From 9950e8436190d792bfd906ec315e806955d93280 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jun 2022 20:47:09 +0000
Subject: [PATCH 01/20] chore(deps): Bump awscli from 1.25.7 to 1.25.12 in
/packages/@aws-cdk/lambda-layer-awscli (#20797)
Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.7 to 1.25.12.
Changelog
Sourced from awscli's changelog.
1.25.12
- api-change:
connect: This release updates these APIs: UpdateInstanceAttribute, DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the specified Amazon Connect instance.
- api-change:
connectcampaigns: Added Amazon Connect high volume outbound communications SDK.
- api-change:
dynamodb: Doc only update for DynamoDB service
- api-change:
dynamodbstreams: Update dynamodbstreams command to latest version
1.25.11
- api-change:
redshift-data: This release adds a new --workgroup-name field to operations that connect to an endpoint. Customers can now execute queries against their serverless workgroups.
- api-change:
redshiftserverless: Add new API operations for Amazon Redshift Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned clusters. The new operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC endpoints, delete resource policies, and more.
- api-change:
secretsmanager: Documentation updates for Secrets Manager
- api-change:
securityhub: Added Threats field for security findings. Added new resource details for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2 TransitGateway, EFS AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and WAF Rules
1.25.10
- api-change:
finspace-data: This release adds a new set of APIs, GetPermissionGroup, DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup, ListPermissionGroupsByUser, ListUsersByPermissionGroup.
- api-change:
guardduty: Adds finding fields available from GuardDuty Console. Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts and Replace them with Administrator Accounts.
- api-change:
servicecatalog-appregistry: This release adds a new API ListAttributeGroupsForApplication that returns associated attribute groups of an application. In addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the 'Name' attribute.
- api-change:
workspaces: Added new field "reason" to OperationNotSupportedException. Receiving this exception in the DeregisterWorkspaceDirectory API will now return a reason giving more context on the failure.
1.25.9
- api-change:
budgets: Add a budgets ThrottlingException. Update the CostFilters value pattern.
- api-change:
lookoutmetrics: Adding filters to Alert and adding new UpdateAlert API.
- api-change:
mediaconvert: AWS Elemental MediaConvert SDK has added support for rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
1.25.8
- api-change:
outposts: This release adds API operations AWS uses to install Outpost servers.
Commits
eca5ac5 Merge branch 'release-1.25.12'4515f4a Bumping version to 1.25.123b762db Update changelog based on model updates6821ce2 Merge branch 'release-1.25.11'1bbb86c Merge branch 'release-1.25.11' into developdd83f0a Bumping version to 1.25.113cd4868 Update changelog based on model updatesbd7e508 Merge branch 'release-1.25.10'5d337fc Merge branch 'release-1.25.10' into developb0ff60a Bumping version to 1.25.10- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
---
packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt
index 6586abd3d3147..075f800d90ef1 100644
--- a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt
+++ b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt
@@ -1 +1 @@
-awscli==1.25.7
+awscli==1.25.12
From bac965e9c4d435ae45d5cf16aa809f33bbb05a0f Mon Sep 17 00:00:00 2001
From: Rico Huijbers
Date: Fri, 24 Jun 2022 18:54:25 +0200
Subject: [PATCH 02/20] fix(pipelines): 'ConfirmPermissionsBroadening' uses
wrong node version (#20861)
The CodeBuild Project that is used when the `ConfirmPermissionsBroadening`
feature is enabled does not have a CodeBuild image specified. This
makes it use the `standard:2.0` image by default, which is AL2-based
and comes with Node 12. CDK tooling now requires Node 14 to run.
Make it use the `standard:5.0` image like all other CodeBuild projects,
which contains Node 14.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
.../lib/private/application-security-check.ts | 3 +++
.../test/compliance/security-check.test.ts | 17 ++++++++++++++---
.../PipelineSecurityStack.assets.json | 4 ++--
.../PipelineSecurityStack.template.json | 4 ++--
.../manifest.json | 2 +-
.../pipeline-security.integ.snapshot/tree.json | 6 +++---
6 files changed, 25 insertions(+), 11 deletions(-)
diff --git a/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts b/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts
index b94324290ac37..38aaa04abf802 100644
--- a/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts
+++ b/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts
@@ -99,6 +99,9 @@ export class ApplicationSecurityCheck extends Construct {
` --message "${message.join('\n')}"`;
this.cdkDiffProject = new codebuild.Project(this, 'CDKSecurityCheck', {
+ environment: {
+ buildImage: codebuild.LinuxBuildImage.STANDARD_5_0,
+ },
buildSpec: codebuild.BuildSpec.fromObject({
version: 0.2,
phases: {
diff --git a/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts b/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts
index f8c53a40e3e37..958145f67ceb3 100644
--- a/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts
+++ b/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts
@@ -40,8 +40,9 @@ behavior('security check option generates lambda/codebuild at pipeline scope', (
});
function THEN_codePipelineExpectation() {
- Template.fromStack(pipelineStack).resourceCountIs('AWS::Lambda::Function', 1);
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::Lambda::Function', {
+ const template = Template.fromStack(pipelineStack);
+ template.resourceCountIs('AWS::Lambda::Function', 1);
+ template.hasResourceProperties('AWS::Lambda::Function', {
Role: {
'Fn::GetAtt': [
stringLike('CdkPipeline*SecurityCheckCDKPipelinesAutoApproveServiceRole*'),
@@ -50,7 +51,17 @@ behavior('security check option generates lambda/codebuild at pipeline scope', (
},
});
// 1 for github build, 1 for synth stage, and 1 for the application security check
- Template.fromStack(pipelineStack).resourceCountIs('AWS::CodeBuild::Project', 3);
+ template.resourceCountIs('AWS::CodeBuild::Project', 3);
+
+ // No CodeBuild project has a build image that is not standard:5.0
+ const projects = template.findResources('AWS::CodeBuild::Project', {
+ Properties: {
+ Environment: {
+ Image: 'aws/codebuild/standard:5.0',
+ },
+ },
+ });
+ expect(Object.keys(projects).length).toEqual(3);
}
});
diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json
index c697034eb608a..c218215c95fd8 100644
--- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json
+++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json
@@ -27,7 +27,7 @@
}
}
},
- "89f6e045568a0cd52d21d8215bb87ce0d05485ee8c757b0eb4ac080ddc9f1d6f": {
+ "7f17b1fbdb3783f2f992a94602a37c674f58741617a65f348b43ba1a7637a115": {
"source": {
"path": "PipelineSecurityStack.template.json",
"packaging": "file"
@@ -35,7 +35,7 @@
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "89f6e045568a0cd52d21d8215bb87ce0d05485ee8c757b0eb4ac080ddc9f1d6f.json",
+ "objectKey": "7f17b1fbdb3783f2f992a94602a37c674f58741617a65f348b43ba1a7637a115.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json
index 4a198bda45898..c2ecebd2a612a 100644
--- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json
+++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json
@@ -2603,7 +2603,7 @@
},
"Environment": {
"ComputeType": "BUILD_GENERAL1_SMALL",
- "Image": "aws/codebuild/standard:1.0",
+ "Image": "aws/codebuild/standard:5.0",
"ImagePullCredentialsType": "CODEBUILD",
"PrivilegedMode": false,
"Type": "LINUX_CONTAINER"
@@ -2947,7 +2947,7 @@
},
"Environment": {
"ComputeType": "BUILD_GENERAL1_SMALL",
- "Image": "aws/codebuild/standard:1.0",
+ "Image": "aws/codebuild/standard:5.0",
"ImagePullCredentialsType": "CODEBUILD",
"PrivilegedMode": false,
"Type": "LINUX_CONTAINER"
diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json
index 2f600dffd75c4..e9ce1f9e4e7bf 100644
--- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json
+++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json
@@ -65,7 +65,7 @@
"validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/89f6e045568a0cd52d21d8215bb87ce0d05485ee8c757b0eb4ac080ddc9f1d6f.json",
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7f17b1fbdb3783f2f992a94602a37c674f58741617a65f348b43ba1a7637a115.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [
diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json
index 66cb3d249a4f4..6a70ad206ee3f 100644
--- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json
+++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json
@@ -268,7 +268,7 @@
"attributes": {
"aws:cdk:cloudformation:type": "AWS::KMS::Alias",
"aws:cdk:cloudformation:props": {
- "aliasName": "alias/codepipeline-pipelinesecuritystacktestpipelinef7060861",
+ "aliasName": "alias/codepipeline-pipelinesecuritystack-testpipeline-f7060861",
"targetKeyId": {
"Fn::GetAtt": [
"TestPipelineArtifactsBucketEncryptionKey13258842",
@@ -3519,7 +3519,7 @@
},
"environment": {
"type": "LINUX_CONTAINER",
- "image": "aws/codebuild/standard:1.0",
+ "image": "aws/codebuild/standard:5.0",
"imagePullCredentialsType": "CODEBUILD",
"privilegedMode": false,
"computeType": "BUILD_GENERAL1_SMALL"
@@ -4065,7 +4065,7 @@
},
"environment": {
"type": "LINUX_CONTAINER",
- "image": "aws/codebuild/standard:1.0",
+ "image": "aws/codebuild/standard:5.0",
"imagePullCredentialsType": "CODEBUILD",
"privilegedMode": false,
"computeType": "BUILD_GENERAL1_SMALL"
From de153fcdd47a4cdcd1d156d5e19684969d990c8e Mon Sep 17 00:00:00 2001
From: Harshad
Date: Mon, 27 Jun 2022 19:18:31 +1000
Subject: [PATCH 03/20] fix(eks): revert shell=True and allow public ecr to
work (#20724)
This fixes the change made by the following PR. https://github.com/aws/aws-cdk/pull/19778
`shell=True` caused regression observed in the following issue: [20402](https://github.com/aws/aws-cdk/issues/20402)
The code should now allow Public and Private AWS ECR repositories to work with oci prefix.
----
### All Submissions:
* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? No
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
.../lib/kubectl-handler/helm/__init__.py | 31 +-
.../aws-cdk-eks-helm-test.template.json | 2616 ++++++++---------
.../aws-eks/test/integ.eks-helm-asset.ts | 2 +-
3 files changed, 1325 insertions(+), 1324 deletions(-)
diff --git a/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py b/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py
index 9d510f27cc45b..f1bb6a0dbdd9c 100644
--- a/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py
+++ b/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py
@@ -94,20 +94,30 @@ def helm_handler(event, context):
def get_oci_cmd(repository, version):
-
+ # Generates OCI command based on pattern. Public ECR vs Private ECR are treated differently.
cmnd = []
- pattern = '\d+.dkr.ecr.[a-z]+-[a-z]+-\d.amazonaws.com'
+ private_ecr_pattern = '\d+.dkr.ecr.[a-z]+-[a-z]+-\d.amazonaws.com'
+ public_ecr = 'public.ecr.aws'
registry = repository.rsplit('/', 1)[0].replace('oci://', '')
- if re.fullmatch(pattern, registry) is not None:
+ if re.fullmatch(private_ecr_pattern, registry) is not None:
+ logger.info("Found AWS private repository")
region = registry.replace('.amazonaws.com', '').split('.')[-1]
cmnd = [
f"aws ecr get-login-password --region {region} | " \
f"helm registry login --username AWS --password-stdin {registry}; helm pull {repository} --version {version} --untar"
]
+ elif registry.startswith(public_ecr):
+ logger.info("Found AWS public repository, will use default region as deployment")
+ region = os.environ.get('AWS_REGION', 'us-east-1')
+
+ cmnd = [
+ f"aws ecr-public get-login-password --region {region} | " \
+ f"helm registry login --username AWS --password-stdin {public_ecr}; helm pull {repository} --version {version} --untar"
+ ]
else:
- logger.info("Non AWS OCI repository found")
+ logger.error("OCI repository format not recognized, falling back to helm pull")
cmnd = ['helm', 'pull', repository, '--version', version, '--untar']
return cmnd
@@ -122,8 +132,7 @@ def get_chart_from_oci(tmpdir, release, repository = None, version = None):
while retry > 0:
try:
logger.info(cmnd)
- env = get_env_with_oci_flag()
- output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, env=env)
+ output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, shell=True)
logger.info(output)
return os.path.join(tmpdir, release)
@@ -137,13 +146,6 @@ def get_chart_from_oci(tmpdir, release, repository = None, version = None):
raise Exception(f'Operation failed after {maxAttempts} attempts: {output}')
-def get_env_with_oci_flag():
- env = os.environ.copy()
- env['HELM_EXPERIMENTAL_OCI'] = '1'
-
- return env
-
-
def helm(verb, release, chart = None, repo = None, file = None, namespace = None, version = None, wait = False, timeout = None, create_namespace = None):
import subprocess
@@ -172,8 +174,7 @@ def helm(verb, release, chart = None, repo = None, file = None, namespace = None
retry = maxAttempts
while retry > 0:
try:
- env = get_env_with_oci_flag()
- output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir, env=env)
+ output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir)
logger.info(output)
return
except subprocess.CalledProcessError as exc:
diff --git a/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json b/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json
index 804a7b3d78415..7d2bb8615cb6f 100644
--- a/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json
+++ b/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json
@@ -1,1319 +1,1319 @@
{
- "Resources": {
- "AdminRole38563C57": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "AWS": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "Vpc8378EB38": {
- "Type": "AWS::EC2::VPC",
- "Properties": {
- "CidrBlock": "10.0.0.0/16",
- "EnableDnsHostnames": true,
- "EnableDnsSupport": true,
- "InstanceTenancy": "default",
- "Tags": [
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc"
- }
- ]
- }
- },
- "VpcPublicSubnet1Subnet5C2D37C4": {
- "Type": "AWS::EC2::Subnet",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "AvailabilityZone": {
- "Fn::Select": [
- 0,
- {
- "Fn::GetAZs": ""
- }
- ]
- },
- "CidrBlock": "10.0.0.0/18",
- "MapPublicIpOnLaunch": true,
- "Tags": [
- {
- "Key": "aws-cdk:subnet-name",
- "Value": "Public"
- },
- {
- "Key": "aws-cdk:subnet-type",
- "Value": "Public"
- },
- {
- "Key": "kubernetes.io/role/elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
- }
- ]
- }
- },
- "VpcPublicSubnet1RouteTable6C95E38E": {
- "Type": "AWS::EC2::RouteTable",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "Tags": [
- {
- "Key": "kubernetes.io/role/elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
- }
- ]
- }
- },
- "VpcPublicSubnet1RouteTableAssociation97140677": {
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
- },
- "SubnetId": {
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
- }
- }
- },
- "VpcPublicSubnet1DefaultRoute3DA9E72A": {
- "Type": "AWS::EC2::Route",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
- },
- "DestinationCidrBlock": "0.0.0.0/0",
- "GatewayId": {
- "Ref": "VpcIGWD7BA715C"
- }
- },
- "DependsOn": [
- "VpcVPCGWBF912B6E"
- ]
- },
- "VpcPublicSubnet1EIPD7E02669": {
- "Type": "AWS::EC2::EIP",
- "Properties": {
- "Domain": "vpc",
- "Tags": [
- {
- "Key": "kubernetes.io/role/elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
- }
- ]
- }
- },
- "VpcPublicSubnet1NATGateway4D7517AA": {
- "Type": "AWS::EC2::NatGateway",
- "Properties": {
- "SubnetId": {
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
- },
- "AllocationId": {
- "Fn::GetAtt": [
- "VpcPublicSubnet1EIPD7E02669",
- "AllocationId"
- ]
- },
- "Tags": [
- {
- "Key": "kubernetes.io/role/elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
- }
- ]
- }
- },
- "VpcPublicSubnet2Subnet691E08A3": {
- "Type": "AWS::EC2::Subnet",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "AvailabilityZone": {
- "Fn::Select": [
- 1,
- {
- "Fn::GetAZs": ""
- }
- ]
- },
- "CidrBlock": "10.0.64.0/18",
- "MapPublicIpOnLaunch": true,
- "Tags": [
- {
- "Key": "aws-cdk:subnet-name",
- "Value": "Public"
- },
- {
- "Key": "aws-cdk:subnet-type",
- "Value": "Public"
- },
- {
- "Key": "kubernetes.io/role/elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2"
- }
- ]
- }
- },
- "VpcPublicSubnet2RouteTable94F7E489": {
- "Type": "AWS::EC2::RouteTable",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "Tags": [
- {
- "Key": "kubernetes.io/role/elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2"
- }
- ]
- }
- },
- "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
- },
- "SubnetId": {
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
- }
- }
- },
- "VpcPublicSubnet2DefaultRoute97F91067": {
- "Type": "AWS::EC2::Route",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
- },
- "DestinationCidrBlock": "0.0.0.0/0",
- "GatewayId": {
- "Ref": "VpcIGWD7BA715C"
- }
- },
- "DependsOn": [
- "VpcVPCGWBF912B6E"
- ]
- },
- "VpcPrivateSubnet1Subnet536B997A": {
- "Type": "AWS::EC2::Subnet",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "AvailabilityZone": {
- "Fn::Select": [
- 0,
- {
- "Fn::GetAZs": ""
- }
- ]
- },
- "CidrBlock": "10.0.128.0/18",
- "MapPublicIpOnLaunch": false,
- "Tags": [
- {
- "Key": "aws-cdk:subnet-name",
- "Value": "Private"
- },
- {
- "Key": "aws-cdk:subnet-type",
- "Value": "Private"
- },
- {
- "Key": "kubernetes.io/role/internal-elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1"
- }
- ]
- }
- },
- "VpcPrivateSubnet1RouteTableB2C5B500": {
- "Type": "AWS::EC2::RouteTable",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "Tags": [
- {
- "Key": "kubernetes.io/role/internal-elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1"
- }
- ]
- }
- },
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
- },
- "SubnetId": {
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
- }
- }
- },
- "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
- "Type": "AWS::EC2::Route",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
- },
- "DestinationCidrBlock": "0.0.0.0/0",
- "NatGatewayId": {
- "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
- }
- }
- },
- "VpcPrivateSubnet2Subnet3788AAA1": {
- "Type": "AWS::EC2::Subnet",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "AvailabilityZone": {
- "Fn::Select": [
- 1,
- {
- "Fn::GetAZs": ""
- }
- ]
- },
- "CidrBlock": "10.0.192.0/18",
- "MapPublicIpOnLaunch": false,
- "Tags": [
- {
- "Key": "aws-cdk:subnet-name",
- "Value": "Private"
- },
- {
- "Key": "aws-cdk:subnet-type",
- "Value": "Private"
- },
- {
- "Key": "kubernetes.io/role/internal-elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2"
- }
- ]
- }
- },
- "VpcPrivateSubnet2RouteTableA678073B": {
- "Type": "AWS::EC2::RouteTable",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "Tags": [
- {
- "Key": "kubernetes.io/role/internal-elb",
- "Value": "1"
- },
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2"
- }
- ]
- }
- },
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
- },
- "SubnetId": {
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
- }
- }
- },
- "VpcPrivateSubnet2DefaultRoute060D2087": {
- "Type": "AWS::EC2::Route",
- "Properties": {
- "RouteTableId": {
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
- },
- "DestinationCidrBlock": "0.0.0.0/0",
- "NatGatewayId": {
- "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
- }
- }
- },
- "VpcIGWD7BA715C": {
- "Type": "AWS::EC2::InternetGateway",
- "Properties": {
- "Tags": [
- {
- "Key": "Name",
- "Value": "aws-cdk-eks-helm-test/Vpc"
- }
- ]
- }
- },
- "VpcVPCGWBF912B6E": {
- "Type": "AWS::EC2::VPCGatewayAttachment",
- "Properties": {
- "VpcId": {
- "Ref": "Vpc8378EB38"
- },
- "InternetGatewayId": {
- "Ref": "VpcIGWD7BA715C"
- }
- }
- },
- "ClusterRoleFA261979": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "Service": "eks.amazonaws.com"
- }
- }
- ],
- "Version": "2012-10-17"
- },
- "ManagedPolicyArns": [
- {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
+ "Resources": {
+ "AdminRole38563C57": {
+ "Type": "AWS::IAM::Role",
+ "Properties": {
+ "AssumeRolePolicyDocument": {
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::",
+ {
+ "Ref": "AWS::AccountId"
+ },
+ ":root"
+ ]
+ ]
+ }
+ }
+ }
+ ],
+ "Version": "2012-10-17"
+ }
+ }
},
- ":iam::aws:policy/AmazonEKSClusterPolicy"
- ]
- ]
- }
- ]
- }
- },
- "ClusterControlPlaneSecurityGroupD274242C": {
- "Type": "AWS::EC2::SecurityGroup",
- "Properties": {
- "GroupDescription": "EKS Control Plane Security Group",
- "SecurityGroupEgress": [
- {
- "CidrIp": "0.0.0.0/0",
- "Description": "Allow all outbound traffic by default",
- "IpProtocol": "-1"
- }
- ],
- "VpcId": {
- "Ref": "Vpc8378EB38"
- }
- }
- },
- "ClusterCreationRole360249B6": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "AWS": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
+ "Vpc8378EB38": {
+ "Type": "AWS::EC2::VPC",
+ "Properties": {
+ "CidrBlock": "10.0.0.0/16",
+ "EnableDnsHostnames": true,
+ "EnableDnsSupport": true,
+ "InstanceTenancy": "default",
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc"
+ }
+ ]
+ }
+ },
+ "VpcPublicSubnet1Subnet5C2D37C4": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.0.0/18",
+ "MapPublicIpOnLaunch": true,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Public"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Public"
+ },
+ {
+ "Key": "kubernetes.io/role/elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
+ }
+ ]
+ }
+ },
+ "VpcPublicSubnet1RouteTable6C95E38E": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "Tags": [
+ {
+ "Key": "kubernetes.io/role/elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
+ }
+ ]
+ }
+ },
+ "VpcPublicSubnet1RouteTableAssociation97140677": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
+ },
+ "SubnetId": {
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
+ }
+ }
+ },
+ "VpcPublicSubnet1DefaultRoute3DA9E72A": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
+ },
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "GatewayId": {
+ "Ref": "VpcIGWD7BA715C"
+ }
+ },
+ "DependsOn": [
+ "VpcVPCGWBF912B6E"
+ ]
+ },
+ "VpcPublicSubnet1EIPD7E02669": {
+ "Type": "AWS::EC2::EIP",
+ "Properties": {
+ "Domain": "vpc",
+ "Tags": [
+ {
+ "Key": "kubernetes.io/role/elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
+ }
+ ]
+ }
+ },
+ "VpcPublicSubnet1NATGateway4D7517AA": {
+ "Type": "AWS::EC2::NatGateway",
+ "Properties": {
+ "SubnetId": {
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
+ },
+ "AllocationId": {
+ "Fn::GetAtt": [
+ "VpcPublicSubnet1EIPD7E02669",
+ "AllocationId"
+ ]
+ },
+ "Tags": [
+ {
+ "Key": "kubernetes.io/role/elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1"
+ }
+ ]
+ }
+ },
+ "VpcPublicSubnet2Subnet691E08A3": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.64.0/18",
+ "MapPublicIpOnLaunch": true,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Public"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Public"
+ },
+ {
+ "Key": "kubernetes.io/role/elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2"
+ }
+ ]
+ }
+ },
+ "VpcPublicSubnet2RouteTable94F7E489": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "Tags": [
+ {
+ "Key": "kubernetes.io/role/elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2"
+ }
+ ]
+ }
+ },
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
+ },
+ "SubnetId": {
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
+ }
+ }
+ },
+ "VpcPublicSubnet2DefaultRoute97F91067": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
+ },
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "GatewayId": {
+ "Ref": "VpcIGWD7BA715C"
+ }
+ },
+ "DependsOn": [
+ "VpcVPCGWBF912B6E"
+ ]
+ },
+ "VpcPrivateSubnet1Subnet536B997A": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.128.0/18",
+ "MapPublicIpOnLaunch": false,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Private"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Private"
+ },
+ {
+ "Key": "kubernetes.io/role/internal-elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1"
+ }
+ ]
+ }
+ },
+ "VpcPrivateSubnet1RouteTableB2C5B500": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "Tags": [
+ {
+ "Key": "kubernetes.io/role/internal-elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1"
+ }
+ ]
+ }
+ },
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
+ },
+ "SubnetId": {
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
+ }
+ }
+ },
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
+ },
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "NatGatewayId": {
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
+ }
+ }
+ },
+ "VpcPrivateSubnet2Subnet3788AAA1": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.192.0/18",
+ "MapPublicIpOnLaunch": false,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Private"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Private"
+ },
+ {
+ "Key": "kubernetes.io/role/internal-elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2"
+ }
+ ]
+ }
+ },
+ "VpcPrivateSubnet2RouteTableA678073B": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "Tags": [
+ {
+ "Key": "kubernetes.io/role/internal-elb",
+ "Value": "1"
+ },
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2"
+ }
+ ]
+ }
+ },
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
+ },
+ "SubnetId": {
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+ }
+ }
+ },
+ "VpcPrivateSubnet2DefaultRoute060D2087": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
+ },
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "NatGatewayId": {
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
+ }
+ }
+ },
+ "VpcIGWD7BA715C": {
+ "Type": "AWS::EC2::InternetGateway",
+ "Properties": {
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "aws-cdk-eks-helm-test/Vpc"
+ }
+ ]
+ }
+ },
+ "VpcVPCGWBF912B6E": {
+ "Type": "AWS::EC2::VPCGatewayAttachment",
+ "Properties": {
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ },
+ "InternetGatewayId": {
+ "Ref": "VpcIGWD7BA715C"
+ }
+ }
+ },
+ "ClusterRoleFA261979": {
+ "Type": "AWS::IAM::Role",
+ "Properties": {
+ "AssumeRolePolicyDocument": {
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Principal": {
+ "Service": "eks.amazonaws.com"
+ }
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "ManagedPolicyArns": [
+ {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::aws:policy/AmazonEKSClusterPolicy"
+ ]
+ ]
+ }
+ ]
+ }
+ },
+ "ClusterControlPlaneSecurityGroupD274242C": {
+ "Type": "AWS::EC2::SecurityGroup",
+ "Properties": {
+ "GroupDescription": "EKS Control Plane Security Group",
+ "SecurityGroupEgress": [
+ {
+ "CidrIp": "0.0.0.0/0",
+ "Description": "Allow all outbound traffic by default",
+ "IpProtocol": "-1"
+ }
+ ],
+ "VpcId": {
+ "Ref": "Vpc8378EB38"
+ }
+ }
+ },
+ "ClusterCreationRole360249B6": {
+ "Type": "AWS::IAM::Role",
+ "Properties": {
+ "AssumeRolePolicyDocument": {
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::",
+ {
+ "Ref": "AWS::AccountId"
+ },
+ ":root"
+ ]
+ ]
+ }
+ }
+ }
+ ],
+ "Version": "2012-10-17"
+ }
+ },
+ "DependsOn": [
+ "VpcIGWD7BA715C",
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
+ "VpcPrivateSubnet1RouteTableB2C5B500",
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
+ "VpcPrivateSubnet1Subnet536B997A",
+ "VpcPrivateSubnet2DefaultRoute060D2087",
+ "VpcPrivateSubnet2RouteTableA678073B",
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
+ "VpcPrivateSubnet2Subnet3788AAA1",
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
+ "VpcPublicSubnet1EIPD7E02669",
+ "VpcPublicSubnet1NATGateway4D7517AA",
+ "VpcPublicSubnet1RouteTable6C95E38E",
+ "VpcPublicSubnet1RouteTableAssociation97140677",
+ "VpcPublicSubnet1Subnet5C2D37C4",
+ "VpcPublicSubnet2DefaultRoute97F91067",
+ "VpcPublicSubnet2RouteTable94F7E489",
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8",
+ "VpcPublicSubnet2Subnet691E08A3",
+ "Vpc8378EB38",
+ "VpcVPCGWBF912B6E"
+ ]
+ },
+ "ClusterCreationRoleDefaultPolicyE8BDFC7B": {
+ "Type": "AWS::IAM::Policy",
+ "Properties": {
+ "PolicyDocument": {
+ "Statement": [
+ {
+ "Action": "iam:PassRole",
+ "Effect": "Allow",
+ "Resource": {
+ "Fn::GetAtt": [
+ "ClusterRoleFA261979",
+ "Arn"
+ ]
+ }
+ },
+ {
+ "Action": [
+ "eks:CreateCluster",
+ "eks:CreateFargateProfile",
+ "eks:DeleteCluster",
+ "eks:DescribeCluster",
+ "eks:DescribeUpdate",
+ "eks:TagResource",
+ "eks:UntagResource",
+ "eks:UpdateClusterConfig",
+ "eks:UpdateClusterVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "eks:DeleteFargateProfile",
+ "eks:DescribeFargateProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeDhcpOptions",
+ "ec2:DescribeInstances",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "iam:CreateServiceLinkedRole",
+ "iam:GetRole",
+ "iam:listAttachedRolePolicies"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B",
+ "Roles": [
+ {
+ "Ref": "ClusterCreationRole360249B6"
+ }
+ ]
+ },
+ "DependsOn": [
+ "VpcIGWD7BA715C",
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
+ "VpcPrivateSubnet1RouteTableB2C5B500",
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
+ "VpcPrivateSubnet1Subnet536B997A",
+ "VpcPrivateSubnet2DefaultRoute060D2087",
+ "VpcPrivateSubnet2RouteTableA678073B",
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
+ "VpcPrivateSubnet2Subnet3788AAA1",
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
+ "VpcPublicSubnet1EIPD7E02669",
+ "VpcPublicSubnet1NATGateway4D7517AA",
+ "VpcPublicSubnet1RouteTable6C95E38E",
+ "VpcPublicSubnet1RouteTableAssociation97140677",
+ "VpcPublicSubnet1Subnet5C2D37C4",
+ "VpcPublicSubnet2DefaultRoute97F91067",
+ "VpcPublicSubnet2RouteTable94F7E489",
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8",
+ "VpcPublicSubnet2Subnet691E08A3",
+ "Vpc8378EB38",
+ "VpcVPCGWBF912B6E"
+ ]
+ },
+ "Cluster9EE0221C": {
+ "Type": "Custom::AWSCDK-EKS-Cluster",
+ "Properties": {
+ "ServiceToken": {
+ "Fn::GetAtt": [
+ "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454",
+ "Outputs.awscdkekshelmtestawscdkawseksClusterResourceProviderframeworkonEventFCDC8710Arn"
+ ]
+ },
+ "Config": {
+ "version": "1.21",
+ "roleArn": {
+ "Fn::GetAtt": [
+ "ClusterRoleFA261979",
+ "Arn"
+ ]
+ },
+ "resourcesVpcConfig": {
+ "subnetIds": [
+ {
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
+ },
+ {
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
+ },
+ {
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
+ },
+ {
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+ }
+ ],
+ "securityGroupIds": [
+ {
+ "Fn::GetAtt": [
+ "ClusterControlPlaneSecurityGroupD274242C",
+ "GroupId"
+ ]
+ }
+ ],
+ "endpointPublicAccess": true,
+ "endpointPrivateAccess": true
+ },
+ "tags": {
+ "foo": "bar"
+ },
+ "logging": {
+ "clusterLogging": [
+ {
+ "enabled": true,
+ "types": [
+ "api",
+ "authenticator",
+ "scheduler"
+ ]
+ }
+ ]
+ }
+ },
+ "AssumeRoleArn": {
+ "Fn::GetAtt": [
+ "ClusterCreationRole360249B6",
+ "Arn"
+ ]
+ },
+ "AttributesRevision": 2
+ },
+ "DependsOn": [
+ "ClusterCreationRoleDefaultPolicyE8BDFC7B",
+ "ClusterCreationRole360249B6",
+ "VpcIGWD7BA715C",
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
+ "VpcPrivateSubnet1RouteTableB2C5B500",
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
+ "VpcPrivateSubnet1Subnet536B997A",
+ "VpcPrivateSubnet2DefaultRoute060D2087",
+ "VpcPrivateSubnet2RouteTableA678073B",
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
+ "VpcPrivateSubnet2Subnet3788AAA1",
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
+ "VpcPublicSubnet1EIPD7E02669",
+ "VpcPublicSubnet1NATGateway4D7517AA",
+ "VpcPublicSubnet1RouteTable6C95E38E",
+ "VpcPublicSubnet1RouteTableAssociation97140677",
+ "VpcPublicSubnet1Subnet5C2D37C4",
+ "VpcPublicSubnet2DefaultRoute97F91067",
+ "VpcPublicSubnet2RouteTable94F7E489",
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8",
+ "VpcPublicSubnet2Subnet691E08A3",
+ "Vpc8378EB38",
+ "VpcVPCGWBF912B6E"
+ ],
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
+ },
+ "ClusterKubectlReadyBarrier200052AF": {
+ "Type": "AWS::SSM::Parameter",
+ "Properties": {
+ "Type": "String",
+ "Value": "aws:cdk:eks:kubectl-ready"
+ },
+ "DependsOn": [
+ "ClusterCreationRoleDefaultPolicyE8BDFC7B",
+ "ClusterCreationRole360249B6",
+ "Cluster9EE0221C"
+ ]
+ },
+ "ClusterAwsAuthmanifestFE51F8AE": {
+ "Type": "Custom::AWSCDK-EKS-KubernetesResource",
+ "Properties": {
+ "ServiceToken": {
+ "Fn::GetAtt": [
+ "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
+ "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn"
+ ]
+ },
+ "Manifest": {
+ "Fn::Join": [
+ "",
+ [
+ "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"",
+ {
+ "Fn::GetAtt": [
+ "AdminRole38563C57",
+ "Arn"
+ ]
+ },
+ "\\\",\\\"username\\\":\\\"",
+ {
+ "Fn::GetAtt": [
+ "AdminRole38563C57",
+ "Arn"
+ ]
+ },
+ "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"",
+ {
+ "Fn::GetAtt": [
+ "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04",
+ "Arn"
+ ]
+ },
+ "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]"
+ ]
+ ]
+ },
+ "ClusterName": {
+ "Ref": "Cluster9EE0221C"
+ },
+ "RoleArn": {
+ "Fn::GetAtt": [
+ "ClusterCreationRole360249B6",
+ "Arn"
+ ]
+ },
+ "PruneLabel": "aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6",
+ "Overwrite": true
+ },
+ "DependsOn": [
+ "ClusterKubectlReadyBarrier200052AF"
+ ],
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
+ },
+ "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": {
+ "Type": "AWS::IAM::Role",
+ "Properties": {
+ "AssumeRolePolicyDocument": {
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Principal": {
+ "Service": {
+ "Fn::Join": [
+ "",
+ [
+ "ec2.",
+ {
+ "Ref": "AWS::URLSuffix"
+ }
+ ]
+ ]
+ }
+ }
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "ManagedPolicyArns": [
+ {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::aws:policy/AmazonEKSWorkerNodePolicy"
+ ]
+ ]
+ },
+ {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::aws:policy/AmazonEKS_CNI_Policy"
+ ]
+ ]
+ },
+ {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+ ]
+ ]
+ }
+ ]
+ }
+ },
+ "ClusterNodegroupDefaultCapacityDA0920A3": {
+ "Type": "AWS::EKS::Nodegroup",
+ "Properties": {
+ "ClusterName": {
+ "Ref": "Cluster9EE0221C"
+ },
+ "NodeRole": {
+ "Fn::GetAtt": [
+ "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04",
+ "Arn"
+ ]
+ },
+ "Subnets": [
+ {
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
+ },
+ {
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+ }
+ ],
+ "AmiType": "AL2_x86_64",
+ "ForceUpdateEnabled": true,
+ "InstanceTypes": [
+ "m5.large"
+ ],
+ "ScalingConfig": {
+ "DesiredSize": 2,
+ "MaxSize": 2,
+ "MinSize": 2
+ }
+ }
+ },
+ "Clustercharttestchart9FD698EB": {
+ "Type": "Custom::AWSCDK-EKS-HelmChart",
+ "Properties": {
+ "ServiceToken": {
+ "Fn::GetAtt": [
+ "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
+ "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn"
+ ]
+ },
+ "ClusterName": {
+ "Ref": "Cluster9EE0221C"
+ },
+ "RoleArn": {
+ "Fn::GetAtt": [
+ "ClusterCreationRole360249B6",
+ "Arn"
+ ]
+ },
+ "Release": "awscdkekshelmtestclustercharttestchart0449715f",
+ "ChartAssetURL": {
+ "Fn::Join": [
+ "",
+ [
+ "s3://",
+ {
+ "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB"
+ },
+ "/",
+ {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::Split": [
+ "||",
+ {
+ "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::Split": [
+ "||",
+ {
+ "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ ]
+ },
+ "Namespace": "default",
+ "CreateNamespace": true
+ },
+ "DependsOn": [
+ "ClusterKubectlReadyBarrier200052AF"
+ ],
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
+ },
+ "Clustercharttestocichart9C188967": {
+ "Type": "Custom::AWSCDK-EKS-HelmChart",
+ "Properties": {
+ "ServiceToken": {
+ "Fn::GetAtt": [
+ "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
+ "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn"
+ ]
+ },
+ "ClusterName": {
+ "Ref": "Cluster9EE0221C"
+ },
+ "RoleArn": {
+ "Fn::GetAtt": [
+ "ClusterCreationRole360249B6",
+ "Arn"
+ ]
+ },
+ "Release": "s3-chart",
+ "Chart": "s3-chart",
+ "Version": "v0.1.0",
+ "Namespace": "ack-system",
+ "Repository": "oci://public.ecr.aws/aws-controllers-k8s/s3-chart",
+ "CreateNamespace": true
+ },
+ "DependsOn": [
+ "ClusterKubectlReadyBarrier200052AF"
+ ],
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
+ },
+ "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": {
+ "Type": "AWS::CloudFormation::Stack",
+ "Properties": {
+ "TemplateURL": {
+ "Fn::Join": [
+ "",
+ [
+ "https://s3.",
+ {
+ "Ref": "AWS::Region"
+ },
+ ".",
+ {
+ "Ref": "AWS::URLSuffix"
+ },
+ "/",
+ {
+ "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5"
+ },
+ "/",
+ {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::Split": [
+ "||",
+ {
+ "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::Split": [
+ "||",
+ {
+ "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ ]
+ },
+ "Parameters": {
+ "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket085ACFA1Ref": {
+ "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097"
+ },
+ "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey455E4CBARef": {
+ "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224"
+ },
+ "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": {
+ "Fn::GetAtt": [
+ "ClusterCreationRole360249B6",
+ "Arn"
+ ]
+ },
+ "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketB798A51DRef": {
+ "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6"
+ },
+ "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey8F1D43B7Ref": {
+ "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B"
+ },
+ "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": {
+ "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90"
+ },
+ "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": {
+ "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212"
+ }
+ }
+ },
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
+ },
+ "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": {
+ "Type": "AWS::CloudFormation::Stack",
+ "Properties": {
+ "TemplateURL": {
+ "Fn::Join": [
+ "",
+ [
+ "https://s3.",
+ {
+ "Ref": "AWS::Region"
+ },
+ ".",
+ {
+ "Ref": "AWS::URLSuffix"
+ },
+ "/",
+ {
+ "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395"
+ },
+ "/",
+ {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::Split": [
+ "||",
+ {
+ "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::Split": [
+ "||",
+ {
+ "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ ]
+ },
+ "Parameters": {
+ "referencetoawscdkekshelmtestCluster35BA672BArn": {
+ "Fn::GetAtt": [
+ "Cluster9EE0221C",
+ "Arn"
+ ]
+ },
+ "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": {
+ "Fn::GetAtt": [
+ "ClusterCreationRole360249B6",
+ "Arn"
+ ]
+ },
+ "referencetoawscdkekshelmtestAssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3Bucket5EAB45FARef": {
+ "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB"
+ },
+ "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3BucketEC27A5F2Ref": {
+ "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881"
+ },
+ "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey5772F015Ref": {
+ "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2"
+ },
+ "referencetoawscdkekshelmtestVpcPrivateSubnet1Subnet3D2B5C0BRef": {
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
+ },
+ "referencetoawscdkekshelmtestVpcPrivateSubnet2SubnetF5E4AFE9Ref": {
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+ },
+ "referencetoawscdkekshelmtestCluster35BA672BClusterSecurityGroupId": {
+ "Fn::GetAtt": [
+ "Cluster9EE0221C",
+ "ClusterSecurityGroupId"
+ ]
+ },
+ "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3BucketED778AE5Ref": {
+ "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470"
+ },
+ "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKey1EF18E8BRef": {
+ "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192"
+ },
+ "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket8229D3A2Ref": {
+ "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F"
+ },
+ "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKey0C91EE3ERef": {
+ "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055"
+ },
+ "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": {
+ "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90"
+ },
+ "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": {
+ "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212"
+ }
+ }
+ },
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
}
- }
- }
- ],
- "Version": "2012-10-17"
- }
- },
- "DependsOn": [
- "VpcIGWD7BA715C",
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
- "VpcPrivateSubnet1RouteTableB2C5B500",
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
- "VpcPrivateSubnet1Subnet536B997A",
- "VpcPrivateSubnet2DefaultRoute060D2087",
- "VpcPrivateSubnet2RouteTableA678073B",
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
- "VpcPrivateSubnet2Subnet3788AAA1",
- "VpcPublicSubnet1DefaultRoute3DA9E72A",
- "VpcPublicSubnet1EIPD7E02669",
- "VpcPublicSubnet1NATGateway4D7517AA",
- "VpcPublicSubnet1RouteTable6C95E38E",
- "VpcPublicSubnet1RouteTableAssociation97140677",
- "VpcPublicSubnet1Subnet5C2D37C4",
- "VpcPublicSubnet2DefaultRoute97F91067",
- "VpcPublicSubnet2RouteTable94F7E489",
- "VpcPublicSubnet2RouteTableAssociationDD5762D8",
- "VpcPublicSubnet2Subnet691E08A3",
- "Vpc8378EB38",
- "VpcVPCGWBF912B6E"
- ]
- },
- "ClusterCreationRoleDefaultPolicyE8BDFC7B": {
- "Type": "AWS::IAM::Policy",
- "Properties": {
- "PolicyDocument": {
- "Statement": [
- {
- "Action": "iam:PassRole",
- "Effect": "Allow",
- "Resource": {
- "Fn::GetAtt": [
- "ClusterRoleFA261979",
- "Arn"
- ]
- }
- },
- {
- "Action": [
- "eks:CreateCluster",
- "eks:CreateFargateProfile",
- "eks:DeleteCluster",
- "eks:DescribeCluster",
- "eks:DescribeUpdate",
- "eks:TagResource",
- "eks:UntagResource",
- "eks:UpdateClusterConfig",
- "eks:UpdateClusterVersion"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "eks:DeleteFargateProfile",
- "eks:DescribeFargateProfile"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "ec2:DescribeDhcpOptions",
- "ec2:DescribeInstances",
- "ec2:DescribeNetworkInterfaces",
- "ec2:DescribeRouteTables",
- "ec2:DescribeSecurityGroups",
- "ec2:DescribeSubnets",
- "ec2:DescribeVpcs",
- "iam:CreateServiceLinkedRole",
- "iam:GetRole",
- "iam:listAttachedRolePolicies"
- ],
- "Effect": "Allow",
- "Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B",
- "Roles": [
- {
- "Ref": "ClusterCreationRole360249B6"
- }
- ]
- },
- "DependsOn": [
- "VpcIGWD7BA715C",
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
- "VpcPrivateSubnet1RouteTableB2C5B500",
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
- "VpcPrivateSubnet1Subnet536B997A",
- "VpcPrivateSubnet2DefaultRoute060D2087",
- "VpcPrivateSubnet2RouteTableA678073B",
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
- "VpcPrivateSubnet2Subnet3788AAA1",
- "VpcPublicSubnet1DefaultRoute3DA9E72A",
- "VpcPublicSubnet1EIPD7E02669",
- "VpcPublicSubnet1NATGateway4D7517AA",
- "VpcPublicSubnet1RouteTable6C95E38E",
- "VpcPublicSubnet1RouteTableAssociation97140677",
- "VpcPublicSubnet1Subnet5C2D37C4",
- "VpcPublicSubnet2DefaultRoute97F91067",
- "VpcPublicSubnet2RouteTable94F7E489",
- "VpcPublicSubnet2RouteTableAssociationDD5762D8",
- "VpcPublicSubnet2Subnet691E08A3",
- "Vpc8378EB38",
- "VpcVPCGWBF912B6E"
- ]
- },
- "Cluster9EE0221C": {
- "Type": "Custom::AWSCDK-EKS-Cluster",
- "Properties": {
- "ServiceToken": {
- "Fn::GetAtt": [
- "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454",
- "Outputs.awscdkekshelmtestawscdkawseksClusterResourceProviderframeworkonEventFCDC8710Arn"
- ]
- },
- "Config": {
- "version": "1.21",
- "roleArn": {
- "Fn::GetAtt": [
- "ClusterRoleFA261979",
- "Arn"
- ]
- },
- "resourcesVpcConfig": {
- "subnetIds": [
- {
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
- },
- {
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
- },
- {
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
- },
- {
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
- }
- ],
- "securityGroupIds": [
- {
- "Fn::GetAtt": [
- "ClusterControlPlaneSecurityGroupD274242C",
- "GroupId"
- ]
- }
- ],
- "endpointPublicAccess": true,
- "endpointPrivateAccess": true
- },
- "tags": {
- "foo": "bar"
- },
- "logging": {
- "clusterLogging": [
- {
- "enabled": true,
- "types": [
- "api",
- "authenticator",
- "scheduler"
- ]
- }
- ]
- }
- },
- "AssumeRoleArn": {
- "Fn::GetAtt": [
- "ClusterCreationRole360249B6",
- "Arn"
- ]
- },
- "AttributesRevision": 2
- },
- "DependsOn": [
- "ClusterCreationRoleDefaultPolicyE8BDFC7B",
- "ClusterCreationRole360249B6",
- "VpcIGWD7BA715C",
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
- "VpcPrivateSubnet1RouteTableB2C5B500",
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
- "VpcPrivateSubnet1Subnet536B997A",
- "VpcPrivateSubnet2DefaultRoute060D2087",
- "VpcPrivateSubnet2RouteTableA678073B",
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
- "VpcPrivateSubnet2Subnet3788AAA1",
- "VpcPublicSubnet1DefaultRoute3DA9E72A",
- "VpcPublicSubnet1EIPD7E02669",
- "VpcPublicSubnet1NATGateway4D7517AA",
- "VpcPublicSubnet1RouteTable6C95E38E",
- "VpcPublicSubnet1RouteTableAssociation97140677",
- "VpcPublicSubnet1Subnet5C2D37C4",
- "VpcPublicSubnet2DefaultRoute97F91067",
- "VpcPublicSubnet2RouteTable94F7E489",
- "VpcPublicSubnet2RouteTableAssociationDD5762D8",
- "VpcPublicSubnet2Subnet691E08A3",
- "Vpc8378EB38",
- "VpcVPCGWBF912B6E"
- ],
- "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
- },
- "ClusterKubectlReadyBarrier200052AF": {
- "Type": "AWS::SSM::Parameter",
- "Properties": {
- "Type": "String",
- "Value": "aws:cdk:eks:kubectl-ready"
- },
- "DependsOn": [
- "ClusterCreationRoleDefaultPolicyE8BDFC7B",
- "ClusterCreationRole360249B6",
- "Cluster9EE0221C"
- ]
- },
- "ClusterAwsAuthmanifestFE51F8AE": {
- "Type": "Custom::AWSCDK-EKS-KubernetesResource",
- "Properties": {
- "ServiceToken": {
- "Fn::GetAtt": [
- "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
- "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn"
- ]
},
- "Manifest": {
- "Fn::Join": [
- "",
- [
- "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"",
- {
- "Fn::GetAtt": [
- "AdminRole38563C57",
- "Arn"
- ]
- },
- "\\\",\\\"username\\\":\\\"",
- {
- "Fn::GetAtt": [
- "AdminRole38563C57",
- "Arn"
- ]
- },
- "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"",
- {
- "Fn::GetAtt": [
- "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04",
- "Arn"
- ]
- },
- "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]"
- ]
- ]
- },
- "ClusterName": {
- "Ref": "Cluster9EE0221C"
- },
- "RoleArn": {
- "Fn::GetAtt": [
- "ClusterCreationRole360249B6",
- "Arn"
- ]
- },
- "PruneLabel": "aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6",
- "Overwrite": true
- },
- "DependsOn": [
- "ClusterKubectlReadyBarrier200052AF"
- ],
- "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
- },
- "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "Service": {
- "Fn::Join": [
- "",
- [
- "ec2.",
- {
- "Ref": "AWS::URLSuffix"
- }
- ]
- ]
+ "Outputs": {
+ "ClusterConfigCommand43AAE40F": {
+ "Value": {
+ "Fn::Join": [
+ "",
+ [
+ "aws eks update-kubeconfig --name ",
+ {
+ "Ref": "Cluster9EE0221C"
+ },
+ " --region ",
+ {
+ "Ref": "AWS::Region"
+ },
+ " --role-arn ",
+ {
+ "Fn::GetAtt": [
+ "AdminRole38563C57",
+ "Arn"
+ ]
+ }
+ ]
+ ]
+ }
+ },
+ "ClusterGetTokenCommand06AE992E": {
+ "Value": {
+ "Fn::Join": [
+ "",
+ [
+ "aws eks get-token --cluster-name ",
+ {
+ "Ref": "Cluster9EE0221C"
+ },
+ " --region ",
+ {
+ "Ref": "AWS::Region"
+ },
+ " --role-arn ",
+ {
+ "Fn::GetAtt": [
+ "AdminRole38563C57",
+ "Arn"
+ ]
+ }
+ ]
+ ]
+ }
}
- }
- }
- ],
- "Version": "2012-10-17"
},
- "ManagedPolicyArns": [
- {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
+ "Parameters": {
+ "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\""
},
- ":iam::aws:policy/AmazonEKSWorkerNodePolicy"
- ]
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
+ "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\""
},
- ":iam::aws:policy/AmazonEKS_CNI_Policy"
- ]
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
+ "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\""
},
- ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
- ]
- ]
- }
- ]
- }
- },
- "ClusterNodegroupDefaultCapacityDA0920A3": {
- "Type": "AWS::EKS::Nodegroup",
- "Properties": {
- "ClusterName": {
- "Ref": "Cluster9EE0221C"
- },
- "NodeRole": {
- "Fn::GetAtt": [
- "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04",
- "Arn"
- ]
- },
- "Subnets": [
- {
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
- },
- {
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
- }
- ],
- "AmiType": "AL2_x86_64",
- "ForceUpdateEnabled": true,
- "InstanceTypes": [
- "m5.large"
- ],
- "ScalingConfig": {
- "DesiredSize": 2,
- "MaxSize": 2,
- "MinSize": 2
- }
- }
- },
- "Clustercharttestchart9FD698EB": {
- "Type": "Custom::AWSCDK-EKS-HelmChart",
- "Properties": {
- "ServiceToken": {
- "Fn::GetAtt": [
- "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
- "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn"
- ]
- },
- "ClusterName": {
- "Ref": "Cluster9EE0221C"
- },
- "RoleArn": {
- "Fn::GetAtt": [
- "ClusterCreationRole360249B6",
- "Arn"
- ]
- },
- "Release": "awscdkekshelmtestclustercharttestchart0449715f",
- "ChartAssetURL": {
- "Fn::Join": [
- "",
- [
- "s3://",
- {
- "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB"
- },
- "/",
- {
- "Fn::Select": [
- 0,
- {
- "Fn::Split": [
- "||",
- {
- "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF"
- }
- ]
- }
- ]
- },
- {
- "Fn::Select": [
- 1,
- {
- "Fn::Split": [
- "||",
- {
- "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF"
- }
- ]
- }
- ]
- }
- ]
- ]
- },
- "Namespace": "default",
- "CreateNamespace": true
- },
- "DependsOn": [
- "ClusterKubectlReadyBarrier200052AF"
- ],
- "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
- },
- "Clustercharttestocichart9C188967": {
- "Type": "Custom::AWSCDK-EKS-HelmChart",
- "Properties": {
- "ServiceToken": {
- "Fn::GetAtt": [
- "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
- "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn"
- ]
- },
- "ClusterName": {
- "Ref": "Cluster9EE0221C"
- },
- "RoleArn": {
- "Fn::GetAtt": [
- "ClusterCreationRole360249B6",
- "Arn"
- ]
- },
- "Release": "s3-chart",
- "Chart": "s3-chart",
- "Version": "v0.0.19",
- "Namespace": "ack-system",
- "Repository": "oci://public.ecr.aws/aws-controllers-k8s/s3-chart",
- "CreateNamespace": true
- },
- "DependsOn": [
- "ClusterKubectlReadyBarrier200052AF"
- ],
- "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
- },
- "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": {
- "Type": "AWS::CloudFormation::Stack",
- "Properties": {
- "TemplateURL": {
- "Fn::Join": [
- "",
- [
- "https://s3.",
- {
- "Ref": "AWS::Region"
- },
- ".",
- {
- "Ref": "AWS::URLSuffix"
- },
- "/",
- {
- "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5"
- },
- "/",
- {
- "Fn::Select": [
- 0,
- {
- "Fn::Split": [
- "||",
- {
- "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0"
- }
- ]
- }
- ]
- },
- {
- "Fn::Select": [
- 1,
- {
- "Fn::Split": [
- "||",
- {
- "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0"
- }
- ]
- }
- ]
- }
- ]
- ]
- },
- "Parameters": {
- "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket085ACFA1Ref": {
- "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097"
- },
- "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey455E4CBARef": {
- "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224"
- },
- "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": {
- "Fn::GetAtt": [
- "ClusterCreationRole360249B6",
- "Arn"
- ]
- },
- "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketB798A51DRef": {
- "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6"
- },
- "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey8F1D43B7Ref": {
- "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B"
- },
- "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": {
- "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90"
- },
- "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": {
- "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212"
- }
- }
- },
- "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
- },
- "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": {
- "Type": "AWS::CloudFormation::Stack",
- "Properties": {
- "TemplateURL": {
- "Fn::Join": [
- "",
- [
- "https://s3.",
- {
- "Ref": "AWS::Region"
- },
- ".",
- {
- "Ref": "AWS::URLSuffix"
- },
- "/",
- {
- "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395"
- },
- "/",
- {
- "Fn::Select": [
- 0,
- {
- "Fn::Split": [
- "||",
- {
- "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48"
- }
- ]
- }
- ]
- },
- {
- "Fn::Select": [
- 1,
- {
- "Fn::Split": [
- "||",
- {
- "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48"
- }
- ]
- }
- ]
- }
- ]
- ]
- },
- "Parameters": {
- "referencetoawscdkekshelmtestCluster35BA672BArn": {
- "Fn::GetAtt": [
- "Cluster9EE0221C",
- "Arn"
- ]
- },
- "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": {
- "Fn::GetAtt": [
- "ClusterCreationRole360249B6",
- "Arn"
- ]
- },
- "referencetoawscdkekshelmtestAssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3Bucket5EAB45FARef": {
- "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB"
- },
- "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3BucketEC27A5F2Ref": {
- "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881"
- },
- "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey5772F015Ref": {
- "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2"
- },
- "referencetoawscdkekshelmtestVpcPrivateSubnet1Subnet3D2B5C0BRef": {
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
- },
- "referencetoawscdkekshelmtestVpcPrivateSubnet2SubnetF5E4AFE9Ref": {
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
- },
- "referencetoawscdkekshelmtestCluster35BA672BClusterSecurityGroupId": {
- "Fn::GetAtt": [
- "Cluster9EE0221C",
- "ClusterSecurityGroupId"
- ]
- },
- "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3BucketED778AE5Ref": {
- "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470"
- },
- "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKey1EF18E8BRef": {
- "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192"
- },
- "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket8229D3A2Ref": {
- "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F"
- },
- "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKey0C91EE3ERef": {
- "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055"
- },
- "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": {
- "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90"
- },
- "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": {
- "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212"
- }
+ "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\""
+ },
+ "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\""
+ },
+ "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deArtifactHashF1D4F18A": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\""
+ },
+ "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\""
+ },
+ "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\""
+ },
+ "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9ArtifactHash26B5BCAA": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\""
+ },
+ "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\""
+ },
+ "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\""
+ },
+ "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963ArtifactHash41646C3F": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\""
+ },
+ "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\""
+ },
+ "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\""
+ },
+ "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17ArtifactHash8FBD3E15": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\""
+ },
+ "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\""
+ },
+ "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\""
+ },
+ "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedArtifactHash2C972BAF": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\""
+ },
+ "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\""
+ },
+ "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\""
+ },
+ "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfArtifactHash5A9B7775": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\""
+ },
+ "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\""
+ },
+ "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\""
+ },
+ "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aArtifactHash46D16C3C": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\""
+ },
+ "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395": {
+ "Type": "String",
+ "Description": "S3 bucket for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\""
+ },
+ "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48": {
+ "Type": "String",
+ "Description": "S3 key for asset version \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\""
+ },
+ "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fArtifactHashDE639E14": {
+ "Type": "String",
+ "Description": "Artifact hash for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\""
+ }
}
- },
- "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
- }
- },
- "Outputs": {
- "ClusterConfigCommand43AAE40F": {
- "Value": {
- "Fn::Join": [
- "",
- [
- "aws eks update-kubeconfig --name ",
- {
- "Ref": "Cluster9EE0221C"
- },
- " --region ",
- {
- "Ref": "AWS::Region"
- },
- " --role-arn ",
- {
- "Fn::GetAtt": [
- "AdminRole38563C57",
- "Arn"
- ]
- }
- ]
- ]
- }
- },
- "ClusterGetTokenCommand06AE992E": {
- "Value": {
- "Fn::Join": [
- "",
- [
- "aws eks get-token --cluster-name ",
- {
- "Ref": "Cluster9EE0221C"
- },
- " --region ",
- {
- "Ref": "AWS::Region"
- },
- " --role-arn ",
- {
- "Fn::GetAtt": [
- "AdminRole38563C57",
- "Arn"
- ]
- }
- ]
- ]
- }
- }
- },
- "Parameters": {
- "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": {
- "Type": "String",
- "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\""
- },
- "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": {
- "Type": "String",
- "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\""
- },
- "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": {
- "Type": "String",
- "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\""
- },
- "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6": {
- "Type": "String",
- "Description": "S3 bucket for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\""
- },
- "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B": {
- "Type": "String",
- "Description": "S3 key for asset version \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\""
- },
- "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deArtifactHashF1D4F18A": {
- "Type": "String",
- "Description": "Artifact hash for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\""
- },
- "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90": {
- "Type": "String",
- "Description": "S3 bucket for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\""
- },
- "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212": {
- "Type": "String",
- "Description": "S3 key for asset version \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\""
- },
- "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9ArtifactHash26B5BCAA": {
- "Type": "String",
- "Description": "Artifact hash for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\""
- },
- "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881": {
- "Type": "String",
- "Description": "S3 bucket for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\""
- },
- "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2": {
- "Type": "String",
- "Description": "S3 key for asset version \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\""
- },
- "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963ArtifactHash41646C3F": {
- "Type": "String",
- "Description": "Artifact hash for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\""
- },
- "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470": {
- "Type": "String",
- "Description": "S3 bucket for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\""
- },
- "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192": {
- "Type": "String",
- "Description": "S3 key for asset version \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\""
- },
- "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17ArtifactHash8FBD3E15": {
- "Type": "String",
- "Description": "Artifact hash for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\""
- },
- "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F": {
- "Type": "String",
- "Description": "S3 bucket for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\""
- },
- "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055": {
- "Type": "String",
- "Description": "S3 key for asset version \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\""
- },
- "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedArtifactHash2C972BAF": {
- "Type": "String",
- "Description": "Artifact hash for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\""
- },
- "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB": {
- "Type": "String",
- "Description": "S3 bucket for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\""
- },
- "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF": {
- "Type": "String",
- "Description": "S3 key for asset version \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\""
- },
- "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfArtifactHash5A9B7775": {
- "Type": "String",
- "Description": "Artifact hash for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\""
- },
- "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5": {
- "Type": "String",
- "Description": "S3 bucket for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\""
- },
- "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0": {
- "Type": "String",
- "Description": "S3 key for asset version \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\""
- },
- "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aArtifactHash46D16C3C": {
- "Type": "String",
- "Description": "Artifact hash for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\""
- },
- "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395": {
- "Type": "String",
- "Description": "S3 bucket for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\""
- },
- "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48": {
- "Type": "String",
- "Description": "S3 key for asset version \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\""
- },
- "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fArtifactHashDE639E14": {
- "Type": "String",
- "Description": "Artifact hash for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\""
- }
- }
}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts
index 495c1eb19eb64..a347a8e7f2997 100644
--- a/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts
+++ b/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts
@@ -53,7 +53,7 @@ class EksClusterStack extends Stack {
chart: 's3-chart',
release: 's3-chart',
repository: 'oci://public.ecr.aws/aws-controllers-k8s/s3-chart',
- version: 'v0.0.19',
+ version: 'v0.1.0',
namespace: 'ack-system',
createNamespace: true,
});
From 2ec0fb8afe62c310f364634d00a3781fc8baefcc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Jun 2022 10:55:12 +0000
Subject: [PATCH 04/20] chore(deps): Bump awscli from 1.25.12 to 1.25.17 in
/packages/@aws-cdk/lambda-layer-awscli (#20883)
Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.12 to 1.25.17.
Changelog
Sourced from awscli's changelog.
1.25.17
- api-change:
glue: This release enables the new ListCrawls API for viewing the AWS Glue Crawler run history.
- api-change:
rds-data: Documentation updates for RDS Data API
1.25.16
- api-change:
lookoutequipment: This release adds visualizations to the scheduled inference results. Users will be able to see interference results, including diagnostic results from their running inference schedulers.
- api-change:
mediaconvert: AWS Elemental MediaConvert SDK has released support for automatic DolbyVision metadata generation when converting HDR10 to DolbyVision.
- api-change:
mgn: New and modified APIs for the Post-Migration Framework
- api-change:
migration-hub-refactor-spaces: This release adds the new API UpdateRoute that allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API will now allow users to create route in ACTIVE/INACTIVE state.
- api-change:
sagemaker: SageMaker Ground Truth now supports Virtual Private Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.
1.25.15
- api-change:
apigateway: Documentation updates for Amazon API Gateway
- api-change:
pricing: This release introduces 1 update to the GetProducts API. The serviceCode attribute is now required when you use the GetProductsRequest.
- api-change:
transfer: Until today, the service supported only RSA host keys and user keys. Now with this launch, Transfer Family has expanded the support for ECDSA and ED25519 host keys and user keys, enabling customers to support a broader set of clients by choosing RSA, ECDSA, and ED25519 host and user keys.
1.25.14
- api-change:
ec2: This release adds support for Private IP VPNs, a new feature allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over Direct Connect as transport.
- api-change:
ecs: Amazon ECS UpdateService now supports the following parameters: PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
- api-change:
wellarchitected: Adds support for lens tagging, Adds support for multiple helpful-resource urls and multiple improvement-plan urls.
1.25.13
- api-change:
ds: This release adds support for describing and updating AWS Managed Microsoft AD settings
- api-change:
kafka: Documentation updates to use Az Id during cluster creation.
- api-change:
outposts: This release adds the AssetLocation structure to the ListAssets response. AssetLocation includes the RackElevation for an Asset.
Commits
88d873e Merge branch 'release-1.25.17'b0022d9 Bumping version to 1.25.1709a4452 Update changelog based on model updates724f7d5 Merge branch 'release-1.25.16'd9c8146 Merge branch 'release-1.25.16' into develop3f653b6 Bumping version to 1.25.16c6c64cc Update changelog based on model updatesddbb3ae Merge branch 'release-1.25.15'c83eb8b Merge branch 'release-1.25.15' into developc67c649 Bumping version to 1.25.15- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
---
packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt
index 075f800d90ef1..1b100d40a84b6 100644
--- a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt
+++ b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt
@@ -1 +1 @@
-awscli==1.25.12
+awscli==1.25.17
From b368a315cab0cedf03298083f5f1fb809bd1d1f2 Mon Sep 17 00:00:00 2001
From: flemjame-at-amazon
<57235867+flemjame-at-amazon@users.noreply.github.com>
Date: Mon, 27 Jun 2022 11:02:29 -0400
Subject: [PATCH 05/20] fix(apigateway): Explicitly test for undefined instead
of falsey for stage default options (#20868)
Fixes https://github.com/aws/aws-cdk/issues/20860
Default options for throttling burst and rate limits could be interpreted incorrectly as undefined if they were set to zero.
----
### All Submissions:
* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
packages/@aws-cdk/aws-apigateway/lib/stage.ts | 2 +-
.../aws-apigateway/test/stage.test.ts | 27 +++++++++++++++++++
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/packages/@aws-cdk/aws-apigateway/lib/stage.ts b/packages/@aws-cdk/aws-apigateway/lib/stage.ts
index ab8340243a34b..846eebfc5d613 100644
--- a/packages/@aws-cdk/aws-apigateway/lib/stage.ts
+++ b/packages/@aws-cdk/aws-apigateway/lib/stage.ts
@@ -310,7 +310,7 @@ export class Stage extends Resource implements IStage {
};
// if any of them are defined, add an entry for '/*/*'.
- const hasCommonOptions = Object.keys(commonMethodOptions).map(v => (commonMethodOptions as any)[v]).filter(x => x).length > 0;
+ const hasCommonOptions = Object.keys(commonMethodOptions).map(v => (commonMethodOptions as any)[v]).filter(x => x !== undefined).length > 0;
if (hasCommonOptions) {
settings.push(renderEntry('/*/*', commonMethodOptions));
}
diff --git a/packages/@aws-cdk/aws-apigateway/test/stage.test.ts b/packages/@aws-cdk/aws-apigateway/test/stage.test.ts
index 76d07c6e2b4b3..b4181ce2f1af0 100644
--- a/packages/@aws-cdk/aws-apigateway/test/stage.test.ts
+++ b/packages/@aws-cdk/aws-apigateway/test/stage.test.ts
@@ -2,6 +2,7 @@ import { Template } from '@aws-cdk/assertions';
import * as logs from '@aws-cdk/aws-logs';
import * as cdk from '@aws-cdk/core';
import * as apigateway from '../lib';
+import { ApiDefinition } from '../lib';
describe('stage', () => {
test('minimal setup', () => {
@@ -396,4 +397,30 @@ describe('stage', () => {
accessLogFormat: testFormat,
})).toThrow(/Access log format is specified without a destination/);
});
+
+ test('default throttling settings', () => {
+ // GIVEN
+ const stack = new cdk.Stack();
+ new apigateway.SpecRestApi(stack, 'testapi', {
+ apiDefinition: ApiDefinition.fromInline({
+ openapi: '3.0.2',
+ }),
+ deployOptions: {
+ throttlingBurstLimit: 0,
+ throttlingRateLimit: 0,
+ metricsEnabled: false,
+ },
+ });
+
+ // THEN
+ Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Stage', {
+ MethodSettings: [{
+ DataTraceEnabled: false,
+ HttpMethod: '*',
+ ResourcePath: '/*',
+ ThrottlingBurstLimit: 0,
+ ThrottlingRateLimit: 0,
+ }],
+ });
+ });
});
From 2151a0e9b988723e050e6f37ed1780cced16c519 Mon Sep 17 00:00:00 2001
From: Henry Wilson
Date: Mon, 27 Jun 2022 16:40:01 +0100
Subject: [PATCH 06/20] feat(rds): add missing aurora postgres versions
(#20830)
Add new Postgres versions which are already available in AWS.
----
### All Submissions:
* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
packages/@aws-cdk/aws-rds/lib/cluster-engine.ts | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts
index becd82503f626..c757f6f45d528 100644
--- a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts
+++ b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts
@@ -501,6 +501,8 @@ export class AuroraPostgresEngineVersion {
public static readonly VER_10_19 = AuroraPostgresEngineVersion.of('10.19', '10', { s3Import: true, s3Export: true });
/** Version "10.20". */
public static readonly VER_10_20 = AuroraPostgresEngineVersion.of('10.20', '10', { s3Import: true, s3Export: true });
+ /** Version "10.21". */
+ public static readonly VER_10_21 = AuroraPostgresEngineVersion.of('10.21', '10', { s3Import: true, s3Export: true });
/** Version "11.4". */
public static readonly VER_11_4 = AuroraPostgresEngineVersion.of('11.4', '11', { s3Import: true });
/** Version "11.6". */
@@ -519,6 +521,8 @@ export class AuroraPostgresEngineVersion {
public static readonly VER_11_14 = AuroraPostgresEngineVersion.of('11.14', '11', { s3Import: true, s3Export: true });
/** Version "11.15". */
public static readonly VER_11_15 = AuroraPostgresEngineVersion.of('11.15', '11', { s3Import: true, s3Export: true });
+ /** Version "11.16". */
+ public static readonly VER_11_16 = AuroraPostgresEngineVersion.of('11.16', '11', { s3Import: true, s3Export: true });
/** Version "12.4". */
public static readonly VER_12_4 = AuroraPostgresEngineVersion.of('12.4', '12', { s3Import: true, s3Export: true });
/** Version "12.6". */
@@ -529,6 +533,8 @@ export class AuroraPostgresEngineVersion {
public static readonly VER_12_9 = AuroraPostgresEngineVersion.of('12.9', '12', { s3Import: true, s3Export: true });
/** Version "12.10". */
public static readonly VER_12_10 = AuroraPostgresEngineVersion.of('12.10', '12', { s3Import: true, s3Export: true });
+ /** Version "12.11". */
+ public static readonly VER_12_11 = AuroraPostgresEngineVersion.of('12.11', '12', { s3Import: true, s3Export: true });
/** Version "13.3". */
public static readonly VER_13_3 = AuroraPostgresEngineVersion.of('13.3', '13', { s3Import: true, s3Export: true });
/** Version "13.4". */
@@ -537,6 +543,8 @@ export class AuroraPostgresEngineVersion {
public static readonly VER_13_5 = AuroraPostgresEngineVersion.of('13.5', '13', { s3Import: true, s3Export: true });
/** Version "13.6". */
public static readonly VER_13_6 = AuroraPostgresEngineVersion.of('13.6', '13', { s3Import: true, s3Export: true });
+ /** Version "13.7". */
+ public static readonly VER_13_7 = AuroraPostgresEngineVersion.of('13.7', '13', { s3Import: true, s3Export: true });
/**
* Create a new AuroraPostgresEngineVersion with an arbitrary version.
From b1e6d62ed6b6ede0362d0a68d804660e84efe5cb Mon Sep 17 00:00:00 2001
From: AKBarcenas <9867993+AKBarcenas@users.noreply.github.com>
Date: Mon, 27 Jun 2022 22:45:43 -0700
Subject: [PATCH 07/20] feat(appmesh): ipv6 support for app mesh (#20766)
App Mesh has released IPv6 support. This has been exposed in the form of IP preferences which have been added to the Mesh and Virtual Node resources. IP preferences are optional for both resources and there is no default IP preference that is applied by App Mesh.
The following are samples of App Mesh resources with IP preferences configured.
```
# Mesh
"spec": {
"serviceDiscovery": {
"ipPreference": "IPv6_PREFERRED"
}
}
```
```
# Virtual Node
"spec": {
"listeners": [
{
"healthCheck": {
"healthyThreshold": 2,
"intervalMillis": 5000,
"path": "/ping",
"protocol": "http",
"timeoutMillis": 2000,
"unhealthyThreshold": 2
},
"portMapping": {
"port": 9080,
"protocol": "http"
}
}
],
"serviceDiscovery": {
"dns": {
"hostname": "colorteller-red.default.svc.cluster.local",
"ipPreference": "IPv4_ONLY"
}
}
}
```
IP preferences on a Mesh apply the preference to all Virtual Nodes contained within that Mesh. IP preferences set on a Virtual Node will only apply to that particular Virtual Node. Additionally, Virtual Node IP preferences will override the Mesh IP preference if there is one present.
There are three areas in which the IP preference impacts how Envoy configuration generation. Firstly, setting any IP preference will change the Envoy's listeners (ingress and egress) to bind to IPv4 and IPv6 allowing the Envoy to serve all traffic from both IP versions. Secondly, the IP version specified in the name of the preference will be the IP version used for sending traffic to the local application for Envoys running as a sidecar to an application. (IPv4_ONLY/PREFERRED - IPv4, IPv6_ONLY/PREFERRED - IPv6) Lastly, it will impact how each service discovery option will be treated. For CloudMap service discovery, ONLY options will only return IPs from CloudMap for the matching version type and PREFERRED options will first used the primary IP version first and fall back to the other IP version for the IPs returned from CloudMap. For DNS service discovery, it will be similar to CloudMap service discovery in terms of only using one IP version or fall back behavior. However, this will come in the form of changing the Envoy's DNS resolver to exhibit this behavior when performing DNS resolution.
This is a summarized version of the feature. For more details, a more thorough write up can be found here: https://github.com/aws/aws-app-mesh-examples/tree/main/walkthroughs/howto-ipv6#ip-preferences-in-meshes-and-virtual-nodes
Closes #20737
### All Submissions:
* [Y] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [N] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [Y] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [Y] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
packages/@aws-cdk/aws-appmesh/README.md | 53 ++++++++
packages/@aws-cdk/aws-appmesh/lib/mesh.ts | 9 ++
.../aws-appmesh/lib/service-discovery.ts | 66 +++++++++-
.../@aws-cdk/aws-appmesh/test/integ.mesh.ts | 7 +-
.../test/mesh.integ.snapshot/cdk.out | 2 +-
.../test/mesh.integ.snapshot/integ.json | 4 +-
.../test/mesh.integ.snapshot/manifest.json | 8 +-
.../mesh-stack.assets.json | 19 +++
.../mesh-stack.template.json | 14 +-
.../test/mesh.integ.snapshot/tree.json | 36 ++++-
.../@aws-cdk/aws-appmesh/test/mesh.test.ts | 23 ++++
.../aws-appmesh/test/virtual-node.test.ts | 123 ++++++++++++++++++
12 files changed, 349 insertions(+), 15 deletions(-)
create mode 100644 packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json
diff --git a/packages/@aws-cdk/aws-appmesh/README.md b/packages/@aws-cdk/aws-appmesh/README.md
index d168d56c73a7e..9e1f46e84ee96 100644
--- a/packages/@aws-cdk/aws-appmesh/README.md
+++ b/packages/@aws-cdk/aws-appmesh/README.md
@@ -49,6 +49,17 @@ const mesh = new appmesh.Mesh(this, 'AppMesh', {
});
```
+A mesh with an IP preference can be created by providing the property `serviceDiscovery` that specifes an `ipPreference`.
+
+```ts
+const mesh = new appmesh.Mesh(this, 'AppMesh', {
+ meshName: 'myAwsMesh',
+ serviceDiscovery: {
+ ipPreference: appmesh.IpPreference.IPV4_ONLY,
+ },
+});
+```
+
## Adding VirtualRouters
A _mesh_ uses _virtual routers_ as logical units to route requests to _virtual nodes_.
@@ -425,6 +436,48 @@ const gateway = new appmesh.VirtualGateway(this, 'gateway', {
});
```
+### Adding an IP Preference to a Virtual Node
+
+An `ipPreference` can be specified as part of a Virtual Node's service discovery. An IP preference defines how clients for this Virtual Node will interact with it.
+
+There a four different IP preferences available to use which each specify what IP versions this Virtual Node will use and prefer.
+
+- `IPv4_ONLY` - Only use IPv4. For CloudMap service discovery, only IPv4 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv4.
+
+- `IPv4_PREFERRED` - Prefer IPv4 and fall back to IPv6. For CloudMap service discovery, an IPv4 address will be used if returned from CloudMap. Otherwise, an IPv6 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv4 and fall back to IPv6.
+
+- `IPv6_ONLY` - Only use IPv6. For CloudMap service discovery, only IPv6 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv6.
+
+- `IPv6_PREFERRED` - Prefer IPv6 and fall back to IPv4. For CloudMap service discovery, an IPv6 address will be used if returned from CloudMap. Otherwise, an IPv4 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv6 and fall back to IPv4.
+
+```ts
+const mesh = new appmesh.Mesh(stack, 'mesh', {
+ meshName: 'mesh-with-preference',
+});
+
+// Virtual Node with DNS service discovery and an IP preference
+const dnsNode = new appmesh.VirtualNode(stack, 'dns-node', {
+ mesh,
+ serviceDiscovery: appmesh.ServiceDiscovery.dns('test', appmesh.DnsResponseType.LOAD_BALANCER, appmesh.IpPreference.IPV4_ONLY),
+});
+
+// Virtual Node with CloudMap service discovery and an IP preference
+const vpc = new ec2.Vpc(stack, 'vpc');
+const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', {
+ vpc,
+ name: 'domain.local',
+});
+const service = namespace.createService('Svc');
+
+const instanceAttribute : { [key: string]: string} = {};
+instanceAttribute.testKey = 'testValue';
+
+const cloudmapNode = new appmesh.VirtualNode(stack, 'cloudmap-node', {
+ mesh,
+ serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service, instanceAttribute, appmesh.IpPreference.IPV4_ONLY),
+});
+```
+
## Adding a Route
A _route_ matches requests with an associated virtual router and distributes traffic to its associated virtual nodes.
diff --git a/packages/@aws-cdk/aws-appmesh/lib/mesh.ts b/packages/@aws-cdk/aws-appmesh/lib/mesh.ts
index 3983a58c25742..a54689130fb63 100644
--- a/packages/@aws-cdk/aws-appmesh/lib/mesh.ts
+++ b/packages/@aws-cdk/aws-appmesh/lib/mesh.ts
@@ -1,6 +1,7 @@
import * as cdk from '@aws-cdk/core';
import { Construct } from 'constructs';
import { CfnMesh } from './appmesh.generated';
+import { MeshServiceDiscovery } from './service-discovery';
import { VirtualGateway, VirtualGatewayBaseProps } from './virtual-gateway';
import { VirtualNode, VirtualNodeBaseProps } from './virtual-node';
import { VirtualRouter, VirtualRouterBaseProps } from './virtual-router';
@@ -124,6 +125,13 @@ export interface MeshProps {
* @default DROP_ALL
*/
readonly egressFilter?: MeshFilterType;
+
+ /**
+ * Defines how upstream clients will discover VirtualNodes in the Mesh
+ *
+ * @default - No Service Discovery
+ */
+ readonly serviceDiscovery?: MeshServiceDiscovery;
}
/**
@@ -187,6 +195,7 @@ export class Mesh extends MeshBase {
egressFilter: props.egressFilter ? {
type: props.egressFilter,
} : undefined,
+ serviceDiscovery: props.serviceDiscovery,
},
});
diff --git a/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts b/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts
index 0cd08280c2c28..660e3aeb7ca05 100644
--- a/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts
+++ b/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts
@@ -2,6 +2,52 @@ import * as cloudmap from '@aws-cdk/aws-servicediscovery';
import { Construct } from 'constructs';
import { CfnVirtualNode } from './appmesh.generated';
+/**
+ * Enum of supported IP preferences.
+ * Used to dictate the IP version for mesh wide and virtual node service discovery.
+ * Also used to specify the IP version that a sidecar Envoy uses when sending traffic to a local application.
+ */
+
+export enum IpPreference {
+ /**
+ * Use IPv4 when sending traffic to a local application.
+ * Only use IPv4 for service discovery.
+ */
+ IPV4_ONLY = 'IPv4_ONLY',
+ /**
+ * Use IPv4 when sending traffic to a local application.
+ * First attempt to use IPv4 and fall back to IPv6 for service discovery.
+ */
+ IPV4_PREFERRED = 'IPv4_PREFERRED',
+ /**
+ * Use IPv6 when sending traffic to a local application.
+ * Only use IPv6 for service discovery.
+ */
+ IPV6_ONLY = 'IPv6_ONLY',
+ /**
+ * Use IPv6 when sending traffic to a local application.
+ * First attempt to use IPv6 and fall back to IPv4 for service discovery.
+ */
+ IPV6_PREFERRED = 'IPv6_PREFERRED'
+}
+
+/**
+ * Properties for Mesh Service Discovery
+ */
+export interface MeshServiceDiscovery {
+ /**
+ * IP preference applied to all Virtual Nodes in the Mesh
+ *
+ * @default - No IP preference is applied to any of the Virtual Nodes in the Mesh.
+ * Virtual Nodes without an IP preference will have the following configured.
+ * Envoy listeners are configured to bind only to IPv4.
+ * Envoy will use IPv4 when sending traffic to a local application.
+ * For DNS service discovery, the Envoy DNS resolver to prefer using IPv6 and fall back to IPv4.
+ * For CloudMap service discovery, App Mesh will prefer using IPv4 and fall back to IPv6 for IPs returned by CloudMap.
+ */
+ readonly ipPreference?: IpPreference;
+}
+
/**
* Properties for VirtualNode Service Discovery
*/
@@ -48,9 +94,10 @@ export abstract class ServiceDiscovery {
* @param hostname
* @param responseType Specifies the DNS response type for the virtual node.
* The default is `DnsResponseType.LOAD_BALANCER`.
+ * @param ipPreference No IP preference is applied to the Virtual Node.
*/
- public static dns(hostname: string, responseType?: DnsResponseType): ServiceDiscovery {
- return new DnsServiceDiscovery(hostname, responseType);
+ public static dns(hostname: string, responseType?: DnsResponseType, ipPreference?: IpPreference): ServiceDiscovery {
+ return new DnsServiceDiscovery(hostname, responseType, ipPreference);
}
/**
@@ -61,9 +108,10 @@ export abstract class ServiceDiscovery {
* filter instances by any custom attribute that you specified when you
* registered the instance. Only instances that match all of the specified
* key/value pairs will be returned.
+ * @param ipPreference No IP preference is applied to the Virtual Node.
*/
- public static cloudMap(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}): ServiceDiscovery {
- return new CloudMapServiceDiscovery(service, instanceAttributes);
+ public static cloudMap(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}, ipPreference?: IpPreference): ServiceDiscovery {
+ return new CloudMapServiceDiscovery(service, instanceAttributes, ipPreference);
}
/**
@@ -75,11 +123,13 @@ export abstract class ServiceDiscovery {
class DnsServiceDiscovery extends ServiceDiscovery {
private readonly hostname: string;
private readonly responseType?: DnsResponseType;
+ private readonly ipPreference?: IpPreference;
- constructor(hostname: string, responseType?: DnsResponseType) {
+ constructor(hostname: string, responseType?: DnsResponseType, ipPreference?: IpPreference) {
super();
this.hostname = hostname;
this.responseType = responseType;
+ this.ipPreference = ipPreference;
}
public bind(_scope: Construct): ServiceDiscoveryConfig {
@@ -87,6 +137,7 @@ class DnsServiceDiscovery extends ServiceDiscovery {
dns: {
hostname: this.hostname,
responseType: this.responseType,
+ ipPreference: this.ipPreference,
},
};
}
@@ -95,11 +146,13 @@ class DnsServiceDiscovery extends ServiceDiscovery {
class CloudMapServiceDiscovery extends ServiceDiscovery {
private readonly service: cloudmap.IService;
private readonly instanceAttributes?: {[key: string]: string};
+ private readonly ipPreference?: IpPreference;
- constructor(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}) {
+ constructor(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}, ipPreference?: IpPreference) {
super();
this.service = service;
this.instanceAttributes = instanceAttributes;
+ this.ipPreference = ipPreference;
}
public bind(_scope: Construct): ServiceDiscoveryConfig {
@@ -108,6 +161,7 @@ class CloudMapServiceDiscovery extends ServiceDiscovery {
namespaceName: this.service.namespace.namespaceName,
serviceName: this.service.serviceName,
attributes: renderAttributes(this.instanceAttributes),
+ ipPreference: this.ipPreference,
},
};
}
diff --git a/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts b/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts
index b01bb32cde119..7d731d1c41e3e 100644
--- a/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts
+++ b/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts
@@ -17,6 +17,11 @@ const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', {
});
const mesh = new appmesh.Mesh(stack, 'mesh');
+new appmesh.Mesh(stack, 'mesh-with-preference', {
+ serviceDiscovery: {
+ ipPreference: appmesh.IpPreference.IPV4_ONLY,
+ },
+});
const router = mesh.addVirtualRouter('router', {
listeners: [
appmesh.VirtualRouterListener.http(),
@@ -29,7 +34,7 @@ const virtualService = new appmesh.VirtualService(stack, 'service', {
});
const node = mesh.addVirtualNode('node', {
- serviceDiscovery: appmesh.ServiceDiscovery.dns(`node1.${namespace.namespaceName}`),
+ serviceDiscovery: appmesh.ServiceDiscovery.dns(`node1.${namespace.namespaceName}`, undefined, appmesh.IpPreference.IPV4_ONLY),
listeners: [appmesh.VirtualNodeListener.http({
healthCheck: appmesh.HealthCheck.http({
healthyThreshold: 3,
diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out
index 90bef2e09ad39..588d7b269d34f 100644
--- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out
+++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"17.0.0"}
\ No newline at end of file
+{"version":"20.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json
index 671de3cf8cc9d..ff8d8d70dc87d 100644
--- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json
+++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json
@@ -1,7 +1,7 @@
{
- "version": "18.0.0",
+ "version": "20.0.0",
"testCases": {
- "aws-appmesh/test/integ.mesh": {
+ "integ.mesh": {
"stacks": [
"mesh-stack"
],
diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json
index df8e09ee867e7..b9570ecb05daf 100644
--- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json
+++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
{
- "version": "17.0.0",
+ "version": "20.0.0",
"artifacts": {
"Tree": {
"type": "cdk:tree",
@@ -291,6 +291,12 @@
"data": "meshgateway1gateway1routegrpc2FAC1FF36"
}
],
+ "/mesh-stack/mesh-with-preference/Resource": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "meshwithpreferenceCC9682C9"
+ }
+ ],
"/mesh-stack/service/Resource": [
{
"type": "aws:cdk:logicalId",
diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json
new file mode 100644
index 0000000000000..9de4bc9bd2808
--- /dev/null
+++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json
@@ -0,0 +1,19 @@
+{
+ "version": "20.0.0",
+ "files": {
+ "be244c434fce5ce2d030a96121c147910d423314d1807320ddf66a562a53550d": {
+ "source": {
+ "path": "mesh-stack.template.json",
+ "packaging": "file"
+ },
+ "destinations": {
+ "current_account-current_region": {
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+ "objectKey": "be244c434fce5ce2d030a96121c147910d423314d1807320ddf66a562a53550d.json",
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+ }
+ }
+ }
+ },
+ "dockerImages": {}
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json
index 8b1fbd80e67cf..4e7ce6d367c42 100644
--- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json
+++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json
@@ -969,7 +969,8 @@
],
"ServiceDiscovery": {
"DNS": {
- "Hostname": "node1.domain.local"
+ "Hostname": "node1.domain.local",
+ "IpPreference": "IPv4_ONLY"
}
}
},
@@ -1672,6 +1673,17 @@
"GatewayRouteName": "meshstackmeshgateway1gateway1routegrpc2AE8379FD"
}
},
+ "meshwithpreferenceCC9682C9": {
+ "Type": "AWS::AppMesh::Mesh",
+ "Properties": {
+ "MeshName": "meshstackmeshwithpreference13C624E1",
+ "Spec": {
+ "ServiceDiscovery": {
+ "IpPreference": "IPv4_ONLY"
+ }
+ }
+ }
+ },
"service6D174F83": {
"Type": "AWS::AppMesh::VirtualService",
"Properties": {
diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json
index 5aeb8219f3405..26fb8d5db0edd 100644
--- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json
+++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json
@@ -8,8 +8,8 @@
"id": "Tree",
"path": "Tree",
"constructInfo": {
- "fqn": "@aws-cdk/core.Construct",
- "version": "0.0.0"
+ "fqn": "constructs.Construct",
+ "version": "10.0.9"
}
},
"mesh-stack": {
@@ -1464,7 +1464,8 @@
],
"serviceDiscovery": {
"dns": {
- "hostname": "node1.domain.local"
+ "hostname": "node1.domain.local",
+ "ipPreference": "IPv4_ONLY"
}
}
},
@@ -2382,6 +2383,35 @@
"version": "0.0.0"
}
},
+ "mesh-with-preference": {
+ "id": "mesh-with-preference",
+ "path": "mesh-stack/mesh-with-preference",
+ "children": {
+ "Resource": {
+ "id": "Resource",
+ "path": "mesh-stack/mesh-with-preference/Resource",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::AppMesh::Mesh",
+ "aws:cdk:cloudformation:props": {
+ "meshName": "meshstackmeshwithpreference13C624E1",
+ "spec": {
+ "serviceDiscovery": {
+ "ipPreference": "IPv4_ONLY"
+ }
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-appmesh.CfnMesh",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-appmesh.Mesh",
+ "version": "0.0.0"
+ }
+ },
"service": {
"id": "service",
"path": "mesh-stack/service",
diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts b/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts
index e8f7588e59f4f..7969720001186 100644
--- a/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts
+++ b/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts
@@ -24,6 +24,29 @@ describe('mesh', () => {
});
describe('with spec applied', () => {
+ test('should take IP preference from props', () => {
+ // GIVEN
+ const stack = new cdk.Stack();
+
+ // WHEN
+ new appmesh.Mesh(stack, 'mesh', {
+ meshName: 'test-mesh',
+ serviceDiscovery: {
+ ipPreference: appmesh.IpPreference.IPV4_ONLY,
+ },
+ });
+
+ // THEN
+ Template.fromStack(stack).
+ hasResourceProperties('AWS::AppMesh::Mesh', {
+ Spec: {
+ ServiceDiscovery: {
+ IpPreference: 'IPv4_ONLY',
+ },
+ },
+ });
+ });
+
test('should take egress filter from props', () => {
// GIVEN
const stack = new cdk.Stack();
diff --git a/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts b/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts
index f419f7ac41733..24712b76d99e6 100644
--- a/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts
+++ b/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts
@@ -1,7 +1,9 @@
import { Match, Template } from '@aws-cdk/assertions';
import * as acmpca from '@aws-cdk/aws-acmpca';
import * as acm from '@aws-cdk/aws-certificatemanager';
+import * as ec2 from '@aws-cdk/aws-ec2';
import * as iam from '@aws-cdk/aws-iam';
+import * as cloudmap from '@aws-cdk/aws-servicediscovery';
import * as cdk from '@aws-cdk/core';
import * as appmesh from '../lib';
@@ -954,6 +956,32 @@ describe('virtual node', () => {
});
describe('with DNS service discovery', () => {
+ test('with basic configuration and without optional fields', () => {
+ // GIVEN
+ const stack = new cdk.Stack();
+
+ const mesh = new appmesh.Mesh(stack, 'mesh', {
+ meshName: 'test-mesh',
+ });
+
+ // WHEN
+ new appmesh.VirtualNode(stack, 'test-node', {
+ mesh,
+ serviceDiscovery: appmesh.ServiceDiscovery.dns('test'),
+ });
+
+ // THEN
+ Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', {
+ Spec: {
+ ServiceDiscovery: {
+ DNS: {
+ Hostname: 'test',
+ },
+ },
+ },
+ });
+ });
+
test('should allow set response type', () => {
// GIVEN
const stack = new cdk.Stack();
@@ -980,6 +1008,101 @@ describe('virtual node', () => {
},
});
});
+
+ test('has an IP Preference applied', () => {
+ // GIVEN
+ const stack = new cdk.Stack();
+
+ const mesh = new appmesh.Mesh(stack, 'mesh', {
+ meshName: 'test-mesh',
+ });
+
+ // WHEN
+ new appmesh.VirtualNode(stack, 'test-node', {
+ mesh,
+ serviceDiscovery: appmesh.ServiceDiscovery.dns('test', appmesh.DnsResponseType.LOAD_BALANCER, appmesh.IpPreference.IPV4_ONLY),
+ });
+
+ // THEN
+ Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', {
+ Spec: {
+ ServiceDiscovery: {
+ DNS: {
+ Hostname: 'test',
+ ResponseType: 'LOADBALANCER',
+ IpPreference: 'IPv4_ONLY',
+ },
+ },
+ },
+ });
+ });
+ });
+
+ describe('with CloudMap service discovery', () => {
+ test('with basic configuration and without optional fields', () => {
+ // GIVEN
+ const stack = new cdk.Stack();
+ const mesh = new appmesh.Mesh(stack, 'mesh', {
+ meshName: 'test-mesh',
+ });
+ const vpc = new ec2.Vpc(stack, 'vpc');
+ const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', {
+ vpc,
+ name: 'domain.local',
+ });
+ const service = namespace.createService('Svc');
+
+ // WHEN
+ new appmesh.VirtualNode(stack, 'test-node', {
+ mesh,
+ serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service),
+ });
+
+ // THEN
+ Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', {
+ Spec: {
+ ServiceDiscovery: {
+ AWSCloudMap: {
+ NamespaceName: 'domain.local',
+ ServiceName: { 'Fn::GetAtt': ['testnamespaceSvcB55702EC', 'Name'] },
+ },
+ },
+ },
+ });
+ });
+
+ test('has an IP Preference applied', () => {
+ // GIVEN
+ const stack = new cdk.Stack();
+ const mesh = new appmesh.Mesh(stack, 'mesh', {
+ meshName: 'test-mesh',
+ });
+ const vpc = new ec2.Vpc(stack, 'vpc');
+ const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', {
+ vpc,
+ name: 'domain.local',
+ });
+ const service = namespace.createService('Svc');
+
+ // WHEN
+ new appmesh.VirtualNode(stack, 'test-node', {
+ mesh,
+ serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service, undefined, appmesh.IpPreference.IPV4_ONLY),
+ });
+
+ // THEN
+ Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', {
+ Spec: {
+ ServiceDiscovery: {
+ AWSCloudMap: {
+ NamespaceName: 'domain.local',
+ ServiceName: { 'Fn::GetAtt': ['testnamespaceSvcB55702EC', 'Name'] },
+ IpPreference: 'IPv4_ONLY',
+ },
+ },
+ },
+ });
+ });
});
describe('with listener and without service discovery', () => {
From ee37ed58ba6164dd9570634b0b2143a8d97237d3 Mon Sep 17 00:00:00 2001
From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com>
Date: Tue, 28 Jun 2022 09:20:09 +0100
Subject: [PATCH 08/20] chore: advertise construct hub on the readme (#20844)
----
### All Submissions:
* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index 18ad57cc46e65..b91cc2e44fad7 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,8 @@
[](https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk)
[](https://mergify.io)
+[](https://constructs.dev/packages/aws-cdk-lib)
+
The **AWS Cloud Development Kit (AWS CDK)** is an open-source software development
framework to define cloud infrastructure in code and provision it through AWS CloudFormation.
From 2566017a83ec4f9c2c5cefda4585a3f71e3516e7 Mon Sep 17 00:00:00 2001
From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com>
Date: Tue, 28 Jun 2022 09:56:40 +0100
Subject: [PATCH 09/20] feat(lambda): grant function permissions to an AWS
organization (#19975)
Closes #19538, also fixes #20146. I combined them because they touch the same surface area and it would be too hairy to separate them out.
See [lambda docs](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-xorginvoke) for this feature.
Introduces functionality to grant permissions to an organization in the following ways:
```ts
declare const fn = new lambda.Function;
// grant to an organization
fn.grantInvoke(iam.OrganizationPrincipal('o-xxxxxxxxxx');
// grant to an account in an organization
fn.grantInvoke(iam.AccountPrincipal('123456789012').inOrganization('o-xxxxxxxxxx'));
```
----
### All Submissions:
* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
packages/@aws-cdk/aws-lambda/README.md | 68 ++++++--
.../@aws-cdk/aws-lambda/lib/function-base.ts | 86 ++++++++--
.../@aws-cdk/aws-lambda/lib/permission.ts | 30 +++-
.../@aws-cdk/aws-lambda/test/function.test.ts | 128 +++++++++++++-
.../aws-lambda/test/integ.permissions.ts | 17 ++
.../test/permissions.integ.snapshot/cdk.out | 1 +
.../permissions.integ.snapshot/integ.json | 14 ++
.../lambda-permissions.assets.json | 19 +++
.../lambda-permissions.template.json | 82 +++++++++
.../permissions.integ.snapshot/manifest.json | 64 +++++++
.../test/permissions.integ.snapshot/tree.json | 158 ++++++++++++++++++
11 files changed, 630 insertions(+), 37 deletions(-)
create mode 100644 packages/@aws-cdk/aws-lambda/test/integ.permissions.ts
create mode 100644 packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/cdk.out
create mode 100644 packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/integ.json
create mode 100644 packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.assets.json
create mode 100644 packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.template.json
create mode 100644 packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/manifest.json
create mode 100644 packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/tree.json
diff --git a/packages/@aws-cdk/aws-lambda/README.md b/packages/@aws-cdk/aws-lambda/README.md
index 9f186d471d173..1db33fbd80631 100644
--- a/packages/@aws-cdk/aws-lambda/README.md
+++ b/packages/@aws-cdk/aws-lambda/README.md
@@ -155,12 +155,13 @@ if (fn.timeout) {
AWS Lambda supports resource-based policies for controlling access to Lambda
functions and layers on a per-resource basis. In particular, this allows you to
-give permission to AWS services and other AWS accounts to modify and invoke your
-functions. You can also restrict permissions given to AWS services by providing
-a source account or ARN (representing the account and identifier of the resource
-that accesses the function or layer).
+give permission to AWS services, AWS Organizations, or other AWS accounts to
+modify and invoke your functions.
+
+### Grant function access to AWS services
```ts
+// Grant permissions to a service
declare const fn: lambda.Function;
const principal = new iam.ServicePrincipal('my-service');
@@ -172,10 +173,58 @@ fn.addPermission('my-service Invocation', {
});
```
-For more information, see [Resource-based
-policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html)
+You can also restrict permissions given to AWS services by providing
+a source account or ARN (representing the account and identifier of the resource
+that accesses the function or layer).
+
+For more information, see
+[Granting function access to AWS services](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-serviceinvoke)
+in the AWS Lambda Developer Guide.
+
+### Grant function access to an AWS Organization
+
+```ts
+// Grant permissions to an entire AWS organization
+declare const fn: lambda.Function;
+const org = new iam.OrganizationPrincipal('o-xxxxxxxxxx');
+
+fn.grantInvoke(org);
+```
+
+In the above example, the `principal` will be `*` and all users in the
+organization `o-xxxxxxxxxx` will get function invocation permissions.
+
+You can restrict permissions given to the organization by specifying an
+AWS account or role as the `principal`:
+
+```ts
+// Grant permission to an account ONLY IF they are part of the organization
+declare const fn: lambda.Function;
+const account = new iam.AccountPrincipal('123456789012');
+
+fn.grantInvoke(account.inOrganization('o-xxxxxxxxxx'));
+```
+
+For more information, see
+[Granting function access to an organization](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-xorginvoke)
in the AWS Lambda Developer Guide.
+### Grant function access to other AWS accounts
+
+```ts
+// Grant permission to other AWS account
+declare const fn: lambda.Function;
+const account = new iam.AccountPrincipal('123456789012');
+
+fn.grantInvoke(account);
+```
+
+For more information, see
+[Granting function access to other accounts](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-xaccountinvoke)
+in the AWS Lambda Developer Guide.
+
+### Grant function access to unowned principals
+
Providing an unowned principal (such as account principals, generic ARN
principals, service principals, and principals in other accounts) to a call to
`fn.grantInvoke` will result in a resource-based policy being created. If the
@@ -198,13 +247,6 @@ const servicePrincipalWithConditions = servicePrincipal.withConditions({
});
fn.grantInvoke(servicePrincipalWithConditions);
-
-// Equivalent to:
-fn.addPermission('my-service Invocation', {
- principal: servicePrincipal,
- sourceArn: sourceArn,
- sourceAccount: sourceAccount,
-});
```
## Versions
diff --git a/packages/@aws-cdk/aws-lambda/lib/function-base.ts b/packages/@aws-cdk/aws-lambda/lib/function-base.ts
index dde2d6a212f2a..14376c3b32909 100644
--- a/packages/@aws-cdk/aws-lambda/lib/function-base.ts
+++ b/packages/@aws-cdk/aws-lambda/lib/function-base.ts
@@ -343,8 +343,10 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC
return;
}
- const principal = this.parsePermissionPrincipal(permission.principal);
- const { sourceAccount, sourceArn } = this.parseConditions(permission.principal) ?? {};
+ let principal = this.parsePermissionPrincipal(permission.principal);
+
+ let { sourceArn, sourceAccount, principalOrgID } = this.validateConditionCombinations(permission.principal) ?? {};
+
const action = permission.action ?? 'lambda:InvokeFunction';
const scope = permission.scope ?? this;
@@ -357,6 +359,7 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC
eventSourceToken: permission.eventSourceToken,
sourceAccount: permission.sourceAccount ?? sourceAccount,
sourceArn: permission.sourceArn ?? sourceArn,
+ principalOrgId: permission.organizationId ?? principalOrgID,
functionUrlAuthType: permission.functionUrlAuthType,
});
}
@@ -552,7 +555,6 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC
private parsePermissionPrincipal(principal: iam.IPrincipal) {
// Try some specific common classes first.
// use duck-typing, not instance of
- // @deprecated: after v2, we can change these to 'instanceof'
if ('wrapped' in principal) {
// eslint-disable-next-line dot-notation
principal = principal['wrapped'];
@@ -570,6 +572,15 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC
return (principal as iam.ArnPrincipal).arn;
}
+ const stringEquals = matchSingleKey('StringEquals', principal.policyFragment.conditions);
+ if (stringEquals) {
+ const orgId = matchSingleKey('aws:PrincipalOrgID', stringEquals);
+ if (orgId) {
+ // we will move the organization id to the `principalOrgId` property of `Permissions`.
+ return '*';
+ }
+ }
+
// Try a best-effort approach to support simple principals that are not any of the predefined
// classes, but are simple enough that they will fit into the Permission model. Main target
// here: imported Roles, Users, Groups.
@@ -584,17 +595,67 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC
}
throw new Error(`Invalid principal type for Lambda permission statement: ${principal.constructor.name}. ` +
- 'Supported: AccountPrincipal, ArnPrincipal, ServicePrincipal');
+ 'Supported: AccountPrincipal, ArnPrincipal, ServicePrincipal, OrganizationPrincipal');
+
+ /**
+ * Returns the value at the key if the object contains the key and nothing else. Otherwise,
+ * returns undefined.
+ */
+ function matchSingleKey(key: string, obj: Record): any | undefined {
+ if (Object.keys(obj).length !== 1) { return undefined; }
+
+ return obj[key];
+ }
+
}
- private parseConditions(principal: iam.IPrincipal): { sourceAccount: string, sourceArn: string } | null {
+ private validateConditionCombinations(principal: iam.IPrincipal): {
+ sourceArn: string | undefined,
+ sourceAccount: string | undefined,
+ principalOrgID: string | undefined,
+ } | undefined {
+ const conditions = this.validateConditions(principal);
+
+ if (!conditions) { return undefined; }
+
+ const sourceArn = conditions.ArnLike ? conditions.ArnLike['aws:SourceArn'] : undefined;
+ const sourceAccount = conditions.StringEquals ? conditions.StringEquals['aws:SourceAccount'] : undefined;
+ const principalOrgID = conditions.StringEquals ? conditions.StringEquals['aws:PrincipalOrgID'] : undefined;
+
+ // PrincipalOrgID cannot be combined with any other conditions
+ if (principalOrgID && (sourceArn || sourceAccount)) {
+ throw new Error('PrincipalWithConditions had unsupported condition combinations for Lambda permission statement: principalOrgID cannot be set with other conditions.');
+ }
+
+ return {
+ sourceArn,
+ sourceAccount,
+ principalOrgID,
+ };
+ }
+
+ private validateConditions(principal: iam.IPrincipal): iam.Conditions | undefined {
if (this.isPrincipalWithConditions(principal)) {
const conditions: iam.Conditions = principal.policyFragment.conditions;
const conditionPairs = flatMap(
Object.entries(conditions),
([operator, conditionObjs]) => Object.keys(conditionObjs as object).map(key => { return { operator, key }; }),
);
- const supportedPrincipalConditions = [{ operator: 'ArnLike', key: 'aws:SourceArn' }, { operator: 'StringEquals', key: 'aws:SourceAccount' }];
+
+ // These are all the supported conditions. Some combinations are not supported,
+ // like only 'aws:SourceArn' or 'aws:PrincipalOrgID' and 'aws:SourceAccount'.
+ // These will be validated through `this.validateConditionCombinations`.
+ const supportedPrincipalConditions = [{
+ operator: 'ArnLike',
+ key: 'aws:SourceArn',
+ },
+ {
+ operator: 'StringEquals',
+ key: 'aws:SourceAccount',
+ }, {
+ operator: 'StringEquals',
+ key: 'aws:PrincipalOrgID',
+ }];
const unsupportedConditions = conditionPairs.filter(
(condition) => !supportedPrincipalConditions.some(
@@ -603,21 +664,18 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC
);
if (unsupportedConditions.length == 0) {
- return {
- sourceAccount: conditions.StringEquals['aws:SourceAccount'],
- sourceArn: conditions.ArnLike['aws:SourceArn'],
- };
+ return conditions;
} else {
throw new Error(`PrincipalWithConditions had unsupported conditions for Lambda permission statement: ${JSON.stringify(unsupportedConditions)}. ` +
`Supported operator/condition pairs: ${JSON.stringify(supportedPrincipalConditions)}`);
}
- } else {
- return null;
}
+
+ return undefined;
}
- private isPrincipalWithConditions(principal: iam.IPrincipal): principal is iam.PrincipalWithConditions {
- return 'conditions' in principal;
+ private isPrincipalWithConditions(principal: iam.IPrincipal): boolean {
+ return Object.keys(principal.policyFragment.conditions).length > 0;
}
}
diff --git a/packages/@aws-cdk/aws-lambda/lib/permission.ts b/packages/@aws-cdk/aws-lambda/lib/permission.ts
index c493722e2f543..8f367dd63d312 100644
--- a/packages/@aws-cdk/aws-lambda/lib/permission.ts
+++ b/packages/@aws-cdk/aws-lambda/lib/permission.ts
@@ -23,19 +23,22 @@ export interface Permission {
* A unique token that must be supplied by the principal invoking the
* function.
*
- * @default The caller would not need to present a token.
+ * @default - The caller would not need to present a token.
*/
readonly eventSourceToken?: string;
/**
* The entity for which you are granting permission to invoke the Lambda
- * function. This entity can be any valid AWS service principal, such as
- * s3.amazonaws.com or sns.amazonaws.com, or, if you are granting
- * cross-account permission, an AWS account ID. For example, you might want
- * to allow a custom application in another AWS account to push events to
- * Lambda by invoking your function.
+ * function. This entity can be any of the following:
*
- * The principal can be either an AccountPrincipal or a ServicePrincipal.
+ * - a valid AWS service principal, such as `s3.amazonaws.com` or `sns.amazonaws.com`
+ * - an AWS account ID for cross-account permissions. For example, you might want
+ * to allow a custom application in another AWS account to push events to
+ * Lambda by invoking your function.
+ * - an AWS organization principal to grant permissions to an entire organization.
+ *
+ * The principal can be an AccountPrincipal, an ArnPrincipal, a ServicePrincipal,
+ * or an OrganizationPrincipal.
*/
readonly principal: iam.IPrincipal;
@@ -67,6 +70,19 @@ export interface Permission {
*/
readonly sourceArn?: string;
+ /**
+ * The organization you want to grant permissions to. Use this ONLY if you
+ * need to grant permissions to a subset of the organization. If you want to
+ * grant permissions to the entire organization, sending the organization principal
+ * through the `principal` property will suffice.
+ *
+ * You can use this property to ensure that all source principals are owned by
+ * a specific organization.
+ *
+ * @default - No organizationId
+ */
+ readonly organizationId?: string;
+
/**
* The authType for the function URL that you are granting permissions for.
*
diff --git a/packages/@aws-cdk/aws-lambda/test/function.test.ts b/packages/@aws-cdk/aws-lambda/test/function.test.ts
index 4706d8b6e5a50..fe93c2bcecb69 100644
--- a/packages/@aws-cdk/aws-lambda/test/function.test.ts
+++ b/packages/@aws-cdk/aws-lambda/test/function.test.ts
@@ -118,7 +118,7 @@ describe('function', () => {
})).toThrow();
});
- describe('addToResourcePolicy', () => {
+ describe('addPermissions', () => {
test('can be used to add permissions to the Lambda function', () => {
const stack = new cdk.Stack();
const fn = newTestLambda(stack);
@@ -183,16 +183,42 @@ describe('function', () => {
});
});
- test('fails if the principal is not a service, account or arn principal', () => {
+ test('can supply principalOrgID via permission property', () => {
+ const stack = new cdk.Stack();
+ const fn = newTestLambda(stack);
+ const org = new iam.OrganizationPrincipal('o-xxxxxxxxxx');
+ const account = new iam.AccountPrincipal('123456789012');
+
+ fn.addPermission('S3Permission', {
+ action: 'lambda:*',
+ principal: account,
+ organizationId: org.organizationId,
+ });
+
+ Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', {
+ Action: 'lambda:*',
+ FunctionName: {
+ 'Fn::GetAtt': [
+ 'MyLambdaCCE802FB',
+ 'Arn',
+ ],
+ },
+ Principal: account.accountId,
+ PrincipalOrgID: org.organizationId,
+ });
+ });
+
+ test('fails if the principal is not a service, account, arn, or organization principal', () => {
const stack = new cdk.Stack();
const fn = newTestLambda(stack);
- expect(() => fn.addPermission('F1', { principal: new iam.OrganizationPrincipal('org') }))
+ expect(() => fn.addPermission('F1', { principal: new iam.CanonicalUserPrincipal('org') }))
.toThrow(/Invalid principal type for Lambda permission statement/);
fn.addPermission('S1', { principal: new iam.ServicePrincipal('my-service') });
fn.addPermission('S2', { principal: new iam.AccountPrincipal('account') });
fn.addPermission('S3', { principal: new iam.ArnPrincipal('my:arn') });
+ fn.addPermission('S4', { principal: new iam.OrganizationPrincipal('my:org') });
});
test('applies source account/ARN conditions if the principal has conditions', () => {
@@ -226,6 +252,58 @@ describe('function', () => {
});
});
+ test('applies source arn condition if principal has conditions', () => {
+ const stack = new cdk.Stack();
+ const fn = newTestLambda(stack);
+ const sourceArn = 'some-arn';
+ const service = 'my-service';
+ const principal = new iam.PrincipalWithConditions(new iam.ServicePrincipal(service), {
+ ArnLike: {
+ 'aws:SourceArn': sourceArn,
+ },
+ });
+
+ fn.addPermission('S1', { principal: principal });
+
+ Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', {
+ Action: 'lambda:InvokeFunction',
+ FunctionName: {
+ 'Fn::GetAtt': [
+ 'MyLambdaCCE802FB',
+ 'Arn',
+ ],
+ },
+ Principal: service,
+ SourceArn: sourceArn,
+ });
+ });
+
+ test('applies principal org id conditions if the principal has conditions', () => {
+ const stack = new cdk.Stack();
+ const fn = newTestLambda(stack);
+ const principalOrgId = 'org-xxxxxxxxxx';
+ const service = 'my-service';
+ const principal = new iam.PrincipalWithConditions(new iam.ServicePrincipal(service), {
+ StringEquals: {
+ 'aws:PrincipalOrgID': principalOrgId,
+ },
+ });
+
+ fn.addPermission('S1', { principal: principal });
+
+ Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', {
+ Action: 'lambda:InvokeFunction',
+ FunctionName: {
+ 'Fn::GetAtt': [
+ 'MyLambdaCCE802FB',
+ 'Arn',
+ ],
+ },
+ Principal: service,
+ PrincipalOrgID: principalOrgId,
+ });
+ });
+
test('fails if the principal has conditions that are not supported', () => {
const stack = new cdk.Stack();
const fn = newTestLambda(stack);
@@ -253,6 +331,23 @@ describe('function', () => {
})).toThrow(/PrincipalWithConditions had unsupported conditions for Lambda permission statement/);
});
+ test('fails if the principal has condition combinations that are not supported', () => {
+ const stack = new cdk.Stack();
+ const fn = newTestLambda(stack);
+
+ expect(() => fn.addPermission('F2', {
+ principal: new iam.PrincipalWithConditions(new iam.ServicePrincipal('my-service'), {
+ StringEquals: {
+ 'aws:SourceAccount': 'source-account',
+ 'aws:PrincipalOrgID': 'principal-org-id',
+ },
+ ArnLike: {
+ 'aws:SourceArn': 'source-arn',
+ },
+ }),
+ })).toThrow(/PrincipalWithConditions had unsupported condition combinations for Lambda permission statement/);
+ });
+
test('BYORole', () => {
// GIVEN
const stack = new cdk.Stack();
@@ -1239,6 +1334,33 @@ describe('function', () => {
});
});
+ test('with an organization principal', () => {
+ // GIVEN
+ const stack = new cdk.Stack();
+ const fn = new lambda.Function(stack, 'Function', {
+ code: lambda.Code.fromInline('xxx'),
+ handler: 'index.handler',
+ runtime: lambda.Runtime.NODEJS_14_X,
+ });
+ const org = new iam.OrganizationPrincipal('my-org-id');
+
+ // WHEN
+ fn.grantInvoke(org);
+
+ // THEN
+ Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', {
+ Action: 'lambda:InvokeFunction',
+ FunctionName: {
+ 'Fn::GetAtt': [
+ 'Function76856677',
+ 'Arn',
+ ],
+ },
+ Principal: '*',
+ PrincipalOrgID: 'my-org-id',
+ });
+ });
+
test('can be called twice for the same service principal', () => {
// GIVEN
const stack = new cdk.Stack();
diff --git a/packages/@aws-cdk/aws-lambda/test/integ.permissions.ts b/packages/@aws-cdk/aws-lambda/test/integ.permissions.ts
new file mode 100644
index 0000000000000..92a9964dd76d2
--- /dev/null
+++ b/packages/@aws-cdk/aws-lambda/test/integ.permissions.ts
@@ -0,0 +1,17 @@
+import * as iam from '@aws-cdk/aws-iam';
+import * as cdk from '@aws-cdk/core';
+import * as lambda from '../lib';
+
+const app = new cdk.App();
+
+const stack = new cdk.Stack(app, 'lambda-permissions');
+
+const fn = new lambda.Function(stack, 'MyLambda', {
+ code: new lambda.InlineCode('foo'),
+ handler: 'index.handler',
+ runtime: lambda.Runtime.NODEJS_14_X,
+});
+
+fn.grantInvoke(new iam.AnyPrincipal().inOrganization('o-yyyyyyyyyy'));
+
+fn.grantInvoke(new iam.OrganizationPrincipal('o-xxxxxxxxxx'));
diff --git a/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/cdk.out
new file mode 100644
index 0000000000000..588d7b269d34f
--- /dev/null
+++ b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"20.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/integ.json b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/integ.json
new file mode 100644
index 0000000000000..2e8ba8922ac72
--- /dev/null
+++ b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/integ.json
@@ -0,0 +1,14 @@
+{
+ "version": "20.0.0",
+ "testCases": {
+ "integ.permissions": {
+ "stacks": [
+ "lambda-permissions"
+ ],
+ "diffAssets": false,
+ "stackUpdateWorkflow": true
+ }
+ },
+ "synthContext": {},
+ "enableLookups": false
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.assets.json b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.assets.json
new file mode 100644
index 0000000000000..1a37de91e4acd
--- /dev/null
+++ b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.assets.json
@@ -0,0 +1,19 @@
+{
+ "version": "20.0.0",
+ "files": {
+ "f189cb5ef6ca8751f98c7dbbfdfb7dac59c18d9bb287a62e9b01d4fb43156f7e": {
+ "source": {
+ "path": "lambda-permissions.template.json",
+ "packaging": "file"
+ },
+ "destinations": {
+ "current_account-current_region": {
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+ "objectKey": "f189cb5ef6ca8751f98c7dbbfdfb7dac59c18d9bb287a62e9b01d4fb43156f7e.json",
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+ }
+ }
+ }
+ },
+ "dockerImages": {}
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.template.json b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.template.json
new file mode 100644
index 0000000000000..74c24026d0f44
--- /dev/null
+++ b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/lambda-permissions.template.json
@@ -0,0 +1,82 @@
+{
+ "Resources": {
+ "MyLambdaServiceRole4539ECB6": {
+ "Type": "AWS::IAM::Role",
+ "Properties": {
+ "AssumeRolePolicyDocument": {
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Principal": {
+ "Service": "lambda.amazonaws.com"
+ }
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "ManagedPolicyArns": [
+ {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+ ]
+ ]
+ }
+ ]
+ }
+ },
+ "MyLambdaCCE802FB": {
+ "Type": "AWS::Lambda::Function",
+ "Properties": {
+ "Code": {
+ "ZipFile": "foo"
+ },
+ "Role": {
+ "Fn::GetAtt": [
+ "MyLambdaServiceRole4539ECB6",
+ "Arn"
+ ]
+ },
+ "Handler": "index.handler",
+ "Runtime": "nodejs14.x"
+ },
+ "DependsOn": [
+ "MyLambdaServiceRole4539ECB6"
+ ]
+ },
+ "MyLambdaInvokehlab6Vr41INt1IUXIhhCesB4gzNedP5IURKNgciwD9D5EABD": {
+ "Type": "AWS::Lambda::Permission",
+ "Properties": {
+ "Action": "lambda:InvokeFunction",
+ "FunctionName": {
+ "Fn::GetAtt": [
+ "MyLambdaCCE802FB",
+ "Arn"
+ ]
+ },
+ "Principal": "*",
+ "PrincipalOrgID": "o-yyyyyyyyyy"
+ }
+ },
+ "MyLambdaInvoke138AF9IJcZORjZNKCKShZMMuVQwCnUkbFqMoQf5of0C1F7DFD8": {
+ "Type": "AWS::Lambda::Permission",
+ "Properties": {
+ "Action": "lambda:InvokeFunction",
+ "FunctionName": {
+ "Fn::GetAtt": [
+ "MyLambdaCCE802FB",
+ "Arn"
+ ]
+ },
+ "Principal": "*",
+ "PrincipalOrgID": "o-xxxxxxxxxx"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/manifest.json
new file mode 100644
index 0000000000000..b1a86d7f35697
--- /dev/null
+++ b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/manifest.json
@@ -0,0 +1,64 @@
+{
+ "version": "20.0.0",
+ "artifacts": {
+ "Tree": {
+ "type": "cdk:tree",
+ "properties": {
+ "file": "tree.json"
+ }
+ },
+ "lambda-permissions": {
+ "type": "aws:cloudformation:stack",
+ "environment": "aws://unknown-account/unknown-region",
+ "properties": {
+ "templateFile": "lambda-permissions.template.json",
+ "validateOnSynth": false
+ },
+ "metadata": {
+ "/lambda-permissions/MyLambda/ServiceRole/Resource": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "MyLambdaServiceRole4539ECB6"
+ }
+ ],
+ "/lambda-permissions/MyLambda/Resource": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "MyLambdaCCE802FB"
+ }
+ ],
+ "/lambda-permissions/MyLambda/Invokehl--ab6+Vr41INt1IUX--IhhCesB4gzNedP5IURKNgciw=": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "MyLambdaInvokehlab6Vr41INt1IUXIhhCesB4gzNedP5IURKNgciwD9D5EABD"
+ }
+ ],
+ "/lambda-permissions/MyLambda/Invoke138AF9IJcZORjZ--NKCKShZMMuVQwCnUkbFqMoQf5of0=": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "MyLambdaInvoke138AF9IJcZORjZNKCKShZMMuVQwCnUkbFqMoQf5of0C1F7DFD8"
+ }
+ ],
+ "MyLambdaInvokeAnyPrincipal256ECDE1": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "MyLambdaInvokeAnyPrincipal256ECDE1",
+ "trace": [
+ "!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
+ ]
+ }
+ ],
+ "MyLambdaInvokeOrganizationPrincipaloxxxxxxxxxxEB282AD1": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "MyLambdaInvokeOrganizationPrincipaloxxxxxxxxxxEB282AD1",
+ "trace": [
+ "!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
+ ]
+ }
+ ]
+ },
+ "displayName": "lambda-permissions"
+ }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/tree.json b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/tree.json
new file mode 100644
index 0000000000000..51fbde7100a28
--- /dev/null
+++ b/packages/@aws-cdk/aws-lambda/test/permissions.integ.snapshot/tree.json
@@ -0,0 +1,158 @@
+{
+ "version": "tree-0.1",
+ "tree": {
+ "id": "App",
+ "path": "",
+ "children": {
+ "Tree": {
+ "id": "Tree",
+ "path": "Tree",
+ "constructInfo": {
+ "fqn": "constructs.Construct",
+ "version": "10.1.33"
+ }
+ },
+ "lambda-permissions": {
+ "id": "lambda-permissions",
+ "path": "lambda-permissions",
+ "children": {
+ "MyLambda": {
+ "id": "MyLambda",
+ "path": "lambda-permissions/MyLambda",
+ "children": {
+ "ServiceRole": {
+ "id": "ServiceRole",
+ "path": "lambda-permissions/MyLambda/ServiceRole",
+ "children": {
+ "Resource": {
+ "id": "Resource",
+ "path": "lambda-permissions/MyLambda/ServiceRole/Resource",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::IAM::Role",
+ "aws:cdk:cloudformation:props": {
+ "assumeRolePolicyDocument": {
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Principal": {
+ "Service": "lambda.amazonaws.com"
+ }
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "managedPolicyArns": [
+ {
+ "Fn::Join": [
+ "",
+ [
+ "arn:",
+ {
+ "Ref": "AWS::Partition"
+ },
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+ ]
+ ]
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-iam.CfnRole",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-iam.Role",
+ "version": "0.0.0"
+ }
+ },
+ "Resource": {
+ "id": "Resource",
+ "path": "lambda-permissions/MyLambda/Resource",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
+ "aws:cdk:cloudformation:props": {
+ "code": {
+ "zipFile": "foo"
+ },
+ "role": {
+ "Fn::GetAtt": [
+ "MyLambdaServiceRole4539ECB6",
+ "Arn"
+ ]
+ },
+ "handler": "index.handler",
+ "runtime": "nodejs14.x"
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-lambda.CfnFunction",
+ "version": "0.0.0"
+ }
+ },
+ "Invokehl--ab6+Vr41INt1IUX--IhhCesB4gzNedP5IURKNgciw=": {
+ "id": "Invokehl--ab6+Vr41INt1IUX--IhhCesB4gzNedP5IURKNgciw=",
+ "path": "lambda-permissions/MyLambda/Invokehl--ab6+Vr41INt1IUX--IhhCesB4gzNedP5IURKNgciw=",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::Lambda::Permission",
+ "aws:cdk:cloudformation:props": {
+ "action": "lambda:InvokeFunction",
+ "functionName": {
+ "Fn::GetAtt": [
+ "MyLambdaCCE802FB",
+ "Arn"
+ ]
+ },
+ "principal": "*",
+ "principalOrgId": "o-yyyyyyyyyy"
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-lambda.CfnPermission",
+ "version": "0.0.0"
+ }
+ },
+ "Invoke138AF9IJcZORjZ--NKCKShZMMuVQwCnUkbFqMoQf5of0=": {
+ "id": "Invoke138AF9IJcZORjZ--NKCKShZMMuVQwCnUkbFqMoQf5of0=",
+ "path": "lambda-permissions/MyLambda/Invoke138AF9IJcZORjZ--NKCKShZMMuVQwCnUkbFqMoQf5of0=",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::Lambda::Permission",
+ "aws:cdk:cloudformation:props": {
+ "action": "lambda:InvokeFunction",
+ "functionName": {
+ "Fn::GetAtt": [
+ "MyLambdaCCE802FB",
+ "Arn"
+ ]
+ },
+ "principal": "*",
+ "principalOrgId": "o-xxxxxxxxxx"
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-lambda.CfnPermission",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/aws-lambda.Function",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/core.Stack",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/core.App",
+ "version": "0.0.0"
+ }
+ }
+}
\ No newline at end of file
From a1df570b89c6d456077bb934e0bf08217677ef1f Mon Sep 17 00:00:00 2001
From: Jonathan Goldwasser
Date: Wed, 29 Jun 2022 13:55:14 +0200
Subject: [PATCH 10/20] feat(cognito): make `grant()` available on `IUserPool`
(#20799)
Added in #20285 but missing on `IUserPool`
----
### All Submissions:
* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
packages/@aws-cdk/aws-cognito/lib/user-pool.ts | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts
index 3547453719a1d..6e3415acbc233 100644
--- a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts
+++ b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts
@@ -703,6 +703,12 @@ export interface IUserPool extends IResource {
* Register an identity provider with this user pool.
*/
registerIdentityProvider(provider: IUserPoolIdentityProvider): void;
+
+ /**
+ * Adds an IAM policy statement associated with this user pool to an
+ * IAM principal's policy.
+ */
+ grant(grantee: IGrantable, ...actions: string[]): Grant;
}
abstract class UserPoolBase extends Resource implements IUserPool {
@@ -735,10 +741,6 @@ abstract class UserPoolBase extends Resource implements IUserPool {
this.identityProviders.push(provider);
}
- /**
- * Adds an IAM policy statement associated with this user pool to an
- * IAM principal's policy.
- */
public grant(grantee: IGrantable, ...actions: string[]): Grant {
return Grant.addToPrincipal({
grantee,
From b8557f041d3ef2465d6b9bdc0247a3767c10a528 Mon Sep 17 00:00:00 2001
From: josephedward <15126922+josephedward@users.noreply.github.com>
Date: Wed, 29 Jun 2022 20:03:51 -0400
Subject: [PATCH 11/20] chore(docdb): non-TS examples fail to build due to the
wrong enum being used (#20906)
Due to a bug in jsii, only the first instance of enums that have duplicate values appear in non-TS languages. This means that non-TS examples that use the enums that do not appear fail to build. This PR changes the enums used to fix the failing examples.
fixes #20747
----
### All Submissions:
* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
packages/@aws-cdk/aws-docdb/README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/packages/@aws-cdk/aws-docdb/README.md b/packages/@aws-cdk/aws-docdb/README.md
index 33aa65fdc916d..a86bfe5b77460 100644
--- a/packages/@aws-cdk/aws-docdb/README.md
+++ b/packages/@aws-cdk/aws-docdb/README.md
@@ -25,7 +25,7 @@ const cluster = new docdb.DatabaseCluster(this, 'Database', {
excludeCharacters: '\"@/:', // optional, defaults to the set "\"@/" and is also used for eventually created rotations
secretName: '/myapp/mydocdb/masteruser', // optional, if you prefer to specify the secret name
},
- instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
+ instanceType: ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE),
vpcSubnets: {
subnetType: ec2.SubnetType.PUBLIC,
},
@@ -78,7 +78,7 @@ const cluster = new docdb.DatabaseCluster(this, 'Database', {
masterUser: {
username: 'myuser',
},
- instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
+ instanceType: ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE),
vpcSubnets: {
subnetType: ec2.SubnetType.PUBLIC,
},
@@ -150,7 +150,7 @@ const cluster = new docdb.DatabaseCluster(this, 'Database', {
masterUser: {
username: 'myuser',
},
- instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
+ instanceType: ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE),
vpcSubnets: {
subnetType: ec2.SubnetType.PUBLIC,
},
From 4e52091bbe3ecfa4d1e13d72122c53c1c4ebefde Mon Sep 17 00:00:00 2001
From: Rico Huijbers
Date: Thu, 30 Jun 2022 10:38:47 +0200
Subject: [PATCH 12/20] chore(cfnspec): new libraries do not conform to pkglint
(#20900)
When we updated the minimum Node version, we did not update it
in the template that is used to stamp out new construct libraries
when new CFN namespaces are added to the spec.
Meaning every cfnspec update now fails because the new packages
fail `pkglint` validation.
Update the Node version in the template.
Closes #20856.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
.../@aws-cdk/cfnspec/build-tools/create-missing-libraries.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/@aws-cdk/cfnspec/build-tools/create-missing-libraries.ts b/packages/@aws-cdk/cfnspec/build-tools/create-missing-libraries.ts
index 51504f260eb45..a10644fafc247 100644
--- a/packages/@aws-cdk/cfnspec/build-tools/create-missing-libraries.ts
+++ b/packages/@aws-cdk/cfnspec/build-tools/create-missing-libraries.ts
@@ -183,7 +183,7 @@ async function main() {
'@aws-cdk/core': version,
},
engines: {
- node: '>= 10.13.0 <13 || >=13.7.0',
+ node: '>= 14.15.0',
},
stability: 'experimental',
maturity: 'cfn-only',
From f2b4effc903ab3a36dc925516f3329f236d03a70 Mon Sep 17 00:00:00 2001
From: Rico Huijbers
Date: Thu, 30 Jun 2022 12:01:05 +0200
Subject: [PATCH 13/20] fix(secretsmanager): SecretRotation app does not set
DeletionPolicy (#20901)
Internal Amazon campaigns are validating that all
`AWS::Serverless::Application` resources have `DeletionPolicy` set.
Since `AWS::Serverless::Application` is not classified as a stateful
resource by our metadata (nor could/should it be, because who knows?)
we don't benefit from the automatic support for these policies from
our model.
Instead, manually add the required `Delete` policies on the
`CfnApplication`.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
...s-cdk-docdb-cluster-rotation.template.json | 4 +-
.../cdk.out | 2 +-
.../integ.json | 4 +-
.../manifest.json | 2 +-
.../tree.json | 4 +-
...aws-cdk-rds-cluster-rotation.template.json | 4 +-
.../cdk.out | 2 +-
.../integ.json | 4 +-
.../manifest.json | 2 +-
.../tree.json | 4 +-
.../index.d.ts | 3 -
.../index.js | 60 ------
.../index.ts | 63 ------
.../cdk-integ-cluster-snapshot.assets.json | 10 +-
.../cdk-integ-cluster-snapshot.template.json | 28 +--
.../manifest.json | 24 +--
.../cluster-snapshot.integ.snapshot/tree.json | 36 ++--
.../index.d.ts | 1 -
.../index.js | 176 -----------------
.../index.ts | 186 ------------------
.../aws-cdk-rds-instance.assets.json | 10 +-
.../aws-cdk-rds-instance.template.json | 22 ++-
.../instance.lit.integ.snapshot/manifest.json | 24 +--
.../instance.lit.integ.snapshot/tree.json | 20 +-
.../aws-secretsmanager/lib/secret-rotation.ts | 3 +-
.../test/secret-rotation.test.ts | 90 +++++----
26 files changed, 156 insertions(+), 632 deletions(-)
delete mode 100644 packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.d.ts
delete mode 100644 packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.js
delete mode 100644 packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.ts
delete mode 100644 packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.d.ts
delete mode 100644 packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.js
delete mode 100644 packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.ts
diff --git a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/aws-cdk-docdb-cluster-rotation.template.json b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/aws-cdk-docdb-cluster-rotation.template.json
index 1b9a1420fdf28..aba37350f74aa 100644
--- a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/aws-cdk-docdb-cluster-rotation.template.json
+++ b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/aws-cdk-docdb-cluster-rotation.template.json
@@ -672,7 +672,9 @@
},
"excludeCharacters": "\"@/"
}
- }
+ },
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
}
},
"Mappings": {
diff --git a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/cdk.out
index 90bef2e09ad39..588d7b269d34f 100644
--- a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/cdk.out
+++ b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"17.0.0"}
\ No newline at end of file
+{"version":"20.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/integ.json b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/integ.json
index 2e47ecb3d7615..5466489d4db95 100644
--- a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/integ.json
+++ b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/integ.json
@@ -1,7 +1,7 @@
{
- "version": "18.0.0",
+ "version": "20.0.0",
"testCases": {
- "aws-docdb/test/integ.cluster-rotation.lit": {
+ "integ.cluster-rotation.lit": {
"stacks": [
"aws-cdk-docdb-cluster-rotation"
],
diff --git a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/manifest.json
index b2ce0da74a287..f48bfe21a93fb 100644
--- a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/manifest.json
+++ b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
{
- "version": "17.0.0",
+ "version": "20.0.0",
"artifacts": {
"Tree": {
"type": "cdk:tree",
diff --git a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/tree.json b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/tree.json
index 4e837468aa909..462203c5dc77f 100644
--- a/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/tree.json
+++ b/packages/@aws-cdk/aws-docdb/test/cluster-rotation.lit.integ.snapshot/tree.json
@@ -8,8 +8,8 @@
"id": "Tree",
"path": "Tree",
"constructInfo": {
- "fqn": "@aws-cdk/core.Construct",
- "version": "0.0.0"
+ "fqn": "constructs.Construct",
+ "version": "10.1.33"
}
},
"aws-cdk-docdb-cluster-rotation": {
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/aws-cdk-rds-cluster-rotation.template.json b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/aws-cdk-rds-cluster-rotation.template.json
index 5ff6ccf5caaf8..d8c03d16f4d19 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/aws-cdk-rds-cluster-rotation.template.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/aws-cdk-rds-cluster-rotation.template.json
@@ -694,7 +694,9 @@
},
"excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
}
- }
+ },
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
}
},
"Mappings": {
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/cdk.out
index 90bef2e09ad39..588d7b269d34f 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/cdk.out
+++ b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"17.0.0"}
\ No newline at end of file
+{"version":"20.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/integ.json b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/integ.json
index 6e3d8b141c440..fd51e5c086ca5 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/integ.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/integ.json
@@ -1,7 +1,7 @@
{
- "version": "18.0.0",
+ "version": "20.0.0",
"testCases": {
- "aws-rds/test/integ.cluster-rotation.lit": {
+ "integ.cluster-rotation.lit": {
"stacks": [
"aws-cdk-rds-cluster-rotation"
],
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/manifest.json
index d46eee42ff80a..e61d37f939d72 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/manifest.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
{
- "version": "17.0.0",
+ "version": "20.0.0",
"artifacts": {
"Tree": {
"type": "cdk:tree",
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/tree.json b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/tree.json
index d5fc24686e317..263b95885df85 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/tree.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-rotation.lit.integ.snapshot/tree.json
@@ -8,8 +8,8 @@
"id": "Tree",
"path": "Tree",
"constructInfo": {
- "fqn": "@aws-cdk/core.Construct",
- "version": "0.0.0"
+ "fqn": "constructs.Construct",
+ "version": "10.1.33"
}
},
"aws-cdk-rds-cluster-rotation": {
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.d.ts b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.d.ts
deleted file mode 100644
index a64fd5d9eb2dc..0000000000000
--- a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-import type { IsCompleteRequest, IsCompleteResponse, OnEventRequest, OnEventResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types';
-export declare function onEventHandler(event: OnEventRequest): Promise;
-export declare function isCompleteHandler(event: IsCompleteRequest): Promise;
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.js b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.js
deleted file mode 100644
index de753f1849b44..0000000000000
--- a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.js
+++ /dev/null
@@ -1,60 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isCompleteHandler = exports.onEventHandler = void 0;
-const aws_sdk_1 = require("aws-sdk"); // eslint-disable-line import/no-extraneous-dependencies
-async function onEventHandler(event) {
- var _a;
- console.log('Event: %j', event);
- const rds = new aws_sdk_1.RDS();
- const physicalResourceId = `${event.ResourceProperties.DBClusterIdentifier}-${event.ResourceProperties.DBClusterIdentifier}`;
- if (event.RequestType === 'Create' || event.RequestType === 'Update') {
- const data = await rds.createDBClusterSnapshot({
- DBClusterIdentifier: event.ResourceProperties.DBClusterIdentifier,
- DBClusterSnapshotIdentifier: event.ResourceProperties.DBClusterSnapshotIdentifier,
- }).promise();
- return {
- PhysicalResourceId: physicalResourceId,
- Data: {
- DBClusterSnapshotArn: (_a = data.DBClusterSnapshot) === null || _a === void 0 ? void 0 : _a.DBClusterSnapshotArn,
- },
- };
- }
- if (event.RequestType === 'Delete') {
- await rds.deleteDBClusterSnapshot({
- DBClusterSnapshotIdentifier: event.ResourceProperties.DBClusterSnapshotIdentifier,
- }).promise();
- }
- return {
- PhysicalResourceId: `${event.ResourceProperties.DBClusterIdentifier}-${event.ResourceProperties.DBClusterIdentifier}`,
- };
-}
-exports.onEventHandler = onEventHandler;
-async function isCompleteHandler(event) {
- console.log('Event: %j', event);
- const snapshotStatus = await tryGetClusterSnapshotStatus(event.ResourceProperties.DBClusterSnapshotIdentifier);
- switch (event.RequestType) {
- case 'Create':
- case 'Update':
- return { IsComplete: snapshotStatus === 'available' };
- case 'Delete':
- return { IsComplete: snapshotStatus === undefined };
- }
-}
-exports.isCompleteHandler = isCompleteHandler;
-async function tryGetClusterSnapshotStatus(identifier) {
- var _a;
- try {
- const rds = new aws_sdk_1.RDS();
- const data = await rds.describeDBClusterSnapshots({
- DBClusterSnapshotIdentifier: identifier,
- }).promise();
- return (_a = data.DBClusterSnapshots) === null || _a === void 0 ? void 0 : _a[0].Status;
- }
- catch (err) {
- if (err.code === 'DBClusterSnapshotNotFoundFault') {
- return undefined;
- }
- throw err;
- }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxxQ0FBOEIsQ0FBQyx3REFBd0Q7QUFFaEYsS0FBSyxVQUFVLGNBQWMsQ0FBQyxLQUFxQjs7SUFDeEQsT0FBTyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFFaEMsTUFBTSxHQUFHLEdBQUcsSUFBSSxhQUFHLEVBQUUsQ0FBQztJQUV0QixNQUFNLGtCQUFrQixHQUFHLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLG1CQUFtQixJQUFJLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO0lBRTdILElBQUksS0FBSyxDQUFDLFdBQVcsS0FBSyxRQUFRLElBQUksS0FBSyxDQUFDLFdBQVcsS0FBSyxRQUFRLEVBQUU7UUFDcEUsTUFBTSxJQUFJLEdBQUcsTUFBTSxHQUFHLENBQUMsdUJBQXVCLENBQUM7WUFDN0MsbUJBQW1CLEVBQUUsS0FBSyxDQUFDLGtCQUFrQixDQUFDLG1CQUFtQjtZQUNqRSwyQkFBMkIsRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsMkJBQTJCO1NBQ2xGLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNiLE9BQU87WUFDTCxrQkFBa0IsRUFBRSxrQkFBa0I7WUFDdEMsSUFBSSxFQUFFO2dCQUNKLG9CQUFvQixRQUFFLElBQUksQ0FBQyxpQkFBaUIsMENBQUUsb0JBQW9CO2FBQ25FO1NBQ0YsQ0FBQztLQUNIO0lBRUQsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtRQUNsQyxNQUFNLEdBQUcsQ0FBQyx1QkFBdUIsQ0FBQztZQUNoQywyQkFBMkIsRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsMkJBQTJCO1NBQ2xGLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztLQUNkO0lBRUQsT0FBTztRQUNMLGtCQUFrQixFQUFFLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLG1CQUFtQixJQUFJLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxtQkFBbUIsRUFBRTtLQUN0SCxDQUFDO0FBQ0osQ0FBQztBQTdCRCx3Q0E2QkM7QUFFTSxLQUFLLFVBQVUsaUJBQWlCLENBQUMsS0FBd0I7SUFDOUQsT0FBTyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFFaEMsTUFBTSxjQUFjLEdBQUcsTUFBTSwyQkFBMkIsQ0FBQyxLQUFLLENBQUMsa0JBQWtCLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUUvRyxRQUFRLEtBQUssQ0FBQyxXQUFXLEVBQUU7UUFDekIsS0FBSyxRQUFRLENBQUM7UUFDZCxLQUFLLFFBQVE7WUFDWCxPQUFPLEVBQUUsVUFBVSxFQUFFLGNBQWMsS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUN4RCxLQUFLLFFBQVE7WUFDWCxPQUFPLEVBQUUsVUFBVSxFQUFFLGNBQWMsS0FBSyxTQUFTLEVBQUUsQ0FBQztLQUN2RDtBQUNILENBQUM7QUFaRCw4Q0FZQztBQUVELEtBQUssVUFBVSwyQkFBMkIsQ0FBQyxVQUFrQjs7SUFDM0QsSUFBSTtRQUNGLE1BQU0sR0FBRyxHQUFHLElBQUksYUFBRyxFQUFFLENBQUM7UUFDdEIsTUFBTSxJQUFJLEdBQUcsTUFBTSxHQUFHLENBQUMsMEJBQTBCLENBQUM7WUFDaEQsMkJBQTJCLEVBQUUsVUFBVTtTQUN4QyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYixhQUFPLElBQUksQ0FBQyxrQkFBa0IsMENBQUcsQ0FBQyxFQUFFLE1BQU0sQ0FBQztLQUM1QztJQUFDLE9BQU8sR0FBRyxFQUFFO1FBQ1osSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLGdDQUFnQyxFQUFFO1lBQ2pELE9BQU8sU0FBUyxDQUFDO1NBQ2xCO1FBQ0QsTUFBTSxHQUFHLENBQUM7S0FDWDtBQUNILENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBlc2xpbnQtZGlzYWJsZSBuby1jb25zb2xlICovXG5pbXBvcnQgdHlwZSB7IElzQ29tcGxldGVSZXF1ZXN0LCBJc0NvbXBsZXRlUmVzcG9uc2UsIE9uRXZlbnRSZXF1ZXN0LCBPbkV2ZW50UmVzcG9uc2UgfSBmcm9tICdAYXdzLWNkay9jdXN0b20tcmVzb3VyY2VzL2xpYi9wcm92aWRlci1mcmFtZXdvcmsvdHlwZXMnO1xuaW1wb3J0IHsgUkRTIH0gZnJvbSAnYXdzLXNkayc7IC8vIGVzbGludC1kaXNhYmxlLWxpbmUgaW1wb3J0L25vLWV4dHJhbmVvdXMtZGVwZW5kZW5jaWVzXG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBvbkV2ZW50SGFuZGxlcihldmVudDogT25FdmVudFJlcXVlc3QpOiBQcm9taXNlPE9uRXZlbnRSZXNwb25zZT4ge1xuICBjb25zb2xlLmxvZygnRXZlbnQ6ICVqJywgZXZlbnQpO1xuXG4gIGNvbnN0IHJkcyA9IG5ldyBSRFMoKTtcblxuICBjb25zdCBwaHlzaWNhbFJlc291cmNlSWQgPSBgJHtldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuREJDbHVzdGVySWRlbnRpZmllcn0tJHtldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuREJDbHVzdGVySWRlbnRpZmllcn1gO1xuXG4gIGlmIChldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ0NyZWF0ZScgfHwgZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdVcGRhdGUnKSB7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHJkcy5jcmVhdGVEQkNsdXN0ZXJTbmFwc2hvdCh7XG4gICAgICBEQkNsdXN0ZXJJZGVudGlmaWVyOiBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuREJDbHVzdGVySWRlbnRpZmllcixcbiAgICAgIERCQ2x1c3RlclNuYXBzaG90SWRlbnRpZmllcjogZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzLkRCQ2x1c3RlclNuYXBzaG90SWRlbnRpZmllcixcbiAgICB9KS5wcm9taXNlKCk7XG4gICAgcmV0dXJuIHtcbiAgICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogcGh5c2ljYWxSZXNvdXJjZUlkLFxuICAgICAgRGF0YToge1xuICAgICAgICBEQkNsdXN0ZXJTbmFwc2hvdEFybjogZGF0YS5EQkNsdXN0ZXJTbmFwc2hvdD8uREJDbHVzdGVyU25hcHNob3RBcm4sXG4gICAgICB9LFxuICAgIH07XG4gIH1cblxuICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdEZWxldGUnKSB7XG4gICAgYXdhaXQgcmRzLmRlbGV0ZURCQ2x1c3RlclNuYXBzaG90KHtcbiAgICAgIERCQ2x1c3RlclNuYXBzaG90SWRlbnRpZmllcjogZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzLkRCQ2x1c3RlclNuYXBzaG90SWRlbnRpZmllcixcbiAgICB9KS5wcm9taXNlKCk7XG4gIH1cblxuICByZXR1cm4ge1xuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogYCR7ZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzLkRCQ2x1c3RlcklkZW50aWZpZXJ9LSR7ZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzLkRCQ2x1c3RlcklkZW50aWZpZXJ9YCxcbiAgfTtcbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGlzQ29tcGxldGVIYW5kbGVyKGV2ZW50OiBJc0NvbXBsZXRlUmVxdWVzdCk6IFByb21pc2U8SXNDb21wbGV0ZVJlc3BvbnNlPiB7XG4gIGNvbnNvbGUubG9nKCdFdmVudDogJWonLCBldmVudCk7XG5cbiAgY29uc3Qgc25hcHNob3RTdGF0dXMgPSBhd2FpdCB0cnlHZXRDbHVzdGVyU25hcHNob3RTdGF0dXMoZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzLkRCQ2x1c3RlclNuYXBzaG90SWRlbnRpZmllcik7XG5cbiAgc3dpdGNoIChldmVudC5SZXF1ZXN0VHlwZSkge1xuICAgIGNhc2UgJ0NyZWF0ZSc6XG4gICAgY2FzZSAnVXBkYXRlJzpcbiAgICAgIHJldHVybiB7IElzQ29tcGxldGU6IHNuYXBzaG90U3RhdHVzID09PSAnYXZhaWxhYmxlJyB9O1xuICAgIGNhc2UgJ0RlbGV0ZSc6XG4gICAgICByZXR1cm4geyBJc0NvbXBsZXRlOiBzbmFwc2hvdFN0YXR1cyA9PT0gdW5kZWZpbmVkIH07XG4gIH1cbn1cblxuYXN5bmMgZnVuY3Rpb24gdHJ5R2V0Q2x1c3RlclNuYXBzaG90U3RhdHVzKGlkZW50aWZpZXI6IHN0cmluZyk6IFByb21pc2U8c3RyaW5nIHwgdW5kZWZpbmVkPiB7XG4gIHRyeSB7XG4gICAgY29uc3QgcmRzID0gbmV3IFJEUygpO1xuICAgIGNvbnN0IGRhdGEgPSBhd2FpdCByZHMuZGVzY3JpYmVEQkNsdXN0ZXJTbmFwc2hvdHMoe1xuICAgICAgREJDbHVzdGVyU25hcHNob3RJZGVudGlmaWVyOiBpZGVudGlmaWVyLFxuICAgIH0pLnByb21pc2UoKTtcbiAgICByZXR1cm4gZGF0YS5EQkNsdXN0ZXJTbmFwc2hvdHM/LlswXS5TdGF0dXM7XG4gIH0gY2F0Y2ggKGVycikge1xuICAgIGlmIChlcnIuY29kZSA9PT0gJ0RCQ2x1c3RlclNuYXBzaG90Tm90Rm91bmRGYXVsdCcpIHtcbiAgICAgIHJldHVybiB1bmRlZmluZWQ7XG4gICAgfVxuICAgIHRocm93IGVycjtcbiAgfVxufVxuIl19
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.ts b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.ts
deleted file mode 100644
index 6d5a3c23336cd..0000000000000
--- a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/index.ts
+++ /dev/null
@@ -1,63 +0,0 @@
-/* eslint-disable no-console */
-import type { IsCompleteRequest, IsCompleteResponse, OnEventRequest, OnEventResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types';
-import { RDS } from 'aws-sdk'; // eslint-disable-line import/no-extraneous-dependencies
-
-export async function onEventHandler(event: OnEventRequest): Promise {
- console.log('Event: %j', event);
-
- const rds = new RDS();
-
- const physicalResourceId = `${event.ResourceProperties.DBClusterIdentifier}-${event.ResourceProperties.DBClusterIdentifier}`;
-
- if (event.RequestType === 'Create' || event.RequestType === 'Update') {
- const data = await rds.createDBClusterSnapshot({
- DBClusterIdentifier: event.ResourceProperties.DBClusterIdentifier,
- DBClusterSnapshotIdentifier: event.ResourceProperties.DBClusterSnapshotIdentifier,
- }).promise();
- return {
- PhysicalResourceId: physicalResourceId,
- Data: {
- DBClusterSnapshotArn: data.DBClusterSnapshot?.DBClusterSnapshotArn,
- },
- };
- }
-
- if (event.RequestType === 'Delete') {
- await rds.deleteDBClusterSnapshot({
- DBClusterSnapshotIdentifier: event.ResourceProperties.DBClusterSnapshotIdentifier,
- }).promise();
- }
-
- return {
- PhysicalResourceId: `${event.ResourceProperties.DBClusterIdentifier}-${event.ResourceProperties.DBClusterIdentifier}`,
- };
-}
-
-export async function isCompleteHandler(event: IsCompleteRequest): Promise {
- console.log('Event: %j', event);
-
- const snapshotStatus = await tryGetClusterSnapshotStatus(event.ResourceProperties.DBClusterSnapshotIdentifier);
-
- switch (event.RequestType) {
- case 'Create':
- case 'Update':
- return { IsComplete: snapshotStatus === 'available' };
- case 'Delete':
- return { IsComplete: snapshotStatus === undefined };
- }
-}
-
-async function tryGetClusterSnapshotStatus(identifier: string): Promise {
- try {
- const rds = new RDS();
- const data = await rds.describeDBClusterSnapshots({
- DBClusterSnapshotIdentifier: identifier,
- }).promise();
- return data.DBClusterSnapshots?.[0].Status;
- } catch (err) {
- if (err.code === 'DBClusterSnapshotNotFoundFault') {
- return undefined;
- }
- throw err;
- }
-}
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.assets.json b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.assets.json
index af10bb991e428..2e8669a256acc 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.assets.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.assets.json
@@ -1,15 +1,15 @@
{
"version": "20.0.0",
"files": {
- "1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e": {
+ "2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd": {
"source": {
- "path": "asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e",
+ "path": "asset.2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd",
"packaging": "zip"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e.zip",
+ "objectKey": "2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd.zip",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
@@ -27,7 +27,7 @@
}
}
},
- "7ae22b0346a792d7afbb4c291d9c2c253dd988bb7b8060120b9dea312ca4126a": {
+ "d420f64d8c29ddedb314409aadfd9c62f7e400e88517663af54720ace8c3fc84": {
"source": {
"path": "cdk-integ-cluster-snapshot.template.json",
"packaging": "file"
@@ -35,7 +35,7 @@
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "7ae22b0346a792d7afbb4c291d9c2c253dd988bb7b8060120b9dea312ca4126a.json",
+ "objectKey": "d420f64d8c29ddedb314409aadfd9c62f7e400e88517663af54720ace8c3fc84.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.template.json b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.template.json
index 227a1655f18c7..c8a85283c3fcb 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.template.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/cdk-integ-cluster-snapshot.template.json
@@ -608,7 +608,7 @@
"Properties": {
"Code": {
"S3Bucket": {
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3BucketB5E782AC"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3BucketDCD8B62D"
},
"S3Key": {
"Fn::Join": [
@@ -621,7 +621,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -634,7 +634,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -759,7 +759,7 @@
"Properties": {
"Code": {
"S3Bucket": {
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3BucketB5E782AC"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3BucketDCD8B62D"
},
"S3Key": {
"Fn::Join": [
@@ -772,7 +772,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -785,7 +785,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -1802,21 +1802,23 @@
},
"excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
}
- }
+ },
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
}
},
"Parameters": {
- "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3BucketB5E782AC": {
+ "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3BucketDCD8B62D": {
"Type": "String",
- "Description": "S3 bucket for asset \"1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e\""
+ "Description": "S3 bucket for asset \"2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd\""
},
- "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D": {
+ "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE": {
"Type": "String",
- "Description": "S3 key for asset version \"1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e\""
+ "Description": "S3 key for asset version \"2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd\""
},
- "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eArtifactHash725480C4": {
+ "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddArtifactHashB3DFB88A": {
"Type": "String",
- "Description": "Artifact hash for asset \"1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e\""
+ "Description": "Artifact hash for asset \"2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd\""
},
"AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90": {
"Type": "String",
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/manifest.json
index 33c85530761b7..6e47bf2f1ccac 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/manifest.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/manifest.json
@@ -19,13 +19,13 @@
{
"type": "aws:cdk:asset",
"data": {
- "path": "asset.1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e",
- "id": "1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e",
+ "path": "asset.2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd",
+ "id": "2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd",
"packaging": "zip",
- "sourceHash": "1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e",
- "s3BucketParameter": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3BucketB5E782AC",
- "s3KeyParameter": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D",
- "artifactHashParameter": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eArtifactHash725480C4"
+ "sourceHash": "2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd",
+ "s3BucketParameter": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3BucketDCD8B62D",
+ "s3KeyParameter": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE",
+ "artifactHashParameter": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddArtifactHashB3DFB88A"
}
},
{
@@ -323,22 +323,22 @@
"data": "SnapshoterSnapshotAA1755BE"
}
],
- "/cdk-integ-cluster-snapshot/AssetParameters/1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/S3Bucket": [
+ "/cdk-integ-cluster-snapshot/AssetParameters/2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd/S3Bucket": [
{
"type": "aws:cdk:logicalId",
- "data": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3BucketB5E782AC"
+ "data": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3BucketDCD8B62D"
}
],
- "/cdk-integ-cluster-snapshot/AssetParameters/1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/S3VersionKey": [
+ "/cdk-integ-cluster-snapshot/AssetParameters/2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd/S3VersionKey": [
{
"type": "aws:cdk:logicalId",
- "data": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "data": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
],
- "/cdk-integ-cluster-snapshot/AssetParameters/1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/ArtifactHash": [
+ "/cdk-integ-cluster-snapshot/AssetParameters/2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd/ArtifactHash": [
{
"type": "aws:cdk:logicalId",
- "data": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eArtifactHash725480C4"
+ "data": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddArtifactHashB3DFB88A"
}
],
"/cdk-integ-cluster-snapshot/AssetParameters/8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9/S3Bucket": [
diff --git a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/tree.json b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/tree.json
index ae21afb241e51..76e82da222044 100644
--- a/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/tree.json
+++ b/packages/@aws-cdk/aws-rds/test/cluster-snapshot.integ.snapshot/tree.json
@@ -9,7 +9,7 @@
"path": "Tree",
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
},
"cdk-integ-cluster-snapshot": {
@@ -1038,7 +1038,7 @@
"aws:cdk:cloudformation:props": {
"code": {
"s3Bucket": {
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3BucketB5E782AC"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3BucketDCD8B62D"
},
"s3Key": {
"Fn::Join": [
@@ -1051,7 +1051,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -1064,7 +1064,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -1239,7 +1239,7 @@
"aws:cdk:cloudformation:props": {
"code": {
"s3Bucket": {
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3BucketB5E782AC"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3BucketDCD8B62D"
},
"s3Key": {
"Fn::Join": [
@@ -1252,7 +1252,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -1265,7 +1265,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2eS3VersionKey5DD1F95D"
+ "Ref": "AssetParameters2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aaddS3VersionKey96F91EAE"
}
]
}
@@ -2174,7 +2174,7 @@
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
}
},
@@ -2204,20 +2204,20 @@
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
},
"AssetParameters": {
"id": "AssetParameters",
"path": "cdk-integ-cluster-snapshot/AssetParameters",
"children": {
- "1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e": {
- "id": "1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e",
- "path": "cdk-integ-cluster-snapshot/AssetParameters/1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e",
+ "2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd": {
+ "id": "2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd",
+ "path": "cdk-integ-cluster-snapshot/AssetParameters/2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd",
"children": {
"S3Bucket": {
"id": "S3Bucket",
- "path": "cdk-integ-cluster-snapshot/AssetParameters/1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/S3Bucket",
+ "path": "cdk-integ-cluster-snapshot/AssetParameters/2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd/S3Bucket",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
@@ -2225,7 +2225,7 @@
},
"S3VersionKey": {
"id": "S3VersionKey",
- "path": "cdk-integ-cluster-snapshot/AssetParameters/1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/S3VersionKey",
+ "path": "cdk-integ-cluster-snapshot/AssetParameters/2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd/S3VersionKey",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
@@ -2233,7 +2233,7 @@
},
"ArtifactHash": {
"id": "ArtifactHash",
- "path": "cdk-integ-cluster-snapshot/AssetParameters/1e025324752b3133dc230c4b8b8752f666b63c09cd4aa605ec2b322cc40def2e/ArtifactHash",
+ "path": "cdk-integ-cluster-snapshot/AssetParameters/2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd/ArtifactHash",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
@@ -2242,7 +2242,7 @@
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
},
"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9": {
@@ -2276,13 +2276,13 @@
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
}
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
},
"FromSnapshot": {
diff --git a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.d.ts b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.d.ts
deleted file mode 100644
index 9bbf5854684b6..0000000000000
--- a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent, context: AWSLambda.Context): Promise;
diff --git a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.js b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.js
deleted file mode 100644
index 5292af72a643d..0000000000000
--- a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.js
+++ /dev/null
@@ -1,176 +0,0 @@
-"use strict";
-/* eslint-disable no-console */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handler = void 0;
-// eslint-disable-next-line import/no-extraneous-dependencies
-const AWS = require("aws-sdk");
-/**
- * Creates a log group and doesn't throw if it exists.
- *
- * @param logGroupName the name of the log group to create.
- * @param region to create the log group in
- * @param options CloudWatch API SDK options.
- */
-async function createLogGroupSafe(logGroupName, region, options) {
- var _a;
- // If we set the log retention for a lambda, then due to the async nature of
- // Lambda logging there could be a race condition when the same log group is
- // already being created by the lambda execution. This can sometime result in
- // an error "OperationAbortedException: A conflicting operation is currently
- // in progress...Please try again."
- // To avoid an error, we do as requested and try again.
- let retryCount = (options === null || options === void 0 ? void 0 : options.maxRetries) == undefined ? 10 : options.maxRetries;
- const delay = ((_a = options === null || options === void 0 ? void 0 : options.retryOptions) === null || _a === void 0 ? void 0 : _a.base) == undefined ? 10 : options.retryOptions.base;
- do {
- try {
- const cloudwatchlogs = new AWS.CloudWatchLogs({ apiVersion: '2014-03-28', region, ...options });
- await cloudwatchlogs.createLogGroup({ logGroupName }).promise();
- return;
- }
- catch (error) {
- if (error.code === 'ResourceAlreadyExistsException') {
- // The log group is already created by the lambda execution
- return;
- }
- if (error.code === 'OperationAbortedException') {
- if (retryCount > 0) {
- retryCount--;
- await new Promise(resolve => setTimeout(resolve, delay));
- continue;
- }
- else {
- // The log group is still being created by another execution but we are out of retries
- throw new Error('Out of attempts to create a logGroup');
- }
- }
- throw error;
- }
- } while (true); // exit happens on retry count check
-}
-/**
- * Puts or deletes a retention policy on a log group.
- *
- * @param logGroupName the name of the log group to create
- * @param region the region of the log group
- * @param options CloudWatch API SDK options.
- * @param retentionInDays the number of days to retain the log events in the specified log group.
- */
-async function setRetentionPolicy(logGroupName, region, options, retentionInDays) {
- var _a;
- // The same as in createLogGroupSafe(), here we could end up with the race
- // condition where a log group is either already being created or its retention
- // policy is being updated. This would result in an OperationAbortedException,
- // which we will try to catch and retry the command a number of times before failing
- let retryCount = (options === null || options === void 0 ? void 0 : options.maxRetries) == undefined ? 10 : options.maxRetries;
- const delay = ((_a = options === null || options === void 0 ? void 0 : options.retryOptions) === null || _a === void 0 ? void 0 : _a.base) == undefined ? 10 : options.retryOptions.base;
- do {
- try {
- const cloudwatchlogs = new AWS.CloudWatchLogs({ apiVersion: '2014-03-28', region, ...options });
- if (!retentionInDays) {
- await cloudwatchlogs.deleteRetentionPolicy({ logGroupName }).promise();
- }
- else {
- await cloudwatchlogs.putRetentionPolicy({ logGroupName, retentionInDays }).promise();
- }
- return;
- }
- catch (error) {
- if (error.code === 'OperationAbortedException') {
- if (retryCount > 0) {
- retryCount--;
- await new Promise(resolve => setTimeout(resolve, delay));
- continue;
- }
- else {
- // The log group is still being created by another execution but we are out of retries
- throw new Error('Out of attempts to create a logGroup');
- }
- }
- throw error;
- }
- } while (true); // exit happens on retry count check
-}
-async function handler(event, context) {
- try {
- console.log(JSON.stringify(event));
- // The target log group
- const logGroupName = event.ResourceProperties.LogGroupName;
- // The region of the target log group
- const logGroupRegion = event.ResourceProperties.LogGroupRegion;
- // Parse to AWS SDK retry options
- const retryOptions = parseRetryOptions(event.ResourceProperties.SdkRetry);
- if (event.RequestType === 'Create' || event.RequestType === 'Update') {
- // Act on the target log group
- await createLogGroupSafe(logGroupName, logGroupRegion, retryOptions);
- await setRetentionPolicy(logGroupName, logGroupRegion, retryOptions, parseInt(event.ResourceProperties.RetentionInDays, 10));
- if (event.RequestType === 'Create') {
- // Set a retention policy of 1 day on the logs of this very function.
- // Due to the async nature of the log group creation, the log group for this function might
- // still be not created yet at this point. Therefore we attempt to create it.
- // In case it is being created, createLogGroupSafe will handle the conflict.
- const region = process.env.AWS_REGION;
- await createLogGroupSafe(`/aws/lambda/${context.functionName}`, region, retryOptions);
- // If createLogGroupSafe fails, the log group is not created even after multiple attempts.
- // In this case we have nothing to set the retention policy on but an exception will skip
- // the next line.
- await setRetentionPolicy(`/aws/lambda/${context.functionName}`, region, retryOptions, 1);
- }
- }
- await respond('SUCCESS', 'OK', logGroupName);
- }
- catch (e) {
- console.log(e);
- await respond('FAILED', e.message, event.ResourceProperties.LogGroupName);
- }
- function respond(responseStatus, reason, physicalResourceId) {
- const responseBody = JSON.stringify({
- Status: responseStatus,
- Reason: reason,
- PhysicalResourceId: physicalResourceId,
- StackId: event.StackId,
- RequestId: event.RequestId,
- LogicalResourceId: event.LogicalResourceId,
- Data: {
- // Add log group name as part of the response so that it's available via Fn::GetAtt
- LogGroupName: event.ResourceProperties.LogGroupName,
- },
- });
- console.log('Responding', responseBody);
- // eslint-disable-next-line @typescript-eslint/no-require-imports
- const parsedUrl = require('url').parse(event.ResponseURL);
- const requestOptions = {
- hostname: parsedUrl.hostname,
- path: parsedUrl.path,
- method: 'PUT',
- headers: { 'content-type': '', 'content-length': responseBody.length },
- };
- return new Promise((resolve, reject) => {
- try {
- // eslint-disable-next-line @typescript-eslint/no-require-imports
- const request = require('https').request(requestOptions, resolve);
- request.on('error', reject);
- request.write(responseBody);
- request.end();
- }
- catch (e) {
- reject(e);
- }
- });
- }
- function parseRetryOptions(rawOptions) {
- const retryOptions = {};
- if (rawOptions) {
- if (rawOptions.maxRetries) {
- retryOptions.maxRetries = parseInt(rawOptions.maxRetries, 10);
- }
- if (rawOptions.base) {
- retryOptions.retryOptions = {
- base: parseInt(rawOptions.base, 10),
- };
- }
- }
- return retryOptions;
- }
-}
-exports.handler = handler;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsK0JBQStCOzs7QUFFL0IsNkRBQTZEO0FBQzdELCtCQUErQjtBQVMvQjs7Ozs7O0dBTUc7QUFDSCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsWUFBb0IsRUFBRSxNQUFlLEVBQUUsT0FBeUI7O0lBQ2hHLDRFQUE0RTtJQUM1RSw0RUFBNEU7SUFDNUUsNkVBQTZFO0lBQzdFLDRFQUE0RTtJQUM1RSxtQ0FBbUM7SUFDbkMsdURBQXVEO0lBQ3ZELElBQUksVUFBVSxHQUFHLENBQUEsT0FBTyxhQUFQLE9BQU8sdUJBQVAsT0FBTyxDQUFFLFVBQVUsS0FBSSxTQUFTLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQztJQUM1RSxNQUFNLEtBQUssR0FBRyxPQUFBLE9BQU8sYUFBUCxPQUFPLHVCQUFQLE9BQU8sQ0FBRSxZQUFZLDBDQUFFLElBQUksS0FBSSxTQUFTLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUM7SUFDeEYsR0FBRztRQUNELElBQUk7WUFDRixNQUFNLGNBQWMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxjQUFjLENBQUMsRUFBRSxVQUFVLEVBQUUsWUFBWSxFQUFFLE1BQU0sRUFBRSxHQUFHLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDaEcsTUFBTSxjQUFjLENBQUMsY0FBYyxDQUFDLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNoRSxPQUFPO1NBQ1I7UUFBQyxPQUFPLEtBQUssRUFBRTtZQUNkLElBQUksS0FBSyxDQUFDLElBQUksS0FBSyxnQ0FBZ0MsRUFBRTtnQkFDbkQsMkRBQTJEO2dCQUMzRCxPQUFPO2FBQ1I7WUFDRCxJQUFJLEtBQUssQ0FBQyxJQUFJLEtBQUssMkJBQTJCLEVBQUU7Z0JBQzlDLElBQUksVUFBVSxHQUFHLENBQUMsRUFBRTtvQkFDbEIsVUFBVSxFQUFFLENBQUM7b0JBQ2IsTUFBTSxJQUFJLE9BQU8sQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztvQkFDekQsU0FBUztpQkFDVjtxQkFBTTtvQkFDTCxzRkFBc0Y7b0JBQ3RGLE1BQU0sSUFBSSxLQUFLLENBQUMsc0NBQXNDLENBQUMsQ0FBQztpQkFDekQ7YUFDRjtZQUNELE1BQU0sS0FBSyxDQUFDO1NBQ2I7S0FDRixRQUFRLElBQUksRUFBRSxDQUFDLG9DQUFvQztBQUN0RCxDQUFDO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILEtBQUssVUFBVSxrQkFBa0IsQ0FBQyxZQUFvQixFQUFFLE1BQWUsRUFBRSxPQUF5QixFQUFFLGVBQXdCOztJQUMxSCwwRUFBMEU7SUFDMUUsK0VBQStFO0lBQy9FLDhFQUE4RTtJQUM5RSxvRkFBb0Y7SUFDcEYsSUFBSSxVQUFVLEdBQUcsQ0FBQSxPQUFPLGFBQVAsT0FBTyx1QkFBUCxPQUFPLENBQUUsVUFBVSxLQUFJLFNBQVMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDO0lBQzVFLE1BQU0sS0FBSyxHQUFHLE9BQUEsT0FBTyxhQUFQLE9BQU8sdUJBQVAsT0FBTyxDQUFFLFlBQVksMENBQUUsSUFBSSxLQUFJLFNBQVMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQztJQUN4RixHQUFHO1FBQ0QsSUFBSTtZQUNGLE1BQU0sY0FBYyxHQUFHLElBQUksR0FBRyxDQUFDLGNBQWMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxZQUFZLEVBQUUsTUFBTSxFQUFFLEdBQUcsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUNoRyxJQUFJLENBQUMsZUFBZSxFQUFFO2dCQUNwQixNQUFNLGNBQWMsQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7YUFDeEU7aUJBQU07Z0JBQ0wsTUFBTSxjQUFjLENBQUMsa0JBQWtCLENBQUMsRUFBRSxZQUFZLEVBQUUsZUFBZSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQzthQUN0RjtZQUNELE9BQU87U0FFUjtRQUFDLE9BQU8sS0FBSyxFQUFFO1lBQ2QsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLDJCQUEyQixFQUFFO2dCQUM5QyxJQUFJLFVBQVUsR0FBRyxDQUFDLEVBQUU7b0JBQ2xCLFVBQVUsRUFBRSxDQUFDO29CQUNiLE1BQU0sSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7b0JBQ3pELFNBQVM7aUJBQ1Y7cUJBQU07b0JBQ0wsc0ZBQXNGO29CQUN0RixNQUFNLElBQUksS0FBSyxDQUFDLHNDQUFzQyxDQUFDLENBQUM7aUJBQ3pEO2FBQ0Y7WUFDRCxNQUFNLEtBQUssQ0FBQztTQUNiO0tBQ0YsUUFBUSxJQUFJLEVBQUUsQ0FBQyxvQ0FBb0M7QUFDdEQsQ0FBQztBQUVNLEtBQUssVUFBVSxPQUFPLENBQUMsS0FBa0QsRUFBRSxPQUEwQjtJQUMxRyxJQUFJO1FBQ0YsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7UUFFbkMsdUJBQXVCO1FBQ3ZCLE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxZQUFZLENBQUM7UUFFM0QscUNBQXFDO1FBQ3JDLE1BQU0sY0FBYyxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxjQUFjLENBQUM7UUFFL0QsaUNBQWlDO1FBQ2pDLE1BQU0sWUFBWSxHQUFHLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUUxRSxJQUFJLEtBQUssQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLEtBQUssQ0FBQyxXQUFXLEtBQUssUUFBUSxFQUFFO1lBQ3BFLDhCQUE4QjtZQUM5QixNQUFNLGtCQUFrQixDQUFDLFlBQVksRUFBRSxjQUFjLEVBQUUsWUFBWSxDQUFDLENBQUM7WUFDckUsTUFBTSxrQkFBa0IsQ0FBQyxZQUFZLEVBQUUsY0FBYyxFQUFFLFlBQVksRUFBRSxRQUFRLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBRTdILElBQUksS0FBSyxDQUFDLFdBQVcsS0FBSyxRQUFRLEVBQUU7Z0JBQ2xDLHFFQUFxRTtnQkFDckUsMkZBQTJGO2dCQUMzRiw2RUFBNkU7Z0JBQzdFLDRFQUE0RTtnQkFDNUUsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUM7Z0JBQ3RDLE1BQU0sa0JBQWtCLENBQUMsZUFBZSxPQUFPLENBQUMsWUFBWSxFQUFFLEVBQUUsTUFBTSxFQUFFLFlBQVksQ0FBQyxDQUFDO2dCQUN0RiwwRkFBMEY7Z0JBQzFGLHlGQUF5RjtnQkFDekYsaUJBQWlCO2dCQUNqQixNQUFNLGtCQUFrQixDQUFDLGVBQWUsT0FBTyxDQUFDLFlBQVksRUFBRSxFQUFFLE1BQU0sRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDLENBQUM7YUFDMUY7U0FDRjtRQUVELE1BQU0sT0FBTyxDQUFDLFNBQVMsRUFBRSxJQUFJLEVBQUUsWUFBWSxDQUFDLENBQUM7S0FDOUM7SUFBQyxPQUFPLENBQUMsRUFBRTtRQUNWLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFZixNQUFNLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsWUFBWSxDQUFDLENBQUM7S0FDM0U7SUFFRCxTQUFTLE9BQU8sQ0FBQyxjQUFzQixFQUFFLE1BQWMsRUFBRSxrQkFBMEI7UUFDakYsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQztZQUNsQyxNQUFNLEVBQUUsY0FBYztZQUN0QixNQUFNLEVBQUUsTUFBTTtZQUNkLGtCQUFrQixFQUFFLGtCQUFrQjtZQUN0QyxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87WUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1lBQzFCLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7WUFDMUMsSUFBSSxFQUFFO2dCQUNKLG1GQUFtRjtnQkFDbkYsWUFBWSxFQUFFLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxZQUFZO2FBQ3BEO1NBQ0YsQ0FBQyxDQUFDO1FBRUgsT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLEVBQUUsWUFBWSxDQUFDLENBQUM7UUFFeEMsaUVBQWlFO1FBQ2pFLE1BQU0sU0FBUyxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzFELE1BQU0sY0FBYyxHQUFHO1lBQ3JCLFFBQVEsRUFBRSxTQUFTLENBQUMsUUFBUTtZQUM1QixJQUFJLEVBQUUsU0FBUyxDQUFDLElBQUk7WUFDcEIsTUFBTSxFQUFFLEtBQUs7WUFDYixPQUFPLEVBQUUsRUFBRSxjQUFjLEVBQUUsRUFBRSxFQUFFLGdCQUFnQixFQUFFLFlBQVksQ0FBQyxNQUFNLEVBQUU7U0FDdkUsQ0FBQztRQUVGLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEVBQUU7WUFDckMsSUFBSTtnQkFDRixpRUFBaUU7Z0JBQ2pFLE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUFFLE9BQU8sQ0FBQyxDQUFDO2dCQUNsRSxPQUFPLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDNUIsT0FBTyxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDNUIsT0FBTyxDQUFDLEdBQUcsRUFBRSxDQUFDO2FBQ2Y7WUFBQyxPQUFPLENBQUMsRUFBRTtnQkFDVixNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUM7YUFDWDtRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELFNBQVMsaUJBQWlCLENBQUMsVUFBZTtRQUN4QyxNQUFNLFlBQVksR0FBb0IsRUFBRSxDQUFDO1FBQ3pDLElBQUksVUFBVSxFQUFFO1lBQ2QsSUFBSSxVQUFVLENBQUMsVUFBVSxFQUFFO2dCQUN6QixZQUFZLENBQUMsVUFBVSxHQUFHLFFBQVEsQ0FBQyxVQUFVLENBQUMsVUFBVSxFQUFFLEVBQUUsQ0FBQyxDQUFDO2FBQy9EO1lBQ0QsSUFBSSxVQUFVLENBQUMsSUFBSSxFQUFFO2dCQUNuQixZQUFZLENBQUMsWUFBWSxHQUFHO29CQUMxQixJQUFJLEVBQUUsUUFBUSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDO2lCQUNwQyxDQUFDO2FBQ0g7U0FDRjtRQUNELE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7QUFDSCxDQUFDO0FBM0ZELDBCQTJGQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIG5vLWNvbnNvbGUgKi9cblxuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0ICogYXMgQVdTIGZyb20gJ2F3cy1zZGsnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHR5cGUgeyBSZXRyeURlbGF5T3B0aW9ucyB9IGZyb20gJ2F3cy1zZGsvbGliL2NvbmZpZy1iYXNlJztcblxuaW50ZXJmYWNlIFNka1JldHJ5T3B0aW9ucyB7XG4gIG1heFJldHJpZXM/OiBudW1iZXI7XG4gIHJldHJ5T3B0aW9ucz86IFJldHJ5RGVsYXlPcHRpb25zO1xufVxuXG4vKipcbiAqIENyZWF0ZXMgYSBsb2cgZ3JvdXAgYW5kIGRvZXNuJ3QgdGhyb3cgaWYgaXQgZXhpc3RzLlxuICpcbiAqIEBwYXJhbSBsb2dHcm91cE5hbWUgdGhlIG5hbWUgb2YgdGhlIGxvZyBncm91cCB0byBjcmVhdGUuXG4gKiBAcGFyYW0gcmVnaW9uIHRvIGNyZWF0ZSB0aGUgbG9nIGdyb3VwIGluXG4gKiBAcGFyYW0gb3B0aW9ucyBDbG91ZFdhdGNoIEFQSSBTREsgb3B0aW9ucy5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gY3JlYXRlTG9nR3JvdXBTYWZlKGxvZ0dyb3VwTmFtZTogc3RyaW5nLCByZWdpb24/OiBzdHJpbmcsIG9wdGlvbnM/OiBTZGtSZXRyeU9wdGlvbnMpIHtcbiAgLy8gSWYgd2Ugc2V0IHRoZSBsb2cgcmV0ZW50aW9uIGZvciBhIGxhbWJkYSwgdGhlbiBkdWUgdG8gdGhlIGFzeW5jIG5hdHVyZSBvZlxuICAvLyBMYW1iZGEgbG9nZ2luZyB0aGVyZSBjb3VsZCBiZSBhIHJhY2UgY29uZGl0aW9uIHdoZW4gdGhlIHNhbWUgbG9nIGdyb3VwIGlzXG4gIC8vIGFscmVhZHkgYmVpbmcgY3JlYXRlZCBieSB0aGUgbGFtYmRhIGV4ZWN1dGlvbi4gVGhpcyBjYW4gc29tZXRpbWUgcmVzdWx0IGluXG4gIC8vIGFuIGVycm9yIFwiT3BlcmF0aW9uQWJvcnRlZEV4Y2VwdGlvbjogQSBjb25mbGljdGluZyBvcGVyYXRpb24gaXMgY3VycmVudGx5XG4gIC8vIGluIHByb2dyZXNzLi4uUGxlYXNlIHRyeSBhZ2Fpbi5cIlxuICAvLyBUbyBhdm9pZCBhbiBlcnJvciwgd2UgZG8gYXMgcmVxdWVzdGVkIGFuZCB0cnkgYWdhaW4uXG4gIGxldCByZXRyeUNvdW50ID0gb3B0aW9ucz8ubWF4UmV0cmllcyA9PSB1bmRlZmluZWQgPyAxMCA6IG9wdGlvbnMubWF4UmV0cmllcztcbiAgY29uc3QgZGVsYXkgPSBvcHRpb25zPy5yZXRyeU9wdGlvbnM/LmJhc2UgPT0gdW5kZWZpbmVkID8gMTAgOiBvcHRpb25zLnJldHJ5T3B0aW9ucy5iYXNlO1xuICBkbyB7XG4gICAgdHJ5IHtcbiAgICAgIGNvbnN0IGNsb3Vkd2F0Y2hsb2dzID0gbmV3IEFXUy5DbG91ZFdhdGNoTG9ncyh7IGFwaVZlcnNpb246ICcyMDE0LTAzLTI4JywgcmVnaW9uLCAuLi5vcHRpb25zIH0pO1xuICAgICAgYXdhaXQgY2xvdWR3YXRjaGxvZ3MuY3JlYXRlTG9nR3JvdXAoeyBsb2dHcm91cE5hbWUgfSkucHJvbWlzZSgpO1xuICAgICAgcmV0dXJuO1xuICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICBpZiAoZXJyb3IuY29kZSA9PT0gJ1Jlc291cmNlQWxyZWFkeUV4aXN0c0V4Y2VwdGlvbicpIHtcbiAgICAgICAgLy8gVGhlIGxvZyBncm91cCBpcyBhbHJlYWR5IGNyZWF0ZWQgYnkgdGhlIGxhbWJkYSBleGVjdXRpb25cbiAgICAgICAgcmV0dXJuO1xuICAgICAgfVxuICAgICAgaWYgKGVycm9yLmNvZGUgPT09ICdPcGVyYXRpb25BYm9ydGVkRXhjZXB0aW9uJykge1xuICAgICAgICBpZiAocmV0cnlDb3VudCA+IDApIHtcbiAgICAgICAgICByZXRyeUNvdW50LS07XG4gICAgICAgICAgYXdhaXQgbmV3IFByb21pc2UocmVzb2x2ZSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIGRlbGF5KSk7XG4gICAgICAgICAgY29udGludWU7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgLy8gVGhlIGxvZyBncm91cCBpcyBzdGlsbCBiZWluZyBjcmVhdGVkIGJ5IGFub3RoZXIgZXhlY3V0aW9uIGJ1dCB3ZSBhcmUgb3V0IG9mIHJldHJpZXNcbiAgICAgICAgICB0aHJvdyBuZXcgRXJyb3IoJ091dCBvZiBhdHRlbXB0cyB0byBjcmVhdGUgYSBsb2dHcm91cCcpO1xuICAgICAgICB9XG4gICAgICB9XG4gICAgICB0aHJvdyBlcnJvcjtcbiAgICB9XG4gIH0gd2hpbGUgKHRydWUpOyAvLyBleGl0IGhhcHBlbnMgb24gcmV0cnkgY291bnQgY2hlY2tcbn1cblxuLyoqXG4gKiBQdXRzIG9yIGRlbGV0ZXMgYSByZXRlbnRpb24gcG9saWN5IG9uIGEgbG9nIGdyb3VwLlxuICpcbiAqIEBwYXJhbSBsb2dHcm91cE5hbWUgdGhlIG5hbWUgb2YgdGhlIGxvZyBncm91cCB0byBjcmVhdGVcbiAqIEBwYXJhbSByZWdpb24gdGhlIHJlZ2lvbiBvZiB0aGUgbG9nIGdyb3VwXG4gKiBAcGFyYW0gb3B0aW9ucyBDbG91ZFdhdGNoIEFQSSBTREsgb3B0aW9ucy5cbiAqIEBwYXJhbSByZXRlbnRpb25JbkRheXMgdGhlIG51bWJlciBvZiBkYXlzIHRvIHJldGFpbiB0aGUgbG9nIGV2ZW50cyBpbiB0aGUgc3BlY2lmaWVkIGxvZyBncm91cC5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gc2V0UmV0ZW50aW9uUG9saWN5KGxvZ0dyb3VwTmFtZTogc3RyaW5nLCByZWdpb24/OiBzdHJpbmcsIG9wdGlvbnM/OiBTZGtSZXRyeU9wdGlvbnMsIHJldGVudGlvbkluRGF5cz86IG51bWJlcikge1xuICAvLyBUaGUgc2FtZSBhcyBpbiBjcmVhdGVMb2dHcm91cFNhZmUoKSwgaGVyZSB3ZSBjb3VsZCBlbmQgdXAgd2l0aCB0aGUgcmFjZVxuICAvLyBjb25kaXRpb24gd2hlcmUgYSBsb2cgZ3JvdXAgaXMgZWl0aGVyIGFscmVhZHkgYmVpbmcgY3JlYXRlZCBvciBpdHMgcmV0ZW50aW9uXG4gIC8vIHBvbGljeSBpcyBiZWluZyB1cGRhdGVkLiBUaGlzIHdvdWxkIHJlc3VsdCBpbiBhbiBPcGVyYXRpb25BYm9ydGVkRXhjZXB0aW9uLFxuICAvLyB3aGljaCB3ZSB3aWxsIHRyeSB0byBjYXRjaCBhbmQgcmV0cnkgdGhlIGNvbW1hbmQgYSBudW1iZXIgb2YgdGltZXMgYmVmb3JlIGZhaWxpbmdcbiAgbGV0IHJldHJ5Q291bnQgPSBvcHRpb25zPy5tYXhSZXRyaWVzID09IHVuZGVmaW5lZCA/IDEwIDogb3B0aW9ucy5tYXhSZXRyaWVzO1xuICBjb25zdCBkZWxheSA9IG9wdGlvbnM/LnJldHJ5T3B0aW9ucz8uYmFzZSA9PSB1bmRlZmluZWQgPyAxMCA6IG9wdGlvbnMucmV0cnlPcHRpb25zLmJhc2U7XG4gIGRvIHtcbiAgICB0cnkge1xuICAgICAgY29uc3QgY2xvdWR3YXRjaGxvZ3MgPSBuZXcgQVdTLkNsb3VkV2F0Y2hMb2dzKHsgYXBpVmVyc2lvbjogJzIwMTQtMDMtMjgnLCByZWdpb24sIC4uLm9wdGlvbnMgfSk7XG4gICAgICBpZiAoIXJldGVudGlvbkluRGF5cykge1xuICAgICAgICBhd2FpdCBjbG91ZHdhdGNobG9ncy5kZWxldGVSZXRlbnRpb25Qb2xpY3koeyBsb2dHcm91cE5hbWUgfSkucHJvbWlzZSgpO1xuICAgICAgfSBlbHNlIHtcbiAgICAgICAgYXdhaXQgY2xvdWR3YXRjaGxvZ3MucHV0UmV0ZW50aW9uUG9saWN5KHsgbG9nR3JvdXBOYW1lLCByZXRlbnRpb25JbkRheXMgfSkucHJvbWlzZSgpO1xuICAgICAgfVxuICAgICAgcmV0dXJuO1xuXG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgIGlmIChlcnJvci5jb2RlID09PSAnT3BlcmF0aW9uQWJvcnRlZEV4Y2VwdGlvbicpIHtcbiAgICAgICAgaWYgKHJldHJ5Q291bnQgPiAwKSB7XG4gICAgICAgICAgcmV0cnlDb3VudC0tO1xuICAgICAgICAgIGF3YWl0IG5ldyBQcm9taXNlKHJlc29sdmUgPT4gc2V0VGltZW91dChyZXNvbHZlLCBkZWxheSkpO1xuICAgICAgICAgIGNvbnRpbnVlO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIC8vIFRoZSBsb2cgZ3JvdXAgaXMgc3RpbGwgYmVpbmcgY3JlYXRlZCBieSBhbm90aGVyIGV4ZWN1dGlvbiBidXQgd2UgYXJlIG91dCBvZiByZXRyaWVzXG4gICAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdPdXQgb2YgYXR0ZW1wdHMgdG8gY3JlYXRlIGEgbG9nR3JvdXAnKTtcbiAgICAgICAgfVxuICAgICAgfVxuICAgICAgdGhyb3cgZXJyb3I7XG4gICAgfVxuICB9IHdoaWxlICh0cnVlKTsgLy8gZXhpdCBoYXBwZW5zIG9uIHJldHJ5IGNvdW50IGNoZWNrXG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBoYW5kbGVyKGV2ZW50OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50LCBjb250ZXh0OiBBV1NMYW1iZGEuQ29udGV4dCkge1xuICB0cnkge1xuICAgIGNvbnNvbGUubG9nKEpTT04uc3RyaW5naWZ5KGV2ZW50KSk7XG5cbiAgICAvLyBUaGUgdGFyZ2V0IGxvZyBncm91cFxuICAgIGNvbnN0IGxvZ0dyb3VwTmFtZSA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5Mb2dHcm91cE5hbWU7XG5cbiAgICAvLyBUaGUgcmVnaW9uIG9mIHRoZSB0YXJnZXQgbG9nIGdyb3VwXG4gICAgY29uc3QgbG9nR3JvdXBSZWdpb24gPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuTG9nR3JvdXBSZWdpb247XG5cbiAgICAvLyBQYXJzZSB0byBBV1MgU0RLIHJldHJ5IG9wdGlvbnNcbiAgICBjb25zdCByZXRyeU9wdGlvbnMgPSBwYXJzZVJldHJ5T3B0aW9ucyhldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuU2RrUmV0cnkpO1xuXG4gICAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJyB8fCBldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ1VwZGF0ZScpIHtcbiAgICAgIC8vIEFjdCBvbiB0aGUgdGFyZ2V0IGxvZyBncm91cFxuICAgICAgYXdhaXQgY3JlYXRlTG9nR3JvdXBTYWZlKGxvZ0dyb3VwTmFtZSwgbG9nR3JvdXBSZWdpb24sIHJldHJ5T3B0aW9ucyk7XG4gICAgICBhd2FpdCBzZXRSZXRlbnRpb25Qb2xpY3kobG9nR3JvdXBOYW1lLCBsb2dHcm91cFJlZ2lvbiwgcmV0cnlPcHRpb25zLCBwYXJzZUludChldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuUmV0ZW50aW9uSW5EYXlzLCAxMCkpO1xuXG4gICAgICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdDcmVhdGUnKSB7XG4gICAgICAgIC8vIFNldCBhIHJldGVudGlvbiBwb2xpY3kgb2YgMSBkYXkgb24gdGhlIGxvZ3Mgb2YgdGhpcyB2ZXJ5IGZ1bmN0aW9uLlxuICAgICAgICAvLyBEdWUgdG8gdGhlIGFzeW5jIG5hdHVyZSBvZiB0aGUgbG9nIGdyb3VwIGNyZWF0aW9uLCB0aGUgbG9nIGdyb3VwIGZvciB0aGlzIGZ1bmN0aW9uIG1pZ2h0XG4gICAgICAgIC8vIHN0aWxsIGJlIG5vdCBjcmVhdGVkIHlldCBhdCB0aGlzIHBvaW50LiBUaGVyZWZvcmUgd2UgYXR0ZW1wdCB0byBjcmVhdGUgaXQuXG4gICAgICAgIC8vIEluIGNhc2UgaXQgaXMgYmVpbmcgY3JlYXRlZCwgY3JlYXRlTG9nR3JvdXBTYWZlIHdpbGwgaGFuZGxlIHRoZSBjb25mbGljdC5cbiAgICAgICAgY29uc3QgcmVnaW9uID0gcHJvY2Vzcy5lbnYuQVdTX1JFR0lPTjtcbiAgICAgICAgYXdhaXQgY3JlYXRlTG9nR3JvdXBTYWZlKGAvYXdzL2xhbWJkYS8ke2NvbnRleHQuZnVuY3Rpb25OYW1lfWAsIHJlZ2lvbiwgcmV0cnlPcHRpb25zKTtcbiAgICAgICAgLy8gSWYgY3JlYXRlTG9nR3JvdXBTYWZlIGZhaWxzLCB0aGUgbG9nIGdyb3VwIGlzIG5vdCBjcmVhdGVkIGV2ZW4gYWZ0ZXIgbXVsdGlwbGUgYXR0ZW1wdHMuXG4gICAgICAgIC8vIEluIHRoaXMgY2FzZSB3ZSBoYXZlIG5vdGhpbmcgdG8gc2V0IHRoZSByZXRlbnRpb24gcG9saWN5IG9uIGJ1dCBhbiBleGNlcHRpb24gd2lsbCBza2lwXG4gICAgICAgIC8vIHRoZSBuZXh0IGxpbmUuXG4gICAgICAgIGF3YWl0IHNldFJldGVudGlvblBvbGljeShgL2F3cy9sYW1iZGEvJHtjb250ZXh0LmZ1bmN0aW9uTmFtZX1gLCByZWdpb24sIHJldHJ5T3B0aW9ucywgMSk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgYXdhaXQgcmVzcG9uZCgnU1VDQ0VTUycsICdPSycsIGxvZ0dyb3VwTmFtZSk7XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICBjb25zb2xlLmxvZyhlKTtcblxuICAgIGF3YWl0IHJlc3BvbmQoJ0ZBSUxFRCcsIGUubWVzc2FnZSwgZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzLkxvZ0dyb3VwTmFtZSk7XG4gIH1cblxuICBmdW5jdGlvbiByZXNwb25kKHJlc3BvbnNlU3RhdHVzOiBzdHJpbmcsIHJlYXNvbjogc3RyaW5nLCBwaHlzaWNhbFJlc291cmNlSWQ6IHN0cmluZykge1xuICAgIGNvbnN0IHJlc3BvbnNlQm9keSA9IEpTT04uc3RyaW5naWZ5KHtcbiAgICAgIFN0YXR1czogcmVzcG9uc2VTdGF0dXMsXG4gICAgICBSZWFzb246IHJlYXNvbixcbiAgICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogcGh5c2ljYWxSZXNvdXJjZUlkLFxuICAgICAgU3RhY2tJZDogZXZlbnQuU3RhY2tJZCxcbiAgICAgIFJlcXVlc3RJZDogZXZlbnQuUmVxdWVzdElkLFxuICAgICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgICAgRGF0YToge1xuICAgICAgICAvLyBBZGQgbG9nIGdyb3VwIG5hbWUgYXMgcGFydCBvZiB0aGUgcmVzcG9uc2Ugc28gdGhhdCBpdCdzIGF2YWlsYWJsZSB2aWEgRm46OkdldEF0dFxuICAgICAgICBMb2dHcm91cE5hbWU6IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5Mb2dHcm91cE5hbWUsXG4gICAgICB9LFxuICAgIH0pO1xuXG4gICAgY29uc29sZS5sb2coJ1Jlc3BvbmRpbmcnLCByZXNwb25zZUJvZHkpO1xuXG4gICAgLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1yZXF1aXJlLWltcG9ydHNcbiAgICBjb25zdCBwYXJzZWRVcmwgPSByZXF1aXJlKCd1cmwnKS5wYXJzZShldmVudC5SZXNwb25zZVVSTCk7XG4gICAgY29uc3QgcmVxdWVzdE9wdGlvbnMgPSB7XG4gICAgICBob3N0bmFtZTogcGFyc2VkVXJsLmhvc3RuYW1lLFxuICAgICAgcGF0aDogcGFyc2VkVXJsLnBhdGgsXG4gICAgICBtZXRob2Q6ICdQVVQnLFxuICAgICAgaGVhZGVyczogeyAnY29udGVudC10eXBlJzogJycsICdjb250ZW50LWxlbmd0aCc6IHJlc3BvbnNlQm9keS5sZW5ndGggfSxcbiAgICB9O1xuXG4gICAgcmV0dXJuIG5ldyBQcm9taXNlKChyZXNvbHZlLCByZWplY3QpID0+IHtcbiAgICAgIHRyeSB7XG4gICAgICAgIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tcmVxdWlyZS1pbXBvcnRzXG4gICAgICAgIGNvbnN0IHJlcXVlc3QgPSByZXF1aXJlKCdodHRwcycpLnJlcXVlc3QocmVxdWVzdE9wdGlvbnMsIHJlc29sdmUpO1xuICAgICAgICByZXF1ZXN0Lm9uKCdlcnJvcicsIHJlamVjdCk7XG4gICAgICAgIHJlcXVlc3Qud3JpdGUocmVzcG9uc2VCb2R5KTtcbiAgICAgICAgcmVxdWVzdC5lbmQoKTtcbiAgICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgICAgcmVqZWN0KGUpO1xuICAgICAgfVxuICAgIH0pO1xuICB9XG5cbiAgZnVuY3Rpb24gcGFyc2VSZXRyeU9wdGlvbnMocmF3T3B0aW9uczogYW55KTogU2RrUmV0cnlPcHRpb25zIHtcbiAgICBjb25zdCByZXRyeU9wdGlvbnM6IFNka1JldHJ5T3B0aW9ucyA9IHt9O1xuICAgIGlmIChyYXdPcHRpb25zKSB7XG4gICAgICBpZiAocmF3T3B0aW9ucy5tYXhSZXRyaWVzKSB7XG4gICAgICAgIHJldHJ5T3B0aW9ucy5tYXhSZXRyaWVzID0gcGFyc2VJbnQocmF3T3B0aW9ucy5tYXhSZXRyaWVzLCAxMCk7XG4gICAgICB9XG4gICAgICBpZiAocmF3T3B0aW9ucy5iYXNlKSB7XG4gICAgICAgIHJldHJ5T3B0aW9ucy5yZXRyeU9wdGlvbnMgPSB7XG4gICAgICAgICAgYmFzZTogcGFyc2VJbnQocmF3T3B0aW9ucy5iYXNlLCAxMCksXG4gICAgICAgIH07XG4gICAgICB9XG4gICAgfVxuICAgIHJldHVybiByZXRyeU9wdGlvbnM7XG4gIH1cbn1cbiJdfQ==
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.ts b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.ts
deleted file mode 100644
index d2c14e5a72cc7..0000000000000
--- a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/index.ts
+++ /dev/null
@@ -1,186 +0,0 @@
-/* eslint-disable no-console */
-
-// eslint-disable-next-line import/no-extraneous-dependencies
-import * as AWS from 'aws-sdk';
-// eslint-disable-next-line import/no-extraneous-dependencies
-import type { RetryDelayOptions } from 'aws-sdk/lib/config-base';
-
-interface SdkRetryOptions {
- maxRetries?: number;
- retryOptions?: RetryDelayOptions;
-}
-
-/**
- * Creates a log group and doesn't throw if it exists.
- *
- * @param logGroupName the name of the log group to create.
- * @param region to create the log group in
- * @param options CloudWatch API SDK options.
- */
-async function createLogGroupSafe(logGroupName: string, region?: string, options?: SdkRetryOptions) {
- // If we set the log retention for a lambda, then due to the async nature of
- // Lambda logging there could be a race condition when the same log group is
- // already being created by the lambda execution. This can sometime result in
- // an error "OperationAbortedException: A conflicting operation is currently
- // in progress...Please try again."
- // To avoid an error, we do as requested and try again.
- let retryCount = options?.maxRetries == undefined ? 10 : options.maxRetries;
- const delay = options?.retryOptions?.base == undefined ? 10 : options.retryOptions.base;
- do {
- try {
- const cloudwatchlogs = new AWS.CloudWatchLogs({ apiVersion: '2014-03-28', region, ...options });
- await cloudwatchlogs.createLogGroup({ logGroupName }).promise();
- return;
- } catch (error) {
- if (error.code === 'ResourceAlreadyExistsException') {
- // The log group is already created by the lambda execution
- return;
- }
- if (error.code === 'OperationAbortedException') {
- if (retryCount > 0) {
- retryCount--;
- await new Promise(resolve => setTimeout(resolve, delay));
- continue;
- } else {
- // The log group is still being created by another execution but we are out of retries
- throw new Error('Out of attempts to create a logGroup');
- }
- }
- throw error;
- }
- } while (true); // exit happens on retry count check
-}
-
-/**
- * Puts or deletes a retention policy on a log group.
- *
- * @param logGroupName the name of the log group to create
- * @param region the region of the log group
- * @param options CloudWatch API SDK options.
- * @param retentionInDays the number of days to retain the log events in the specified log group.
- */
-async function setRetentionPolicy(logGroupName: string, region?: string, options?: SdkRetryOptions, retentionInDays?: number) {
- // The same as in createLogGroupSafe(), here we could end up with the race
- // condition where a log group is either already being created or its retention
- // policy is being updated. This would result in an OperationAbortedException,
- // which we will try to catch and retry the command a number of times before failing
- let retryCount = options?.maxRetries == undefined ? 10 : options.maxRetries;
- const delay = options?.retryOptions?.base == undefined ? 10 : options.retryOptions.base;
- do {
- try {
- const cloudwatchlogs = new AWS.CloudWatchLogs({ apiVersion: '2014-03-28', region, ...options });
- if (!retentionInDays) {
- await cloudwatchlogs.deleteRetentionPolicy({ logGroupName }).promise();
- } else {
- await cloudwatchlogs.putRetentionPolicy({ logGroupName, retentionInDays }).promise();
- }
- return;
-
- } catch (error) {
- if (error.code === 'OperationAbortedException') {
- if (retryCount > 0) {
- retryCount--;
- await new Promise(resolve => setTimeout(resolve, delay));
- continue;
- } else {
- // The log group is still being created by another execution but we are out of retries
- throw new Error('Out of attempts to create a logGroup');
- }
- }
- throw error;
- }
- } while (true); // exit happens on retry count check
-}
-
-export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent, context: AWSLambda.Context) {
- try {
- console.log(JSON.stringify(event));
-
- // The target log group
- const logGroupName = event.ResourceProperties.LogGroupName;
-
- // The region of the target log group
- const logGroupRegion = event.ResourceProperties.LogGroupRegion;
-
- // Parse to AWS SDK retry options
- const retryOptions = parseRetryOptions(event.ResourceProperties.SdkRetry);
-
- if (event.RequestType === 'Create' || event.RequestType === 'Update') {
- // Act on the target log group
- await createLogGroupSafe(logGroupName, logGroupRegion, retryOptions);
- await setRetentionPolicy(logGroupName, logGroupRegion, retryOptions, parseInt(event.ResourceProperties.RetentionInDays, 10));
-
- if (event.RequestType === 'Create') {
- // Set a retention policy of 1 day on the logs of this very function.
- // Due to the async nature of the log group creation, the log group for this function might
- // still be not created yet at this point. Therefore we attempt to create it.
- // In case it is being created, createLogGroupSafe will handle the conflict.
- const region = process.env.AWS_REGION;
- await createLogGroupSafe(`/aws/lambda/${context.functionName}`, region, retryOptions);
- // If createLogGroupSafe fails, the log group is not created even after multiple attempts.
- // In this case we have nothing to set the retention policy on but an exception will skip
- // the next line.
- await setRetentionPolicy(`/aws/lambda/${context.functionName}`, region, retryOptions, 1);
- }
- }
-
- await respond('SUCCESS', 'OK', logGroupName);
- } catch (e) {
- console.log(e);
-
- await respond('FAILED', e.message, event.ResourceProperties.LogGroupName);
- }
-
- function respond(responseStatus: string, reason: string, physicalResourceId: string) {
- const responseBody = JSON.stringify({
- Status: responseStatus,
- Reason: reason,
- PhysicalResourceId: physicalResourceId,
- StackId: event.StackId,
- RequestId: event.RequestId,
- LogicalResourceId: event.LogicalResourceId,
- Data: {
- // Add log group name as part of the response so that it's available via Fn::GetAtt
- LogGroupName: event.ResourceProperties.LogGroupName,
- },
- });
-
- console.log('Responding', responseBody);
-
- // eslint-disable-next-line @typescript-eslint/no-require-imports
- const parsedUrl = require('url').parse(event.ResponseURL);
- const requestOptions = {
- hostname: parsedUrl.hostname,
- path: parsedUrl.path,
- method: 'PUT',
- headers: { 'content-type': '', 'content-length': responseBody.length },
- };
-
- return new Promise((resolve, reject) => {
- try {
- // eslint-disable-next-line @typescript-eslint/no-require-imports
- const request = require('https').request(requestOptions, resolve);
- request.on('error', reject);
- request.write(responseBody);
- request.end();
- } catch (e) {
- reject(e);
- }
- });
- }
-
- function parseRetryOptions(rawOptions: any): SdkRetryOptions {
- const retryOptions: SdkRetryOptions = {};
- if (rawOptions) {
- if (rawOptions.maxRetries) {
- retryOptions.maxRetries = parseInt(rawOptions.maxRetries, 10);
- }
- if (rawOptions.base) {
- retryOptions.retryOptions = {
- base: parseInt(rawOptions.base, 10),
- };
- }
- }
- return retryOptions;
- }
-}
diff --git a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.assets.json b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.assets.json
index b5f8e22a7ebee..9f33a88befcd5 100644
--- a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.assets.json
+++ b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.assets.json
@@ -1,20 +1,20 @@
{
"version": "20.0.0",
"files": {
- "22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665": {
+ "af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b": {
"source": {
- "path": "asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665",
+ "path": "asset.af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b",
"packaging": "zip"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665.zip",
+ "objectKey": "af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b.zip",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
},
- "1090427864de85daf0a7222efa793fde9fe83cadad48a9d8095ee2c67b0f94b5": {
+ "098893bf824e1d22a1a3bab7a8ac2ff5eab0638bef3f5938212e218d09852aab": {
"source": {
"path": "aws-cdk-rds-instance.template.json",
"packaging": "file"
@@ -22,7 +22,7 @@
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "1090427864de85daf0a7222efa793fde9fe83cadad48a9d8095ee2c67b0f94b5.json",
+ "objectKey": "098893bf824e1d22a1a3bab7a8ac2ff5eab0638bef3f5938212e218d09852aab.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
diff --git a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.template.json b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.template.json
index 3644bc19bdf4f..2103e0fa90ead 100644
--- a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.template.json
+++ b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/aws-cdk-rds-instance.template.json
@@ -901,7 +901,9 @@
},
"excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
}
- }
+ },
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
},
"InstanceAvailabilityAD5D452C": {
"Type": "AWS::Events::Rule",
@@ -1036,7 +1038,7 @@
"Runtime": "nodejs14.x",
"Code": {
"S3Bucket": {
- "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B"
+ "Ref": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3Bucket2E84C3BE"
},
"S3Key": {
"Fn::Join": [
@@ -1049,7 +1051,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332"
+ "Ref": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3VersionKey91073FC4"
}
]
}
@@ -1062,7 +1064,7 @@
"Fn::Split": [
"||",
{
- "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332"
+ "Ref": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3VersionKey91073FC4"
}
]
}
@@ -1172,17 +1174,17 @@
}
},
"Parameters": {
- "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B": {
+ "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3Bucket2E84C3BE": {
"Type": "String",
- "Description": "S3 bucket for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\""
+ "Description": "S3 bucket for asset \"af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b\""
},
- "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332": {
+ "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3VersionKey91073FC4": {
"Type": "String",
- "Description": "S3 key for asset version \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\""
+ "Description": "S3 key for asset version \"af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b\""
},
- "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665ArtifactHashF4A1E70E": {
+ "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bArtifactHash61CB979E": {
"Type": "String",
- "Description": "Artifact hash for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\""
+ "Description": "Artifact hash for asset \"af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b\""
}
}
}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/manifest.json
index 541d9b21c7b01..b66945eefef43 100644
--- a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/manifest.json
+++ b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/manifest.json
@@ -19,13 +19,13 @@
{
"type": "aws:cdk:asset",
"data": {
- "path": "asset.22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665",
- "id": "22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665",
+ "path": "asset.af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b",
+ "id": "af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b",
"packaging": "zip",
- "sourceHash": "22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665",
- "s3BucketParameter": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B",
- "s3KeyParameter": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332",
- "artifactHashParameter": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665ArtifactHashF4A1E70E"
+ "sourceHash": "af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b",
+ "s3BucketParameter": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3Bucket2E84C3BE",
+ "s3KeyParameter": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3VersionKey91073FC4",
+ "artifactHashParameter": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bArtifactHash61CB979E"
}
}
],
@@ -317,22 +317,22 @@
"data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A"
}
],
- "/aws-cdk-rds-instance/AssetParameters/22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/S3Bucket": [
+ "/aws-cdk-rds-instance/AssetParameters/af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b/S3Bucket": [
{
"type": "aws:cdk:logicalId",
- "data": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B"
+ "data": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3Bucket2E84C3BE"
}
],
- "/aws-cdk-rds-instance/AssetParameters/22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/S3VersionKey": [
+ "/aws-cdk-rds-instance/AssetParameters/af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b/S3VersionKey": [
{
"type": "aws:cdk:logicalId",
- "data": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332"
+ "data": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bS3VersionKey91073FC4"
}
],
- "/aws-cdk-rds-instance/AssetParameters/22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/ArtifactHash": [
+ "/aws-cdk-rds-instance/AssetParameters/af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b/ArtifactHash": [
{
"type": "aws:cdk:logicalId",
- "data": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665ArtifactHashF4A1E70E"
+ "data": "AssetParametersaf4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8bArtifactHash61CB979E"
}
],
"/aws-cdk-rds-instance/HighCPU/Resource": [
diff --git a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/tree.json b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/tree.json
index 91c58543ec637..62b2354454c0c 100644
--- a/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/tree.json
+++ b/packages/@aws-cdk/aws-rds/test/instance.lit.integ.snapshot/tree.json
@@ -9,7 +9,7 @@
"path": "Tree",
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
},
"aws-cdk-rds-instance": {
@@ -1645,20 +1645,20 @@
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
},
"AssetParameters": {
"id": "AssetParameters",
"path": "aws-cdk-rds-instance/AssetParameters",
"children": {
- "22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665": {
- "id": "22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665",
- "path": "aws-cdk-rds-instance/AssetParameters/22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665",
+ "af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b": {
+ "id": "af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b",
+ "path": "aws-cdk-rds-instance/AssetParameters/af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b",
"children": {
"S3Bucket": {
"id": "S3Bucket",
- "path": "aws-cdk-rds-instance/AssetParameters/22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/S3Bucket",
+ "path": "aws-cdk-rds-instance/AssetParameters/af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b/S3Bucket",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
@@ -1666,7 +1666,7 @@
},
"S3VersionKey": {
"id": "S3VersionKey",
- "path": "aws-cdk-rds-instance/AssetParameters/22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/S3VersionKey",
+ "path": "aws-cdk-rds-instance/AssetParameters/af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b/S3VersionKey",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
@@ -1674,7 +1674,7 @@
},
"ArtifactHash": {
"id": "ArtifactHash",
- "path": "aws-cdk-rds-instance/AssetParameters/22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665/ArtifactHash",
+ "path": "aws-cdk-rds-instance/AssetParameters/af4ed033ae57b4313cf2e73fe9eb52500f1319be4e9212747877583220481c8b/ArtifactHash",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
@@ -1683,13 +1683,13 @@
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
}
},
"constructInfo": {
"fqn": "constructs.Construct",
- "version": "10.0.9"
+ "version": "10.1.33"
}
},
"HighCPU": {
diff --git a/packages/@aws-cdk/aws-secretsmanager/lib/secret-rotation.ts b/packages/@aws-cdk/aws-secretsmanager/lib/secret-rotation.ts
index 5c421cf04c5c8..41253801bc88e 100644
--- a/packages/@aws-cdk/aws-secretsmanager/lib/secret-rotation.ts
+++ b/packages/@aws-cdk/aws-secretsmanager/lib/secret-rotation.ts
@@ -1,7 +1,7 @@
import * as ec2 from '@aws-cdk/aws-ec2';
import * as lambda from '@aws-cdk/aws-lambda';
import * as serverless from '@aws-cdk/aws-sam';
-import { Duration, Names, Stack, Token, CfnMapping, Aws } from '@aws-cdk/core';
+import { Duration, Names, Stack, Token, CfnMapping, Aws, RemovalPolicy } from '@aws-cdk/core';
import { Construct } from 'constructs';
import { ISecret } from './secret';
@@ -329,6 +329,7 @@ export class SecretRotation extends Construct {
},
parameters,
});
+ application.applyRemovalPolicy(RemovalPolicy.DESTROY);
// This creates a CF a dependency between the rotation schedule and the
// serverless application. This is needed because it's the application
diff --git a/packages/@aws-cdk/aws-secretsmanager/test/secret-rotation.test.ts b/packages/@aws-cdk/aws-secretsmanager/test/secret-rotation.test.ts
index c6c153ce83ae6..81656443c5efe 100644
--- a/packages/@aws-cdk/aws-secretsmanager/test/secret-rotation.test.ts
+++ b/packages/@aws-cdk/aws-secretsmanager/test/secret-rotation.test.ts
@@ -72,54 +72,58 @@ test('secret rotation single user', () => {
GroupDescription: 'Default/SecretRotation/SecurityGroup',
});
- Template.fromStack(stack).hasResourceProperties('AWS::Serverless::Application', {
- Location: {
- ApplicationId: {
- 'Fn::FindInMap': ['SecretRotationSARMappingC10A2F5D', { Ref: 'AWS::Partition' }, 'applicationId'],
- },
- SemanticVersion: {
- 'Fn::FindInMap': ['SecretRotationSARMappingC10A2F5D', { Ref: 'AWS::Partition' }, 'semanticVersion'],
+ Template.fromStack(stack).hasResource('AWS::Serverless::Application', {
+ Properties: {
+ Location: {
+ ApplicationId: {
+ 'Fn::FindInMap': ['SecretRotationSARMappingC10A2F5D', { Ref: 'AWS::Partition' }, 'applicationId'],
+ },
+ SemanticVersion: {
+ 'Fn::FindInMap': ['SecretRotationSARMappingC10A2F5D', { Ref: 'AWS::Partition' }, 'semanticVersion'],
+ },
},
- },
- Parameters: {
- endpoint: {
- 'Fn::Join': [
- '',
- [
- 'https://secretsmanager.',
- {
- Ref: 'AWS::Region',
- },
- '.',
- {
- Ref: 'AWS::URLSuffix',
- },
+ Parameters: {
+ endpoint: {
+ 'Fn::Join': [
+ '',
+ [
+ 'https://secretsmanager.',
+ {
+ Ref: 'AWS::Region',
+ },
+ '.',
+ {
+ Ref: 'AWS::URLSuffix',
+ },
+ ],
],
- ],
- },
- functionName: 'SecretRotation',
- excludeCharacters: excludeCharacters,
- vpcSecurityGroupIds: {
- 'Fn::GetAtt': [
- 'SecretRotationSecurityGroup9985012B',
- 'GroupId',
- ],
- },
- vpcSubnetIds: {
- 'Fn::Join': [
- '',
- [
- {
- Ref: 'VPCPrivateSubnet1Subnet8BCA10E0',
- },
- ',',
- {
- Ref: 'VPCPrivateSubnet2SubnetCFCDAA7A',
- },
+ },
+ functionName: 'SecretRotation',
+ excludeCharacters: excludeCharacters,
+ vpcSecurityGroupIds: {
+ 'Fn::GetAtt': [
+ 'SecretRotationSecurityGroup9985012B',
+ 'GroupId',
],
- ],
+ },
+ vpcSubnetIds: {
+ 'Fn::Join': [
+ '',
+ [
+ {
+ Ref: 'VPCPrivateSubnet1Subnet8BCA10E0',
+ },
+ ',',
+ {
+ Ref: 'VPCPrivateSubnet2SubnetCFCDAA7A',
+ },
+ ],
+ ],
+ },
},
},
+ DeletionPolicy: 'Delete',
+ UpdateReplacePolicy: 'Delete',
});
Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::ResourcePolicy', {
From 3bf737bd172eda016d2e9bb7c5f40c001399fd23 Mon Sep 17 00:00:00 2001
From: Rico Huijbers
Date: Thu, 30 Jun 2022 13:08:28 +0200
Subject: [PATCH 14/20] feat(iam): PolicyStatements can be frozen (#20911)
PolicyStatements now have a `freeze()` method, which prevents further
modification. `freeze()` is called just prior to rendering and other
statement manipulation.
This has two benefits:
- Construct authors can `freeze()` statements and be sure that consumer
code holding a reference to the statement can no longer mutate it
later.
- Third-party library authors that generate IAM statements lazily
(specifically, `cdk-iam-floyd`) can hook into the `freeze()` method
to do their generation.
----
### All Submissions:
* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
### Adding new Unconventional Dependencies:
* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)
### New Features
* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
.../@aws-cdk/aws-iam/lib/policy-document.ts | 11 +++
.../@aws-cdk/aws-iam/lib/policy-statement.ts | 86 ++++++++++++++++---
.../aws-iam/test/merge-statements.test.ts | 33 +++++++
.../aws-iam/test/policy-statement.test.ts | 29 ++++++-
4 files changed, 146 insertions(+), 13 deletions(-)
diff --git a/packages/@aws-cdk/aws-iam/lib/policy-document.ts b/packages/@aws-cdk/aws-iam/lib/policy-document.ts
index f41ef46812a92..c11e41312b1ce 100644
--- a/packages/@aws-cdk/aws-iam/lib/policy-document.ts
+++ b/packages/@aws-cdk/aws-iam/lib/policy-document.ts
@@ -76,6 +76,7 @@ export class PolicyDocument implements cdk.IResolvable {
}
public resolve(context: cdk.IResolveContext): any {
+ this.freezeStatements();
this._maybeMergeStatements(context.scope);
// In the previous implementation of 'merge', sorting of actions/resources on
@@ -212,6 +213,7 @@ export class PolicyDocument implements cdk.IResolvable {
const newDocs: PolicyDocument[] = [];
// Maps final statements to original statements
+ this.freezeStatements();
let statementsToOriginals = new Map(this.statements.map(s => [s, [s]]));
// We always run 'mergeStatements' to minimize the policy before splitting.
@@ -298,4 +300,13 @@ export class PolicyDocument implements cdk.IResolvable {
private shouldMerge(scope: IConstruct) {
return this.minimize ?? cdk.FeatureFlags.of(scope).isEnabled(cxapi.IAM_MINIMIZE_POLICIES) ?? false;
}
+
+ /**
+ * Freeze all statements
+ */
+ private freezeStatements() {
+ for (const statement of this.statements) {
+ statement.freeze();
+ }
+ }
}
diff --git a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts
index 19cf7cff8b85b..f912a4c180182 100644
--- a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts
+++ b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts
@@ -69,16 +69,6 @@ export class PolicyStatement {
return ret;
}
- /**
- * Statement ID for this statement
- */
- public sid?: string;
-
- /**
- * Whether to allow or deny the actions in this statement
- */
- public effect: Effect;
-
private readonly _action = new Array();
private readonly _notAction = new Array();
private readonly _principal: { [key: string]: any[] } = {};
@@ -86,11 +76,14 @@ export class PolicyStatement {
private readonly _resource = new Array();
private readonly _notResource = new Array();
private readonly _condition: { [key: string]: any } = { };
+ private _sid?: string;
+ private _effect: Effect;
private principalConditionsJson?: string;
// Hold on to those principals
private readonly _principals = new Array();
private readonly _notPrincipals = new Array();
+ private _frozen = false;
constructor(props: PolicyStatementProps = {}) {
// Validate actions
@@ -101,8 +94,8 @@ export class PolicyStatement {
}
}
- this.sid = props.sid;
- this.effect = props.effect || Effect.ALLOW;
+ this._sid = props.sid;
+ this._effect = props.effect || Effect.ALLOW;
this.addActions(...props.actions || []);
this.addNotActions(...props.notActions || []);
@@ -115,6 +108,36 @@ export class PolicyStatement {
}
}
+ /**
+ * Statement ID for this statement
+ */
+ public get sid(): string | undefined {
+ return this._sid;
+ }
+
+ /**
+ * Set Statement ID for this statement
+ */
+ public set sid(sid: string | undefined) {
+ this.assertNotFrozen('sid');
+ this._sid = sid;
+ }
+
+ /**
+ * Whether to allow or deny the actions in this statement
+ */
+ public get effect(): Effect {
+ return this._effect;
+ }
+
+ /**
+ * Set effect for this statement
+ */
+ public set effect(effect: Effect) {
+ this.assertNotFrozen('effect');
+ this._effect = effect;
+ }
+
//
// Actions
//
@@ -127,6 +150,7 @@ export class PolicyStatement {
* @param actions actions that will be allowed.
*/
public addActions(...actions: string[]) {
+ this.assertNotFrozen('addActions');
if (actions.length > 0 && this._notAction.length > 0) {
throw new Error('Cannot add \'Actions\' to policy statement if \'NotActions\' have been added');
}
@@ -142,6 +166,7 @@ export class PolicyStatement {
* @param notActions actions that will be denied. All other actions will be permitted.
*/
public addNotActions(...notActions: string[]) {
+ this.assertNotFrozen('addNotActions');
if (notActions.length > 0 && this._action.length > 0) {
throw new Error('Cannot add \'NotActions\' to policy statement if \'Actions\' have been added');
}
@@ -167,6 +192,7 @@ export class PolicyStatement {
* @param principals IAM principals that will be added
*/
public addPrincipals(...principals: IPrincipal[]) {
+ this.assertNotFrozen('addPrincipals');
this._principals.push(...principals);
if (Object.keys(principals).length > 0 && Object.keys(this._notPrincipal).length > 0) {
throw new Error('Cannot add \'Principals\' to policy statement if \'NotPrincipals\' have been added');
@@ -188,6 +214,7 @@ export class PolicyStatement {
* @param notPrincipals IAM principals that will be denied access
*/
public addNotPrincipals(...notPrincipals: IPrincipal[]) {
+ this.assertNotFrozen('addNotPrincipals');
this._notPrincipals.push(...notPrincipals);
if (Object.keys(notPrincipals).length > 0 && Object.keys(this._principal).length > 0) {
throw new Error('Cannot add \'NotPrincipals\' to policy statement if \'Principals\' have been added');
@@ -280,6 +307,7 @@ export class PolicyStatement {
* @param arns Amazon Resource Names (ARNs) of the resources that this policy statement applies to
*/
public addResources(...arns: string[]) {
+ this.assertNotFrozen('addResources');
if (arns.length > 0 && this._notResource.length > 0) {
throw new Error('Cannot add \'Resources\' to policy statement if \'NotResources\' have been added');
}
@@ -295,6 +323,7 @@ export class PolicyStatement {
* @param arns Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to
*/
public addNotResources(...arns: string[]) {
+ this.assertNotFrozen('addNotResources');
if (arns.length > 0 && this._resource.length > 0) {
throw new Error('Cannot add \'NotResources\' to policy statement if \'Resources\' have been added');
}
@@ -344,6 +373,7 @@ export class PolicyStatement {
* ```
*/
public addCondition(key: string, value: Condition) {
+ this.assertNotFrozen('addCondition');
const existingValue = this._condition[key];
this._condition[key] = existingValue ? { ...existingValue, ...value } : value;
}
@@ -544,6 +574,29 @@ export class PolicyStatement {
return { ...this._condition };
}
+ /**
+ * Make the PolicyStatement immutable
+ *
+ * After calling this, any of the `addXxx()` methods will throw an exception.
+ *
+ * Libraries that lazily generate statement bodies can override this method to
+ * fill the actual PolicyStatement fields. Be aware that this method may be called
+ * multiple times.
+ */
+ public freeze(): PolicyStatement {
+ this._frozen = true;
+ return this;
+ }
+
+ /**
+ * Whether the PolicyStatement has been frozen
+ *
+ * The statement object is frozen when `freeze()` is called.
+ */
+ public get frozen(): boolean {
+ return this._frozen;
+ }
+
/**
* Estimate the size of this policy statement
*
@@ -577,6 +630,15 @@ export class PolicyStatement {
}
}
}
+
+ /**
+ * Throw an exception when the object is frozen
+ */
+ private assertNotFrozen(method: string) {
+ if (this._frozen) {
+ throw new Error(`${method}: freeze() has been called on this PolicyStatement previously, so it can no longer be modified`);
+ }
+ }
}
/**
diff --git a/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts b/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts
index 061db0e134d02..c4d84204352f6 100644
--- a/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts
+++ b/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts
@@ -471,6 +471,25 @@ test('keep merging even if it requires multiple passes', () => {
]);
});
+test('lazily generated statements are merged correctly', () => {
+ assertMerged([
+ new LazyStatement((s) => {
+ s.addActions('service:A');
+ s.addResources('R1');
+ }),
+ new LazyStatement((s) => {
+ s.addActions('service:B');
+ s.addResources('R1');
+ }),
+ ], [
+ {
+ Effect: 'Allow',
+ Action: ['service:A', 'service:B'],
+ Resource: 'R1',
+ },
+ ]);
+});
+
function assertNoMerge(statements: iam.PolicyStatement[]) {
const app = new App();
const stack = new Stack(app, 'Stack');
@@ -499,3 +518,17 @@ function assertMerged(statements: iam.PolicyStatement[], expected: any[]) {
function assertMergedC(doMerge: boolean, statements: iam.PolicyStatement[], expected: any[]) {
return doMerge ? assertMerged(statements, expected) : assertNoMerge(statements);
}
+
+/**
+ * A statement that fills itself only when freeze() is called.
+ */
+class LazyStatement extends iam.PolicyStatement {
+ constructor(private readonly modifyMe: (x: iam.PolicyStatement) => void) {
+ super();
+ }
+
+ public freeze() {
+ this.modifyMe(this);
+ return super.freeze();
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/aws-iam/test/policy-statement.test.ts b/packages/@aws-cdk/aws-iam/test/policy-statement.test.ts
index 7498ee2814d80..ec1f9f691f727 100644
--- a/packages/@aws-cdk/aws-iam/test/policy-statement.test.ts
+++ b/packages/@aws-cdk/aws-iam/test/policy-statement.test.ts
@@ -1,5 +1,5 @@
import { Stack } from '@aws-cdk/core';
-import { AnyPrincipal, Group, PolicyDocument, PolicyStatement } from '../lib';
+import { AnyPrincipal, Group, PolicyDocument, PolicyStatement, Effect } from '../lib';
describe('IAM policy statement', () => {
@@ -214,4 +214,31 @@ describe('IAM policy statement', () => {
expect(() => policyStatement.addNotPrincipals(group))
.toThrow(/Cannot use an IAM Group as the 'Principal' or 'NotPrincipal' in an IAM Policy/);
});
+
+
+ test('a frozen policy statement cannot be modified any more', () => {
+ // GIVEN
+ const statement = new PolicyStatement({
+ actions: ['action:a'],
+ resources: ['*'],
+ });
+ statement.freeze();
+
+ // WHEN
+ const modifications = [
+ () => statement.sid = 'asdf',
+ () => statement.effect = Effect.DENY,
+ () => statement.addActions('abc:def'),
+ () => statement.addNotActions('abc:def'),
+ () => statement.addResources('*'),
+ () => statement.addNotResources('*'),
+ () => statement.addPrincipals(new AnyPrincipal()),
+ () => statement.addNotPrincipals(new AnyPrincipal()),
+ () => statement.addCondition('key', 'value'),
+ ];
+
+ for (const mod of modifications) {
+ expect(mod).toThrow(/can no longer be modified/);
+ }
+ });
});
From 03683747e39eafac5a9a8f1e8f74ef5117da8ca1 Mon Sep 17 00:00:00 2001
From: Rico Huijbers
Date: Thu, 30 Jun 2022 14:39:51 +0200
Subject: [PATCH 15/20] docs(codepeline): ECR cannot trigger on multiple tags
(#20897)
The current ECR source action docs seem to indicate you can make it
trigger on more than one tag at a time (or even all tags). This is
not true, so stop advertising that feature.
Fixes #20594.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
.../@aws-cdk/aws-codepipeline-actions/lib/ecr/source-action.ts | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/ecr/source-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/ecr/source-action.ts
index c48ce3dcb4281..0485d450e82d8 100644
--- a/packages/@aws-cdk/aws-codepipeline-actions/lib/ecr/source-action.ts
+++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/ecr/source-action.ts
@@ -33,7 +33,8 @@ export interface EcrSourceVariables {
export interface EcrSourceActionProps extends codepipeline.CommonAwsActionProps {
/**
* The image tag that will be checked for changes.
- * Provide an empty string to trigger on changes to any tag.
+ *
+ * It is not possible to trigger on changes to more than one tag.
*
* @default 'latest'
*/
From e0d375b428e6f25f15b592ae58aa44acb9e8225b Mon Sep 17 00:00:00 2001
From: Rico Huijbers
Date: Thu, 30 Jun 2022 15:15:48 +0200
Subject: [PATCH 16/20] docs(pipelines): describe how to work around policy
size errors (#20569)
Fixes #20565.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
packages/@aws-cdk/pipelines/README.md | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/packages/@aws-cdk/pipelines/README.md b/packages/@aws-cdk/pipelines/README.md
index c6a8ed91928e5..e0490385b3aec 100644
--- a/packages/@aws-cdk/pipelines/README.md
+++ b/packages/@aws-cdk/pipelines/README.md
@@ -1379,6 +1379,22 @@ After turning on `privilegedMode: true`, you will need to do a one-time manual c
pipeline to get it going again (as with a broken 'synth' the pipeline will not be able to self
update to the right state).
+### IAM policies: Cannot exceed quota for PoliciesPerRole / Maximum policy size exceeded
+
+This happens as a result of having a lot of targets in the Pipeline: the IAM policies that
+get generated enumerate all required roles and grow too large.
+
+Make sure you are on version `2.26.0` or higher, and that your `cdk.json` contains the
+following:
+
+```json
+{
+ "context": {
+ "@aws-cdk/aws-iam:minimizePolicies": true
+ }
+}
+```
+
### S3 error: Access Denied
An "S3 Access Denied" error can have two causes:
From a3c1a5df99713e6df1f69af2e222329989053552 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Thu, 30 Jun 2022 13:51:48 +0000
Subject: [PATCH 17/20] chore(cfnspec): Add coverage directory to npmignore
(backport #20016) (#20931)
This is an automatic backport of pull request #20016 done by [Mergify](https://mergify.com).
---
Mergify commands and options
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- `@Mergifyio refresh` will re-evaluate the rules
- `@Mergifyio rebase` will rebase this PR on its base branch
- `@Mergifyio update` will merge the base branch into this PR
- `@Mergifyio backport ` will backport this PR on `` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com/) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
---
packages/@aws-cdk/cfnspec/.npmignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/packages/@aws-cdk/cfnspec/.npmignore b/packages/@aws-cdk/cfnspec/.npmignore
index 673239340aba1..623692bba67de 100644
--- a/packages/@aws-cdk/cfnspec/.npmignore
+++ b/packages/@aws-cdk/cfnspec/.npmignore
@@ -12,3 +12,4 @@ test/
jest.config.js
**/*.integ.snapshot
**/*.integ.snapshot
+coverage/
From 42d1d7c6dac6c87ebcc71d6395ed970bfa2314b7 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Thu, 30 Jun 2022 16:46:37 +0000
Subject: [PATCH 18/20] refactor: update enum types to remove duplicate member
values (backport #19320) (#20932)
This is an automatic backport of pull request #19320 done by [Mergify](https://mergify.com).
Cherry-pick of b0346a4b7dc14a53167378b37b06888a0b75fa7c has failed:
```
On branch mergify/bp/main/pr-19320
Your branch is up to date with 'origin/main'.
You are currently cherry-picking commit b0346a4b7.
(fix conflicts and run "git cherry-pick --continue")
(use "git cherry-pick --skip" to skip this patch)
(use "git cherry-pick --abort" to cancel the cherry-pick operation)
Changes to be committed:
modified: packages/@aws-cdk/aws-ec2/lib/instance-types.ts
modified: packages/@aws-cdk/aws-ec2/lib/machine-image.ts
modified: packages/@aws-cdk/aws-ec2/lib/port.ts
modified: packages/@aws-cdk/aws-ec2/lib/util.ts
modified: packages/@aws-cdk/aws-ec2/test/instance.test.ts
Unmerged paths:
(use "git add ..." to mark resolution)
both modified: packages/@aws-cdk/aws-ec2/lib/vpc.ts
both modified: packages/@aws-cdk/aws-ec2/lib/windows-versions.ts
```
To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally
---
Mergify commands and options
More conditions and actions can be found in the [documentation](https://docs.mergify.com/).
You can also trigger Mergify actions by commenting on this pull request:
- `@Mergifyio refresh` will re-evaluate the rules
- `@Mergifyio rebase` will rebase this PR on its base branch
- `@Mergifyio update` will merge the base branch into this PR
- `@Mergifyio backport ` will backport this PR on `` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.com/) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.com
---
.../@aws-cdk/aws-ec2/lib/instance-types.ts | 325 +++++++++++++-----
.../@aws-cdk/aws-ec2/lib/machine-image.ts | 19 +-
packages/@aws-cdk/aws-ec2/lib/port.ts | 16 +-
packages/@aws-cdk/aws-ec2/lib/util.ts | 8 +-
packages/@aws-cdk/aws-ec2/lib/vpc.ts | 16 +-
.../@aws-cdk/aws-ec2/lib/windows-versions.ts | 26 +-
.../@aws-cdk/aws-ec2/test/instance.test.ts | 21 +-
7 files changed, 316 insertions(+), 115 deletions(-)
diff --git a/packages/@aws-cdk/aws-ec2/lib/instance-types.ts b/packages/@aws-cdk/aws-ec2/lib/instance-types.ts
index fa53cf3474fc6..7da3c1199db6d 100644
--- a/packages/@aws-cdk/aws-ec2/lib/instance-types.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/instance-types.ts
@@ -11,7 +11,7 @@ export enum InstanceClass {
/**
* Standard instances, 3rd generation
*/
- STANDARD3 = 'm3',
+ STANDARD3 = 'standard3',
/**
* Standard instances, 3rd generation
@@ -21,7 +21,7 @@ export enum InstanceClass {
/**
* Standard instances, 4th generation
*/
- STANDARD4 = 'm4',
+ STANDARD4 = 'standard4',
/**
* Standard instances, 4th generation
@@ -31,7 +31,7 @@ export enum InstanceClass {
/**
* Standard instances, 5th generation
*/
- STANDARD5 = 'm5',
+ STANDARD5 = 'standard5',
/**
* Standard instances, 5th generation
@@ -41,7 +41,7 @@ export enum InstanceClass {
/**
* Standard instances with local NVME drive, 5th generation
*/
- STANDARD5_NVME_DRIVE = 'm5d',
+ STANDARD5_NVME_DRIVE = 'standard5-nvme-drive',
/**
* Standard instances with local NVME drive, 5th generation
@@ -51,7 +51,7 @@ export enum InstanceClass {
/**
* Standard instances based on AMD EPYC, 5th generation
*/
- STANDARD5_AMD = 'm5a',
+ STANDARD5_AMD = 'standard5-amd',
/**
* Standard instances based on AMD EPYC, 5th generation
@@ -61,7 +61,7 @@ export enum InstanceClass {
/**
* Standard instances based on AMD EPYC with local NVME drive, 5th generation
*/
- STANDARD5_AMD_NVME_DRIVE = 'm5ad',
+ STANDARD5_AMD_NVME_DRIVE = 'standard5-amd-nvme-drive',
/**
* Standard instances based on AMD EPYC with local NVME drive, 5th generation
@@ -71,7 +71,7 @@ export enum InstanceClass {
/**
* Standard instances for high performance computing, 5th generation
*/
- STANDARD5_HIGH_PERFORMANCE = 'm5n',
+ STANDARD5_HIGH_PERFORMANCE = 'standard5-high-performance',
/**
* Standard instances for high performance computing, 5th generation
@@ -81,7 +81,7 @@ export enum InstanceClass {
/**
* Standard instances with local NVME drive for high performance computing, 5th generation
*/
- STANDARD5_NVME_DRIVE_HIGH_PERFORMANCE = 'm5dn',
+ STANDARD5_NVME_DRIVE_HIGH_PERFORMANCE = 'standard5-nvme-drive-high-performance',
/**
* Standard instances with local NVME drive for high performance computing, 5th generation
@@ -91,7 +91,7 @@ export enum InstanceClass {
/**
* Standard instances with high memory and compute capacity based on Intel Xeon Scalable (Cascade Lake) processors, 5nd generation
*/
- STANDARD5_HIGH_COMPUTE = 'm5zn',
+ STANDARD5_HIGH_COMPUTE = 'standard5-high-compute',
/**
* Standard instances with high memory and compute capacity based on Intel Xeon Scalable (Cascade Lake) processors, 5nd generation
@@ -101,7 +101,7 @@ export enum InstanceClass {
/**
* Memory optimized instances, 3rd generation
*/
- MEMORY3 = 'r3',
+ MEMORY3 = 'memory3',
/**
* Memory optimized instances, 3rd generation
@@ -111,7 +111,7 @@ export enum InstanceClass {
/**
* Memory optimized instances, 4th generation
*/
- MEMORY4 = 'r4',
+ MEMORY4 = 'memory4',
/**
* Memory optimized instances, 4th generation
@@ -121,7 +121,7 @@ export enum InstanceClass {
/**
* Memory optimized instances, 5th generation
*/
- MEMORY5 = 'r5',
+ MEMORY5 = 'memory5',
/**
* Memory optimized instances, 5th generation
@@ -131,7 +131,7 @@ export enum InstanceClass {
/**
* Memory optimized instances, 6th generation with Intel Xeon Scalable processors (3rd generation processors code named Ice Lake)
*/
- MEMORY6_INTEL = 'r6i',
+ MEMORY6_INTEL = 'memory6-intel',
/**
* Memory optimized instances, 6th generation with Intel Xeon Scalable processors (3rd generation processors code named Ice Lake)
@@ -141,7 +141,7 @@ export enum InstanceClass {
/**
* Memory optimized instances for high performance computing, 5th generation
*/
- MEMORY5_HIGH_PERFORMANCE = 'r5n',
+ MEMORY5_HIGH_PERFORMANCE = 'memory5-high-performance',
/**
* Memory optimized instances for high performance computing, 5th generation
@@ -151,7 +151,7 @@ export enum InstanceClass {
/**
* Memory optimized instances with local NVME drive, 5th generation
*/
- MEMORY5_NVME_DRIVE = 'r5d',
+ MEMORY5_NVME_DRIVE = 'memory5-nvme-drive',
/**
* Memory optimized instances with local NVME drive, 5th generation
@@ -161,7 +161,7 @@ export enum InstanceClass {
/**
* Memory optimized instances with local NVME drive for high performance computing, 5th generation
*/
- MEMORY5_NVME_DRIVE_HIGH_PERFORMANCE = 'r5dn',
+ MEMORY5_NVME_DRIVE_HIGH_PERFORMANCE = 'memory5-nvme-drive-high-performance',
/**
* Memory optimized instances with local NVME drive for high performance computing, 5th generation
@@ -171,7 +171,7 @@ export enum InstanceClass {
/**
* Memory optimized instances based on AMD EPYC, 5th generation
*/
- MEMORY5_AMD = 'r5a',
+ MEMORY5_AMD = 'memory5-amd',
/**
* Memory optimized instances based on AMD EPYC, 5th generation
@@ -181,12 +181,12 @@ export enum InstanceClass {
/**
* Memory optimized instances based on AMD EPYC with local NVME drive, 5th generation
*/
- MEMORY5_AMD_NVME_DRIVE = 'r5ad',
+ MEMORY5_AMD_NVME_DRIVE = 'memory5-amd-nvme-drive',
/**
* High memory instances (6TB) based on Intel Xeon Platinum 8176M (Skylake) processors, 1st generation
*/
- HIGH_MEMORY_6TB_1 = 'u-6tb1',
+ HIGH_MEMORY_6TB_1 = 'high-memory-6tb-1',
/**
* High memory instances (6TB) based on Intel Xeon Platinum 8176M (Skylake) processors, 1st generation
@@ -196,7 +196,7 @@ export enum InstanceClass {
/**
* High memory instances (9TB) based on Intel Xeon Platinum 8176M (Skylake) processors, 1st generation
*/
- HIGH_MEMORY_9TB_1 = 'u-9tb1',
+ HIGH_MEMORY_9TB_1 = 'high-memory-9tb-1',
/**
* High memory instances (9TB) based on Intel Xeon Platinum 8176M (Skylake) processors, 1st generation
@@ -206,7 +206,7 @@ export enum InstanceClass {
/**
* High memory instances (12TB) based on Intel Xeon Platinum 8176M (Skylake) processors, 1st generation
*/
- HIGH_MEMORY_12TB_1 = 'u-12tb1',
+ HIGH_MEMORY_12TB_1 = 'high-memory-12tb-1',
/**
* High memory instances (12TB) based on Intel Xeon Platinum 8176M (Skylake) processors, 1st generation
@@ -216,7 +216,7 @@ export enum InstanceClass {
/**
* High memory instances (18TB) based on Intel Xeon Scalable (Cascade Lake) processors, 1st generation
*/
- HIGH_MEMORY_18TB_1 = 'u-18tb1',
+ HIGH_MEMORY_18TB_1 = 'high-memory-18tb-1',
/**
* High memory instances (18TB) based on Intel Xeon Scalable (Cascade Lake) processors, 1st generation
@@ -226,7 +226,7 @@ export enum InstanceClass {
/**
* High memory instances (24TB) based on Intel Xeon Scalable (Cascade Lake) processors, 1st generation
*/
- HIGH_MEMORY_24TB_1 = 'u-24tb1',
+ HIGH_MEMORY_24TB_1 = 'high-memory-24tb-1',
/**
* High memory instances (24TB) based on Intel Xeon Scalable (Cascade Lake) processors, 1st generation
@@ -241,7 +241,7 @@ export enum InstanceClass {
/**
* Memory optimized instances that are also EBS-optimized, 5th generation
*/
- MEMORY5_EBS_OPTIMIZED = 'r5b',
+ MEMORY5_EBS_OPTIMIZED = 'memory5-ebs-optimized',
/**
* Memory optimized instances that are also EBS-optimized, 5th generation
@@ -251,7 +251,7 @@ export enum InstanceClass {
/**
* Memory optimized instances, 6th generation with Graviton2 processors
*/
- MEMORY6_GRAVITON = 'r6g',
+ MEMORY6_GRAVITON = 'memory6-graviton',
/**
* Memory optimized instances, 6th generation with Graviton2 processors
@@ -261,7 +261,7 @@ export enum InstanceClass {
/**
* Memory optimized instances, 6th generation with Graviton2 processors and local NVME drive
*/
- MEMORY6_GRAVITON2_NVME_DRIVE = 'r6gd',
+ MEMORY6_GRAVITON2_NVME_DRIVE = 'memory6-graviton2-nvme-drive',
/**
* Memory optimized instances, 6th generation with Graviton2 processors and local NVME drive
@@ -271,7 +271,7 @@ export enum InstanceClass {
/**
* Compute optimized instances, 3rd generation
*/
- COMPUTE3 = 'c3',
+ COMPUTE3 = 'compute3',
/**
* Compute optimized instances, 3rd generation
@@ -281,7 +281,7 @@ export enum InstanceClass {
/**
* Compute optimized instances, 4th generation
*/
- COMPUTE4 = 'c4',
+ COMPUTE4 = 'compute4',
/**
* Compute optimized instances, 4th generation
@@ -291,7 +291,7 @@ export enum InstanceClass {
/**
* Compute optimized instances, 5th generation
*/
- COMPUTE5 = 'c5',
+ COMPUTE5 = 'compute5',
/**
* Compute optimized instances, 5th generation
@@ -301,7 +301,7 @@ export enum InstanceClass {
/**
* Compute optimized instances with local NVME drive, 5th generation
*/
- COMPUTE5_NVME_DRIVE = 'c5d',
+ COMPUTE5_NVME_DRIVE = 'compute5-nvme-drive',
/**
* Compute optimized instances with local NVME drive, 5th generation
@@ -311,7 +311,7 @@ export enum InstanceClass {
/**
* Compute optimized instances based on AMD EPYC, 5th generation
*/
- COMPUTE5_AMD = 'c5a',
+ COMPUTE5_AMD = 'compute5-amd',
/**
* Compute optimized instances based on AMD EPYC, 5th generation
@@ -321,7 +321,7 @@ export enum InstanceClass {
/**
* Compute optimized instances with local NVME drive based on AMD EPYC, 5th generation
*/
- COMPUTE5_AMD_NVME_DRIVE = 'c5ad',
+ COMPUTE5_AMD_NVME_DRIVE = 'compute5-amd-nvme-drive',
/**
* Compute optimized instances with local NVME drive based on AMD EPYC, 5th generation
@@ -331,7 +331,7 @@ export enum InstanceClass {
/**
* Compute optimized instances for high performance computing, 5th generation
*/
- COMPUTE5_HIGH_PERFORMANCE = 'c5n',
+ COMPUTE5_HIGH_PERFORMANCE = 'compute5-high-performance',
/**
* Compute optimized instances for high performance computing, 5th generation
@@ -341,7 +341,7 @@ export enum InstanceClass {
/**
* Compute optimized instances, 6th generation
*/
- COMPUTE6_INTEL = 'c6i',
+ COMPUTE6_INTEL = 'compute6-intel',
/**
* Compute optimized instances, 6th generation
@@ -351,7 +351,7 @@ export enum InstanceClass {
/**
* Compute optimized instances based on AMD EPYC (codename Milan), 6th generation
*/
- COMPUTE6_AMD = 'c6a',
+ COMPUTE6_AMD = 'compute6-amd',
/**
* Compute optimized instances based on AMD EPYC (codename Milan), 6th generation
@@ -361,7 +361,7 @@ export enum InstanceClass {
/**
* Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
*/
- COMPUTE6_GRAVITON2 = 'c6g',
+ COMPUTE6_GRAVITON2 = 'compute6-graviton2',
/**
* Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
@@ -371,7 +371,7 @@ export enum InstanceClass {
/**
* Compute optimized instances for high performance computing, 7th generation with Graviton3 processors
*/
- COMPUTE7_GRAVITON3 = 'c7g',
+ COMPUTE7_GRAVITON3 = 'compute7_graviton3',
/**
* Compute optimized instances for high performance computing, 7th generation with Graviton3 processors
@@ -382,7 +382,7 @@ export enum InstanceClass {
* Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
* and local NVME drive
*/
- COMPUTE6_GRAVITON2_NVME_DRIVE = 'c6gd',
+ COMPUTE6_GRAVITON2_NVME_DRIVE = 'compute6-graviton2-nvme-drive',
/**
* Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
@@ -394,7 +394,14 @@ export enum InstanceClass {
* Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
* and high network bandwidth capabilities
*/
- COMPUTE6_GRAVITON2_HIGH_NETWORK_BANDWITH = 'c6gn',
+ COMPUTE6_GRAVITON2_HIGH_NETWORK_BANDWITH = 'compute6-graviton2-high-network-banwidth',
+
+
+ /**
+ * Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
+ * and high network bandwidth capabilities
+ */
+ COMPUTE6_GRAVITON2_HIGH_NETWORK_BANDWIDTH = 'compute6-graviton2-high-network-bandwidth',
/**
* Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
@@ -405,7 +412,7 @@ export enum InstanceClass {
/**
* Storage-optimized instances, 2nd generation
*/
- STORAGE2 = 'd2',
+ STORAGE2 = 'storage2',
/**
* Storage-optimized instances, 2nd generation
@@ -415,7 +422,7 @@ export enum InstanceClass {
/**
* Storage-optimized instances, 3rd generation
*/
- STORAGE3 = 'd3',
+ STORAGE3 = 'storage3',
/**
* Storage-optimized instances, 3rd generation
@@ -425,7 +432,7 @@ export enum InstanceClass {
/**
* Storage-optimized instances, 3rd generation
*/
- STORAGE3_ENHANCED_NETWORK = 'd3en',
+ STORAGE3_ENHANCED_NETWORK = 'storage3-enhanced-network',
/**
* Storage-optimized instances, 3rd generation
@@ -435,7 +442,7 @@ export enum InstanceClass {
/**
* Storage/compute balanced instances, 1st generation
*/
- STORAGE_COMPUTE_1 = 'h1',
+ STORAGE_COMPUTE_1 = 'storage-compute-1',
/**
* Storage/compute balanced instances, 1st generation
@@ -445,7 +452,7 @@ export enum InstanceClass {
/**
* I/O-optimized instances, 3rd generation
*/
- IO3 = 'i3',
+ IO3 = 'io3',
/**
* I/O-optimized instances, 3rd generation
@@ -455,7 +462,7 @@ export enum InstanceClass {
/**
* I/O-optimized instances with local NVME drive, 3rd generation
*/
- IO3_DENSE_NVME_DRIVE = 'i3en',
+ IO3_DENSE_NVME_DRIVE = 'io3-dense-nvme-drive',
/**
* I/O-optimized instances with local NVME drive, 3rd generation
@@ -465,7 +472,7 @@ export enum InstanceClass {
/**
* I/O-optimized instances with local NVME drive powered by Intel Xeon Scalable processors (code named Ice Lake), 4th generation
*/
- IO4_INTEL = 'i4i',
+ IO4_INTEL = 'io4_intel',
/**
* I/O-optimized instances with local NVME drive powered by Intel Xeon Scalable processors (code named Ice Lake), 4th generation
@@ -475,7 +482,7 @@ export enum InstanceClass {
/**
* Storage optimized instances powered by Graviton2 processor, 4th generation
*/
- STORAGE4_GRAVITON_NETWORK_OPTIMIZED = 'im4gn',
+ STORAGE4_GRAVITON_NETWORK_OPTIMIZED = 'storage4-graviton-network-optimized',
/**
* Storage optimized instances powered by Graviton2 processor, 4th generation
@@ -485,7 +492,7 @@ export enum InstanceClass {
/**
* Storage optimized instances powered by Graviton2 processor, 4th generation
*/
- STORAGE4_GRAVITON_NETWORK_STORAGE_OPTIMIZED = 'is4gen',
+ STORAGE4_GRAVITON_NETWORK_STORAGE_OPTIMIZED = 'storage4-graviton-network-storage-optimized',
/**
* Storage optimized instances powered by Graviton2 processor, 4th generation
@@ -495,7 +502,7 @@ export enum InstanceClass {
/**
* Burstable instances, 2nd generation
*/
- BURSTABLE2 = 't2',
+ BURSTABLE2 = 'burstable2',
/**
* Burstable instances, 2nd generation
@@ -505,7 +512,7 @@ export enum InstanceClass {
/**
* Burstable instances, 3rd generation
*/
- BURSTABLE3 = 't3',
+ BURSTABLE3 = 'burstable3',
/**
* Burstable instances, 3rd generation
@@ -515,7 +522,7 @@ export enum InstanceClass {
/**
* Burstable instances based on AMD EPYC, 3rd generation
*/
- BURSTABLE3_AMD = 't3a',
+ BURSTABLE3_AMD = 'burstable3-amd',
/**
* Burstable instances based on AMD EPYC, 3rd generation
@@ -525,7 +532,7 @@ export enum InstanceClass {
/**
* Burstable instances, 4th generation with Graviton2 processors
*/
- BURSTABLE4_GRAVITON = 't4g',
+ BURSTABLE4_GRAVITON = 'burstable4-graviton',
/**
* Burstable instances, 4th generation with Graviton2 processors
@@ -535,7 +542,7 @@ export enum InstanceClass {
/**
* Memory-intensive instances, 1st generation
*/
- MEMORY_INTENSIVE_1 = 'x1',
+ MEMORY_INTENSIVE_1 = 'memory-intensive-1',
/**
* Memory-intensive instances, 1st generation
@@ -545,7 +552,7 @@ export enum InstanceClass {
/**
* Memory-intensive instances, extended, 1st generation
*/
- MEMORY_INTENSIVE_1_EXTENDED = 'x1e',
+ MEMORY_INTENSIVE_1_EXTENDED = 'memory-intensive-1-extended',
/**
* Memory-intensive instances, 1st generation
@@ -557,7 +564,7 @@ export enum InstanceClass {
*
* This instance type can be used only in RDS. It is not supported in EC2.
*/
- MEMORY_INTENSIVE_2_GRAVITON2 = 'x2g',
+ MEMORY_INTENSIVE_2_GRAVITON2 = 'memory-intensive-2-graviton2',
/**
* Memory-intensive instances, 2nd generation with Graviton2 processors
@@ -569,7 +576,7 @@ export enum InstanceClass {
/**
* Memory-intensive instances, 2nd generation with Graviton2 processors and local NVME drive
*/
- MEMORY_INTENSIVE_2_GRAVITON2_NVME_DRIVE = 'x2gd',
+ MEMORY_INTENSIVE_2_GRAVITON2_NVME_DRIVE = 'memory-intensive-2-graviton2-nvme-drive',
/**
* Memory-intensive instances, 2nd generation with Graviton2 processors and local NVME drive
@@ -579,7 +586,7 @@ export enum InstanceClass {
/**
* Memory-intensive instances with higher network bandwith, local NVME drive, and extended memory. Intel Xeon Scalable (Ice Lake) processors
*/
- MEMORY_INTENSIVE_2_XT_INTEL = 'x2iedn',
+ MEMORY_INTENSIVE_2_XT_INTEL = 'memory_intensive_2_xt_intel',
/**
* Memory-intensive instances with higher network bandwith, local NVME drive, and extended memory. Intel Xeon Scalable (Ice Lake) processors
@@ -589,7 +596,7 @@ export enum InstanceClass {
/**
* Memory-intensive instances with higher network bandwith and local NVME drive, Intel Xeon Scalable (Ice Lake) processors
*/
- MEMORY_INTENSIVE_2_INTEL = 'x2idn',
+ MEMORY_INTENSIVE_2_INTEL = 'memory_intensive_2_intel',
/**
* Memory-intensive instances with higher network bandwith and local NVME drive, Intel Xeon Scalable (Ice Lake) processors
@@ -599,7 +606,7 @@ export enum InstanceClass {
/**
* Memory-intensive instances with higher network bandwith and single-threaded performance, Intel Xeon Scalable (Cascade Lake) processors
*/
- MEMORY_INTENSIVE_2_XTZ_INTEL = 'x2iezn',
+ MEMORY_INTENSIVE_2_XTZ_INTEL = 'memory_intensive_2_xtz_intel',
/**
* Memory-intensive instances with higher network bandwith and single-threaded performance, Intel Xeon Scalable (Cascade Lake) processors
@@ -609,7 +616,7 @@ export enum InstanceClass {
/**
* Instances with customizable hardware acceleration, 1st generation
*/
- FPGA1 = 'f1',
+ FPGA1 = 'fpga1',
/**
* Instances with customizable hardware acceleration, 1st generation
@@ -619,7 +626,7 @@ export enum InstanceClass {
/**
* Graphics-optimized instances, 3rd generation
*/
- GRAPHICS3 = 'g3',
+ GRAPHICS3 = 'graphics3',
/**
* Graphics-optimized instances, 3rd generation
@@ -629,7 +636,7 @@ export enum InstanceClass {
/**
* Graphics-optimized instances with NVME drive for high performance computing, 4th generation
*/
- GRAPHICS4_NVME_DRIVE_HIGH_PERFORMANCE = 'g4dn',
+ GRAPHICS4_NVME_DRIVE_HIGH_PERFORMANCE = 'graphics4-nvme-drive-high-performance',
/**
* Graphics-optimized instances with NVME drive for high performance computing, 4th generation
@@ -639,7 +646,7 @@ export enum InstanceClass {
/**
* Graphics-optimized instances based on AMD EPYC And Radeon Pro GPU (NAVI) with local NVME drive, 4th generation
*/
- GRAPHICS4_AMD_NVME_DRIVE = 'g4ad',
+ GRAPHICS4_AMD_NVME_DRIVE = 'graphics4-amd-nvme-drive',
/**
* Graphics-optimized instances based on AMD EPYC And Radeon Pro GPU (NAVI) with local NVME drive, 4th generation
@@ -649,7 +656,7 @@ export enum InstanceClass {
/**
* Graphics-optimized instances, 5th generation
*/
- GRAPHICS5 = 'g5',
+ GRAPHICS5 = 'graphics5',
/**
* Graphics-optimized instances, 5th generation
@@ -659,7 +666,7 @@ export enum InstanceClass {
/**
* Graphics-optimized instances powered by AWS Graviton2 Processors and NVIDIA T4G Tensor Core GPUs, 5th generation
*/
- GRAPHICS5_GRAVITON2 = 'g5g',
+ GRAPHICS5_GRAVITON2 = 'graphics5-graviton2',
/**
* Graphics-optimized instances powered by AWS Graviton2 Processors and NVIDIA T4G Tensor Core GPUs, 5th generation
@@ -669,7 +676,7 @@ export enum InstanceClass {
/**
* Parallel-processing optimized instances, 2nd generation
*/
- PARALLEL2 = 'p2',
+ PARALLEL2 = 'parallel2',
/**
* Parallel-processing optimized instances, 2nd generation
@@ -679,7 +686,7 @@ export enum InstanceClass {
/**
* Parallel-processing optimized instances, 3nd generation
*/
- PARALLEL3 = 'p3',
+ PARALLEL3 = 'parallel3',
/**
* Parallel-processing optimized instances, 3rd generation
@@ -689,7 +696,7 @@ export enum InstanceClass {
/**
* Parallel-processing optimized instances, 4th generation
*/
- PARALLEL4 = 'p4d',
+ PARALLEL4 = 'parallel4',
/**
* Parallel-processing optimized instances, 4th generation
@@ -699,7 +706,7 @@ export enum InstanceClass {
/**
* Arm processor based instances, 1st generation
*/
- ARM1 = 'a1',
+ ARM1 = 'arm1',
/**
* Arm processor based instances, 1st generation
@@ -709,7 +716,7 @@ export enum InstanceClass {
/**
* Arm processor based instances, 2nd generation
*/
- STANDARD6_GRAVITON = 'm6g',
+ STANDARD6_GRAVITON = 'standard6-graviton',
/**
* Arm processor based instances, 2nd generation
@@ -719,7 +726,7 @@ export enum InstanceClass {
/**
* Standard instances based on Intel (Ice Lake), 6th generation.
*/
- STANDARD6_INTEL = 'm6i',
+ STANDARD6_INTEL = 'standard6-intel',
/**
* Standard instances based on Intel (Ice Lake), 6th generation.
@@ -729,7 +736,7 @@ export enum InstanceClass {
/**
* Standard instances based on 3rd Gen AMD EPYC processors, 6th generation.
*/
- STANDARD6_AMD = 'm6a',
+ STANDARD6_AMD = 'standard6-amd',
/**
* Standard instances based on 3rd Gen AMD EPYC processors, 6th generation.
@@ -739,7 +746,7 @@ export enum InstanceClass {
/**
* Standard instances, 6th generation with Graviton2 processors and local NVME drive
*/
- STANDARD6_GRAVITON2_NVME_DRIVE = 'm6gd',
+ STANDARD6_GRAVITON2_NVME_DRIVE = 'standard6-graviton2-nvme-drive',
/**
* Standard instances, 6th generation with Graviton2 processors and local NVME drive
@@ -749,7 +756,7 @@ export enum InstanceClass {
/**
* High memory and compute capacity instances, 1st generation
*/
- HIGH_COMPUTE_MEMORY1 = 'z1d',
+ HIGH_COMPUTE_MEMORY1 = 'high-compute-memory1',
/**
* High memory and compute capacity instances, 1st generation
@@ -759,7 +766,7 @@ export enum InstanceClass {
/**
* Inferentia Chips based instances for machine learning inference applications, 1st generation
*/
- INFERENCE1 = 'inf1',
+ INFERENCE1 = 'inference1',
/**
* Inferentia Chips based instances for machine learning inference applications, 1st generation
@@ -769,7 +776,7 @@ export enum InstanceClass {
/**
* Macintosh instances built on Apple Mac mini computers, 1st generation with Intel procesors
*/
- MACINTOSH1_INTEL = 'mac1',
+ MACINTOSH1_INTEL = 'macintosh1-intel',
/**
* Macintosh instances built on Apple Mac mini computers, 1st generation with Intel procesors
@@ -779,7 +786,7 @@ export enum InstanceClass {
/**
* Multi-stream video transcoding instances for resolutions up to 4K UHD, 1st generation
*/
- VIDEO_TRANSCODING1 = 'vt1',
+ VIDEO_TRANSCODING1 = 'video-transcoding1',
/**
* Multi-stream video transcoding instances for resolutions up to 4K UHD, 1st generation
@@ -789,7 +796,7 @@ export enum InstanceClass {
/**
* High performance computing based on AMD EPYC, 6th generation
*/
- HIGH_PERFORMANCE_COMPUTING6_AMD = 'hpc6a',
+ HIGH_PERFORMANCE_COMPUTING6_AMD = 'high-performance-computing6-amd',
/**
* High performance computing based on AMD EPYC, 6th generation
@@ -943,7 +950,167 @@ export class InstanceType {
* classes are available in all regions.
*/
public static of(instanceClass: InstanceClass, instanceSize: InstanceSize) {
- return new InstanceType(`${instanceClass}.${instanceSize}`);
+ // JSII does not allow enum types to have same value. So to support the enum, the enum with same value has to be mapped later.
+ const instanceClassMap: Record = {
+ [InstanceClass.STANDARD3]: 'm3',
+ [InstanceClass.M3]: 'm3',
+ [InstanceClass.STANDARD4]: 'm4',
+ [InstanceClass.M4]: 'm4',
+ [InstanceClass.STANDARD5]: 'm5',
+ [InstanceClass.M5]: 'm5',
+ [InstanceClass.STANDARD5_NVME_DRIVE]: 'm5d',
+ [InstanceClass.M5D]: 'm5d',
+ [InstanceClass.STANDARD5_AMD]: 'm5a',
+ [InstanceClass.M5A]: 'm5a',
+ [InstanceClass.STANDARD5_AMD_NVME_DRIVE]: 'm5ad',
+ [InstanceClass.M5AD]: 'm5ad',
+ [InstanceClass.STANDARD5_HIGH_PERFORMANCE]: 'm5n',
+ [InstanceClass.M5N]: 'm5n',
+ [InstanceClass.STANDARD5_NVME_DRIVE_HIGH_PERFORMANCE]: 'm5dn',
+ [InstanceClass.M5DN]: 'm5dn',
+ [InstanceClass.STANDARD5_HIGH_COMPUTE]: 'm5zn',
+ [InstanceClass.M5ZN]: 'm5zn',
+ [InstanceClass.MEMORY3]: 'r3',
+ [InstanceClass.R3]: 'r3',
+ [InstanceClass.MEMORY4]: 'r4',
+ [InstanceClass.R4]: 'r4',
+ [InstanceClass.MEMORY5]: 'r5',
+ [InstanceClass.R5]: 'r5',
+ [InstanceClass.MEMORY6_INTEL]: 'r6i',
+ [InstanceClass.R6I]: 'r6i',
+ [InstanceClass.MEMORY5_HIGH_PERFORMANCE]: 'r5n',
+ [InstanceClass.R5N]: 'r5n',
+ [InstanceClass.MEMORY5_NVME_DRIVE]: 'r5d',
+ [InstanceClass.R5D]: 'r5d',
+ [InstanceClass.MEMORY5_NVME_DRIVE_HIGH_PERFORMANCE]: 'r5dn',
+ [InstanceClass.R5DN]: 'r5dn',
+ [InstanceClass.MEMORY5_AMD]: 'r5a',
+ [InstanceClass.R5A]: 'r5a',
+ [InstanceClass.MEMORY5_AMD_NVME_DRIVE]: 'r5ad',
+ [InstanceClass.R5AD]: 'r5ad',
+ [InstanceClass.HIGH_MEMORY_6TB_1]: 'u-6tb1',
+ [InstanceClass.U_6TB1]: 'u-6tb1',
+ [InstanceClass.HIGH_MEMORY_9TB_1]: 'u-9tb1',
+ [InstanceClass.U_9TB1]: 'u-9tb1',
+ [InstanceClass.HIGH_MEMORY_12TB_1]: 'u-12tb1',
+ [InstanceClass.U_12TB1]: 'u-12tb1',
+ [InstanceClass.HIGH_MEMORY_18TB_1]: 'u-18tb1',
+ [InstanceClass.U_18TB1]: 'u-18tb1',
+ [InstanceClass.HIGH_MEMORY_24TB_1]: 'u-24tb1',
+ [InstanceClass.U_24TB1]: 'u-24tb1',
+ [InstanceClass.MEMORY5_EBS_OPTIMIZED]: 'r5b',
+ [InstanceClass.R5B]: 'r5b',
+ [InstanceClass.MEMORY6_GRAVITON]: 'r6g',
+ [InstanceClass.R6G]: 'r6g',
+ [InstanceClass.MEMORY6_GRAVITON2_NVME_DRIVE]: 'r6gd',
+ [InstanceClass.R6GD]: 'r6gd',
+ [InstanceClass.COMPUTE3]: 'c3',
+ [InstanceClass.C3]: 'c3',
+ [InstanceClass.COMPUTE4]: 'c4',
+ [InstanceClass.C4]: 'c4',
+ [InstanceClass.COMPUTE5]: 'c5',
+ [InstanceClass.C5]: 'c5',
+ [InstanceClass.COMPUTE5_NVME_DRIVE]: 'c5d',
+ [InstanceClass.C5D]: 'c5d',
+ [InstanceClass.COMPUTE5_AMD]: 'c5a',
+ [InstanceClass.C5A]: 'c5a',
+ [InstanceClass.COMPUTE5_AMD_NVME_DRIVE]: 'c5ad',
+ [InstanceClass.C5AD]: 'c5ad',
+ [InstanceClass.COMPUTE5_HIGH_PERFORMANCE]: 'c5n',
+ [InstanceClass.C5N]: 'c5n',
+ [InstanceClass.COMPUTE6_INTEL]: 'c6i',
+ [InstanceClass.C6I]: 'c6i',
+ [InstanceClass.COMPUTE6_AMD]: 'c6a',
+ [InstanceClass.C6A]: 'c6a',
+ [InstanceClass.COMPUTE6_GRAVITON2]: 'c6g',
+ [InstanceClass.C6G]: 'c6g',
+ [InstanceClass.COMPUTE6_GRAVITON2_NVME_DRIVE]: 'c6gd',
+ [InstanceClass.C6GD]: 'c6gd',
+ [InstanceClass.COMPUTE6_GRAVITON2_HIGH_NETWORK_BANDWIDTH]: 'c6gdb',
+ [InstanceClass.COMPUTE6_GRAVITON2_HIGH_NETWORK_BANDWITH]: 'c6gdb',
+ [InstanceClass.COMPUTE7_GRAVITON3]: 'c7g',
+ [InstanceClass.C7G]: 'c7g',
+ [InstanceClass.C6GN]: 'c6gn',
+ [InstanceClass.STORAGE2]: 'd2',
+ [InstanceClass.D2]: 'd2',
+ [InstanceClass.STORAGE3]: 'd3',
+ [InstanceClass.D3]: 'd3',
+ [InstanceClass.STORAGE3_ENHANCED_NETWORK]: 'd3en',
+ [InstanceClass.D3EN]: 'd3en',
+ [InstanceClass.STORAGE_COMPUTE_1]: 'h1',
+ [InstanceClass.H1]: 'h1',
+ [InstanceClass.IO3]: 'i3',
+ [InstanceClass.I3]: 'i3',
+ [InstanceClass.IO3_DENSE_NVME_DRIVE]: 'i3en',
+ [InstanceClass.I3EN]: 'i3en',
+ [InstanceClass.STORAGE4_GRAVITON_NETWORK_OPTIMIZED]: 'im4gn',
+ [InstanceClass.IM4GN]: 'im4gn',
+ [InstanceClass.STORAGE4_GRAVITON_NETWORK_STORAGE_OPTIMIZED]: 'is4gen',
+ [InstanceClass.IS4GEN]: 'is4gen',
+ [InstanceClass.BURSTABLE2]: 't2',
+ [InstanceClass.T2]: 't2',
+ [InstanceClass.BURSTABLE3]: 't3',
+ [InstanceClass.T3]: 't3',
+ [InstanceClass.BURSTABLE3_AMD]: 't3a',
+ [InstanceClass.T3A]: 't3a',
+ [InstanceClass.BURSTABLE4_GRAVITON]: 't4g',
+ [InstanceClass.T4G]: 't4g',
+ [InstanceClass.MEMORY_INTENSIVE_1]: 'x1',
+ [InstanceClass.X1]: 'x1',
+ [InstanceClass.MEMORY_INTENSIVE_1_EXTENDED]: 'x1e',
+ [InstanceClass.X1E]: 'x1e',
+ [InstanceClass.MEMORY_INTENSIVE_2_GRAVITON2]: 'x2g',
+ [InstanceClass.X2G]: 'x2g',
+ [InstanceClass.MEMORY_INTENSIVE_2_GRAVITON2_NVME_DRIVE]: 'x2gd',
+ [InstanceClass.X2GD]: 'x2gd',
+ [InstanceClass.FPGA1]: 'f1',
+ [InstanceClass.F1]: 'f1',
+ [InstanceClass.GRAPHICS3]: 'g3',
+ [InstanceClass.G3]: 'g3',
+ [InstanceClass.GRAPHICS4_NVME_DRIVE_HIGH_PERFORMANCE]: 'g4dn',
+ [InstanceClass.G4DN]: 'g4dn',
+ [InstanceClass.GRAPHICS4_AMD_NVME_DRIVE]: 'g4ad',
+ [InstanceClass.G4AD]: 'g4ad',
+ [InstanceClass.GRAPHICS5]: 'g5',
+ [InstanceClass.G5]: 'g5',
+ [InstanceClass.GRAPHICS5_GRAVITON2]: 'g5g',
+ [InstanceClass.G5G]: 'g5g',
+ [InstanceClass.PARALLEL2]: 'p2',
+ [InstanceClass.P2]: 'p2',
+ [InstanceClass.PARALLEL3]: 'p3',
+ [InstanceClass.P3]: 'p3',
+ [InstanceClass.PARALLEL4]: 'p4d',
+ [InstanceClass.P4D]: 'p4d',
+ [InstanceClass.ARM1]: 'a1',
+ [InstanceClass.A1]: 'a1',
+ [InstanceClass.STANDARD6_GRAVITON]: 'm6g',
+ [InstanceClass.M6G]: 'm6g',
+ [InstanceClass.STANDARD6_INTEL]: 'm6i',
+ [InstanceClass.M6I]: 'm6i',
+ [InstanceClass.STANDARD6_AMD]: 'm6a',
+ [InstanceClass.M6A]: 'm6a',
+ [InstanceClass.STANDARD6_GRAVITON2_NVME_DRIVE]: 'm6gd',
+ [InstanceClass.M6GD]: 'm6gd',
+ [InstanceClass.HIGH_COMPUTE_MEMORY1]: 'z1d',
+ [InstanceClass.Z1D]: 'z1d',
+ [InstanceClass.INFERENCE1]: 'inf1',
+ [InstanceClass.INF1]: 'inf1',
+ [InstanceClass.MACINTOSH1_INTEL]: 'mac1',
+ [InstanceClass.MAC1]: 'mac1',
+ [InstanceClass.VIDEO_TRANSCODING1]: 'vt1',
+ [InstanceClass.VT1]: 'vt1',
+ [InstanceClass.HIGH_PERFORMANCE_COMPUTING6_AMD]: 'hpc6a',
+ [InstanceClass.HPC6A]: 'hpc6a',
+ [InstanceClass.I4I]: 'i4i',
+ [InstanceClass.IO4_INTEL]: 'i4i',
+ [InstanceClass.X2IEDN]: 'x2iedn',
+ [InstanceClass.MEMORY_INTENSIVE_2_XT_INTEL]: 'x2iedn',
+ [InstanceClass.X2IDN]: 'x2idn',
+ [InstanceClass.MEMORY_INTENSIVE_2_INTEL]: 'x2idn',
+ [InstanceClass.X2IEZN]: 'x2iezn',
+ [InstanceClass.MEMORY_INTENSIVE_2_XTZ_INTEL]: 'x2iezn',
+ };
+ return new InstanceType(`${instanceClassMap[instanceClass] ?? instanceClass}.${instanceSize}`);
}
constructor(private readonly instanceTypeIdentifier: string) {
diff --git a/packages/@aws-cdk/aws-ec2/lib/machine-image.ts b/packages/@aws-cdk/aws-ec2/lib/machine-image.ts
index a9d8bce42ccb9..9dd3d9d665455 100644
--- a/packages/@aws-cdk/aws-ec2/lib/machine-image.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/machine-image.ts
@@ -268,8 +268,25 @@ export interface WindowsImageProps {
* https://aws.amazon.com/blogs/mt/query-for-the-latest-windows-ami-using-systems-manager-parameter-store/
*/
export class WindowsImage extends GenericSSMParameterImage {
+ private static DEPRECATED_VERSION_NAME_MAP: Partial> = {
+ [WindowsVersion.WINDOWS_SERVER_2016_GERMAL_FULL_BASE]: WindowsVersion.WINDOWS_SERVER_2016_GERMAN_FULL_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2012_R2_SP1_PORTUGESE_BRAZIL_64BIT_CORE]: WindowsVersion.WINDOWS_SERVER_2012_R2_SP1_PORTUGUESE_BRAZIL_64BIT_CORE,
+ [WindowsVersion.WINDOWS_SERVER_2016_PORTUGESE_PORTUGAL_FULL_BASE]: WindowsVersion.WINDOWS_SERVER_2016_PORTUGUESE_PORTUGAL_FULL_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_PORTUGESE_BRAZIL_64BIT_BASE]: WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_PORTUGUESE_BRAZIL_64BIT_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_PORTUGESE_PORTUGAL_64BIT_BASE]:
+ WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_PORTUGUESE_PORTUGAL_64BIT_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2016_PORTUGESE_BRAZIL_FULL_BASE]: WindowsVersion.WINDOWS_SERVER_2016_PORTUGUESE_BRAZIL_FULL_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2012_SP2_PORTUGESE_BRAZIL_64BIT_BASE]: WindowsVersion.WINDOWS_SERVER_2012_SP2_PORTUGUESE_BRAZIL_64BIT_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2012_RTM_PORTUGESE_BRAZIL_64BIT_BASE]: WindowsVersion.WINDOWS_SERVER_2012_RTM_PORTUGUESE_BRAZIL_64BIT_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2008_R2_SP1_PORTUGESE_BRAZIL_64BIT_BASE]: WindowsVersion.WINDOWS_SERVER_2008_R2_SP1_PORTUGUESE_BRAZIL_64BIT_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2008_SP2_PORTUGESE_BRAZIL_32BIT_BASE]: WindowsVersion.WINDOWS_SERVER_2008_SP2_PORTUGUESE_BRAZIL_32BIT_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2012_RTM_PORTUGESE_PORTUGAL_64BIT_BASE]: WindowsVersion.WINDOWS_SERVER_2012_RTM_PORTUGUESE_PORTUGAL_64BIT_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2019_PORTUGESE_BRAZIL_FULL_BASE]: WindowsVersion.WINDOWS_SERVER_2019_PORTUGUESE_BRAZIL_FULL_BASE,
+ [WindowsVersion.WINDOWS_SERVER_2019_PORTUGESE_PORTUGAL_FULL_BASE]: WindowsVersion.WINDOWS_SERVER_2019_PORTUGUESE_PORTUGAL_FULL_BASE,
+ }
constructor(version: WindowsVersion, props: WindowsImageProps = {}) {
- super('/aws/service/ami-windows-latest/' + version, OperatingSystemType.WINDOWS, props.userData);
+ const nonDeprecatedVersionName = WindowsImage.DEPRECATED_VERSION_NAME_MAP[version] ?? version;
+ super('/aws/service/ami-windows-latest/' + nonDeprecatedVersionName, OperatingSystemType.WINDOWS, props.userData);
}
}
diff --git a/packages/@aws-cdk/aws-ec2/lib/port.ts b/packages/@aws-cdk/aws-ec2/lib/port.ts
index 8436f3455cda1..2317879988f3a 100644
--- a/packages/@aws-cdk/aws-ec2/lib/port.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/port.ts
@@ -90,7 +90,7 @@ export enum Protocol {
SECURE_VMTP = '82',
VINES = '83',
TTP = '84',
- IPTM = '84',
+ IPTM = '84_',
NSFNET_IGP = '85',
DGP = '86',
TCF = '87',
@@ -154,6 +154,7 @@ export enum Protocol {
EXPERIMENT_2 = '254',
RESERVED = '255',
}
+
/**
* Properties to create a port range
*/
@@ -243,7 +244,9 @@ export class Port {
protocol: Protocol.UDP,
fromPort: startPort,
toPort: endPort,
- stringRepresentation: `UDP ${renderPort(startPort)}-${renderPort(endPort)}`,
+ stringRepresentation: `UDP ${renderPort(startPort)}-${renderPort(
+ endPort,
+ )}`,
});
}
@@ -344,15 +347,20 @@ export class Port {
public readonly canInlineRule: boolean;
constructor(private readonly props: PortProps) {
- this.canInlineRule = !Token.isUnresolved(props.fromPort) && !Token.isUnresolved(props.toPort);
+ this.canInlineRule =
+ !Token.isUnresolved(props.fromPort) && !Token.isUnresolved(props.toPort);
}
/**
* Produce the ingress/egress rule JSON for the given connection
*/
public toRuleJson(): any {
+ // JSII does not allow enum types to have same value. So to support the enum, the enum with same value has to be mapped later.
+ const PROTOCOL_MAP: Partial> = {
+ [Protocol.IPTM]: '84',
+ };
return {
- ipProtocol: this.props.protocol,
+ ipProtocol: PROTOCOL_MAP[this.props.protocol] ?? this.props.protocol,
fromPort: this.props.fromPort,
toPort: this.props.toPort,
};
diff --git a/packages/@aws-cdk/aws-ec2/lib/util.ts b/packages/@aws-cdk/aws-ec2/lib/util.ts
index 31814d5cc45e5..9a1c572f02afe 100644
--- a/packages/@aws-cdk/aws-ec2/lib/util.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/util.ts
@@ -16,8 +16,12 @@ export function slugify(x: string): string {
export function defaultSubnetName(type: SubnetType) {
switch (type) {
case SubnetType.PUBLIC: return 'Public';
- case SubnetType.PRIVATE_WITH_NAT: return 'Private';
- case SubnetType.PRIVATE_ISOLATED: return 'Isolated';
+ case SubnetType.PRIVATE_WITH_NAT:
+ case SubnetType.PRIVATE:
+ return 'Private';
+ case SubnetType.PRIVATE_ISOLATED:
+ case SubnetType.ISOLATED:
+ return 'Isolated';
}
}
diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc.ts b/packages/@aws-cdk/aws-ec2/lib/vpc.ts
index 846ce2883cdaf..90021b3d501e5 100644
--- a/packages/@aws-cdk/aws-ec2/lib/vpc.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/vpc.ts
@@ -186,7 +186,7 @@ export enum SubnetType {
*
* @deprecated use `SubnetType.PRIVATE_ISOLATED`
*/
- ISOLATED = 'Isolated',
+ ISOLATED = 'Deprecated_Isolated',
/**
* Subnet that routes to the internet (via a NAT gateway), but not vice versa.
@@ -222,7 +222,7 @@ export enum SubnetType {
*
* @deprecated use `PRIVATE_WITH_NAT`
*/
- PRIVATE = 'Private',
+ PRIVATE = 'Deprecated_Private',
/**
* Subnet connected to the Internet
@@ -586,7 +586,9 @@ abstract class VpcBase extends Resource implements IVpc {
private selectSubnetObjectsByType(subnetType: SubnetType) {
const allSubnets = {
[SubnetType.PRIVATE_ISOLATED]: this.isolatedSubnets,
+ [SubnetType.ISOLATED]: this.isolatedSubnets,
[SubnetType.PRIVATE_WITH_NAT]: this.privateSubnets,
+ [SubnetType.PRIVATE]: this.privateSubnets,
[SubnetType.PUBLIC]: this.publicSubnets,
};
@@ -1530,11 +1532,13 @@ export class Vpc extends VpcBase {
subnet = publicSubnet;
break;
case SubnetType.PRIVATE_WITH_NAT:
+ case SubnetType.PRIVATE:
const privateSubnet = new PrivateSubnet(this, name, subnetProps);
this.privateSubnets.push(privateSubnet);
subnet = privateSubnet;
break;
case SubnetType.PRIVATE_ISOLATED:
+ case SubnetType.ISOLATED:
const isolatedSubnet = new PrivateSubnet(this, name, subnetProps);
this.isolatedSubnets.push(isolatedSubnet);
subnet = isolatedSubnet;
@@ -1557,8 +1561,12 @@ const SUBNETNAME_TAG = 'aws-cdk:subnet-name';
function subnetTypeTagValue(type: SubnetType) {
switch (type) {
case SubnetType.PUBLIC: return 'Public';
- case SubnetType.PRIVATE_WITH_NAT: return 'Private';
- case SubnetType.PRIVATE_ISOLATED: return 'Isolated';
+ case SubnetType.PRIVATE_WITH_NAT:
+ case SubnetType.PRIVATE:
+ return 'Private';
+ case SubnetType.PRIVATE_ISOLATED:
+ case SubnetType.ISOLATED:
+ return 'Isolated';
}
}
diff --git a/packages/@aws-cdk/aws-ec2/lib/windows-versions.ts b/packages/@aws-cdk/aws-ec2/lib/windows-versions.ts
index aa8edf6f9fd16..0ec17a4bb7694 100644
--- a/packages/@aws-cdk/aws-ec2/lib/windows-versions.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/windows-versions.ts
@@ -13,13 +13,13 @@ export enum WindowsVersion {
WINDOWS_SERVER_2016_ENGLISH_CORE_SQL_2016_SP1_WEB = 'Windows_Server-2016-English-Core-SQL_2016_SP1_Web',
WINDOWS_SERVER_2016_GERMAN_FULL_BASE = 'Windows_Server-2016-German-Full-Base',
/** @deprecated - use WINDOWS_SERVER_2016_GERMAN_FULL_BASE */
- WINDOWS_SERVER_2016_GERMAL_FULL_BASE = 'Windows_Server-2016-German-Full-Base',
+ WINDOWS_SERVER_2016_GERMAL_FULL_BASE = 'Windows_Server-2016-Germal-Full-Base',
WINDOWS_SERVER_2003_R2_SP2_LANGUAGE_PACKS_32BIT_BASE = 'Windows_Server-2003-R2_SP2-Language_Packs-32Bit-Base',
WINDOWS_SERVER_2008_R2_SP1_ENGLISH_64BIT_SQL_2008_R2_SP3_WEB = 'Windows_Server-2008-R2_SP1-English-64Bit-SQL_2008_R2_SP3_Web',
WINDOWS_SERVER_2008_R2_SP1_ENGLISH_64BIT_SQL_2012_SP4_EXPRESS = 'Windows_Server-2008-R2_SP1-English-64Bit-SQL_2012_SP4_Express',
WINDOWS_SERVER_2012_R2_SP1_PORTUGUESE_BRAZIL_64BIT_CORE = 'Windows_Server-2008-R2_SP1-Portuguese_Brazil-64Bit-Core',
/** @deprecated - use WINDOWS_SERVER_2012_R2_SP1_PORTUGUESE_BRAZIL_64BIT_CORE*/
- WINDOWS_SERVER_2012_R2_SP1_PORTUGESE_BRAZIL_64BIT_CORE = 'Windows_Server-2008-R2_SP1-Portuguese_Brazil-64Bit-Core',
+ WINDOWS_SERVER_2012_R2_SP1_PORTUGESE_BRAZIL_64BIT_CORE = 'Windows_Server-2008-R2_SP1-Portugese_Brazil-64Bit-Core',
WINDOWS_SERVER_2012_R2_RTM_ENGLISH_64BIT_SQL_2016_SP2_STANDARD = 'Windows_Server-2012-R2_RTM-English-64Bit-SQL_2016_SP2_Standard',
WINDOWS_SERVER_2012_RTM_ENGLISH_64BIT_SQL_2014_SP2_EXPRESS = 'Windows_Server-2012-RTM-English-64Bit-SQL_2014_SP2_Express',
WINDOWS_SERVER_2012_RTM_ITALIAN_64BIT_BASE = 'Windows_Server-2012-RTM-Italian-64Bit-Base',
@@ -34,7 +34,7 @@ export enum WindowsVersion {
WINDOWS_SERVER_2016_KOREAN_FULL_SQL_2016_SP2_STANDARD = 'Windows_Server-2016-Korean-Full-SQL_2016_SP2_Standard',
WINDOWS_SERVER_2016_PORTUGUESE_PORTUGAL_FULL_BASE = 'Windows_Server-2016-Portuguese_Portugal-Full-Base',
/** @deprecated - use WINDOWS_SERVER_2016_PORTUGUESE_PORTUGAL_FULL_BASE */
- WINDOWS_SERVER_2016_PORTUGESE_PORTUGAL_FULL_BASE = 'Windows_Server-2016-Portuguese_Portugal-Full-Base',
+ WINDOWS_SERVER_2016_PORTUGESE_PORTUGAL_FULL_BASE = 'Windows_Server-2016-Portugese_Portugal-Full-Base',
WINDOWS_SERVER_2019_ENGLISH_FULL_SQL_2017_WEB = 'Windows_Server-2019-English-Full-SQL_2017_Web',
WINDOWS_SERVER_2019_FRENCH_FULL_BASE = 'Windows_Server-2019-French-Full-Base',
WINDOWS_SERVER_2019_KOREAN_FULL_BASE = 'Windows_Server-2019-Korean-Full-Base',
@@ -98,10 +98,10 @@ export enum WindowsVersion {
WINDOWS_SERVER_2012_R2_RTM_JAPANESE_64BIT_SQL_2016_SP1_WEB = 'Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2016_SP1_Web',
WINDOWS_SERVER_2012_R2_RTM_PORTUGUESE_BRAZIL_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Portuguese_Brazil-64Bit-Base',
/** @deprecated - use WINDOWS_SERVER_2012_R2_RTM_PORTUGUESE_BRAZIL_64BIT_BASE */
- WINDOWS_SERVER_2012_R2_RTM_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Portuguese_Brazil-64Bit-Base',
+ WINDOWS_SERVER_2012_R2_RTM_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Portugese_Brazil-64Bit-Base',
WINDOWS_SERVER_2012_R2_RTM_PORTUGUESE_PORTUGAL_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Portuguese_Portugal-64Bit-Base',
/** @deprecated - use WINDOWS_SERVER_2012_R2_RTM_PORTUGUESE_PORTUGAL_64BIT_BASE*/
- WINDOWS_SERVER_2012_R2_RTM_PORTUGESE_PORTUGAL_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Portuguese_Portugal-64Bit-Base',
+ WINDOWS_SERVER_2012_R2_RTM_PORTUGESE_PORTUGAL_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Portugese_Portugal-64Bit-Base',
WINDOWS_SERVER_2012_R2_RTM_SWEDISH_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Swedish-64Bit-Base',
WINDOWS_SERVER_2016_ENGLISH_FULL_SQL_2016_SP1_EXPRESS = 'Windows_Server-2016-English-Full-SQL_2016_SP1_Express',
WINDOWS_SERVER_2016_ITALIAN_FULL_BASE = 'Windows_Server-2016-Italian-Full-Base',
@@ -115,7 +115,7 @@ export enum WindowsVersion {
WINDOWS_SERVER_2016_ENGLISH_CORE_SQL_2016_SP2_ENTERPRISE = 'Windows_Server-2016-English-Core-SQL_2016_SP2_Enterprise',
WINDOWS_SERVER_2016_PORTUGUESE_BRAZIL_FULL_BASE = 'Windows_Server-2016-Portuguese_Brazil-Full-Base',
/** @deprecated - use WINDOWS_SERVER_2016_PORTUGUESE_BRAZIL_FULL_BASE */
- WINDOWS_SERVER_2016_PORTUGESE_BRAZIL_FULL_BASE = 'Windows_Server-2016-Portuguese_Brazil-Full-Base',
+ WINDOWS_SERVER_2016_PORTUGESE_BRAZIL_FULL_BASE = 'Windows_Server-2016-Portugese_Brazil-Full-Base',
WINDOWS_SERVER_2019_ENGLISH_FULL_BASE = 'Windows_Server-2019-English-Full-Base',
WINDOWS_SERVER_2003_R2_SP2_ENGLISH_32BIT_BASE = 'Windows_Server-2003-R2_SP2-English-32Bit-Base',
WINDOWS_SERVER_2012_R2_RTM_CZECH_64BIT_BASE = 'Windows_Server-2012-R2_RTM-Czech-64Bit-Base',
@@ -142,7 +142,7 @@ export enum WindowsVersion {
WINDOWS_SERVER_2008_R2_SP1_LANGUAGE_PACKS_64BIT_SQL_2008_R2_SP3_EXPRESS = 'Windows_Server-2008-R2_SP1-Language_Packs-64Bit-SQL_2008_R2_SP3_Express',
WINDOWS_SERVER_2012_SP2_PORTUGUESE_BRAZIL_64BIT_BASE = 'Windows_Server-2008-SP2-Portuguese_Brazil-64Bit-Base',
/** @deprecated - use WINDOWS_SERVER_2012_SP2_PORTUGUESE_BRAZIL_64BIT_BASE */
- WINDOWS_SERVER_2012_SP2_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2008-SP2-Portuguese_Brazil-64Bit-Base',
+ WINDOWS_SERVER_2012_SP2_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2008-SP2-Portugese_Brazil-64Bit-Base',
WINDOWS_SERVER_2012_R2_RTM_ENGLISH_64BIT_SQL_2016_SP1_WEB = 'Windows_Server-2012-R2_RTM-English-64Bit-SQL_2016_SP1_Web',
WINDOWS_SERVER_2012_R2_RTM_JAPANESE_64BIT_SQL_2014_SP3_EXPRESS = 'Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2014_SP3_Express',
WINDOWS_SERVER_2012_R2_RTM_JAPANESE_64BIT_SQL_2016_SP2_ENTERPRISE = 'Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2016_SP2_Enterprise',
@@ -157,7 +157,7 @@ export enum WindowsVersion {
WINDOWS_SERVER_2012_R2_RTM_ENGLISH_64BIT_BASE = 'Windows_Server-2012-R2_RTM-English-64Bit-Base',
WINDOWS_SERVER_2012_RTM_PORTUGUESE_BRAZIL_64BIT_BASE = 'Windows_Server-2012-RTM-Portuguese_Brazil-64Bit-Base',
/** @deprecated - use WINDOWS_SERVER_2012_RTM_PORTUGUESE_BRAZIL_64BIT_BASE */
- WINDOWS_SERVER_2012_RTM_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2012-RTM-Portuguese_Brazil-64Bit-Base',
+ WINDOWS_SERVER_2012_RTM_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2012-RTM-Portugese_Brazil-64Bit-Base',
WINDOWS_SERVER_2016_ENGLISH_FULL_SQL_2016_SP1_WEB = 'Windows_Server-2016-English-Full-SQL_2016_SP1_Web',
WINDOWS_SERVER_2016_ENGLISH_P3 = 'Windows_Server-2016-English-P3',
WINDOWS_SERVER_2016_JAPANESE_FULL_SQL_2016_SP1_ENTERPRISE = 'Windows_Server-2016-Japanese-Full-SQL_2016_SP1_Enterprise',
@@ -183,7 +183,7 @@ export enum WindowsVersion {
WINDOWS_SERVER_2008_R2_SP1_JAPANESE_64BIT_SQL_2008_R2_SP3_WEB = 'Windows_Server-2008-R2_SP1-Japanese-64Bit-SQL_2008_R2_SP3_Web',
WINDOWS_SERVER_2008_R2_SP1_PORTUGUESE_BRAZIL_64BIT_BASE = 'Windows_Server-2008-R2_SP1-Portuguese_Brazil-64Bit-Base',
/** @deprecated - use WINDOWS_SERVER_2008_R2_SP1_PORTUGUESE_BRAZIL_64BIT_BASE */
- WINDOWS_SERVER_2008_R2_SP1_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2008-R2_SP1-Portuguese_Brazil-64Bit-Base',
+ WINDOWS_SERVER_2008_R2_SP1_PORTUGESE_BRAZIL_64BIT_BASE = 'Windows_Server-2008-R2_SP1-Portugese_Brazil-64Bit-Base',
WINDOWS_SERVER_2012_R2_RTM_JAPANESE_64BIT_SQL_2016_SP1_ENTERPRISE = 'Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2016_SP1_Enterprise',
WINDOWS_SERVER_2012_RTM_JAPANESE_64BIT_SQL_2016_SP2_EXPRESS = 'Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2016_SP2_Express',
WINDOWS_SERVER_2012_RTM_ENGLISH_64BIT_SQL_2014_SP3_EXPRESS = 'Windows_Server-2012-RTM-English-64Bit-SQL_2014_SP3_Express',
@@ -216,12 +216,12 @@ export enum WindowsVersion {
WINDOWS_SERVER_2008_R2_SP1_ENGLISH_64BIT_SQL_2012_SP4_STANDARD = 'Windows_Server-2008-R2_SP1-English-64Bit-SQL_2012_SP4_Standard',
WINDOWS_SERVER_2008_SP2_PORTUGUESE_BRAZIL_32BIT_BASE = 'Windows_Server-2008-SP2-Portuguese_Brazil-32Bit-Base',
/** @deprecated - use WINDOWS_SERVER_2008_SP2_PORTUGUESE_BRAZIL_32BIT_BASE */
- WINDOWS_SERVER_2008_SP2_PORTUGESE_BRAZIL_32BIT_BASE = 'Windows_Server-2008-SP2-Portuguese_Brazil-32Bit-Base',
+ WINDOWS_SERVER_2008_SP2_PORTUGESE_BRAZIL_32BIT_BASE = 'Windows_Server-2008-SP2-Portugese_Brazil-32Bit-Base',
WINDOWS_SERVER_2012_R2_RTM_JAPANESE_64BIT_SQL_2014_SP2_STANDARD = 'Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2014_SP2_Standard',
WINDOWS_SERVER_2012_RTM_JAPANESE_64BIT_SQL_2012_SP4_EXPRESS = 'Windows_Server-2012-RTM-Japanese-64Bit-SQL_2012_SP4_Express',
WINDOWS_SERVER_2012_RTM_PORTUGUESE_PORTUGAL_64BIT_BASE = 'Windows_Server-2012-RTM-Portuguese_Portugal-64Bit-Base',
/** @deprecated - use WINDOWS_SERVER_2012_RTM_PORTUGUESE_PORTUGAL_64BIT_BASE */
- WINDOWS_SERVER_2012_RTM_PORTUGESE_PORTUGAL_64BIT_BASE = 'Windows_Server-2012-RTM-Portuguese_Portugal-64Bit-Base',
+ WINDOWS_SERVER_2012_RTM_PORTUGESE_PORTUGAL_64BIT_BASE = 'Windows_Server-2012-RTM-Portugese_Portugal-64Bit-Base',
WINDOWS_SERVER_2016_CZECH_FULL_BASE = 'Windows_Server-2016-Czech-Full-Base',
WINDOWS_SERVER_2016_JAPANESE_FULL_SQL_2016_SP1_STANDARD = 'Windows_Server-2016-Japanese-Full-SQL_2016_SP1_Standard',
WINDOWS_SERVER_2019_DUTCH_FULL_BASE = 'Windows_Server-2019-Dutch-Full-Base',
@@ -236,7 +236,7 @@ export enum WindowsVersion {
WINDOWS_SERVER_2016_ENGLISH_FULL_SQL_2017_STANDARD = 'Windows_Server-2016-English-Full-SQL_2017_Standard',
WINDOWS_SERVER_2019_PORTUGUESE_BRAZIL_FULL_BASE = 'Windows_Server-2019-Portuguese_Brazil-Full-Base',
/** @deprecated - use WINDOWS_SERVER_2019_PORTUGUESE_BRAZIL_FULL_BASE */
- WINDOWS_SERVER_2019_PORTUGESE_BRAZIL_FULL_BASE = 'Windows_Server-2019-Portuguese_Brazil-Full-Base',
+ WINDOWS_SERVER_2019_PORTUGESE_BRAZIL_FULL_BASE = 'Windows_Server-2019-Portugese_Brazil-Full-Base',
WINDOWS_SERVER_2008_R2_SP1_ENGLISH_64BIT_SQL_2008_R2_SP3_STANDARD = 'Windows_Server-2008-R2_SP1-English-64Bit-SQL_2008_R2_SP3_Standard',
WINDOWS_SERVER_2008_R2_SP1_ENGLISH_64BIT_SHAREPOINT_2010_SP2_FOUNDATION = 'Windows_Server-2008-R2_SP1-English-64Bit-SharePoint_2010_SP2_Foundation',
WINDOWS_SERVER_2012_R2_RTM_ENGLISH_P3 = 'Windows_Server-2012-R2_RTM-English-P3',
@@ -247,7 +247,7 @@ export enum WindowsVersion {
WINDOWS_SERVER_2016_JAPANESE_FULL_SQL_2016_SP2_STANDARD = 'Windows_Server-2016-Japanese-Full-SQL_2016_SP2_Standard',
WINDOWS_SERVER_2019_PORTUGUESE_PORTUGAL_FULL_BASE = 'Windows_Server-2019-Portuguese_Portugal-Full-Base',
/** @deprecated - use WINDOWS_SERVER_2019_PORTUGUESE_PORTUGAL_FULL_BASE */
- WINDOWS_SERVER_2019_PORTUGESE_PORTUGAL_FULL_BASE = 'Windows_Server-2019-Portuguese_Portugal-Full-Base',
+ WINDOWS_SERVER_2019_PORTUGESE_PORTUGAL_FULL_BASE = 'Windows_Server-2019-Portugese_Portugal-Full-Base',
WINDOWS_SERVER_2019_SWEDISH_FULL_BASE = 'Windows_Server-2019-Swedish-Full-Base',
WINDOWS_SERVER_2012_R2_RTM_ENGLISH_64BIT_HYPERV = 'Windows_Server-2012-R2_RTM-English-64Bit-HyperV',
WINDOWS_SERVER_2012_RTM_KOREAN_64BIT_BASE = 'Windows_Server-2012-RTM-Korean-64Bit-Base',
diff --git a/packages/@aws-cdk/aws-ec2/test/instance.test.ts b/packages/@aws-cdk/aws-ec2/test/instance.test.ts
index a469319fbf4cb..ffaadfe0cb760 100644
--- a/packages/@aws-cdk/aws-ec2/test/instance.test.ts
+++ b/packages/@aws-cdk/aws-ec2/test/instance.test.ts
@@ -132,38 +132,35 @@ describe('instance', () => {
});
+
test('instances with local NVME drive are correctly named', () => {
// GIVEN
const sampleInstanceClassKeys = [{
- key: 'R5D',
+ key: InstanceClass.R5D,
value: 'r5d',
}, {
- key: 'MEMORY5_NVME_DRIVE',
+ key: InstanceClass.MEMORY5_NVME_DRIVE,
value: 'r5d',
}, {
- key: 'R5AD',
+ key: InstanceClass.R5AD,
value: 'r5ad',
}, {
- key: 'MEMORY5_AMD_NVME_DRIVE',
+ key: InstanceClass.MEMORY5_AMD_NVME_DRIVE,
value: 'r5ad',
}, {
- key: 'M5AD',
+ key: InstanceClass.M5AD,
value: 'm5ad',
}, {
- key: 'STANDARD5_AMD_NVME_DRIVE',
+ key: InstanceClass.STANDARD5_AMD_NVME_DRIVE,
value: 'm5ad',
}]; // A sample of instances with NVME drives
for (const instanceClass of sampleInstanceClassKeys) {
// WHEN
- const key = instanceClass.key as keyof (typeof InstanceClass);
- const instanceType = InstanceClass[key];
-
+ const instanceType = InstanceType.of(instanceClass.key, InstanceSize.LARGE);
// THEN
- expect(instanceType).toBe(instanceClass.value);
+ expect(instanceType.toString().split('.')[0]).toBe(instanceClass.value);
}
-
-
});
test('instance architecture throws an error when instance type is invalid', () => {
// GIVEN
From 55e52a016e6cc182581f56717315bc3129c5e47f Mon Sep 17 00:00:00 2001
From: AWS CDK Team
Date: Fri, 1 Jul 2022 08:20:10 +0000
Subject: [PATCH 19/20] chore(release): 2.30.0
---
CHANGELOG.v2.alpha.md | 2 ++
CHANGELOG.v2.md | 19 +++++++++++++++++++
version.v2.json | 4 ++--
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
index 15741bb1f1f30..bc3f74c5e7dfe 100644
--- a/CHANGELOG.v2.alpha.md
+++ b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,8 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+## [2.30.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.29.1-alpha.0...v2.30.0-alpha.0) (2022-07-01)
+
## [2.29.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.29.0-alpha.0...v2.29.1-alpha.0) (2022-06-24)
## [2.29.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.28.1-alpha.0...v2.29.0-alpha.0) (2022-06-22)
diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
index c174cf702a885..02ea88ca88931 100644
--- a/CHANGELOG.v2.md
+++ b/CHANGELOG.v2.md
@@ -2,6 +2,25 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+## [2.30.0](https://github.com/aws/aws-cdk/compare/v2.29.1...v2.30.0) (2022-07-01)
+
+
+### Features
+
+* **appmesh:** ipv6 support for app mesh ([#20766](https://github.com/aws/aws-cdk/issues/20766)) ([b1e6d62](https://github.com/aws/aws-cdk/commit/b1e6d62ed6b6ede0362d0a68d804660e84efe5cb)), closes [#20737](https://github.com/aws/aws-cdk/issues/20737)
+* **cognito:** make `grant()` available on `IUserPool` ([#20799](https://github.com/aws/aws-cdk/issues/20799)) ([a1df570](https://github.com/aws/aws-cdk/commit/a1df570b89c6d456077bb934e0bf08217677ef1f)), closes [#20285](https://github.com/aws/aws-cdk/issues/20285)
+* **iam:** PolicyStatements can be frozen ([#20911](https://github.com/aws/aws-cdk/issues/20911)) ([3bf737b](https://github.com/aws/aws-cdk/commit/3bf737bd172eda016d2e9bb7c5f40c001399fd23))
+* **lambda:** grant function permissions to an AWS organization ([#19975](https://github.com/aws/aws-cdk/issues/19975)) ([2566017](https://github.com/aws/aws-cdk/commit/2566017a83ec4f9c2c5cefda4585a3f71e3516e7)), closes [#19538](https://github.com/aws/aws-cdk/issues/19538) [#20146](https://github.com/aws/aws-cdk/issues/20146)
+* **rds:** add missing aurora postgres versions ([#20830](https://github.com/aws/aws-cdk/issues/20830)) ([2151a0e](https://github.com/aws/aws-cdk/commit/2151a0e9b988723e050e6f37ed1780cced16c519))
+
+
+### Bug Fixes
+
+* **apigateway:** Explicitly test for undefined instead of falsey for stage default options ([#20868](https://github.com/aws/aws-cdk/issues/20868)) ([b368a31](https://github.com/aws/aws-cdk/commit/b368a315cab0cedf03298083f5f1fb809bd1d1f2))
+* **eks:** revert shell=True and allow public ecr to work ([#20724](https://github.com/aws/aws-cdk/issues/20724)) ([de153fc](https://github.com/aws/aws-cdk/commit/de153fcdd47a4cdcd1d156d5e19684969d990c8e))
+* **pipelines:** 'ConfirmPermissionsBroadening' uses wrong node version ([#20861](https://github.com/aws/aws-cdk/issues/20861)) ([bac965e](https://github.com/aws/aws-cdk/commit/bac965e9c4d435ae45d5cf16aa809f33bbb05a0f))
+* **secretsmanager:** SecretRotation app does not set DeletionPolicy ([#20901](https://github.com/aws/aws-cdk/issues/20901)) ([f2b4eff](https://github.com/aws/aws-cdk/commit/f2b4effc903ab3a36dc925516f3329f236d03a70))
+
## [2.29.1](https://github.com/aws/aws-cdk/compare/v2.29.0...v2.29.1) (2022-06-24)
diff --git a/version.v2.json b/version.v2.json
index ccbb94cfe0aea..5ed2492d87113 100644
--- a/version.v2.json
+++ b/version.v2.json
@@ -1,4 +1,4 @@
{
- "version": "2.29.1",
- "alphaVersion": "2.29.1-alpha.0"
+ "version": "2.30.0",
+ "alphaVersion": "2.30.0-alpha.0"
}
\ No newline at end of file
From 41c9348db102f2bd09a6f21502f7b2585becb1cf Mon Sep 17 00:00:00 2001
From: Rico Huijbers
Date: Fri, 1 Jul 2022 14:31:23 +0200
Subject: [PATCH 20/20] Update CHANGELOG.v2.md
---
CHANGELOG.v2.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
index 02ea88ca88931..79980f5226830 100644
--- a/CHANGELOG.v2.md
+++ b/CHANGELOG.v2.md
@@ -4,7 +4,6 @@ All notable changes to this project will be documented in this file. See [standa
## [2.30.0](https://github.com/aws/aws-cdk/compare/v2.29.1...v2.30.0) (2022-07-01)
-
### Features
* **appmesh:** ipv6 support for app mesh ([#20766](https://github.com/aws/aws-cdk/issues/20766)) ([b1e6d62](https://github.com/aws/aws-cdk/commit/b1e6d62ed6b6ede0362d0a68d804660e84efe5cb)), closes [#20737](https://github.com/aws/aws-cdk/issues/20737)