications.INotificationRule.addTarget.target", + "ref-via-ref-interface:aws-cdk-lib.aws_codestarnotifications.NotificationRuleProps.source", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPool.addTrigger.fn", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolProps.customAttributes", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolProps.customSenderKmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolProps.smsRole", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolClientProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolDomainProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazonProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAppleProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolIdentityProviderFacebookProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogleProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolIdentityProviderOidcProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolIdentityProviderSamlProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_cognito.UserPoolResourceServerProps.userPool", + "ref-via-ref-interface:aws-cdk-lib.aws_config.CloudFormationStackDriftDetectionCheckProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_config.CloudFormationStackNotificationCheckProps.topics", + "ref-via-ref-interface:aws-cdk-lib.aws_config.CustomRuleProps.lambdaFunction", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.DatabaseClusterAttributes.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.RotationMultiUserOptions.secret", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.RotationScheduleOptions.rotationLambda", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.Login.kmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.DatabaseClusterProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.DatabaseClusterProps.cloudWatchLogsRetentionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.DatabaseClusterProps.parameterGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.DatabaseInstanceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.SecretAttributes.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_kms.IKey.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_docdb.DatabaseSecretProps.masterSecret", + "ref-via-ref-interface:aws-cdk-lib.aws_dynamodb.TableAttributes.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_dynamodb.TableProps.kinesisStream", + "ref-via-ref-interface:aws-cdk-lib.aws_dynamodb.TableAttributesV2.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_dynamodb.ReplicaTableProps.kinesisStream", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.BastionHostLinux.allowSshAccessFrom.peer", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.BastionHostLinuxProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.BastionHostLinuxProps.machineImage", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnAuthorizationRuleProps.clientVpnEndpoint", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointAttributes.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointProps.clientConnectionHandler", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointProps.logGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointProps.logStream", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnEndpointProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.ClientVpnRouteProps.clientVpnEndpoint", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.GatewayVpcEndpointProps.service", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.GatewayVpcEndpointProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.Instance.addSecurityGroup.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.InstanceProps.machineImage", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.InstanceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.InstanceProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.InterfaceVpcEndpointAttributes.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.InterfaceVpcEndpointProps.service", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.InterfaceVpcEndpointProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.LaunchTemplate.addSecurityGroup.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.LaunchTemplateProps.instanceProfile", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.LaunchTemplateProps.machineImage", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.LaunchTemplateProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.NetworkAclProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.NetworkAclEntryProps.networkAcl", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.PrivateSubnet.addDefaultInternetRoute.gatewayAttachment", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.PublicSubnet.addDefaultInternetRoute.gatewayAttachment", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.SecurityGroup.fromLookupByName.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.Subnet.addDefaultInternetRoute.gatewayAttachment", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.SubnetNetworkAclAssociationProps.networkAcl", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.SubnetNetworkAclAssociationProps.subnet", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.VolumeAttributes.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.IVolume.grantAttachVolume.instances", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.VpcProps.ipAddresses", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.VpcEndpointServiceProps.vpcEndpointServiceLoadBalancers", + "ref-via-ref-interface:aws-cdk-lib.aws_ec2.VpnConnectionProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecr.IRepository.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ecr.RepositoryProps.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.AsgCapacityProviderProps.topicEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.AsgCapacityProviderProps.autoScalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ClusterAttributes.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ClusterAttributes.autoscalingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ClusterAttributes.defaultCloudMapNamespace", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ExecuteCommandConfiguration.kmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ExecuteCommandLogConfiguration.s3Bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.AddCapacityOptions.machineImage", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.AssociateCloudMapServiceOptions.service", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.CloudMapOptions.cloudMapNamespace", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.Ec2ServiceAttributes.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.Ec2ServiceProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.TaskDefinitionAttributes.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.Ec2TaskDefinition.addExtension.extension", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.Ec2TaskDefinition.grantRun.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.BaseService.attachToApplicationTargetGroup.targetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ExternalServiceAttributes.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ExternalServiceProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ExternalTaskDefinition.addExtension.extension", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ExternalTaskDefinition.grantRun.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.FargateServiceAttributes.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.FargateServiceProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.FargateTaskDefinition.addExtension.extension", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.FargateTaskDefinition.grantRun.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.ScalableTaskCountProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.TaskDefinition.addExtension.extension", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs.TaskDefinition.grantRun.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedEc2ServiceProps.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedEc2ServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedEc2ServiceProps.domainZone", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedEc2ServiceProps.loadBalancer", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.BaseApplicationListenerProps.certificates", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.BaseApplicationListenerProps.defaultTargetGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedTaskImageOptions.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedEc2ServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedFargateServiceProps.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedFargateServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedFargateServiceProps.domainZone", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedFargateServiceProps.loadBalancer", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedFargateServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationMultipleTargetGroupsEc2ServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationListenerProps.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancerProps.domainZone", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedTaskImageProps.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationMultipleTargetGroupsEc2ServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationMultipleTargetGroupsFargateServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ApplicationMultipleTargetGroupsFargateServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedEc2ServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedEc2ServiceProps.domainZone", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedEc2ServiceProps.loadBalancer", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedTaskImageOptions.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedEc2ServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedFargateServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedFargateServiceProps.domainZone", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedFargateServiceProps.loadBalancer", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedFargateServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkMultipleTargetGroupsEc2ServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancerProps.domainZone", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedTaskImageProps.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkMultipleTargetGroupsEc2ServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkMultipleTargetGroupsFargateServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.NetworkMultipleTargetGroupsFargateServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.QueueProcessingEc2ServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.QueueProcessingEc2ServiceProps.queue", + "ref-via-ref-interface:aws-cdk-lib.aws_sqs.IQueue.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.QueueProcessingEc2ServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.QueueProcessingFargateServiceProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.QueueProcessingFargateServiceProps.queue", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.QueueProcessingFargateServiceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ScheduledEc2TaskProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ScheduledEc2TaskProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ScheduledEc2TaskProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ScheduledFargateTaskProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ScheduledFargateTaskProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_ecs_patterns.ScheduledFargateTaskProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_efs.AccessPointAttributes.fileSystem", + "ref-via-ref-interface:aws-cdk-lib.aws_efs.IFileSystem.grant.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_efs.FileSystemAttributes.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_efs.FileSystemProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_efs.FileSystemProps.kmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.AwsAuth.addMastersRole.role", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.AwsAuth.addUserMapping.user", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.IUser.addToGroup.group", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.ClusterAttributes.awscliLayer", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.ClusterAttributes.kubectlLambdaRole", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.ClusterAttributes.kubectlProvider", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.ClusterAttributes.openIdConnectProvider", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.ClusterAttributes.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.ClusterProps.secretsEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.FargateClusterProps.secretsEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.FargateProfileProps.podExecutionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.FargateProfileProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.HelmChartProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.KubectlProviderAttributes.handlerRole", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.KubectlProvider.getOrCreate.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.KubernetesManifestProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.KubernetesObjectValueProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.KubernetesPatchProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.NodegroupProps.nodeRole", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.NodegroupRemoteAccess.sourceSecurityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.NodegroupProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_eks.ServiceAccountProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancing.LoadBalancerListener.allowConnectionsFrom", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancing.LoadBalancer.addTarget.target", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancing.LoadBalancerProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancing.CfnLoadBalancer.AccessLoggingPolicyProperty.enabled", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListenerAttributes.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.AddApplicationTargetGroupsProps.targetGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListenerProps.loadBalancer", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListenerCertificateProps.listener", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListenerRuleProps.targetGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer.logAccessLogs.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancerAttributes.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationTargetGroupProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListener.addCertificates.certificates", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListener.addTargetGroups.targetGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListenerProps.loadBalancer", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkLoadBalancer.logAccessLogs.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkLoadBalancerAttributes.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkTargetGroupProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.IDomain.grantIndexRead.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.CognitoOptions.role", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.CustomEndpointOptions.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.CustomEndpointOptions.hostedZone", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.EncryptionAtRestOptions.kmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.LoggingOptions.appLogGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.DomainProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_elasticsearch.DomainProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_events.ApiDestinationProps.connection", + "ref-via-ref-interface:aws-cdk-lib.aws_events.ArchiveProps.sourceEventBus", + "ref-via-ref-interface:aws-cdk-lib.aws_events.EventBus.grantAllPutEvents.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_events.EventBusPolicyProps.eventBus", + "ref-via-ref-interface:aws-cdk-lib.aws_events.Rule.addTarget.target", + "ref-via-ref-interface:aws-cdk-lib.aws_fsx.FileSystemAttributes.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_fsx.LustreFileSystemProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_fsx.LustreFileSystemProps.kmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_globalaccelerator.EndpointGroup.addEndpoint.endpoint", + "ref-via-ref-interface:aws-cdk-lib.aws_globalaccelerator.EndpointGroup.connectionsPeer.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_globalaccelerator.EndpointGroupProps.listener", + "ref-via-ref-interface:aws-cdk-lib.aws_globalaccelerator.EndpointGroupOptions.endpoints", + "ref-via-ref-interface:aws-cdk-lib.aws_globalaccelerator.ListenerProps.accelerator", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.AccessKeyProps.user", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.IUser.addManagedPolicy.policy", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.IIdentity.addManagedPolicy.policy", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.Group.addUser.user", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.InstanceProfileAttributes.role", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.ManagedPolicy.attachToGroup.group", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.ManagedPolicy.attachToRole.role", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.ManagedPolicy.attachToUser.user", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.Policy.attachToGroup.group", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.Policy.attachToRole.role", + "ref-via-ref-interface:aws-cdk-lib.aws_iam.Policy.attachToUser.user", + "ref-via-ref-interface:aws-cdk-lib.aws_kinesis.StreamAttributes.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_kms.AliasAttributes.aliasTargetKey", + "ref-via-ref-interface:aws-cdk-lib.aws_kms.KeyProps.admins", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.AliasAttributes.aliasVersion", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.CodeSigningConfigProps.signingProfiles", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionAttributes.role", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionAttributes.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.DockerImageFunction.addLayers.layers", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.DockerImageFunctionProps.codeSigningConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.DockerImageFunctionProps.deadLetterQueue", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.DockerImageFunctionProps.deadLetterTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.DockerImageFunctionProps.environmentEncryption", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.DockerImageFunctionProps.profilingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.DockerImageFunctionProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.EventInvokeConfigProps.onFailure", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.EventSourceMappingProps.onFailure", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IEventSourceDlq.bind.targetHandler", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.Function.addLayers.layers", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionProps.codeSigningConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionProps.deadLetterQueue", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionProps.deadLetterTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionProps.environmentEncryption", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionProps.profilingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.IFunctionUrl.grantInvokeUrl.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.FunctionUrlProps.function", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunction.addDependency.up", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunction.addLayers.layers", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.codeSigningConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.deadLetterQueue", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.deadLetterTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.environmentEncryption", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.logRetentionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.profilingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda.SingletonFunctionProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.NodejsFunction.addLayers.layers", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.NodejsFunctionProps.codeSigningConfig", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.NodejsFunctionProps.deadLetterQueue", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.NodejsFunctionProps.deadLetterTopic", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.NodejsFunctionProps.environmentEncryption", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.NodejsFunctionProps.profilingGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.NodejsFunctionProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_lambda_nodejs.BundlingOptions.commandHooks", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.ILogSubscriptionDestination.bind.sourceLogGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.CrossAccountDestinationProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.LogGroupProps.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.LogRetentionProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.LogStreamProps.logGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.MetricFilterProps.filterPattern", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.MetricFilterProps.logGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.QueryDefinitionProps.logGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_logs.SubscriptionFilterProps.destination", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.IDomain.grantIndexRead.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.CognitoOptions.role", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.CustomEndpointOptions.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.CustomEndpointOptions.hostedZone", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.EncryptionAtRestOptions.kmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.LoggingOptions.appLogGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.DomainProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_opensearchservice.DomainProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseProxyOptions.secrets", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseProxyOptions.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseProxyOptions.role", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseClusterAttributes.engine", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ClusterEngineBindOptions.parameterGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.RotationMultiUserOptions.endpoint", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.InstanceProps.performanceInsightEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseClusterProps.readers", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.IClusterInstance.bind.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ClusterInstanceBindOptions.subnetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseClusterProps.s3ExportBuckets", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseClusterFromSnapshotProps.engine", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseClusterFromSnapshotProps.readers", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseClusterFromSnapshotProps.s3ExportBuckets", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceAttributes.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceAttributes.engine", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.InstanceEngineBindOptions.optionGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.OptionConfiguration.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.InstanceEngineBindOptions.s3ExportRole", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceProps.parameterGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceProps.performanceInsightEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceProps.s3ExportBuckets", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceProps.subnetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceFromSnapshotProps.parameterGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceFromSnapshotProps.performanceInsightEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceFromSnapshotProps.s3ExportBuckets", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceFromSnapshotProps.subnetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceReadReplicaProps.parameterGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceReadReplicaProps.performanceInsightEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceReadReplicaProps.s3ExportBuckets", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceReadReplicaProps.subnetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseInstanceReadReplicaProps.sourceDatabaseInstance", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseProxyAttributes.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.IDatabaseProxy.grantConnect.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseProxyProps.secrets", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseProxyProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseProxyProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.DatabaseSecretProps.masterSecret", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.OptionConfiguration.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.OptionGroupProps.engine", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ParameterGroupProps.engine", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterAttributes.secret", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterAttributes.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterProps.engine", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ClusterEngineBindOptions.s3ExportRole", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterProps.storageEncryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterProps.subnetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.IServerlessCluster.grantDataApiAccess.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterFromSnapshotProps.engine", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterFromSnapshotProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterFromSnapshotProps.subnetGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.ServerlessClusterFromSnapshotProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_rds.SubnetGroupProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.ARecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.AaaaRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.CaaAmazonRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.CaaRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.CnameRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.CrossAccountZoneDelegationRecordProps.delegatedZone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.CrossAccountZoneDelegationRecordProps.delegationRole", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.DsRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.HostedZone.addVpc.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.MxRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.NsRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.PrivateHostedZone.addVpc.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.PublicHostedZone.addDelegation.delegate", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.PublicHostedZoneProps.crossAccountZoneDelegationPrincipal", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.RecordSetProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.SrvRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.TxtRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.VpcEndpointServiceDomainNameProps.endpointService", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.VpcEndpointServiceDomainNameProps.publicHostedZone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.IPublicHostedZone.grantDelegation.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_route53.ZoneDelegationRecordProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53_patterns.HttpsRedirectProps.zone", + "ref-via-ref-interface:aws-cdk-lib.aws_route53_patterns.HttpsRedirectProps.certificate", + "ref-via-ref-interface:aws-cdk-lib.aws_s3.IBucketNotificationDestination.bind.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_s3.BucketAttributes.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_s3.BucketAttributes.notificationsHandlerRole", + "ref-via-ref-interface:aws-cdk-lib.aws_s3.BucketPolicyProps.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_assets.Asset.grantRead.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_deployment.BucketDeployment.addSource.source", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_deployment.DeploymentSourceContext.handlerRole", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_deployment.BucketDeploymentProps.destinationBucket", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_deployment.BucketDeploymentProps.distribution", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_deployment.BucketDeploymentProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_deployment.DeployTimeSubstitutedFile.addSource.source", + "ref-via-ref-interface:aws-cdk-lib.aws_s3_deployment.DeployTimeSubstitutedFileProps.destinationBucket", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.ResourcePolicyProps.secret", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.RotationScheduleProps.rotationLambda", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.RotationScheduleProps.secret", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.SecretRotationProps.secret", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.SecretRotationProps.target", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.SecretRotationProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.SecretRotationProps.endpoint", + "ref-via-ref-interface:aws-cdk-lib.aws_secretsmanager.SecretTargetAttachmentProps.secret", + "ref-via-ref-interface:aws-cdk-lib.aws_servicecatalog.IPortfolio.addProduct.product", + "ref-via-ref-interface:aws-cdk-lib.ICfnRuleConditionExpression.resolve.context", + "ref-via-ref-interface:aws-cdk-lib.aws_servicecatalog.StackSetsConstraintOptions.adminRole", + "ref-via-ref-interface:aws-cdk-lib.aws_servicecatalog.IPortfolio.giveAccessToGroup.group", + "ref-via-ref-interface:aws-cdk-lib.aws_servicecatalog.IPortfolio.giveAccessToUser.user", + "ref-via-ref-interface:aws-cdk-lib.aws_servicecatalog.IPortfolio.notifyOnStackEvents.topic", + "ref-via-ref-interface:aws-cdk-lib.aws_servicecatalog.ProductStackProps.assetBucket", + "ref-via-ref-interface:aws-cdk-lib.aws_servicediscovery.AliasTargetInstanceProps.service", + "ref-via-ref-interface:aws-cdk-lib.aws_servicediscovery.CnameInstanceProps.service", + "ref-via-ref-interface:aws-cdk-lib.aws_servicediscovery.IpInstanceProps.service", + "ref-via-ref-interface:aws-cdk-lib.aws_servicediscovery.NonIpInstanceProps.service", + "ref-via-ref-interface:aws-cdk-lib.aws_servicediscovery.PrivateDnsNamespaceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_servicediscovery.ServiceAttributes.namespace", + "ref-via-ref-interface:aws-cdk-lib.aws_servicediscovery.Service.registerLoadBalancer.loadBalancer", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.ConfigurationSetProps.dedicatedIpPool", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.ConfigurationSetEventDestinationProps.configurationSet", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.DropSpamReceiptRuleProps.actions", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.IReceiptRuleAction.bind.receiptRule", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.DropSpamReceiptRuleProps.ruleSet", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.EmailIdentityProps.configurationSet", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.ReceiptRule.addAction.action", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.ReceiptRuleProps.ruleSet", + "ref-via-ref-interface:aws-cdk-lib.aws_ses.ReceiptRuleOptions.actions", + "ref-via-ref-interface:aws-cdk-lib.aws_sns.SubscriptionProps.deadLetterQueue", + "ref-via-ref-interface:aws-cdk-lib.aws_sns.SubscriptionProps.topic", + "ref-via-ref-interface:aws-cdk-lib.aws_sns.ITopicSubscription.bind.topic", + "ref-via-ref-interface:aws-cdk-lib.aws_sns.TopicProps.masterKey", + "ref-via-ref-interface:aws-cdk-lib.aws_sns.TopicPolicyProps.topics", + "ref-via-ref-interface:aws-cdk-lib.aws_sqs.DeadLetterQueue.queue", + "ref-via-ref-interface:aws-cdk-lib.aws_sqs.QueueProps.encryptionMasterKey", + "ref-via-ref-interface:aws-cdk-lib.aws_sqs.QueuePolicyProps.queues", + "ref-via-ref-interface:aws-cdk-lib.aws_ssm.IParameter.grantRead.grantee", + "ref-via-ref-interface:aws-cdk-lib.aws_ssm.SecureStringParameterAttributes.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.Activity.grant.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.Choice.otherwise.def", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.INextable.next.state", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.Map.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.Parallel.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.IStateMachine.grant.identity", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.StateMachineProps.definition", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.LogOptions.destination", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions.StateMachineProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.AthenaGetQueryExecution.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.AthenaGetQueryResults.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.AthenaStartQueryExecution.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EncryptionConfiguration.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.AthenaStopQueryExecution.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.BatchSubmitJob.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.CallApiGatewayHttpApiEndpoint.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.CallApiGatewayRestApiEndpoint.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.CallApiGatewayRestApiEndpointProps.api", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.CodeBuildStartBuild.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.CodeBuildStartBuildProps.project", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoDeleteItem.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoDeleteItemProps.table", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoGetItem.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoGetItemProps.table", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoPutItem.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoPutItemProps.table", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoUpdateItem.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.DynamoUpdateItemProps.table", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTaskProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTaskProps.launchTarget", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.LaunchTargetBindOptions.taskDefinition", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTaskProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EksCall.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EksCallProps.cluster", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrAddStep.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrCancelStep.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrContainersCreateVirtualCluster.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrContainersDeleteVirtualCluster.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrContainersStartJobRun.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrContainersStartJobRunProps.executionRole", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.Monitoring.logBucket", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.Monitoring.logGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrCreateCluster.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrCreateClusterProps.autoScalingRole", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrModifyInstanceFleetByName.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrModifyInstanceGroupByName.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrSetClusterTerminationProtection.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EmrTerminateCluster.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EvaluateExpression.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EventBridgePutEvents.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.EventBridgePutEventsEntry.eventBus", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.GlueDataBrewStartJobRun.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.GlueStartJobRun.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvokeProps.lambdaFunction", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateEndpoint.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateEndpointConfig.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateEndpointConfigProps.kmsKey", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateModel.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateModel.addSecurityGroup.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateModelProps.primaryContainer", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.IContainerDefinition.bind.task", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateModelProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateModelProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateTrainingJob.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateTrainingJob.addSecurityGroup.securityGroup", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.OutputDataConfig.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateTrainingJobProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.VpcConfig.vpc", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateTransformJob.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.TransformOutput.encryptionKey", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerCreateTransformJobProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SageMakerUpdateEndpoint.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SnsPublish.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SnsPublishProps.topic", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SqsSendMessage.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.SqsSendMessageProps.queue", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.StepFunctionsInvokeActivity.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.StepFunctionsInvokeActivityProps.activity", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.StepFunctionsStartExecution.addCatch.handler", + "ref-via-ref-interface:aws-cdk-lib.aws_stepfunctions_tasks.StepFunctionsStartExecutionProps.stateMachine", + "ref-via-ref-interface:aws-cdk-lib.aws_synthetics.ArtifactsBucketLocation.bucket", + "ref-via-ref-interface:aws-cdk-lib.aws_synthetics.CanaryProps.role", + "ref-via-ref-interface:aws-cdk-lib.aws_synthetics.CanaryProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.aws_synthetics.CanaryProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.custom_resources.AwsCustomResourceProps.role", + "ref-via-ref-interface:aws-cdk-lib.custom_resources.AwsCustomResourceProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.custom_resources.ProviderProps.onEventHandler", + "ref-via-ref-interface:aws-cdk-lib.custom_resources.ProviderProps.providerFunctionEnvEncryption", + "ref-via-ref-interface:aws-cdk-lib.custom_resources.ProviderProps.role", + "ref-via-ref-interface:aws-cdk-lib.custom_resources.ProviderProps.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.custom_resources.ProviderProps.vpc", + "ref-via-ref-interface:aws-cdk-lib.pipelines.CodePipelineProps.synth", + "ref-via-ref-interface:aws-cdk-lib.pipelines.CodePipelineProps.artifactBucket", + "ref-via-ref-interface:aws-cdk-lib.pipelines.CodeBuildOptions.fileSystemLocations", + "ref-via-ref-interface:aws-cdk-lib.pipelines.CodeBuildOptions.securityGroups", + "ref-via-ref-interface:aws-cdk-lib.pipelines.CodeBuildOptions.vpc", + "ref-via-ref-interface:aws-cdk-lib.pipelines.CodePipelineProps.role", + "ref-via-ref-interface:aws-cdk-lib.triggers.TriggerFunction.addLayers.layers", + "ref-via-ref-interface:aws-cdk-lib.triggers.TriggerFunctionProps.codeSigningConfig", + "ref-via-ref-interface:aws-cdk-lib.triggers.TriggerFunctionProps.deadLetterQueue", + "ref-via-ref-interface:aws-cdk-lib.triggers.TriggerFunctionProps.deadLetterTopic", + "ref-via-ref-interface:aws-cdk-lib.triggers.TriggerFunctionProps.environmentEncryption", + "ref-via-ref-interface:aws-cdk-lib.triggers.TriggerFunctionProps.profilingGroup", + "ref-via-ref-interface:aws-cdk-lib.triggers.TriggerFunctionProps.vpc" ] } diff --git a/packages/awslint/lib/rules/api.ts b/packages/awslint/lib/rules/api.ts index c90982532d4dc..55c8edc7746fe 100644 --- a/packages/awslint/lib/rules/api.ts +++ b/packages/awslint/lib/rules/api.ts @@ -3,143 +3,220 @@ import { ConstructReflection } from './construct'; import { CoreTypes } from './core-types'; import { Linter } from '../linter'; -const EXCLUDE_ANNOTATION_REF_VIA_INTERFACE = '[disable-awslint:ref-via-interface]'; +const EXCLUDE_ANNOTATION_REF_VIA_INTERFACE = + '[disable-awslint:ref-via-interface]'; + +const EXCLUDE_ANNOTATION_REF_VIA_REF_INTERFACE = + '[disable-awslint:ref-via-ref-interface]'; // lint all constructs that are not L1 resources -export const apiLinter = new Linter(a => ConstructReflection - .findAllConstructs(a) - .filter(c => !CoreTypes.isCfnResource(c.classType))); +export const apiLinter = new Linter((a) => + ConstructReflection.findAllConstructs(a).filter( + (c) => !CoreTypes.isCfnResource(c.classType), + ), +); + +apiLinter.add({ + code: 'ref-via-ref-interface', + message: + 'API should use reference interfaces and not construct interface (%s). ' + + `If this is intentional, add "${EXCLUDE_ANNOTATION_REF_VIA_REF_INTERFACE}" to element's jsdoc`, + eval: (e) => { + const cls = e.ctx.classType; + visitClass(cls, { + // Any interfaces should be `ICfnAbc` + assertInterfaceType: (type, docs, scope) => { + // Receiving a generic construct is allowed + if (type.fqn === 'constructs.IConstruct') { + return; + } + + // allow exclusion of this rule + if ( + docs.summary.includes(EXCLUDE_ANNOTATION_REF_VIA_REF_INTERFACE) || + docs.remarks.includes(EXCLUDE_ANNOTATION_REF_VIA_REF_INTERFACE) + ) { + return; + } + + e.assert(type.name.startsWith('ICfn'), scope, type.fqn); + }, + }); + }, +}); apiLinter.add({ code: 'ref-via-interface', - message: 'API should use interface and not the concrete class (%s). ' + + message: + 'API should use interface and not the concrete class (%s). ' + `If this is intentional, add "${EXCLUDE_ANNOTATION_REF_VIA_INTERFACE}" to element's jsdoc`, - eval: e => { + eval: (e) => { const cls = e.ctx.classType; - const visited = new Set(); + visitClass(cls, { + // classes are okay as long as they are not resource constructs + assertClassType: (type, docs, scope) => { + if (!CoreTypes.isResourceClass(type)) { + return; + } - assertClass(cls); + if (type.fqn === e.ctx.core.constructClass.fqn) { + return; + } - function assertClass(type: reflect.ClassType): void { - if (visited.has(type.fqn)) { return; } - visited.add(type.fqn); + // allow exclusion of this rule + if ( + docs.summary.includes(EXCLUDE_ANNOTATION_REF_VIA_INTERFACE) || + docs.remarks.includes(EXCLUDE_ANNOTATION_REF_VIA_INTERFACE) + ) { + return; + } - for (const method of type.allMethods) { - assertMethod(method); - } + e.assert(false, scope, type.fqn); + }, + }); + }, +}); - if (type.initializer) { - assertMethod(type.initializer); - } +function visitClass( + cls: reflect.ClassType, + assertions: { + assertClassType?: ( + type: reflect.ClassType, + docs: reflect.Docs, + scope: string + ) => void; + assertInterfaceType?: ( + type: reflect.InterfaceType, + docs: reflect.Docs, + scope: string + ) => void; + } = {}, +) { + const visited = new Set(); + + _visitClass(cls); + + function _visitClass(type: reflect.ClassType): void { + if (visited.has(type.fqn)) { + return; } + visited.add(type.fqn); - function assertDataType(type: reflect.InterfaceType): void { - for (const property of type.allProperties) { - assertProperty(property); - } + for (const method of type.allMethods) { + visitMethod(method); } - function assertInterface(type: reflect.InterfaceType): void { - if (visited.has(type.fqn)) { return; } - visited.add(type.fqn); - - if (type.datatype) { - assertDataType(type); - } + if (type.initializer) { + visitMethod(type.initializer); + } + } - for (const method of type.allMethods) { - assertMethod(method); - } + function visitDataType(type: reflect.InterfaceType): void { + for (const property of type.allProperties) { + visitProperty(property); } + } + + function visitInterface( + type: reflect.InterfaceType, + docs: reflect.Docs, + scope: string, + ): void { + if (visited.has(type.fqn)) { + return; + } + visited.add(type.fqn); - function assertProperty(property: reflect.Property) { + if (type.datatype) { + visitDataType(type); + } else if (assertions.assertInterfaceType) { + assertions.assertInterfaceType(type, docs, scope); + } - if (property.protected) { - return; - } + for (const method of type.allMethods) { + visitMethod(method); + } + } - const site = property.overrides ? property.overrides : property.parentType; - assertType(property.type, property.docs, `${site.fqn}.${property.name}`); + function visitProperty(property: reflect.Property) { + if (property.protected) { + return; } - function assertMethod(method: reflect.Callable) { + const site = property.overrides ? property.overrides : property.parentType; + visitType(property.type, property.docs, `${site.fqn}.${property.name}`); + } - if (method.protected) { - return; - } + function visitMethod(method: reflect.Callable) { + if (method.protected) { + return; + } - const site = method.overrides ? method.overrides : method.parentType; - const scope = `${site.fqn}.${method.name}`; + const site = method.overrides ? method.overrides : method.parentType; + const scope = `${site.fqn}.${method.name}`; - let firstMethod: reflect.Callable | undefined = site.isClassType() || site.isInterfaceType() - ? site.allMethods.find(m => m.name === method.name) + let firstMethod: reflect.Callable | undefined = + site.isClassType() || site.isInterfaceType() + ? site.allMethods.find((m) => m.name === method.name) : undefined; - if (!firstMethod) { - firstMethod = method; - } - - for (const param of firstMethod.parameters) { - assertType(param.type, param.docs, `${scope}.${param.name}`); - } - - // note that we do not require that return values will use an interface + if (!firstMethod) { + firstMethod = method; } - function assertType(type: reflect.TypeReference, docs: reflect.Docs, scope: string): void { - if (type.primitive) { - return; - } + for (const param of firstMethod.parameters) { + visitType(param.type, param.docs, `${scope}.${param.name}`); + } - if (type.void) { - return; - } + // note that we do not require that return values will use an interface + } - if (type.arrayOfType) { - return assertType(type.arrayOfType, docs, scope); - } + function visitType( + type: reflect.TypeReference, + docs: reflect.Docs, + scope: string, + ): void { + if (type.primitive) { + return; + } - if (type.mapOfType) { - return assertType(type.mapOfType, docs, scope); - } + if (type.void) { + return; + } - if (type.unionOfTypes) { - for (const t of type.unionOfTypes) { - assertType(t, docs, scope); - } - return; - } + if (type.arrayOfType) { + return visitType(type.arrayOfType, docs, scope); + } - // interfaces are okay - if (type.type && type.type.isInterfaceType()) { - return assertInterface(type.type); - } + if (type.mapOfType) { + return visitType(type.mapOfType, docs, scope); + } - // enums are okay - if (type.type && type.type.isEnumType()) { - return; + if (type.unionOfTypes) { + for (const t of type.unionOfTypes) { + visitType(t, docs, scope); } + return; + } - // classes are okay as long as they are not resource constructs - if (type.type && type.type.isClassType()) { - if (!CoreTypes.isResourceClass(type.type)) { - return; - } - - if (type.type.fqn === e.ctx.core.constructClass.fqn) { - return; - } + // interfaces are okay + if (type.type && type.type.isInterfaceType()) { + return visitInterface(type.type, docs, scope); + } - // allow exclusion of this rule - if (docs.summary.includes(EXCLUDE_ANNOTATION_REF_VIA_INTERFACE) || docs.remarks.includes(EXCLUDE_ANNOTATION_REF_VIA_INTERFACE)) { - return; - } + // enums are okay + if (type.type && type.type.isEnumType()) { + return; + } - e.assert(false, scope, type.type.fqn); - return; + // classes are okay as long as they are not resource constructs + if (type.type && type.type.isClassType()) { + if (assertions.assertClassType) { + assertions.assertClassType(type.type, docs, scope); } - - throw new Error(`invalid type reference: ${type.toString()}`); + return; } - }, -}); + + throw new Error(`invalid type reference: ${type.toString()}`); + } +} diff --git a/packages/awslint/lib/rules/cfn-resource.ts b/packages/awslint/lib/rules/cfn-resource.ts index 9e8a73b8804a9..47448f482b53f 100644 --- a/packages/awslint/lib/rules/cfn-resource.ts +++ b/packages/awslint/lib/rules/cfn-resource.ts @@ -68,6 +68,7 @@ export class CfnResourceReflection { public readonly fullname: string; // AWS::S3::Bucket public readonly namespace: string; // AWS::S3 public readonly basename: string; // Bucket + public readonly refInterfaceFqn: string; // ICfnBucket public readonly attributeNames: string[]; // (normalized) bucketArn, bucketName, queueUrl public readonly doc: string; // link to CloudFormation docs @@ -76,6 +77,8 @@ export class CfnResourceReflection { this.basename = cls.name.slice('Cfn'.length); + this.refInterfaceFqn = `${this.typePrefix(cls)}.I${cls.name}`; + const fullname = cls.docs.customTag('cloudformationResource'); if (!fullname) { throw new Error(`Unable to extract CloudFormation resource name from initializer documentation of ${cls}`); @@ -93,6 +96,10 @@ export class CfnResourceReflection { this.doc = cls.docs.docs.see || ''; } + private typePrefix(classType: reflect.ClassType) { + return classType.assembly.name + (classType.namespace ? `.${classType.namespace}` : ''); + } + private attributePropertyNameFromCfnName(name: string): string { // special case (someone was smart), special case copied from cfn2ts diff --git a/packages/awslint/lib/rules/resource.ts b/packages/awslint/lib/rules/resource.ts index cb0886bf8441c..a7655dc148e72 100644 --- a/packages/awslint/lib/rules/resource.ts +++ b/packages/awslint/lib/rules/resource.ts @@ -185,6 +185,19 @@ resourceLinter.add({ }, }); +resourceLinter.add({ + code: 'resource-interface-extends-resource-ref', + message: 'construct interfaces of AWS resources must extend the corresponding reference interface ICfn (e.g. ICfnBucket)', + eval: e => { + const resourceInterface = e.ctx.construct.interfaceType; + if (!resourceInterface) { return; } + + const resourceRefInterfaceFqn = e.ctx.cfn.refInterfaceFqn; + const interfaceBase = e.ctx.sys.findInterface(resourceRefInterfaceFqn); + e.assert(resourceInterface.extends(interfaceBase), resourceInterface.fqn); + }, +}); + /* // This rule is the worst resourceLinter.add({