From ff74b5e713d2da724b4a463adaa97cad3236e8a3 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 12:01:04 -0700 Subject: [PATCH 01/11] chore: only validate regex if stack name is not a token --- .../cdk.out | 1 + .../code-pipeline-nested-stack.assets.json | 34 + .../code-pipeline-nested-stack.template.json | 57 + ...ssRegionStack37C990C7.nested.template.json | 383 ++++++ ...s-account-support-stack-region.assets.json | 20 + ...account-support-stack-region.template.json | 96 ++ ...ion-stack-649563674902:service.assets.json | 20 + ...n-stack-649563674902:service.template.json | 182 +++ .../integ.json | 12 + ...efaultTestDeployAssertCC253196.assets.json | 19 + ...aultTestDeployAssertCC253196.template.json | 36 + .../manifest.json | 307 +++++ .../tree.json | 1077 +++++++++++++++++ .../integ.codepipeline-with-nested-stack.ts | 85 ++ packages/aws-cdk-lib/core/lib/nested-stack.ts | 9 +- 15 files changed, 2337 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json new file mode 100644 index 0000000000000..a0e236c992b90 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json @@ -0,0 +1,34 @@ +{ + "version": "38.0.1", + "files": { + "7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9": { + "source": { + "path": "codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json", + "packaging": "file" + }, + "destinations": { + "649563674902-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", + "objectKey": "7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" + } + } + }, + "f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3": { + "source": { + "path": "code-pipeline-nested-stack.template.json", + "packaging": "file" + }, + "destinations": { + "649563674902-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", + "objectKey": "f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json new file mode 100644 index 0000000000000..22b5d18ff7ff2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json @@ -0,0 +1,57 @@ +{ + "Resources": { + "PipelineCrossRegionStackNestedStackPipelineCrossRegionStackNestedStackResourceAABDCA01": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.us-east-1.", + { + "Ref": "AWS::URLSuffix" + }, + "/cdk-hnb659fds-assets-649563674902-us-east-1/7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json" + ] + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json new file mode 100644 index 0000000000000..00033a174d86f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json @@ -0,0 +1,383 @@ +{ + "Resources": { + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": "MyRoleName" + } + }, + "RoleDefaultPolicy5FFB7DAB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": [ + "*", + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + ] + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "RoleDefaultPolicy5FFB7DAB", + "Roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "PipelineArtifactsBucketEncryptionKey01D58D69": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:root" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": { + "Type": "AWS::KMS::Alias", + "Properties": { + "AliasName": "alias/codepipeline-integ-test-pipeline-nested-stack-cross-region-pipeline-08100cf8", + "TargetKeyId": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PipelineArtifactsBucket22248F97": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "PipelineArtifactsBucketPolicyD4F9712A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineC660917D": { + "Type": "AWS::CodePipeline::Pipeline", + "Properties": { + "ArtifactStores": [ + { + "ArtifactStore": { + "EncryptionKey": { + "Id": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:alias/ne-nestetencryptionalias12623f8e5dd3096ed578" + ] + ] + }, + "Type": "KMS" + }, + "Location": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "Type": "S3" + }, + "Region": "service" + }, + { + "ArtifactStore": { + "EncryptionKey": { + "Id": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + }, + "Type": "KMS" + }, + "Location": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "Type": "S3" + }, + "Region": "us-east-1" + } + ], + "RoleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "Stages": [ + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Source", + "Owner": "ThirdParty", + "Provider": "GitHub", + "Version": "1" + }, + "Configuration": { + "Owner": "aws", + "Repo": "aws-cdk", + "Branch": "master", + "OAuthToken": "test", + "PollForSourceChanges": false + }, + "Name": "Github", + "OutputArtifacts": [ + { + "Name": "Pipeline" + } + ], + "RunOrder": 1 + } + ], + "Name": "Source" + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Invoke", + "Owner": "AWS", + "Provider": "StepFunctions", + "Version": "1" + }, + "Configuration": { + "StateMachineArn": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion", + "Input": "{}", + "InputType": "Literal" + }, + "Name": "Test", + "Region": "service", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + }, + "RunOrder": 1 + } + ], + "Name": "Test" + } + ] + }, + "DependsOn": [ + "RoleDefaultPolicy5FFB7DAB", + "Role1ABCC5F0" + ] + }, + "PipelineSourceGithubWebhookResource9724AEC2": { + "Type": "AWS::CodePipeline::Webhook", + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": "test" + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "RegisterWithThirdParty": true, + "TargetAction": "Github", + "TargetPipeline": { + "Ref": "PipelineC660917D" + }, + "TargetPipelineVersion": 1 + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json new file mode 100644 index 0000000000000..59b740004e272 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf": { + "source": { + "path": "cross-account-support-stack-region.template.json", + "packaging": "file" + }, + "destinations": { + "region-service": { + "bucketName": "cdk-hnb659fds-assets-region-service", + "objectKey": "62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf.json", + "region": "service", + "assumeRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-file-publishing-role-region-service" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json new file mode 100644 index 0000000000000..139b8df826ac9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json @@ -0,0 +1,96 @@ +{ + "Resources": { + "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": "integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + } + }, + "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeStateMachine", + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion" + }, + { + "Action": "states:DescribeExecution", + "Effect": "Allow", + "Resource": "arn:arn:states:service:region:execution:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion:*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39", + "Roles": [ + { + "Ref": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json new file mode 100644 index 0000000000000..723cccf0bd6da --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b": { + "source": { + "path": "cross-region-stack-649563674902:service.template.json", + "packaging": "file" + }, + "destinations": { + "649563674902-service": { + "bucketName": "cdk-hnb659fds-assets-649563674902-service", + "objectKey": "cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b.json", + "region": "service", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-service" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json new file mode 100644 index 0000000000000..be78ffb25abf0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json @@ -0,0 +1,182 @@ +{ + "Resources": { + "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:role/MyRoleName" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D": { + "Type": "AWS::KMS::Alias", + "Properties": { + "AliasName": "alias/ne-nestetencryptionalias12623f8e5dd3096ed578", + "TargetKeyId": { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CrossRegionCodePipelineReplicationBucketFC3227F2": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:", + { + "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" + } + ] + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + }, + "BucketName": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "CrossRegionCodePipelineReplicationBucketPolicyB7BA2BCA": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "CrossRegionCodePipelineReplicationBucketFC3227F2" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json new file mode 100644 index 0000000000000..515de066552a4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "integ-code-pipeline-nested-stack/DefaultTest": { + "stacks": [ + "code-pipeline-nested-stack" + ], + "assertionStack": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert", + "assertionStackName": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json new file mode 100644 index 0000000000000..8f4619513dcb3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json new file mode 100644 index 0000000000000..05485bdc5bb23 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json @@ -0,0 +1,307 @@ +{ + "version": "38.0.1", + "artifacts": { + "code-pipeline-nested-stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "code-pipeline-nested-stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "code-pipeline-nested-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://649563674902/us-east-1", + "properties": { + "templateFile": "code-pipeline-nested-stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-us-east-1/f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "code-pipeline-nested-stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-us-east-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cross-region-stack-649563674902:service", + "cross-account-support-stack-region", + "code-pipeline-nested-stack.assets" + ], + "metadata": { + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RoleDefaultPolicy5FFB7DAB" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline": [ + { + "type": "aws:cdk:warning", + "data": "V1 pipeline type is implicitly selected when `pipelineType` is not set. If you want to use V2 type, set `PipelineType.V2`. [ack: @aws-cdk/aws-codepipeline:unspecifiedPipelineType]" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKey/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketEncryptionKey01D58D69" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucket22248F97" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketPolicyD4F9712A" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineC660917D" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source/Github/WebhookResource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineSourceGithubWebhookResource9724AEC2" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack.NestedStack/PipelineCrossRegionStack.NestedStackResource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineCrossRegionStackNestedStackPipelineCrossRegionStackNestedStackResourceAABDCA01" + } + ], + "/code-pipeline-nested-stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/code-pipeline-nested-stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "code-pipeline-nested-stack" + }, + "cross-region-stack-649563674902:service.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cross-region-stack-649563674902:service.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cross-region-stack-649563674902:service": { + "type": "aws:cloudformation:stack", + "environment": "aws://649563674902/service", + "properties": { + "templateFile": "cross-region-stack-649563674902:service.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-service", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-service", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-service/cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cross-region-stack-649563674902:service.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-service", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "integ-test-pipeline-nested-stack-cross-region-support-service" + }, + "dependencies": [ + "cross-region-stack-649563674902:service.assets" + ], + "metadata": { + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490" + } + ], + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" + } + ], + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketFC3227F2" + } + ], + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketPolicyB7BA2BCA" + } + ], + "/cross-region-stack-649563674902:service/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cross-region-stack-649563674902:service/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cross-region-stack-649563674902:service" + }, + "cross-account-support-stack-region.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cross-account-support-stack-region.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cross-account-support-stack-region": { + "type": "aws:cloudformation:stack", + "environment": "aws://region/service", + "properties": { + "templateFile": "cross-account-support-stack-region.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-deploy-role-region-service", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-cfn-exec-role-region-service", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-region-service/62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cross-account-support-stack-region.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-lookup-role-region-service", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "integ-test-pipeline-nested-stack-cross-region-support-region" + }, + "dependencies": [ + "cross-account-support-stack-region.assets" + ], + "metadata": { + "/cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" + } + ], + "/cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39" + } + ], + "/cross-account-support-stack-region/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cross-account-support-stack-region/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cross-account-support-stack-region" + }, + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets" + ], + "metadata": { + "/integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json new file mode 100644 index 0000000000000..5c8b7e5f91328 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json @@ -0,0 +1,1077 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "code-pipeline-nested-stack": { + "id": "code-pipeline-nested-stack", + "path": "code-pipeline-nested-stack", + "children": { + "PipelineCrossRegionStack": { + "id": "PipelineCrossRegionStack", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack", + "children": { + "StateMachine": { + "id": "StateMachine", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/StateMachine", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "roleName": "MyRoleName" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": [ + "*", + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + ] + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "RoleDefaultPolicy5FFB7DAB", + "roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Pipeline": { + "id": "Pipeline", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline", + "children": { + "ArtifactsBucketEncryptionKey": { + "id": "ArtifactsBucketEncryptionKey", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKey", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKey/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:root" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "ArtifactsBucketEncryptionKeyAlias": { + "id": "ArtifactsBucketEncryptionKeyAlias", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKeyAlias", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Alias", + "aws:cdk:cloudformation:props": { + "aliasName": "alias/codepipeline-integ-test-pipeline-nested-stack-cross-region-pipeline-08100cf8", + "targetKeyId": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnAlias", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Alias", + "version": "0.0.0" + } + }, + "ArtifactsBucket": { + "id": "ArtifactsBucket", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + } + } + ] + }, + "publicAccessBlockConfiguration": { + "blockPublicAcls": true, + "blockPublicPolicy": true, + "ignorePublicAcls": true, + "restrictPublicBuckets": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", + "aws:cdk:cloudformation:props": { + "artifactStores": [ + { + "region": "service", + "artifactStore": { + "type": "S3", + "location": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "encryptionKey": { + "type": "KMS", + "id": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:alias/ne-nestetencryptionalias12623f8e5dd3096ed578" + ] + ] + } + } + } + }, + { + "region": "us-east-1", + "artifactStore": { + "type": "S3", + "location": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "encryptionKey": { + "type": "KMS", + "id": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + } + } + } + ], + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "stages": [ + { + "name": "Source", + "actions": [ + { + "name": "Github", + "outputArtifacts": [ + { + "name": "Pipeline" + } + ], + "actionTypeId": { + "category": "Source", + "version": "1", + "owner": "ThirdParty", + "provider": "GitHub" + }, + "configuration": { + "Owner": "aws", + "Repo": "aws-cdk", + "Branch": "master", + "OAuthToken": "test", + "PollForSourceChanges": false + }, + "runOrder": 1 + } + ] + }, + { + "name": "Test", + "actions": [ + { + "name": "Test", + "actionTypeId": { + "category": "Invoke", + "version": "1", + "owner": "AWS", + "provider": "StepFunctions" + }, + "configuration": { + "StateMachineArn": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion", + "Input": "{}", + "InputType": "Literal" + }, + "runOrder": 1, + "roleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + }, + "region": "service" + } + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.CfnPipeline", + "version": "0.0.0" + } + }, + "Source": { + "id": "Source", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source", + "children": { + "Github": { + "id": "Github", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source/Github", + "children": { + "WebhookResource": { + "id": "WebhookResource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source/Github/WebhookResource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodePipeline::Webhook", + "aws:cdk:cloudformation:props": { + "authentication": "GITHUB_HMAC", + "authenticationConfiguration": { + "secretToken": "test" + }, + "filters": [ + { + "jsonPath": "$.ref", + "matchEquals": "refs/heads/{Branch}" + } + ], + "registerWithThirdParty": true, + "targetAction": "Github", + "targetPipeline": { + "Ref": "PipelineC660917D" + }, + "targetPipelineVersion": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.CfnWebhook", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "Test": { + "id": "Test", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test", + "children": { + "Test": { + "id": "Test", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.Pipeline", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.NestedStack", + "version": "0.0.0" + } + }, + "PipelineCrossRegionStack.NestedStack": { + "id": "PipelineCrossRegionStack.NestedStack", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack.NestedStack", + "children": { + "PipelineCrossRegionStack.NestedStackResource": { + "id": "PipelineCrossRegionStack.NestedStackResource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack.NestedStack/PipelineCrossRegionStack.NestedStackResource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudFormation::Stack", + "aws:cdk:cloudformation:props": { + "templateUrl": { + "Fn::Join": [ + "", + [ + "https://s3.us-east-1.", + { + "Ref": "AWS::URLSuffix" + }, + "/cdk-hnb659fds-assets-649563674902-us-east-1/7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CfnStack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "code-pipeline-nested-stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "code-pipeline-nested-stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "cross-region-stack-649563674902:service": { + "id": "cross-region-stack-649563674902:service", + "path": "cross-region-stack-649563674902:service", + "children": { + "Default": { + "id": "Default", + "path": "cross-region-stack-649563674902:service/Default", + "children": { + "CrossRegionCodePipelineReplicationBucketEncryptionKey": { + "id": "CrossRegionCodePipelineReplicationBucketEncryptionKey", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:role/MyRoleName" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "CrossRegionCodePipelineReplicationBucketEncryptionAlias": { + "id": "CrossRegionCodePipelineReplicationBucketEncryptionAlias", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Alias", + "aws:cdk:cloudformation:props": { + "aliasName": "alias/ne-nestetencryptionalias12623f8e5dd3096ed578", + "targetKeyId": { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnAlias", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Alias", + "version": "0.0.0" + } + }, + "CrossRegionCodePipelineReplicationBucket": { + "id": "CrossRegionCodePipelineReplicationBucket", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:", + { + "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" + } + ] + ] + } + } + } + ] + }, + "bucketName": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "publicAccessBlockConfiguration": { + "blockPublicAcls": true, + "blockPublicPolicy": true, + "ignorePublicAcls": true, + "restrictPublicBuckets": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "CrossRegionCodePipelineReplicationBucketFC3227F2" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cross-region-stack-649563674902:service/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cross-region-stack-649563674902:service/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "cross-account-support-stack-region": { + "id": "cross-account-support-stack-region", + "path": "cross-account-support-stack-region", + "children": { + "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole": { + "id": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "children": { + "ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole": { + "id": "ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "roleName": "integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeStateMachine", + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion" + }, + { + "Action": "states:DescribeExecution", + "Effect": "Allow", + "Resource": "arn:arn:states:service:region:execution:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion:*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39", + "roles": [ + { + "Ref": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cross-account-support-stack-region/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cross-account-support-stack-region/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-code-pipeline-nested-stack": { + "id": "integ-code-pipeline-nested-stack", + "path": "integ-code-pipeline-nested-stack", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-code-pipeline-nested-stack/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-code-pipeline-nested-stack/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts new file mode 100644 index 0000000000000..9c5f9258763d5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -0,0 +1,85 @@ +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SecretValue } from 'aws-cdk-lib'; +import { Artifact, Pipeline } from 'aws-cdk-lib/aws-codepipeline'; +import { GitHubSourceAction, StateMachineInput, StepFunctionInvokeAction } from 'aws-cdk-lib/aws-codepipeline-actions'; +import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; +import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; +import { Construct } from 'constructs'; + +export class MainStack extends cdk.Stack { + constructor(scope: Construct, id: string, props?: cdk.StackProps) { + super(scope, id, props); + + new PipelineCrossRegionStack(this, 'PipelineCrossRegionStack', { + ...props, + stackName: 'integ-test-pipeline-nested-stack-cross-region', + }); + } +} + +export class PipelineCrossRegionStack extends cdk.NestedStack { + constructor(scope: Construct, id: string, props?: cdk.NestedStackProps) { + super(scope, id, props); + + const machine = cdk.Arn.format({ + service: 'states', + resource: 'stateMachine', + account: cdk.Token.asString(process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT), + partition: cdk.ArnFormat.COLON_RESOURCE_NAME, + resourceName: 'stateMachineFromAnotherRegion', + region: 'eu-west-1', + }, this); + const stateMachine = sfn.StateMachine.fromStateMachineArn(this, 'StateMachine', machine); + + const role = new Role(this, 'Role', { + roleName: 'MyRoleName', + assumedBy: new ServicePrincipal('codebuild.amazonaws.com'), + }); + new Pipeline(this, 'Pipeline', { + crossAccountKeys: true, + role, + stages: [ + { + stageName: 'Source', + actions: [ + new GitHubSourceAction({ + actionName: 'Github', + owner: 'aws', + repo: 'aws-cdk', + branch: 'master', + oauthToken: SecretValue.unsafePlainText('test'), + output: new Artifact('Pipeline'), + }), + ], + }, + { + stageName: 'Test', + actions: [ + new StepFunctionInvokeAction({ + actionName: 'Test', + stateMachine: stateMachine, + stateMachineInput: StateMachineInput.literal({}), + }), + ], + }, + ], + }); + } +} + +const app = new cdk.App({ + postCliContext: { + '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, + }, +}); +const testCase = new MainStack(app, 'code-pipeline-nested-stack', { + env: { + account: process.env.CDK_DEFAULT_ACCOUNT, + region: 'us-east-1', + }, +}); + +new IntegTest(app, 'integ-code-pipeline-nested-stack', { + testCases: [testCase], +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/core/lib/nested-stack.ts b/packages/aws-cdk-lib/core/lib/nested-stack.ts index a542b8d3bfaa4..c9f8ac1297d0c 100644 --- a/packages/aws-cdk-lib/core/lib/nested-stack.ts +++ b/packages/aws-cdk-lib/core/lib/nested-stack.ts @@ -75,6 +75,13 @@ export interface NestedStackProps { * @default - No description. */ readonly description?: string; + + /** + * The name of the stack + * + * @default - Derived from construct path. + */ + readonly stackName?: string; } /** @@ -150,7 +157,7 @@ export class NestedStack extends Stack { // if resolved from the outer stack, use the { Ref } of the AWS::CloudFormation::Stack resource // which resolves the ARN of the stack. We need to extract the stack name, which is the second // component after splitting by "/" - this._contextualStackName = this.contextualAttribute(Aws.STACK_NAME, Fn.select(1, Fn.split('/', this.resource.ref))); + this._contextualStackName = props.stackName ?? this.contextualAttribute(Aws.STACK_NAME, Fn.select(1, Fn.split('/', this.resource.ref))); this._contextualStackId = this.contextualAttribute(Aws.STACK_ID, this.resource.ref); } From 2f3f779b503279a6fdfad2d06eee93e3e5660239 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 12:12:59 -0700 Subject: [PATCH 02/11] add unit test --- packages/aws-cdk-lib/core/test/nested-stack.test.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/aws-cdk-lib/core/test/nested-stack.test.ts b/packages/aws-cdk-lib/core/test/nested-stack.test.ts index a9f3f4230b719..3c540e3215803 100644 --- a/packages/aws-cdk-lib/core/test/nested-stack.test.ts +++ b/packages/aws-cdk-lib/core/test/nested-stack.test.ts @@ -35,6 +35,14 @@ describe('nested-stack', () => { expect(nestedStack.templateOptions.description).toEqual(description); }); + test('can have customer defined name', () => { + const stack = new Stack(); + const nestedStack = new NestedStack(stack, 'MyNestedStack', { + stackName: 'MyCustomName', + }); + expect(nestedStack.stackName).toEqual('MyCustomName'); + }); + test('can create cross region references when crossRegionReferences=true', () => { // GIVEN const app = new App(); From 3ee6ea298dff80eacc21a8295d20944592678266 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 13:46:39 -0700 Subject: [PATCH 03/11] add unit test --- .../test/integ.codepipeline-with-nested-stack.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts index 9c5f9258763d5..74b2a6a6f6774 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -7,6 +7,12 @@ import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; import { Construct } from 'constructs'; +/** + * To deploy this stack, you need to do the following: + * 1. export CDK_DEFAULT_ACCOUNT='' + * 2. deploy a state machine resource in 'eu-west-1' and name the state machine 'stateMachineFromAnotherRegion' + */ + export class MainStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); From f297a65044b5dbb4c2a94ce532cf305d8e5c80ae Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 16:26:21 -0700 Subject: [PATCH 04/11] update pr with a different solution --- .../code-pipeline-nested-stack.assets.json | 8 +- .../code-pipeline-nested-stack.template.json | 2 +- ...ssRegionStack37C990C7.nested.template.json | 123 +++--- ...s-account-support-stack-region.assets.json | 20 - ...account-support-stack-region.template.json | 96 ----- ...ion-stack-649563674902:service.assets.json | 20 - ...n-stack-649563674902:us-west-2.assets.json | 20 + ...tack-649563674902:us-west-2.template.json} | 25 +- .../manifest.json | 117 ++---- .../tree.json | 352 +++++++----------- .../integ.codepipeline-with-nested-stack.ts | 20 +- .../aws-codepipeline/lib/pipeline.ts | 7 +- .../lib/private/cross-region-support-stack.ts | 8 +- packages/aws-cdk-lib/core/lib/nested-stack.ts | 9 +- 14 files changed, 276 insertions(+), 551 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json rename packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/{cross-region-stack-649563674902:service.template.json => cross-region-stack-649563674902:us-west-2.template.json} (86%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json index a0e236c992b90..c4fff6993e23d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json @@ -1,7 +1,7 @@ { "version": "38.0.1", "files": { - "7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9": { + "5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87": { "source": { "path": "codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json", "packaging": "file" @@ -9,13 +9,13 @@ "destinations": { "649563674902-us-east-1": { "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", - "objectKey": "7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json", + "objectKey": "5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" } } }, - "f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3": { + "ecc6a3aec26f51fbd7d3f5451c927e1c44e7e5120149610cf1d40c21f3b8a791": { "source": { "path": "code-pipeline-nested-stack.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "649563674902-us-east-1": { "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", - "objectKey": "f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3.json", + "objectKey": "ecc6a3aec26f51fbd7d3f5451c927e1c44e7e5120149610cf1d40c21f3b8a791.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json index 22b5d18ff7ff2..551eaa63a8e46 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json @@ -11,7 +11,7 @@ { "Ref": "AWS::URLSuffix" }, - "/cdk-hnb659fds-assets-649563674902-us-east-1/7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json" + "/cdk-hnb659fds-assets-649563674902-us-east-1/5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87.json" ] ] } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json index 00033a174d86f..eebeeaeebf9a4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json @@ -9,13 +9,13 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "codebuild.amazonaws.com" + "Service": "codepipeline.amazonaws.com" } } ], "Version": "2012-10-17" }, - "RoleName": "MyRoleName" + "RoleName": "MyPipelineRoleName" } }, "RoleDefaultPolicy5FFB7DAB": { @@ -38,36 +38,14 @@ ], "Effect": "Allow", "Resource": [ + "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376", + "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376/*", { "Fn::GetAtt": [ "PipelineArtifactsBucket22248F97", "Arn" ] }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399/*" - ] - ] - }, { "Fn::Join": [ "", @@ -107,15 +85,9 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" - ] + "Fn::GetAtt": [ + "PipelineTestCodePipelineActionRoleDD85885D", + "Arn" ] } } @@ -153,7 +125,7 @@ "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": { "Type": "AWS::KMS::Alias", "Properties": { - "AliasName": "alias/codepipeline-integ-test-pipeline-nested-stack-cross-region-pipeline-08100cf8", + "AliasName": "alias/codepipeline-code-pipeline-nested-stack-pipelinecrossregionstack-pipeline-6b0d06de", "TargetKeyId": { "Fn::GetAtt": [ "PipelineArtifactsBucketEncryptionKey01D58D69", @@ -246,24 +218,13 @@ { "ArtifactStore": { "EncryptionKey": { - "Id": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":kms:service:649563674902:alias/ne-nestetencryptionalias12623f8e5dd3096ed578" - ] - ] - }, + "Id": "arn:aws:kms:us-west-2:649563674902:alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861", "Type": "KMS" }, - "Location": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "Location": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", "Type": "S3" }, - "Region": "service" + "Region": "us-west-2" }, { "ArtifactStore": { @@ -328,22 +289,16 @@ "Version": "1" }, "Configuration": { - "StateMachineArn": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion", + "StateMachineArn": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine", "Input": "{}", "InputType": "Literal" }, "Name": "Test", - "Region": "service", + "Region": "us-west-2", "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" - ] + "Fn::GetAtt": [ + "PipelineTestCodePipelineActionRoleDD85885D", + "Arn" ] }, "RunOrder": 1 @@ -378,6 +333,52 @@ }, "TargetPipelineVersion": 1 } + }, + "PipelineTestCodePipelineActionRoleDD85885D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:root" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineTestCodePipelineActionRoleDefaultPolicy7ECDF2A5": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeStateMachine", + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine" + }, + { + "Action": "states:DescribeExecution", + "Effect": "Allow", + "Resource": "arn:aws:states:us-west-2:649563674902:execution:MyStateMachine:*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineTestCodePipelineActionRoleDefaultPolicy7ECDF2A5", + "Roles": [ + { + "Ref": "PipelineTestCodePipelineActionRoleDD85885D" + } + ] + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json deleted file mode 100644 index 59b740004e272..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "version": "38.0.1", - "files": { - "62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf": { - "source": { - "path": "cross-account-support-stack-region.template.json", - "packaging": "file" - }, - "destinations": { - "region-service": { - "bucketName": "cdk-hnb659fds-assets-region-service", - "objectKey": "62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf.json", - "region": "service", - "assumeRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-file-publishing-role-region-service" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json deleted file mode 100644 index 139b8df826ac9..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "Resources": { - "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::649563674902:root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "RoleName": "integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" - } - }, - "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "states:DescribeStateMachine", - "states:StartExecution" - ], - "Effect": "Allow", - "Resource": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion" - }, - { - "Action": "states:DescribeExecution", - "Effect": "Allow", - "Resource": "arn:arn:states:service:region:execution:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion:*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39", - "Roles": [ - { - "Ref": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json deleted file mode 100644 index 723cccf0bd6da..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "version": "38.0.1", - "files": { - "cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b": { - "source": { - "path": "cross-region-stack-649563674902:service.template.json", - "packaging": "file" - }, - "destinations": { - "649563674902-service": { - "bucketName": "cdk-hnb659fds-assets-649563674902-service", - "objectKey": "cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b.json", - "region": "service", - "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-service" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json new file mode 100644 index 0000000000000..07d7c11ebac2e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "bda9ae7119dfdbe87b84da7346baf7394cde95ac9ff4d4e4da2c68bb407e3acb": { + "source": { + "path": "cross-region-stack-649563674902:us-west-2.template.json", + "packaging": "file" + }, + "destinations": { + "649563674902-us-west-2": { + "bucketName": "cdk-hnb659fds-assets-649563674902-us-west-2", + "objectKey": "bda9ae7119dfdbe87b84da7346baf7394cde95ac9ff4d4e4da2c68bb407e3acb.json", + "region": "us-west-2", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-west-2" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.template.json similarity index 86% rename from packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.template.json index be78ffb25abf0..520cbe7f7b5c4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.template.json @@ -9,18 +9,7 @@ "Action": "kms:*", "Effect": "Allow", "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::649563674902:root" - ] - ] - } + "AWS": "arn:aws:iam::649563674902:root" }, "Resource": "*" }, @@ -34,7 +23,7 @@ ], "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:role/MyRoleName" + "AWS": "arn:aws:iam::649563674902:role/MyPipelineRoleName" }, "Resource": "*" } @@ -48,7 +37,7 @@ "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D": { "Type": "AWS::KMS::Alias", "Properties": { - "AliasName": "alias/ne-nestetencryptionalias12623f8e5dd3096ed578", + "AliasName": "alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861", "TargetKeyId": { "Fn::GetAtt": [ "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", @@ -70,11 +59,7 @@ "Fn::Join": [ "", [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":kms:service:649563674902:", + "arn:aws:kms:us-west-2:649563674902:", { "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" } @@ -86,7 +71,7 @@ } ] }, - "BucketName": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "BucketName": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json index 05485bdc5bb23..a317c47fde77b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json @@ -19,7 +19,7 @@ "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-us-east-1/f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-us-east-1/ecc6a3aec26f51fbd7d3f5451c927e1c44e7e5120149610cf1d40c21f3b8a791.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -32,8 +32,7 @@ } }, "dependencies": [ - "cross-region-stack-649563674902:service", - "cross-account-support-stack-region", + "cross-region-stack-649563674902:us-west-2", "code-pipeline-nested-stack.assets" ], "metadata": { @@ -91,6 +90,18 @@ "data": "PipelineSourceGithubWebhookResource9724AEC2" } ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test/CodePipelineActionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineTestCodePipelineActionRoleDD85885D" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test/CodePipelineActionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineTestCodePipelineActionRoleDefaultPolicy7ECDF2A5" + } + ], "/code-pipeline-nested-stack/PipelineCrossRegionStack.NestedStack/PipelineCrossRegionStack.NestedStackResource": [ { "type": "aws:cdk:logicalId", @@ -112,141 +123,79 @@ }, "displayName": "code-pipeline-nested-stack" }, - "cross-region-stack-649563674902:service.assets": { + "cross-region-stack-649563674902:us-west-2.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "cross-region-stack-649563674902:service.assets.json", + "file": "cross-region-stack-649563674902:us-west-2.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "cross-region-stack-649563674902:service": { + "cross-region-stack-649563674902:us-west-2": { "type": "aws:cloudformation:stack", - "environment": "aws://649563674902/service", + "environment": "aws://649563674902/us-west-2", "properties": { - "templateFile": "cross-region-stack-649563674902:service.template.json", + "templateFile": "cross-region-stack-649563674902:us-west-2.template.json", "terminationProtection": false, "validateOnSynth": false, "notificationArns": [], - "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-service", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-service", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-service/cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-us-west-2", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-us-west-2", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-us-west-2/bda9ae7119dfdbe87b84da7346baf7394cde95ac9ff4d4e4da2c68bb407e3acb.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "cross-region-stack-649563674902:service.assets" + "cross-region-stack-649563674902:us-west-2.assets" ], "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-service", + "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-us-west-2", "requiresBootstrapStackVersion": 8, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" }, - "stackName": "integ-test-pipeline-nested-stack-cross-region-support-service" + "stackName": "cross-region-support-us-west-2" }, "dependencies": [ - "cross-region-stack-649563674902:service.assets" + "cross-region-stack-649563674902:us-west-2.assets" ], "metadata": { - "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource": [ + "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490" } ], - "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource": [ + "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" } ], - "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Resource": [ + "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketFC3227F2" } ], - "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource": [ + "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketPolicyB7BA2BCA" } ], - "/cross-region-stack-649563674902:service/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/cross-region-stack-649563674902:service/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "cross-region-stack-649563674902:service" - }, - "cross-account-support-stack-region.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "cross-account-support-stack-region.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "cross-account-support-stack-region": { - "type": "aws:cloudformation:stack", - "environment": "aws://region/service", - "properties": { - "templateFile": "cross-account-support-stack-region.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "notificationArns": [], - "assumeRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-deploy-role-region-service", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-cfn-exec-role-region-service", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-region-service/62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "cross-account-support-stack-region.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-lookup-role-region-service", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "integ-test-pipeline-nested-stack-cross-region-support-region" - }, - "dependencies": [ - "cross-account-support-stack-region.assets" - ], - "metadata": { - "/cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" - } - ], - "/cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39" - } - ], - "/cross-account-support-stack-region/BootstrapVersion": [ + "/cross-region-stack-649563674902:us-west-2/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/cross-account-support-stack-region/CheckBootstrapVersion": [ + "/cross-region-stack-649563674902:us-west-2/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "cross-account-support-stack-region" + "displayName": "cross-region-stack-649563674902:us-west-2" }, "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets": { "type": "cdk:asset-manifest", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json index 5c8b7e5f91328..f56f67cdf3377 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json @@ -44,13 +44,13 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "codebuild.amazonaws.com" + "Service": "codepipeline.amazonaws.com" } } ], "Version": "2012-10-17" }, - "roleName": "MyRoleName" + "roleName": "MyPipelineRoleName" } }, "constructInfo": { @@ -85,36 +85,14 @@ ], "Effect": "Allow", "Resource": [ + "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376", + "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376/*", { "Fn::GetAtt": [ "PipelineArtifactsBucket22248F97", "Arn" ] }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399/*" - ] - ] - }, { "Fn::Join": [ "", @@ -154,15 +132,9 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" - ] + "Fn::GetAtt": [ + "PipelineTestCodePipelineActionRoleDD85885D", + "Arn" ] } } @@ -244,7 +216,7 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Alias", "aws:cdk:cloudformation:props": { - "aliasName": "alias/codepipeline-integ-test-pipeline-nested-stack-cross-region-pipeline-08100cf8", + "aliasName": "alias/codepipeline-code-pipeline-nested-stack-pipelinecrossregionstack-pipeline-6b0d06de", "targetKeyId": { "Fn::GetAtt": [ "PipelineArtifactsBucketEncryptionKey01D58D69", @@ -381,24 +353,13 @@ "aws:cdk:cloudformation:props": { "artifactStores": [ { - "region": "service", + "region": "us-west-2", "artifactStore": { "type": "S3", - "location": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "location": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", "encryptionKey": { "type": "KMS", - "id": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":kms:service:649563674902:alias/ne-nestetencryptionalias12623f8e5dd3096ed578" - ] - ] - } + "id": "arn:aws:kms:us-west-2:649563674902:alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861" } } }, @@ -467,24 +428,18 @@ "provider": "StepFunctions" }, "configuration": { - "StateMachineArn": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion", + "StateMachineArn": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine", "Input": "{}", "InputType": "Literal" }, "runOrder": 1, "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" - ] + "Fn::GetAtt": [ + "PipelineTestCodePipelineActionRoleDD85885D", + "Arn" ] }, - "region": "service" + "region": "us-west-2" } ] } @@ -552,6 +507,98 @@ "Test": { "id": "Test", "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test", + "children": { + "CodePipelineActionRole": { + "id": "CodePipelineActionRole", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test/CodePipelineActionRole", + "children": { + "ImportCodePipelineActionRole": { + "id": "ImportCodePipelineActionRole", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test/CodePipelineActionRole/ImportCodePipelineActionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test/CodePipelineActionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:root" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test/CodePipelineActionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test/CodePipelineActionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeStateMachine", + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine" + }, + { + "Action": "states:DescribeExecution", + "Effect": "Allow", + "Resource": "arn:aws:states:us-west-2:649563674902:execution:MyStateMachine:*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "PipelineTestCodePipelineActionRoleDefaultPolicy7ECDF2A5", + "roles": [ + { + "Ref": "PipelineTestCodePipelineActionRoleDD85885D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + } + }, "constructInfo": { "fqn": "constructs.Construct", "version": "10.4.2" @@ -593,7 +640,7 @@ { "Ref": "AWS::URLSuffix" }, - "/cdk-hnb659fds-assets-649563674902-us-east-1/7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json" + "/cdk-hnb659fds-assets-649563674902-us-east-1/5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87.json" ] ] } @@ -632,21 +679,21 @@ "version": "0.0.0" } }, - "cross-region-stack-649563674902:service": { - "id": "cross-region-stack-649563674902:service", - "path": "cross-region-stack-649563674902:service", + "cross-region-stack-649563674902:us-west-2": { + "id": "cross-region-stack-649563674902:us-west-2", + "path": "cross-region-stack-649563674902:us-west-2", "children": { "Default": { "id": "Default", - "path": "cross-region-stack-649563674902:service/Default", + "path": "cross-region-stack-649563674902:us-west-2/Default", "children": { "CrossRegionCodePipelineReplicationBucketEncryptionKey": { "id": "CrossRegionCodePipelineReplicationBucketEncryptionKey", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Key", "aws:cdk:cloudformation:props": { @@ -656,18 +703,7 @@ "Action": "kms:*", "Effect": "Allow", "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::649563674902:root" - ] - ] - } + "AWS": "arn:aws:iam::649563674902:root" }, "Resource": "*" }, @@ -681,7 +717,7 @@ ], "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:role/MyRoleName" + "AWS": "arn:aws:iam::649563674902:role/MyPipelineRoleName" }, "Resource": "*" } @@ -703,15 +739,15 @@ }, "CrossRegionCodePipelineReplicationBucketEncryptionAlias": { "id": "CrossRegionCodePipelineReplicationBucketEncryptionAlias", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Alias", "aws:cdk:cloudformation:props": { - "aliasName": "alias/ne-nestetencryptionalias12623f8e5dd3096ed578", + "aliasName": "alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861", "targetKeyId": { "Fn::GetAtt": [ "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", @@ -733,11 +769,11 @@ }, "CrossRegionCodePipelineReplicationBucket": { "id": "CrossRegionCodePipelineReplicationBucket", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Resource", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { @@ -750,11 +786,7 @@ "Fn::Join": [ "", [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":kms:service:649563674902:", + "arn:aws:kms:us-west-2:649563674902:", { "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" } @@ -765,7 +797,7 @@ } ] }, - "bucketName": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "bucketName": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", "publicAccessBlockConfiguration": { "blockPublicAcls": true, "blockPublicPolicy": true, @@ -781,11 +813,11 @@ }, "Policy": { "id": "Policy", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource", + "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", "aws:cdk:cloudformation:props": { @@ -858,135 +890,7 @@ }, "BootstrapVersion": { "id": "BootstrapVersion", - "path": "cross-region-stack-649563674902:service/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "cross-region-stack-649563674902:service/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "cross-account-support-stack-region": { - "id": "cross-account-support-stack-region", - "path": "cross-account-support-stack-region", - "children": { - "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole": { - "id": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", - "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", - "children": { - "ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole": { - "id": "ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", - "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::649563674902:root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "roleName": "integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "states:DescribeStateMachine", - "states:StartExecution" - ], - "Effect": "Allow", - "Resource": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion" - }, - { - "Action": "states:DescribeExecution", - "Effect": "Allow", - "Resource": "arn:arn:states:service:region:execution:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion:*" - } - ], - "Version": "2012-10-17" - }, - "policyName": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39", - "roles": [ - { - "Ref": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "cross-account-support-stack-region/BootstrapVersion", + "path": "cross-region-stack-649563674902:us-west-2/BootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" @@ -994,7 +898,7 @@ }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", - "path": "cross-account-support-stack-region/CheckBootstrapVersion", + "path": "cross-region-stack-649563674902:us-west-2/CheckBootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts index 74b2a6a6f6774..7f796aa816491 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -10,17 +10,16 @@ import { Construct } from 'constructs'; /** * To deploy this stack, you need to do the following: * 1. export CDK_DEFAULT_ACCOUNT='' - * 2. deploy a state machine resource in 'eu-west-1' and name the state machine 'stateMachineFromAnotherRegion' + * 2. make sure you've bootstrapped 'us-west-2' by running 'cdk bootstrap aws:///us-west-2' + * 3. deploy a state machine resource in 'us-west-2' and name the state machine 'stateMachineFromAnotherRegion' + * 4. run 'yarn integ aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack --update-on-failed' */ export class MainStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); - new PipelineCrossRegionStack(this, 'PipelineCrossRegionStack', { - ...props, - stackName: 'integ-test-pipeline-nested-stack-cross-region', - }); + new PipelineCrossRegionStack(this, 'PipelineCrossRegionStack', props); } } @@ -31,16 +30,15 @@ export class PipelineCrossRegionStack extends cdk.NestedStack { const machine = cdk.Arn.format({ service: 'states', resource: 'stateMachine', - account: cdk.Token.asString(process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT), - partition: cdk.ArnFormat.COLON_RESOURCE_NAME, - resourceName: 'stateMachineFromAnotherRegion', - region: 'eu-west-1', + account: cdk.Token.asString(process.env.CDK_DEFAULT_ACCOUNT), + resourceName: 'MyStateMachine', + region: 'us-west-2', }, this); const stateMachine = sfn.StateMachine.fromStateMachineArn(this, 'StateMachine', machine); const role = new Role(this, 'Role', { - roleName: 'MyRoleName', - assumedBy: new ServicePrincipal('codebuild.amazonaws.com'), + roleName: 'MyPipelineRoleName', + assumedBy: new ServicePrincipal('codepipeline.amazonaws.com'), }); new Pipeline(this, 'Pipeline', { crossAccountKeys: true, diff --git a/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts b/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts index 57465e8d5093b..3a94a026a7f41 100644 --- a/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts +++ b/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts @@ -1029,8 +1029,13 @@ export class Pipeline extends PipelineBase { ? action.actionProperties.resource.env.region : action.actionProperties.region; const pipelineStack = Stack.of(this); + + // If the token is unresolved, we let Stack construct to generate the stack name for us. + const stackName = Token.isUnresolved(pipelineStack.stackName) + ? undefined + : `${pipelineStack.stackName}-support-${targetAccount}`; targetAccountStack = new Stack(app, stackId, { - stackName: `${pipelineStack.stackName}-support-${targetAccount}`, + stackName: stackName, env: { account: targetAccount, region: actionRegion ?? pipelineStack.region, diff --git a/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts b/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts index a4786251ab9ed..3cd808be5abeb 100644 --- a/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts +++ b/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts @@ -2,6 +2,7 @@ import { Construct } from 'constructs'; import * as kms from '../../../aws-kms'; import * as s3 from '../../../aws-s3'; import * as cdk from '../../../core'; +import { makeUniqueResourceName } from '../../../core/lib/private/unique-resource-name'; const REQUIRED_ALIAS_PREFIX = 'alias/'; @@ -150,6 +151,11 @@ export class CrossRegionSupportStack extends cdk.Stack { } } -function generateStackName(props: CrossRegionSupportStackProps): string { +function generateStackName(props: CrossRegionSupportStackProps): string | undefined { + // When the pipeline stack name is an unresolved token, we return 'undefined' here and + // let Stack construct to generate a stack name instead. + if (cdk.Token.isUnresolved(props.pipelineStackName)) { + return makeUniqueResourceName([`cross-region-support-${props.region}`], { maxLength: 128, allowedSpecialCharacters: '-' }); + } return `${props.pipelineStackName}-support-${props.region}`; } diff --git a/packages/aws-cdk-lib/core/lib/nested-stack.ts b/packages/aws-cdk-lib/core/lib/nested-stack.ts index c9f8ac1297d0c..a542b8d3bfaa4 100644 --- a/packages/aws-cdk-lib/core/lib/nested-stack.ts +++ b/packages/aws-cdk-lib/core/lib/nested-stack.ts @@ -75,13 +75,6 @@ export interface NestedStackProps { * @default - No description. */ readonly description?: string; - - /** - * The name of the stack - * - * @default - Derived from construct path. - */ - readonly stackName?: string; } /** @@ -157,7 +150,7 @@ export class NestedStack extends Stack { // if resolved from the outer stack, use the { Ref } of the AWS::CloudFormation::Stack resource // which resolves the ARN of the stack. We need to extract the stack name, which is the second // component after splitting by "/" - this._contextualStackName = props.stackName ?? this.contextualAttribute(Aws.STACK_NAME, Fn.select(1, Fn.split('/', this.resource.ref))); + this._contextualStackName = this.contextualAttribute(Aws.STACK_NAME, Fn.select(1, Fn.split('/', this.resource.ref))); this._contextualStackId = this.contextualAttribute(Aws.STACK_ID, this.resource.ref); } From 7a31739a7368497967da6c38da8cfb18639687ba Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 16:27:31 -0700 Subject: [PATCH 05/11] remove unit test file --- packages/aws-cdk-lib/core/test/nested-stack.test.ts | 8 -------- 1 file changed, 8 deletions(-) diff --git a/packages/aws-cdk-lib/core/test/nested-stack.test.ts b/packages/aws-cdk-lib/core/test/nested-stack.test.ts index 3c540e3215803..a9f3f4230b719 100644 --- a/packages/aws-cdk-lib/core/test/nested-stack.test.ts +++ b/packages/aws-cdk-lib/core/test/nested-stack.test.ts @@ -35,14 +35,6 @@ describe('nested-stack', () => { expect(nestedStack.templateOptions.description).toEqual(description); }); - test('can have customer defined name', () => { - const stack = new Stack(); - const nestedStack = new NestedStack(stack, 'MyNestedStack', { - stackName: 'MyCustomName', - }); - expect(nestedStack.stackName).toEqual('MyCustomName'); - }); - test('can create cross region references when crossRegionReferences=true', () => { // GIVEN const app = new App(); From 6d5f80c1cf22d8704c40eea3415447fe837d0a19 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 16:28:31 -0700 Subject: [PATCH 06/11] update name --- .../test/integ.codepipeline-with-nested-stack.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts index 7f796aa816491..23f85c2ccab47 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -11,7 +11,7 @@ import { Construct } from 'constructs'; * To deploy this stack, you need to do the following: * 1. export CDK_DEFAULT_ACCOUNT='' * 2. make sure you've bootstrapped 'us-west-2' by running 'cdk bootstrap aws:///us-west-2' - * 3. deploy a state machine resource in 'us-west-2' and name the state machine 'stateMachineFromAnotherRegion' + * 3. deploy a state machine resource in 'us-west-2' and name the state machine 'MyStateMachine' * 4. run 'yarn integ aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack --update-on-failed' */ From 61a715f39553f8203c853b43410cbcc298454152 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 16:34:44 -0700 Subject: [PATCH 07/11] update name --- .../test/integ.codepipeline-with-nested-stack.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts index 23f85c2ccab47..85857430a3906 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -8,11 +8,16 @@ import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; import { Construct } from 'constructs'; /** + * This test is to make sure the stack names are resolved when using in nested stacks with + * CodePipeline construct. It needs additional setup to run the integration tests and deploy + * it. For simplicity, we should allow dry-run on this test as long as CDK synth is successful. + * * To deploy this stack, you need to do the following: * 1. export CDK_DEFAULT_ACCOUNT='' * 2. make sure you've bootstrapped 'us-west-2' by running 'cdk bootstrap aws:///us-west-2' * 3. deploy a state machine resource in 'us-west-2' and name the state machine 'MyStateMachine' - * 4. run 'yarn integ aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack --update-on-failed' + * 4. update GitHub source section to use the valid OAuth token. + * 5. run 'yarn integ aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack --update-on-failed' */ export class MainStack extends cdk.Stack { From ba7eaa31693bb4ce14ab434a474daed0878002a5 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Mon, 4 Nov 2024 09:43:38 -0800 Subject: [PATCH 08/11] update tests --- .../test/integ.codepipeline-with-nested-stack.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts index 85857430a3906..0ebc13ebd6822 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -11,7 +11,7 @@ import { Construct } from 'constructs'; * This test is to make sure the stack names are resolved when using in nested stacks with * CodePipeline construct. It needs additional setup to run the integration tests and deploy * it. For simplicity, we should allow dry-run on this test as long as CDK synth is successful. - * + * * To deploy this stack, you need to do the following: * 1. export CDK_DEFAULT_ACCOUNT='' * 2. make sure you've bootstrapped 'us-west-2' by running 'cdk bootstrap aws:///us-west-2' From 80d710daf955fb6390a8c7f4f213874be56b9baf Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Mon, 4 Nov 2024 14:26:23 -0800 Subject: [PATCH 09/11] update tests --- .../code-pipeline-nested-stack.assets.json | 20 +++---- .../code-pipeline-nested-stack.template.json | 2 +- ...ssRegionStack37C990C7.nested.template.json | 18 +++--- ...n-stack-123456789012:us-west-2.assets.json | 20 +++++++ ...tack-123456789012:us-west-2.template.json} | 10 ++-- ...n-stack-649563674902:us-west-2.assets.json | 20 ------- .../manifest.json | 48 +++++++-------- .../tree.json | 58 +++++++++---------- .../integ.codepipeline-with-nested-stack.ts | 25 ++++---- 9 files changed, 113 insertions(+), 108 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-123456789012:us-west-2.assets.json rename packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/{cross-region-stack-649563674902:us-west-2.template.json => cross-region-stack-123456789012:us-west-2.template.json} (91%) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json index c4fff6993e23d..f13a467def15f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json @@ -1,31 +1,31 @@ { "version": "38.0.1", "files": { - "5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87": { + "e9bdb2e29c996292dd4a35bf37486dfd5d453c102ecee8dd47db844ba97465d6": { "source": { "path": "codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json", "packaging": "file" }, "destinations": { - "649563674902-us-east-1": { - "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", - "objectKey": "5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87.json", + "123456789012-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-123456789012-us-east-1", + "objectKey": "e9bdb2e29c996292dd4a35bf37486dfd5d453c102ecee8dd47db844ba97465d6.json", "region": "us-east-1", - "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" + "assumeRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-file-publishing-role-123456789012-us-east-1" } } }, - "ecc6a3aec26f51fbd7d3f5451c927e1c44e7e5120149610cf1d40c21f3b8a791": { + "f990258ec094de5d996b40bc8d84c6caf91c8c2040b7ee9121466ef19fb24c9d": { "source": { "path": "code-pipeline-nested-stack.template.json", "packaging": "file" }, "destinations": { - "649563674902-us-east-1": { - "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", - "objectKey": "ecc6a3aec26f51fbd7d3f5451c927e1c44e7e5120149610cf1d40c21f3b8a791.json", + "123456789012-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-123456789012-us-east-1", + "objectKey": "f990258ec094de5d996b40bc8d84c6caf91c8c2040b7ee9121466ef19fb24c9d.json", "region": "us-east-1", - "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" + "assumeRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-file-publishing-role-123456789012-us-east-1" } } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json index 551eaa63a8e46..00e15afd106fe 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json @@ -11,7 +11,7 @@ { "Ref": "AWS::URLSuffix" }, - "/cdk-hnb659fds-assets-649563674902-us-east-1/5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87.json" + "/cdk-hnb659fds-assets-123456789012-us-east-1/e9bdb2e29c996292dd4a35bf37486dfd5d453c102ecee8dd47db844ba97465d6.json" ] ] } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json index eebeeaeebf9a4..79e5df6b46c55 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json @@ -38,8 +38,8 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376", - "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376/*", + "arn:aws:s3:::cross-region-support-us-weplicationbucket8a287d3945436008ebfd", + "arn:aws:s3:::cross-region-support-us-weplicationbucket8a287d3945436008ebfd/*", { "Fn::GetAtt": [ "PipelineArtifactsBucket22248F97", @@ -111,7 +111,7 @@ "Action": "kms:*", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:root" + "AWS": "arn:aws:iam::123456789012:root" }, "Resource": "*" } @@ -218,10 +218,10 @@ { "ArtifactStore": { "EncryptionKey": { - "Id": "arn:aws:kms:us-west-2:649563674902:alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861", + "Id": "arn:aws:kms:us-west-2:123456789012:alias/ort-us-wtencryptionalias8f9701ce6a32f909886f", "Type": "KMS" }, - "Location": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", + "Location": "cross-region-support-us-weplicationbucket8a287d3945436008ebfd", "Type": "S3" }, "Region": "us-west-2" @@ -289,7 +289,7 @@ "Version": "1" }, "Configuration": { - "StateMachineArn": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine", + "StateMachineArn": "arn:aws:states:us-west-2:123456789012:stateMachine/MyStateMachine", "Input": "{}", "InputType": "Literal" }, @@ -343,7 +343,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:root" + "AWS": "arn:aws:iam::123456789012:root" } } ], @@ -362,12 +362,12 @@ "states:StartExecution" ], "Effect": "Allow", - "Resource": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine" + "Resource": "arn:aws:states:us-west-2:123456789012:stateMachine/MyStateMachine" }, { "Action": "states:DescribeExecution", "Effect": "Allow", - "Resource": "arn:aws:states:us-west-2:649563674902:execution:MyStateMachine:*" + "Resource": "arn:aws:states:us-west-2:123456789012:execution:MyStateMachine:*" } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-123456789012:us-west-2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-123456789012:us-west-2.assets.json new file mode 100644 index 0000000000000..8352392771928 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-123456789012:us-west-2.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "6ead11ac2a258f5956aa4d821020d99d8460173de308c7fd28a388dc243e3f89": { + "source": { + "path": "cross-region-stack-123456789012:us-west-2.template.json", + "packaging": "file" + }, + "destinations": { + "123456789012-us-west-2": { + "bucketName": "cdk-hnb659fds-assets-123456789012-us-west-2", + "objectKey": "6ead11ac2a258f5956aa4d821020d99d8460173de308c7fd28a388dc243e3f89.json", + "region": "us-west-2", + "assumeRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-file-publishing-role-123456789012-us-west-2" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-123456789012:us-west-2.template.json similarity index 91% rename from packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-123456789012:us-west-2.template.json index 520cbe7f7b5c4..d37e16bccfba7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-123456789012:us-west-2.template.json @@ -9,7 +9,7 @@ "Action": "kms:*", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:root" + "AWS": "arn:aws:iam::123456789012:root" }, "Resource": "*" }, @@ -23,7 +23,7 @@ ], "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:role/MyPipelineRoleName" + "AWS": "arn:aws:iam::123456789012:role/MyPipelineRoleName" }, "Resource": "*" } @@ -37,7 +37,7 @@ "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D": { "Type": "AWS::KMS::Alias", "Properties": { - "AliasName": "alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861", + "AliasName": "alias/ort-us-wtencryptionalias8f9701ce6a32f909886f", "TargetKeyId": { "Fn::GetAtt": [ "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", @@ -59,7 +59,7 @@ "Fn::Join": [ "", [ - "arn:aws:kms:us-west-2:649563674902:", + "arn:aws:kms:us-west-2:123456789012:", { "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" } @@ -71,7 +71,7 @@ } ] }, - "BucketName": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", + "BucketName": "cross-region-support-us-weplicationbucket8a287d3945436008ebfd", "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json deleted file mode 100644 index 07d7c11ebac2e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:us-west-2.assets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "version": "38.0.1", - "files": { - "bda9ae7119dfdbe87b84da7346baf7394cde95ac9ff4d4e4da2c68bb407e3acb": { - "source": { - "path": "cross-region-stack-649563674902:us-west-2.template.json", - "packaging": "file" - }, - "destinations": { - "649563674902-us-west-2": { - "bucketName": "cdk-hnb659fds-assets-649563674902-us-west-2", - "objectKey": "bda9ae7119dfdbe87b84da7346baf7394cde95ac9ff4d4e4da2c68bb407e3acb.json", - "region": "us-west-2", - "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-west-2" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json index a317c47fde77b..125c6b7ccf914 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json @@ -11,28 +11,28 @@ }, "code-pipeline-nested-stack": { "type": "aws:cloudformation:stack", - "environment": "aws://649563674902/us-east-1", + "environment": "aws://123456789012/us-east-1", "properties": { "templateFile": "code-pipeline-nested-stack.template.json", "terminationProtection": false, "validateOnSynth": false, "notificationArns": [], - "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-us-east-1", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-us-east-1/ecc6a3aec26f51fbd7d3f5451c927e1c44e7e5120149610cf1d40c21f3b8a791.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-deploy-role-123456789012-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-cfn-exec-role-123456789012-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-123456789012-us-east-1/f990258ec094de5d996b40bc8d84c6caf91c8c2040b7ee9121466ef19fb24c9d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ "code-pipeline-nested-stack.assets" ], "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-us-east-1", + "arn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-lookup-role-123456789012-us-east-1", "requiresBootstrapStackVersion": 8, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, "dependencies": [ - "cross-region-stack-649563674902:us-west-2", + "cross-region-stack-123456789012:us-west-2", "code-pipeline-nested-stack.assets" ], "metadata": { @@ -123,79 +123,79 @@ }, "displayName": "code-pipeline-nested-stack" }, - "cross-region-stack-649563674902:us-west-2.assets": { + "cross-region-stack-123456789012:us-west-2.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "cross-region-stack-649563674902:us-west-2.assets.json", + "file": "cross-region-stack-123456789012:us-west-2.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "cross-region-stack-649563674902:us-west-2": { + "cross-region-stack-123456789012:us-west-2": { "type": "aws:cloudformation:stack", - "environment": "aws://649563674902/us-west-2", + "environment": "aws://123456789012/us-west-2", "properties": { - "templateFile": "cross-region-stack-649563674902:us-west-2.template.json", + "templateFile": "cross-region-stack-123456789012:us-west-2.template.json", "terminationProtection": false, "validateOnSynth": false, "notificationArns": [], - "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-us-west-2", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-us-west-2/bda9ae7119dfdbe87b84da7346baf7394cde95ac9ff4d4e4da2c68bb407e3acb.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-deploy-role-123456789012-us-west-2", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-cfn-exec-role-123456789012-us-west-2", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-123456789012-us-west-2/6ead11ac2a258f5956aa4d821020d99d8460173de308c7fd28a388dc243e3f89.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "cross-region-stack-649563674902:us-west-2.assets" + "cross-region-stack-123456789012:us-west-2.assets" ], "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-us-west-2", + "arn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-lookup-role-123456789012-us-west-2", "requiresBootstrapStackVersion": 8, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" }, "stackName": "cross-region-support-us-west-2" }, "dependencies": [ - "cross-region-stack-649563674902:us-west-2.assets" + "cross-region-stack-123456789012:us-west-2.assets" ], "metadata": { - "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource": [ + "/cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490" } ], - "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource": [ + "/cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" } ], - "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Resource": [ + "/cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketFC3227F2" } ], - "/cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource": [ + "/cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource": [ { "type": "aws:cdk:logicalId", "data": "CrossRegionCodePipelineReplicationBucketPolicyB7BA2BCA" } ], - "/cross-region-stack-649563674902:us-west-2/BootstrapVersion": [ + "/cross-region-stack-123456789012:us-west-2/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/cross-region-stack-649563674902:us-west-2/CheckBootstrapVersion": [ + "/cross-region-stack-123456789012:us-west-2/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "cross-region-stack-649563674902:us-west-2" + "displayName": "cross-region-stack-123456789012:us-west-2" }, "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets": { "type": "cdk:asset-manifest", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json index f56f67cdf3377..886c1a9065749 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json @@ -85,8 +85,8 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376", - "arn:aws:s3:::cross-region-support-us-weplicationbucketd4f9321e99090cb36376/*", + "arn:aws:s3:::cross-region-support-us-weplicationbucket8a287d3945436008ebfd", + "arn:aws:s3:::cross-region-support-us-weplicationbucket8a287d3945436008ebfd/*", { "Fn::GetAtt": [ "PipelineArtifactsBucket22248F97", @@ -186,7 +186,7 @@ "Action": "kms:*", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:root" + "AWS": "arn:aws:iam::123456789012:root" }, "Resource": "*" } @@ -356,10 +356,10 @@ "region": "us-west-2", "artifactStore": { "type": "S3", - "location": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", + "location": "cross-region-support-us-weplicationbucket8a287d3945436008ebfd", "encryptionKey": { "type": "KMS", - "id": "arn:aws:kms:us-west-2:649563674902:alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861" + "id": "arn:aws:kms:us-west-2:123456789012:alias/ort-us-wtencryptionalias8f9701ce6a32f909886f" } } }, @@ -428,7 +428,7 @@ "provider": "StepFunctions" }, "configuration": { - "StateMachineArn": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine", + "StateMachineArn": "arn:aws:states:us-west-2:123456789012:stateMachine/MyStateMachine", "Input": "{}", "InputType": "Literal" }, @@ -532,7 +532,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:root" + "AWS": "arn:aws:iam::123456789012:root" } } ], @@ -563,12 +563,12 @@ "states:StartExecution" ], "Effect": "Allow", - "Resource": "arn:aws:states:us-west-2:649563674902:stateMachine/MyStateMachine" + "Resource": "arn:aws:states:us-west-2:123456789012:stateMachine/MyStateMachine" }, { "Action": "states:DescribeExecution", "Effect": "Allow", - "Resource": "arn:aws:states:us-west-2:649563674902:execution:MyStateMachine:*" + "Resource": "arn:aws:states:us-west-2:123456789012:execution:MyStateMachine:*" } ], "Version": "2012-10-17" @@ -640,7 +640,7 @@ { "Ref": "AWS::URLSuffix" }, - "/cdk-hnb659fds-assets-649563674902-us-east-1/5a4aac28b3a73f30fcdc6c5607d21896d725978905122d6a8675f582cb45cd87.json" + "/cdk-hnb659fds-assets-123456789012-us-east-1/e9bdb2e29c996292dd4a35bf37486dfd5d453c102ecee8dd47db844ba97465d6.json" ] ] } @@ -679,21 +679,21 @@ "version": "0.0.0" } }, - "cross-region-stack-649563674902:us-west-2": { - "id": "cross-region-stack-649563674902:us-west-2", - "path": "cross-region-stack-649563674902:us-west-2", + "cross-region-stack-123456789012:us-west-2": { + "id": "cross-region-stack-123456789012:us-west-2", + "path": "cross-region-stack-123456789012:us-west-2", "children": { "Default": { "id": "Default", - "path": "cross-region-stack-649563674902:us-west-2/Default", + "path": "cross-region-stack-123456789012:us-west-2/Default", "children": { "CrossRegionCodePipelineReplicationBucketEncryptionKey": { "id": "CrossRegionCodePipelineReplicationBucketEncryptionKey", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Key", "aws:cdk:cloudformation:props": { @@ -703,7 +703,7 @@ "Action": "kms:*", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:root" + "AWS": "arn:aws:iam::123456789012:root" }, "Resource": "*" }, @@ -717,7 +717,7 @@ ], "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::649563674902:role/MyPipelineRoleName" + "AWS": "arn:aws:iam::123456789012:role/MyPipelineRoleName" }, "Resource": "*" } @@ -739,15 +739,15 @@ }, "CrossRegionCodePipelineReplicationBucketEncryptionAlias": { "id": "CrossRegionCodePipelineReplicationBucketEncryptionAlias", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Alias", "aws:cdk:cloudformation:props": { - "aliasName": "alias/ort-us-wtencryptionaliasde5d3f5e9831ab4a9861", + "aliasName": "alias/ort-us-wtencryptionalias8f9701ce6a32f909886f", "targetKeyId": { "Fn::GetAtt": [ "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", @@ -769,11 +769,11 @@ }, "CrossRegionCodePipelineReplicationBucket": { "id": "CrossRegionCodePipelineReplicationBucket", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucket", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Resource", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { @@ -786,7 +786,7 @@ "Fn::Join": [ "", [ - "arn:aws:kms:us-west-2:649563674902:", + "arn:aws:kms:us-west-2:123456789012:", { "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" } @@ -797,7 +797,7 @@ } ] }, - "bucketName": "cross-region-support-us-weplicationbucketd4f9321e99090cb36376", + "bucketName": "cross-region-support-us-weplicationbucket8a287d3945436008ebfd", "publicAccessBlockConfiguration": { "blockPublicAcls": true, "blockPublicPolicy": true, @@ -813,11 +813,11 @@ }, "Policy": { "id": "Policy", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy", "children": { "Resource": { "id": "Resource", - "path": "cross-region-stack-649563674902:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource", + "path": "cross-region-stack-123456789012:us-west-2/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", "aws:cdk:cloudformation:props": { @@ -890,7 +890,7 @@ }, "BootstrapVersion": { "id": "BootstrapVersion", - "path": "cross-region-stack-649563674902:us-west-2/BootstrapVersion", + "path": "cross-region-stack-123456789012:us-west-2/BootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" @@ -898,7 +898,7 @@ }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", - "path": "cross-region-stack-649563674902:us-west-2/CheckBootstrapVersion", + "path": "cross-region-stack-123456789012:us-west-2/CheckBootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts index 0ebc13ebd6822..56d8da510a29b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -9,15 +9,20 @@ import { Construct } from 'constructs'; /** * This test is to make sure the stack names are resolved when using in nested stacks with - * CodePipeline construct. It needs additional setup to run the integration tests and deploy - * it. For simplicity, we should allow dry-run on this test as long as CDK synth is successful. + * cross-region CodePipeline construct. We should allow dry-run on this integration test. The reason + * is that cross-region support for CodePipeline requires an explicit account during stack + * creation. The local account vs CI account would always be different and cause failure + * during the integration test run. * - * To deploy this stack, you need to do the following: - * 1. export CDK_DEFAULT_ACCOUNT='' - * 2. make sure you've bootstrapped 'us-west-2' by running 'cdk bootstrap aws:///us-west-2' - * 3. deploy a state machine resource in 'us-west-2' and name the state machine 'MyStateMachine' - * 4. update GitHub source section to use the valid OAuth token. - * 5. run 'yarn integ aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack --update-on-failed' + * To update the snapshots, run `yarn integ aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack --update-on-failed --dry-run`. + * + * To deploy this stack manually, you need to do the following: + * 1. change the account id in stack from '123456789012' to your local account id. + * 2. update imported SFN account id from '123456789012' to your local account id. + * 3. make sure you've bootstrapped 'us-west-2' by running 'cdk bootstrap aws:///us-west-2' + * 4. deploy a state machine resource in 'us-west-2' and name the state machine 'MyStateMachine' + * 5. update GitHub source section to use the valid OAuth token. + * 6. run 'yarn integ aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack --update-on-failed --force' */ export class MainStack extends cdk.Stack { @@ -35,7 +40,7 @@ export class PipelineCrossRegionStack extends cdk.NestedStack { const machine = cdk.Arn.format({ service: 'states', resource: 'stateMachine', - account: cdk.Token.asString(process.env.CDK_DEFAULT_ACCOUNT), + account: cdk.Token.asString('123456789012'), resourceName: 'MyStateMachine', region: 'us-west-2', }, this); @@ -84,7 +89,7 @@ const app = new cdk.App({ }); const testCase = new MainStack(app, 'code-pipeline-nested-stack', { env: { - account: process.env.CDK_DEFAULT_ACCOUNT, + account: '123456789012', region: 'us-east-1', }, }); From f0374d51c8c84d4c1f623ed5a98ab08015b3dcd9 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Wed, 6 Nov 2024 09:50:43 -0800 Subject: [PATCH 10/11] update docstring --- .../lib/private/cross-region-support-stack.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts b/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts index 3cd808be5abeb..c1295451a91df 100644 --- a/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts +++ b/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts @@ -152,8 +152,8 @@ export class CrossRegionSupportStack extends cdk.Stack { } function generateStackName(props: CrossRegionSupportStackProps): string | undefined { - // When the pipeline stack name is an unresolved token, we return 'undefined' here and - // let Stack construct to generate a stack name instead. + // When the pipeline stack name is an unresolved token, we generate stack name here + // without including tokenized value in the generated stack name. if (cdk.Token.isUnresolved(props.pipelineStackName)) { return makeUniqueResourceName([`cross-region-support-${props.region}`], { maxLength: 128, allowedSpecialCharacters: '-' }); } From c3135360a98c9d95c3b51fc213e3c8ea7f78ae14 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Thu, 7 Nov 2024 13:55:05 -0800 Subject: [PATCH 11/11] update return type declaration --- .../aws-codepipeline/lib/private/cross-region-support-stack.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts b/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts index c1295451a91df..74d94fb9baa79 100644 --- a/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts +++ b/packages/aws-cdk-lib/aws-codepipeline/lib/private/cross-region-support-stack.ts @@ -151,7 +151,7 @@ export class CrossRegionSupportStack extends cdk.Stack { } } -function generateStackName(props: CrossRegionSupportStackProps): string | undefined { +function generateStackName(props: CrossRegionSupportStackProps): string { // When the pipeline stack name is an unresolved token, we generate stack name here // without including tokenized value in the generated stack name. if (cdk.Token.isUnresolved(props.pipelineStackName)) {